Redis not compliant

이 제품은 선택한 Datadog 사이트에서 지원되지 않습니다. ().
이 페이지는 아직 한국어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Metadata

Id: 9f34885e-c08f-4d13-a7d1-cf190c5bd268

Cloud Provider: AWS

Platform: Ansible

Severity: High

Category: Encryption

Learn More

Description

ElastiCache Redis engine versions must meet the AWS PCI DSS baseline. Running outdated Redis releases can expose known vulnerabilities and lead to non-compliance. In Ansible, tasks using the community.aws.elasticache or elasticache modules must define cache_engine_version and set it to a version equal to or newer than 4.0.10. Resources missing cache_engine_version or specifying a lower version are flagged as non-compliant. Update to a maintained Redis release that satisfies PCI DSS requirements.

Secure example for Ansible:

- name: Create ElastiCache Redis cluster
  community.aws.elasticache:
    name: my-redis-cluster
    engine: redis
    cache_engine_version: "4.0.10"
    node_type: cache.t3.small
    num_cache_nodes: 1

Compliant Code Examples

- name: Basic example
  community.aws.elasticache:
    name: test-please-delete
    state: present
    engine: memcached
    cache_engine_version: 5.1.10
    node_type: cache.m1.small
    num_nodes: 1

Non-Compliant Code Examples

- name: Basic example
  community.aws.elasticache:
    name: "test-please-delete"
    state: present
    engine: memcached
    cache_engine_version: 1.4.14
    node_type: cache.m1.small
    num_nodes: 1