For AI agents: A markdown version of this page is available at https://docs.datadoghq.com/security/code_security/iac_security/iac_rules/cloudformation-aws-elasticache-nodes-not-created-across-multi-az.md. A documentation index is available at /llms.txt.

ElastiCache nodes not created across multi-AZ

This product is not supported for your selected Datadog site. ().

Metadata

Id: cloudformation-aws-elasticache-nodes-not-created-across-multi-az

Provider: AWS

Platform: CloudFormation

Severity: Medium

Category: Availability

Learn More

Description

Multi-node Amazon ElastiCache (Memcached) clusters must be deployed across multiple Availability Zones to maintain availability and avoid complete cluster outage if a single Availability Zone fails.

The AZMode property on AWS::ElastiCache::CacheCluster must be set to cross-az for resources with Engine set to memcached and NumCacheNodes greater than 1. If AZMode is omitted, the cluster defaults to single-az, so resources missing AZMode or with AZMode not equal to cross-az will be flagged as a configuration risk.

Secure configuration example:

MyCacheCluster:
  Type: AWS::ElastiCache::CacheCluster
  Properties:
    Engine: memcached
    NumCacheNodes: 3
    AZMode: cross-az
    CacheNodeType: cache.m6g.large

Compliant Code Examples

AWSTemplateFormatVersion: "2010-09-09"
Resources:
  myCacheCluster:
    Type: 'AWS::ElastiCache::CacheCluster'
    Properties:
      AZMode: cross-az
      CacheNodeType: cache.m3.medium
      Engine: memcached
      NumCacheNodes: '3'
      PreferredAvailabilityZones:
        - us-west-2a
        - us-west-2a
        - us-west-2b

{
  "Resources": {
    "myCacheCluster2": {
      "Type": "AWS::ElastiCache::CacheCluster",
      "Properties": {
        "AZMode": "cross-az",
        "CacheNodeType": "cache.m3.medium",
        "Engine": "memcached",
        "NumCacheNodes": "3",
        "PreferredAvailabilityZones": [
          "us-west-2a",
          "us-west-2a",
          "us-west-2b"
        ]
      }
    }
  }
}

Non-Compliant Code Examples

AWSTemplateFormatVersion: "2010-09-09"
Resources:
  myCacheCluster3:
    Type: 'AWS::ElastiCache::CacheCluster'
    Properties:
      AZMode: single-az
      CacheNodeType: cache.m3.medium
      Engine: memcached
      NumCacheNodes: '3'
      PreferredAvailabilityZones:
        - us-west-2a
        - us-west-2a
        - us-west-2b

AWSTemplateFormatVersion: "2010-09-09"
Resources:
  myCacheCluster4:
    Type: 'AWS::ElastiCache::CacheCluster'
    Properties:
      CacheNodeType: cache.m3.medium
      Engine: memcached
      NumCacheNodes: '3'
      PreferredAvailabilityZones:
        - us-west-2a
        - us-west-2a
        - us-west-2b

{
  "Resources": {
    "myCacheCluster5": {
      "Type": "AWS::ElastiCache::CacheCluster",
      "Properties": {
        "AZMode": "single-az",
        "CacheNodeType": "cache.m3.medium",
        "Engine": "memcached",
        "NumCacheNodes": "3",
        "PreferredAvailabilityZones": [
          "us-west-2a",
          "us-west-2a",
          "us-west-2b"
        ]
      }
    }
  }
}