---
title: ElastiCache using default port
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: >-
  Docs > Datadog Security > Code Security > Infrastructure as Code (IaC)
  Security > IaC Security Rules > ElastiCache using default port
---

# ElastiCache using default port

{% callout %}
# Important note for users on the following Datadog sites: app.ddog-gov.com

{% alert level="danger" %}
This product is not supported for your selected [Datadog site](https://docs.datadoghq.com/getting_started/site.md). ().
{% /alert %}

{% /callout %}

## Metadata{% #metadata %}

**Id:** `7cc6c791-5f68-4816-a564-b9b699f9d26e`

**Cloud Provider:** AWS

**Platform:** Ansible

**Severity:** Low

**Category:** Networking and Firewall

#### Learn More{% #learn-more %}

- [Provider Reference](https://docs.ansible.com/ansible/latest/collections/community/aws/elasticache_module.html#parameter-cache_port)

### Description{% #description %}

ElastiCache instances using engine default ports are easy for attackers and automated scanners to discover and target, increasing the risk of unauthorized access and automated exploitation.

In Ansible, tasks that use the `community.aws.elasticache` or `elasticache` module must not set the `cache_port` property to the engine defaults: `6379` when `engine: redis` and `11211` when `engine: memcached`. Resources with `cache_port` equal to these default values are flagged. Choose a non-standard port and enforce network access controls (security groups/subnets) to limit exposure.

Secure example changing the default port:

```yaml
- name: Create Redis ElastiCache cluster with non-default port
  community.aws.elasticache:
    name: my-redis-cluster
    engine: redis
    cache_port: 6380
    # other required properties...
```

## Compliant Code Examples{% #compliant-code-examples %}

```yaml
- name: Basic example2
  community.aws.elasticache:
    name: "test-please-delete"
    state: present
    engine: memcached
    cache_engine_version: 1.4.14
    node_type: cache.m1.small
    num_nodes: 1
    cache_port: 11212
    cache_subnet_group: default
    zone: us-east-1d
```

```yaml
- name: Basic example2
  community.aws.elasticache:
    name: "test-please-delete"
    state: present
    engine: redis
    cache_engine_version: 1.4.14
    node_type: cache.m1.small
    num_nodes: 1
    cache_port: 6380
    cache_subnet_group: default
    zone: us-east-1d
```

## Non-Compliant Code Examples{% #non-compliant-code-examples %}

```yaml
- name: Basic example2
  community.aws.elasticache:
    name: "test-please-delete"
    state: present
    engine: redis
    cache_engine_version: 1.4.14
    node_type: cache.m1.small
    num_nodes: 1
    cache_port: 6379
    cache_subnet_group: default
    zone: us-east-1d
```

```yaml
- name: Basic example
  community.aws.elasticache:
    name: "test-please-delete"
    state: present
    engine: memcached
    cache_engine_version: 1.4.14
    node_type: cache.m1.small
    num_nodes: 1
    cache_port: 11211
    cache_subnet_group: default
    zone: us-east-1d
```