AWS DAX Cluster

This page shows how to write Terraform and CloudFormation for DAX Cluster and write them securely.

aws_dax_cluster (Terraform)

The Cluster in DAX can be configured in Terraform with the resource name aws_dax_cluster. The following sections describe 5 examples of how to use the resource and its parameters.

Example Usage from GitHub

positive1.tf#L1
resource "aws_dax_cluster" "bar_1" {
  cluster_name       = "cluster-example"
  iam_role_arn       = data.aws_iam_role.example.arn
  node_type          = "dax.r4.large"
  replication_factor = 1
}
dax.tf#L1
resource "aws_dax_cluster" "bar" {
  cluster_name       = var.cluster_name
  iam_role_arn       = data.aws_iam_role.example.arn
  node_type          = var.dax_node_type
  replication_factor = 1
  availability_zones = [data.aws_availability_zones.ids]
match.without-configuration.tf#L1
resource "aws_dax_cluster" "bad_example" {
  // no server side encryption at all
}
match.ambiguous.tf#L1
resource "aws_dax_cluster" "bad_example" {
  // other DAX config

  server_side_encryption {
    // empty server side encryption config
  }
match.tf#L1
resource "aws_dax_cluster" "bad_example" {
  // other DAX config

  server_side_encryption {
    enabled = false // disabled server side encryption
  }

Review your Terraform file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Security Best Practices for aws_dax_cluster

There is 1 setting in aws_dax_cluster that should be taken care of for security reasons. The following section explain an overview and example code.

risk-label

Ensure to enable at rest encryption of DynamoDB Accelerator

It's better to enable at rest encryption of DynamoDB Accelerator to protect your data from unauthorized access to the underlying storage.

Review your AWS DAX settings

You can check if the aws_dax_cluster setting in your .tf file is correct in 3 min with Shisho Cloud.

Parameters

Explanation in Terraform Registry

Provides a DAX Cluster resource.

AWS::DAX::Cluster (CloudFormation)

The Cluster in DAX can be configured in CloudFormation with the resource name AWS::DAX::Cluster. The following sections describe 10 examples of how to use the resource and its parameters.

Example Usage from GitHub

DAXEncryption-FAILED.yml#L5
    Type: AWS::DAX::Cluster
    Properties:
      ClusterName: "MyDAXCluster"
      NodeType: "dax.r3.large"
      ReplicationFactor: 1
      IAMRoleARN: "arn:aws:iam::111122223333:role/DaxAccess"
DAXEncryption-FAILED.yml#L5
    Type: AWS::DAX::Cluster
    Properties:
      ClusterName: "MyDAXCluster"
      NodeType: "dax.r3.large"
      ReplicationFactor: 1
      IAMRoleARN: "arn:aws:iam::111122223333:role/DaxAccess"
DAXEncryption-PASSED.yml#L5
    Type: AWS::DAX::Cluster
    Properties:
      ClusterName: "MyDAXCluster"
      NodeType: "dax.r3.large"
      ReplicationFactor: 1
      IAMRoleARN: "arn:aws:iam::111122223333:role/DaxAccess"
DAXEncryption-PASSED.yml#L5
    Type: AWS::DAX::Cluster
    Properties:
      ClusterName: "MyDAXCluster"
      NodeType: "dax.r3.large"
      ReplicationFactor: 1
      IAMRoleARN: "arn:aws:iam::111122223333:role/DaxAccess"
DAXEncryption-FAILED.yml#L5
    Type: AWS::DAX::Cluster
    Properties:
      ClusterName: "MyDAXCluster"
      NodeType: "dax.r3.large"
      ReplicationFactor: 1
      IAMRoleARN: "arn:aws:iam::111122223333:role/DaxAccess"
DAX.json#L6
      "Type": "AWS::DAX::Cluster",
      "Properties": {
        "ClusterName": "MyDAXCluster",
        "NodeType": "dax.r3.large",
        "ReplicationFactor": 1,
        "IAMRoleARN": "arn:aws:iam::111122223333:role/DaxAccess",
DAXClusterSpecification.json#L3
    "AWS::DAX::Cluster.SSESpecification": {
      "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dax-cluster-ssespecification.html",
      "Properties": {
        "SSEEnabled": {
          "Required": false,
          "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dax-cluster-ssespecification.html#cfn-dax-cluster-ssespecification-sseenabled",
DAXClusterSpecification.json#L3
    "AWS::DAX::Cluster.SSESpecification": {
      "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dax-cluster-ssespecification.html",
      "Properties": {
        "SSEEnabled": {
          "Required": false,
          "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dax-cluster-ssespecification.html#cfn-dax-cluster-ssespecification-sseenabled",
DAXClusterSpecification.json#L3
    "AWS::DAX::Cluster.SSESpecification": {
      "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dax-cluster-ssespecification.html",
      "Properties": {
        "SSEEnabled": {
          "Required": false,
          "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dax-cluster-ssespecification.html#cfn-dax-cluster-ssespecification-sseenabled",
DAXClusterSpecification.json#L3
    "AWS::DAX::Cluster.SSESpecification": {
      "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dax-cluster-ssespecification.html",
      "Properties": {
        "SSEEnabled": {
          "Required": false,
          "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dax-cluster-ssespecification.html#cfn-dax-cluster-ssespecification-sseenabled",

Parameters

Explanation in CloudFormation Registry

Creates a DAX cluster. All nodes in the cluster run the same DAX caching software.

Frequently asked questions

What is AWS DAX Cluster?

AWS DAX Cluster is a resource for DAX of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.

Where can I find the example code for the AWS DAX Cluster?

For Terraform, the Checkmarx/kics, Kushalkhadka7/aws-terraform-resources and shisho-security/shisho-security source code examples are useful. See the Terraform Example section for further details.

For CloudFormation, the melscoop-test/check, bridgecrewio/checkov and melscoop-test/check source code examples are useful. See the CloudFormation Example section for further details.