Add "ElastiCache Nodes Not Created Across Multi AZ" query for CloudFo…

…rmation Checkmarx#2474 (Checkmarx#2475)

assets/queries/cloudFormation/elasticache_nodes_not_created_across_multi_az/metadata.json

@@ -0,0 +1,9 @@
+{
+  "id": "cfdef2e5-1fe4-4ef4-bea8-c56e08963150",
+  "queryName": "ElastiCache Nodes Not Created Across Multi AZ",
+  "severity": "MEDIUM",
+  "category": "Availability",
+  "descriptionText": "Check if ElastiCache nodes are not being created across multi AZ",
+  "descriptionUrl": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticache-cache-cluster.html",
+  "platform": "CloudFormation"
+}

assets/queries/cloudFormation/elasticache_nodes_not_created_across_multi_az/query.rego

@@ -0,0 +1,36 @@
+package Cx
+
+CxPolicy[result] {
+	resource := input.document[i].Resources[name]
+	resource.Type == "AWS::ElastiCache::CacheCluster"
+	properties := resource.Properties
+	properties.Engine == "memcached"
+	to_number(properties.NumCacheNodes) > 1
+
+	properties.AZMode != "cross-az"
+
+	result := {
+		"documentId": input.document[i].id,
+		"searchKey": sprintf("Resources.%s.Properties.AZMode", [name]),
+		"issueType": "IncorrectValue",
+		"keyExpectedValue": sprintf("Resources.%s.Properties.AZMode is 'cross-az'", [name]),
+		"keyActualValue": sprintf("Resources.%s.Properties.AZMode is 'single-az", [name]),
+	}
+}
+
+CxPolicy[result] {
+	resource := input.document[i].Resources[name]
+	resource.Type == "AWS::ElastiCache::CacheCluster"
+	properties := resource.Properties
+	properties.Engine == "memcached"
+	to_number(properties.NumCacheNodes) > 1
+	object.get(properties, "AZMode", "undefined") == "undefined"
+
+	result := {
+		"documentId": input.document[i].id,
+		"searchKey": sprintf("Resources.%s.Properties", [name]),
+		"issueType": "MissingAttribute",
+		"keyExpectedValue": sprintf("Resources.%s.Properties.AZMode is defined and is 'cross-az'", [name]),
+		"keyActualValue": sprintf("Resources.%s.Properties.AZMode is not defined, default value is 'single-az'", [name]),
+	}
+}

assets/queries/cloudFormation/elasticache_nodes_not_created_across_multi_az/test/negative1.yaml

@@ -0,0 +1,13 @@
+AWSTemplateFormatVersion: "2010-09-09"
+Resources:
+  myCacheCluster:
+    Type: 'AWS::ElastiCache::CacheCluster'
+    Properties:
+      AZMode: cross-az
+      CacheNodeType: cache.m3.medium
+      Engine: memcached
+      NumCacheNodes: '3'
+      PreferredAvailabilityZones:
+        - us-west-2a
+        - us-west-2a
+        - us-west-2b

assets/queries/cloudFormation/elasticache_nodes_not_created_across_multi_az/test/negative2.json

@@ -0,0 +1,18 @@
+{
+  "Resources": {
+    "myCacheCluster2": {
+      "Type": "AWS::ElastiCache::CacheCluster",
+      "Properties": {
+        "AZMode": "cross-az",
+        "CacheNodeType": "cache.m3.medium",
+        "Engine": "memcached",
+        "NumCacheNodes": "3",
+        "PreferredAvailabilityZones": [
+          "us-west-2a",
+          "us-west-2a",
+          "us-west-2b"
+        ]
+      }
+    }
+  }
+}

assets/queries/cloudFormation/elasticache_nodes_not_created_across_multi_az/test/positive1.yaml

@@ -0,0 +1,13 @@
+AWSTemplateFormatVersion: "2010-09-09"
+Resources:
+  myCacheCluster3:
+    Type: 'AWS::ElastiCache::CacheCluster'
+    Properties:
+      AZMode: single-az
+      CacheNodeType: cache.m3.medium
+      Engine: memcached
+      NumCacheNodes: '3'
+      PreferredAvailabilityZones:
+        - us-west-2a
+        - us-west-2a
+        - us-west-2b

assets/queries/cloudFormation/elasticache_nodes_not_created_across_multi_az/test/positive2.yaml

@@ -0,0 +1,12 @@
+AWSTemplateFormatVersion: "2010-09-09"
+Resources:
+  myCacheCluster4:
+    Type: 'AWS::ElastiCache::CacheCluster'
+    Properties:
+      CacheNodeType: cache.m3.medium
+      Engine: memcached
+      NumCacheNodes: '3'
+      PreferredAvailabilityZones:
+        - us-west-2a
+        - us-west-2a
+        - us-west-2b

assets/queries/cloudFormation/elasticache_nodes_not_created_across_multi_az/test/positive3.json

@@ -0,0 +1,18 @@
+{
+  "Resources": {
+    "myCacheCluster5": {
+      "Type": "AWS::ElastiCache::CacheCluster",
+      "Properties": {
+        "AZMode": "single-az",
+        "CacheNodeType": "cache.m3.medium",
+        "Engine": "memcached",
+        "NumCacheNodes": "3",
+        "PreferredAvailabilityZones": [
+          "us-west-2a",
+          "us-west-2a",
+          "us-west-2b"
+        ]
+      }
+    }
+  }
+}

assets/queries/cloudFormation/elasticache_nodes_not_created_across_multi_az/test/positive4.json

@@ -0,0 +1,17 @@
+{
+  "Resources": {
+    "myCacheCluster6": {
+      "Type": "AWS::ElastiCache::CacheCluster",
+      "Properties": {
+        "CacheNodeType": "cache.m3.medium",
+        "Engine": "memcached",
+        "NumCacheNodes": "3",
+        "PreferredAvailabilityZones": [
+          "us-west-2a",
+          "us-west-2a",
+          "us-west-2b"
+        ]
+      }
+    }
+  }
+}

assets/queries/cloudFormation/elasticache_nodes_not_created_across_multi_az/test/positive_expected_result.json

@@ -0,0 +1,26 @@
+[
+  {
+    "line": 6,
+    "fileName": "positive1.yaml",
+    "queryName": "ElastiCache Nodes Not Created Across Multi AZ",
+    "severity": "MEDIUM"
+  },
+  {
+    "fileName": "positive3.json",
+    "queryName": "ElastiCache Nodes Not Created Across Multi AZ",
+    "severity": "MEDIUM",
+    "line": 6
+  },
+  {
+    "queryName": "ElastiCache Nodes Not Created Across Multi AZ",
+    "severity": "MEDIUM",
+    "line": 5,
+    "fileName": "positive2.yaml"
+  },
+  {
+    "queryName": "ElastiCache Nodes Not Created Across Multi AZ",
+    "severity": "MEDIUM",
+    "line": 5,
+    "fileName": "positive4.json"
+  }
+]

assets/queries/terraform/aws/elasticache_nodes_not_created_across_multi_az/metadata.json

@@ -0,0 +1,9 @@
+{
+  "id": "6db03a91-f933-4f13-ab38-a8b87a7de54d",
+  "queryName": "ElastiCache Nodes Not Created Across Multi AZ",
+  "severity": "MEDIUM",
+  "category": "Availability",
+  "descriptionText": "Check if ElastiCache nodes are not being created across multi AZ",
+  "descriptionUrl": "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticache_cluster",
+  "platform": "Terraform"
+}

assets/queries/terraform/aws/elasticache_nodes_not_created_across_multi_az/test/positive_expected_result.json

@@ -0,0 +1,12 @@
+[
+  {
+    "queryName": "ElastiCache Nodes Not Created Across Multi AZ",
+    "severity": "MEDIUM",
+    "line": 1
+  },
+  {
+    "queryName": "ElastiCache Nodes Not Created Across Multi AZ",
+    "severity": "MEDIUM",
+    "line": 12
+  }
+]