prowler icon indicating copy to clipboard operation
prowler copied to clipboard
verified publisher icon prowler-cloud

feat(elasticache): Ensure Redis clusters below v6.0 have AUTH enabled

Open HugoPBrito opened this issue 1 year ago • 2 comments

Context

Redis AUTH is essential for securing access to Redis clusters by requiring a password for client commands, especially since Role-Based Access Control (RBAC) is not available in versions prior to 6.0. The control will fail if Redis AUTH is not enabled for these earlier versions, helping to enforce best practices for data security in environments where older Redis versions are still in use. For Redis versions 6.0 and later, RBAC is recommended, but this check specifically targets the need for AUTH in versions below 6.0.

Description

I have implemented a new check called elasticache_redis_cluster_below_v6_auth_enabled to address a security concern in Amazon ElastiCache for Redis. This check ensures that replication groups running Redis versions earlier than 6.0 have Redis AUTH enabled.

Checklist

  • Are there new checks included in this PR? Yes / No
    • If so, do we need to update permissions for the provider? Please review this carefully.
  • [x] Review if the code is being covered by tests.
  • [x] Review if code is being documented following this specification https://github.com/google/styleguide/blob/gh-pages/pyguide.md#38-comments-and-docstrings

License

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

HugoPBrito avatar Aug 22 '24 10:08 HugoPBrito

I used the describe_cache_clusters method and filtered within Redis instead of describe_replication_groups because Boto3 provides the necessary attributes only through this method.

HugoPBrito avatar Aug 22 '24 10:08 HugoPBrito

Codecov Report

Attention: Patch coverage is 93.54839% with 2 lines in your changes missing coverage. Please review.

Project coverage is 89.12%. Comparing base (9263ade) to head (97440d0). Report is 1232 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #4830      +/-   ##
==========================================
+ Coverage   89.00%   89.12%   +0.12%     
==========================================
  Files         965      974       +9     
  Lines       29526    29852     +326     
==========================================
+ Hits        26279    26607     +328     
+ Misses       3247     3245       -2
Components Coverage Δ
prowler 89.12% <93.54%> (+0.12%) :arrow_up:
api ∅ <ø> (∅)

codecov[bot] avatar Aug 22 '24 10:08 codecov[bot]