--- title: ElastiCache nodes not created across multi-AZ description: Datadog, the leading service for cloud-scale monitoring. breadcrumbs: >- Docs > Datadog Security > Code Security > Infrastructure as Code (IaC) Security > IaC Security Rules > ElastiCache nodes not created across multi-AZ --- # ElastiCache nodes not created across multi-AZ {% callout %} # Important note for users on the following Datadog sites: app.ddog-gov.com, us2.ddog-gov.com {% alert level="danger" %} This product is not supported for your selected [Datadog site](https://docs.datadoghq.com/getting_started/site.md). ({% placeholder "user-datadog-site-name" /%}). {% /alert %} {% /callout %} ## Metadata{% #metadata %} **Id:** `cloudformation-aws-elasticache-nodes-not-created-across-multi-az` **Provider:** AWS **Platform:** CloudFormation **Severity:** Medium **Category:** Availability #### Learn More{% #learn-more %} - [Provider Reference](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticache-cache-cluster.html) ### Description{% #description %} Multi-node Amazon ElastiCache (Memcached) clusters must be deployed across multiple Availability Zones to maintain availability and avoid complete cluster outage if a single Availability Zone fails. The `AZMode` property on `AWS::ElastiCache::CacheCluster` must be set to `cross-az` for resources with `Engine` set to `memcached` and `NumCacheNodes` greater than `1`. If `AZMode` is omitted, the cluster defaults to `single-az`, so resources missing `AZMode` or with `AZMode` not equal to `cross-az` will be flagged as a configuration risk. Secure configuration example: ```yaml MyCacheCluster: Type: AWS::ElastiCache::CacheCluster Properties: Engine: memcached NumCacheNodes: 3 AZMode: cross-az CacheNodeType: cache.m6g.large ``` ## Compliant Code Examples{% #compliant-code-examples %} ```yaml AWSTemplateFormatVersion: "2010-09-09" Resources: myCacheCluster: Type: 'AWS::ElastiCache::CacheCluster' Properties: AZMode: cross-az CacheNodeType: cache.m3.medium Engine: memcached NumCacheNodes: '3' PreferredAvailabilityZones: - us-west-2a - us-west-2a - us-west-2b ``` ```json { "Resources": { "myCacheCluster2": { "Type": "AWS::ElastiCache::CacheCluster", "Properties": { "AZMode": "cross-az", "CacheNodeType": "cache.m3.medium", "Engine": "memcached", "NumCacheNodes": "3", "PreferredAvailabilityZones": [ "us-west-2a", "us-west-2a", "us-west-2b" ] } } } } ``` ## Non-Compliant Code Examples{% #non-compliant-code-examples %} ```yaml AWSTemplateFormatVersion: "2010-09-09" Resources: myCacheCluster3: Type: 'AWS::ElastiCache::CacheCluster' Properties: AZMode: single-az CacheNodeType: cache.m3.medium Engine: memcached NumCacheNodes: '3' PreferredAvailabilityZones: - us-west-2a - us-west-2a - us-west-2b ``` ```yaml AWSTemplateFormatVersion: "2010-09-09" Resources: myCacheCluster4: Type: 'AWS::ElastiCache::CacheCluster' Properties: CacheNodeType: cache.m3.medium Engine: memcached NumCacheNodes: '3' PreferredAvailabilityZones: - us-west-2a - us-west-2a - us-west-2b ``` ```json { "Resources": { "myCacheCluster5": { "Type": "AWS::ElastiCache::CacheCluster", "Properties": { "AZMode": "single-az", "CacheNodeType": "cache.m3.medium", "Engine": "memcached", "NumCacheNodes": "3", "PreferredAvailabilityZones": [ "us-west-2a", "us-west-2a", "us-west-2b" ] } } } } ```