turbot/aws_compliance

Query: elasticache_replication_group_redis_auth_enabled

Usage

powerpipe query aws_compliance.query.elasticache_replication_group_redis_auth_enabled

SQL

with elasticache_cluster_node_version as (
select
distinct replication_group_id,
engine_version
from
aws_elasticache_cluster
)
select
arn as resource,
case
when regexp_split_to_array(v.engine_version, '\.')::int[] >= regexp_split_to_array('6.0', '\.')::int[] then 'skip'
when regexp_split_to_array(v.engine_version, '\.')::int[] < regexp_split_to_array('6.0', '\.')::int[] and eg.auth_token_enabled then 'ok'
else 'alarm'
end as status,
case
when regexp_split_to_array(v.engine_version, '\.')::int[] >= regexp_split_to_array('6.0', '\.')::int[] then eg.title || ' node version is ' || engine_version || '.'
when regexp_split_to_array(v.engine_version, '\.')::int[] < regexp_split_to_array('6.0', '\.')::int[] and eg.auth_token_enabled then eg.title || ' has Redis AUTH enabled.'
else eg.title || ' has Redis AUTH disabled.'
end as reason
, eg.region, eg.account_id
from
aws_elasticache_replication_group as eg
left join elasticache_cluster_node_version as v on eg.replication_group_id = v.replication_group_id;

Controls

The query is being used by the following controls: