AWS ElastiCache Redis cluster with Multi-AZ Automatic Failover feature set to disabled
Description
This policy identifies ElastiCache Redis clusters that have Multi-AZ Automatic Failover feature set to disabled. It is recommended to enable the Multi-AZ Automatic Failover feature for your Redis Cache cluster, which will improve primary node reachability by providing read replica in case of network connectivity loss or loss of availability in the primary's availability zone for read/write operations.
NOTE Redis cluster Multi-AZ with automatic failover does not support T1 and T2 cache node types and is only available if the cluster has at least one read replica.
Code Example
go
resource "aws_elasticache_replication_group" "pass" {
automatic_failover_enabled = true
preferred_cache_cluster_azs = ["us-west-2a", "us-west-2b"]
replication_group_id = "tf-rep-group-1"
description = "example description"
node_type = "cache.m4.large"
num_cache_clusters = 2
parameter_group_name = "default.redis3.2"
port = 6379
}Remediation
Terraform
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0484 |
| Severity | INFO |
| IaC Type | Terraform |
| Frameworks | Terraform |
| Checkov ID | CKV2_AWS_50 |