ElastiCache using default port

ID

aws_elasticache_default_port

Severity

info

Vendor

AWS

Resource

Network

Tags

asvs50-v13.1.1, reachable

Description

ElastiCache using default port, 6379 for Redis and 11211 for Memcached. An attacker can easily guess the port.

To fix it you must configure cache_port property.

Learn more about this topic at AWS Accessing ElastiCache Memcached and AWS Accessing ElastiCache Redis.

Examples

---
- name: Example playbook
  hosts: localhost
  tasks:
    - name: Basic example
      community.aws.elasticache:
        name: "test"
        state: present
        engine: memcached
        cache_engine_version: 1.4.14
        node_type: cache.m1.small
        num_nodes: 1
        cache_port: 11211
        zone: us-east-1d

Mitigation / Fix

---
- name: Example playbook
  hosts: localhost
  tasks:
    - name: Basic example
      community.aws.elasticache:
        name: "test"
        state: present
        engine: memcached
        cache_engine_version: 1.4.14
        node_type: cache.m1.small
        num_nodes: 1
        cache_port: 11222
        zone: us-east-1d
        cache_subnet_group: "subnet_group"