Redis version is not compliant with AWS PCI DSS

ID

aws_redis_not_compliant

Severity

low

Vendor

AWS

Resource

Other

Tags

non-reachable

Description

Redis version is not compliant with AWS PCI DSS. The AWS PCI DSS Compliance program includes Amazon ElastiCache for Redis as a PCI-compliant service. The PCI DSS 3.2 Compliance Package can be downloaded through AWS Artifact. For more information, see AWS PCI DSS Compliance Program.

Engine version requirements – Your cluster must be running ElastiCache for Redis 3.2.6, 4.0.10 and later for both cluster mode enabled and disabled.

To fix it you must configure cache_engine_version with the compliant versions.

Learn more about this topic at AWS ElastiCache for Redis compliance.

Examples

---
- name: Example playbook
  hosts: localhost
  tasks:
    - name: Basic example
      community.aws.elasticache:
        name: "test-please-delete"
        state: present
        engine: memcached
        cache_engine_version: 1.4.14
        node_type: cache.m1.small
        num_nodes: 1
        cache_port: 11211
        cache_security_groups:
          - default
        zone: us-east-1d

Mitigation / Fix

---
- name: Example playbook
  hosts: localhost
  tasks:
    - name: Basic example
      community.aws.elasticache:
        name: "test-please-delete"
        state: present
        engine: memcached
        cache_engine_version: 4.0.10
        node_type: cache.m1.small
        num_nodes: 1
        cache_port: 11211
        cache_security_groups:
          - default
        zone: us-east-1d