AWS DAX Cluster
This page shows how to write Terraform and CloudFormation for DAX Cluster and write them securely.
aws_dax_cluster (Terraform)
The Cluster in DAX can be configured in Terraform with the resource name aws_dax_cluster
. The following sections describe 5 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "aws_dax_cluster" "bar_1" {
cluster_name = "cluster-example"
iam_role_arn = data.aws_iam_role.example.arn
node_type = "dax.r4.large"
replication_factor = 1
}
resource "aws_dax_cluster" "bar" {
cluster_name = var.cluster_name
iam_role_arn = data.aws_iam_role.example.arn
node_type = var.dax_node_type
replication_factor = 1
availability_zones = [data.aws_availability_zones.ids]
resource "aws_dax_cluster" "bad_example" {
// no server side encryption at all
}
resource "aws_dax_cluster" "bad_example" {
// other DAX config
server_side_encryption {
// empty server side encryption config
}
resource "aws_dax_cluster" "bad_example" {
// other DAX config
server_side_encryption {
enabled = false // disabled server side encryption
}
Security Best Practices for aws_dax_cluster
There is 1 setting in aws_dax_cluster that should be taken care of for security reasons. The following section explain an overview and example code.
Ensure to enable at rest encryption of DynamoDB Accelerator
It's better to enable at rest encryption of DynamoDB Accelerator to protect your data from unauthorized access to the underlying storage.
Parameters
-
arn
optional computed - string -
availability_zones
optional - set of string -
cluster_address
optional computed - string -
cluster_name
required - string -
configuration_endpoint
optional computed - string -
description
optional - string -
iam_role_arn
required - string -
id
optional computed - string -
maintenance_window
optional computed - string -
node_type
required - string -
nodes
optional computed - list of object-
address
- string -
availability_zone
- string -
id
- string -
port
- number
-
-
notification_topic_arn
optional - string -
parameter_group_name
optional computed - string -
port
optional computed - number -
replication_factor
required - number -
security_group_ids
optional computed - set of string -
subnet_group_name
optional computed - string -
tags
optional - map from string to string -
server_side_encryption
list block-
enabled
optional - bool
-
-
timeouts
single block
Explanation in Terraform Registry
Provides a DAX Cluster resource.
AWS::DAX::Cluster (CloudFormation)
The Cluster in DAX can be configured in CloudFormation with the resource name AWS::DAX::Cluster
. The following sections describe 10 examples of how to use the resource and its parameters.
Example Usage from GitHub
Type: AWS::DAX::Cluster
Properties:
ClusterName: "MyDAXCluster"
NodeType: "dax.r3.large"
ReplicationFactor: 1
IAMRoleARN: "arn:aws:iam::111122223333:role/DaxAccess"
Type: AWS::DAX::Cluster
Properties:
ClusterName: "MyDAXCluster"
NodeType: "dax.r3.large"
ReplicationFactor: 1
IAMRoleARN: "arn:aws:iam::111122223333:role/DaxAccess"
Type: AWS::DAX::Cluster
Properties:
ClusterName: "MyDAXCluster"
NodeType: "dax.r3.large"
ReplicationFactor: 1
IAMRoleARN: "arn:aws:iam::111122223333:role/DaxAccess"
Type: AWS::DAX::Cluster
Properties:
ClusterName: "MyDAXCluster"
NodeType: "dax.r3.large"
ReplicationFactor: 1
IAMRoleARN: "arn:aws:iam::111122223333:role/DaxAccess"
Type: AWS::DAX::Cluster
Properties:
ClusterName: "MyDAXCluster"
NodeType: "dax.r3.large"
ReplicationFactor: 1
IAMRoleARN: "arn:aws:iam::111122223333:role/DaxAccess"
"Type": "AWS::DAX::Cluster",
"Properties": {
"ClusterName": "MyDAXCluster",
"NodeType": "dax.r3.large",
"ReplicationFactor": 1,
"IAMRoleARN": "arn:aws:iam::111122223333:role/DaxAccess",
"AWS::DAX::Cluster.SSESpecification": {
"Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dax-cluster-ssespecification.html",
"Properties": {
"SSEEnabled": {
"Required": false,
"Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dax-cluster-ssespecification.html#cfn-dax-cluster-ssespecification-sseenabled",
"AWS::DAX::Cluster.SSESpecification": {
"Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dax-cluster-ssespecification.html",
"Properties": {
"SSEEnabled": {
"Required": false,
"Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dax-cluster-ssespecification.html#cfn-dax-cluster-ssespecification-sseenabled",
"AWS::DAX::Cluster.SSESpecification": {
"Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dax-cluster-ssespecification.html",
"Properties": {
"SSEEnabled": {
"Required": false,
"Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dax-cluster-ssespecification.html#cfn-dax-cluster-ssespecification-sseenabled",
"AWS::DAX::Cluster.SSESpecification": {
"Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dax-cluster-ssespecification.html",
"Properties": {
"SSEEnabled": {
"Required": false,
"Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dax-cluster-ssespecification.html#cfn-dax-cluster-ssespecification-sseenabled",
Parameters
-
SSESpecification
optional - SSESpecification -
Description
optional - String -
ReplicationFactor
required - Integer -
ParameterGroupName
optional - String -
AvailabilityZones
optional - List -
IAMRoleARN
required - String -
SubnetGroupName
optional - String -
PreferredMaintenanceWindow
optional - String -
ClusterEndpointEncryptionType
optional - String -
NotificationTopicARN
optional - String -
SecurityGroupIds
optional - List -
NodeType
required - String -
ClusterName
optional - String -
Tags
optional - Json
Explanation in CloudFormation Registry
Creates a DAX cluster. All nodes in the cluster run the same DAX caching software.
Frequently asked questions
What is AWS DAX Cluster?
AWS DAX Cluster is a resource for DAX of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.
Where can I find the example code for the AWS DAX Cluster?
For Terraform, the Checkmarx/kics, Kushalkhadka7/aws-terraform-resources and shisho-security/shisho-security source code examples are useful. See the Terraform Example section for further details.
For CloudFormation, the SnidermanIndustries/checkov-fork, melscoop-test/check and bridgecrewio/checkov source code examples are useful. See the CloudFormation Example section for further details.