turbot/aws_compliance

Query: elasticache_replication_group_redis_auth_enabled

Usage

powerpipe query aws_compliance.query.elasticache_replication_group_redis_auth_enabled

SQL

with elasticache_cluster_node_version as (
select
distinct replication_group_id,
engine_version
from
aws_elasticache_cluster
)
select
arn as resource,
case
when regexp_split_to_array(v.engine_version, '\.') :: int [ ] >= regexp_split_to_array('6.0', '\.') :: int [ ] then 'skip'
when regexp_split_to_array(v.engine_version, '\.') :: int [ ] < regexp_split_to_array('6.0', '\.') :: int [ ]
and eg.auth_token_enabled then 'ok'
else 'alarm'
end as status,
case
when regexp_split_to_array(v.engine_version, '\.') :: int [ ] >= regexp_split_to_array('6.0', '\.') :: int [ ] then eg.title || ' node version is ' || engine_version || '.'
when regexp_split_to_array(v.engine_version, '\.') :: int [ ] < regexp_split_to_array('6.0', '\.') :: int [ ]
and eg.auth_token_enabled then eg.title || ' has Redis AUTH enabled.'
else eg.title || ' has Redis AUTH disabled.'
end as reason,
eg.region,
eg.account_id
from
aws_elasticache_replication_group as eg
left join elasticache_cluster_node_version as v on eg.replication_group_id = v.replication_group_id;

Controls

The query is being used by the following controls: