Control: ElastiCache clusters should not use the default subnet group
Description
This control checks if ElastiCache clusters are configured with a custom subnet group. The control fails for an ElastiCache cluster if CacheSubnetGroupName has the value default.
Usage
Run the control in your terminal:
powerpipe control run aws_compliance.control.elasticache_cluster_no_default_subnet_groupSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_compliance.control.elasticache_cluster_no_default_subnet_group --shareSQL
This control uses a named query:
select arn as resource, case when cache_subnet_group_name = 'default' then 'alarm' else 'ok' end as status, case when cache_subnet_group_name = 'default' then title || ' not configured with a custom subnet group.' else title || ' configured with a custom subnet group.' end as reason , region, account_idfrom aws_elasticache_cluster;