Redis not compliant

Docs > Plateforme de sécurité Datadog > Code Security > Infrastructure as Code (IaC) Security > IaC Security Rules > Redis not compliant

Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Metadata

Id: 9f34885e-c08f-4d13-a7d1-cf190c5bd268

Cloud Provider: AWS

Platform: Ansible

Severity: High

Category: Encryption

Learn More

Provider Reference

Description

ElastiCache Redis engine versions must meet the AWS PCI DSS baseline. Running outdated Redis releases can expose known vulnerabilities and lead to non-compliance. In Ansible, tasks using the community.aws.elasticache or elasticache modules must define cache_engine_version and set it to a version equal to or newer than 4.0.10. Resources missing cache_engine_version or specifying a lower version are flagged as non-compliant. Update to a maintained Redis release that satisfies PCI DSS requirements.

Secure example for Ansible:

- name: Create ElastiCache Redis cluster
  community.aws.elasticache:
    name: my-redis-cluster
    engine: redis
    cache_engine_version: "4.0.10"
    node_type: cache.t3.small
    num_cache_nodes: 1

Compliant Code Examples

- name: Basic example
  community.aws.elasticache:
    name: test-please-delete
    state: present
    engine: memcached
    cache_engine_version: 5.1.10
    node_type: cache.m1.small
    num_nodes: 1

Non-Compliant Code Examples

- name: Basic example
  community.aws.elasticache:
    name: "test-please-delete"
    state: present
    engine: memcached
    cache_engine_version: 1.4.14
    node_type: cache.m1.small
    num_nodes: 1