chore(aws): enhance metadata for memorydb service (#9266)

Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com>
2025-12-19 05:17:47 +00:00 · 2025-12-15 17:11:44 +01:00
parent 8f361e7e8d
commit d292c6e58a
2 changed files with 24 additions and 14 deletions
--- a/prowler/CHANGELOG.md
+++ b/prowler/CHANGELOG.md
@@ -13,6 +13,7 @@ All notable changes to the **Prowler SDK** are documented in this file.
 - Update AWS Glue service metadata to new format [(#9258)](https://github.com/prowler-cloud/prowler/pull/9258)
 - Update AWS Kafka service metadata to new format [(#9261)](https://github.com/prowler-cloud/prowler/pull/9261)
 - Update AWS KMS service metadata to new format [(#9263)](https://github.com/prowler-cloud/prowler/pull/9263)
+- Update AWS MemoryDB service metadata to new format [(#9266)](https://github.com/prowler-cloud/prowler/pull/9266)

 ---

--- a/prowler/providers/aws/services/memorydb/memorydb_cluster_auto_minor_version_upgrades/memorydb_cluster_auto_minor_version_upgrades.metadata.json
+++ b/prowler/providers/aws/services/memorydb/memorydb_cluster_auto_minor_version_upgrades/memorydb_cluster_auto_minor_version_upgrades.metadata.json
@@ -1,29 +1,38 @@
 {
  "Provider": "aws",
  "CheckID": "memorydb_cluster_auto_minor_version_upgrades",
-  "CheckTitle": "Ensure Memory DB clusters have minor version upgrade enabled.",
-  "CheckType": [],
+  "CheckTitle": "MemoryDB cluster has automatic minor version upgrades enabled",
+  "CheckType": [
+    "Software and Configuration Checks/Patch Management",
+    "Software and Configuration Checks/AWS Security Best Practices"
+  ],
  "ServiceName": "memorydb",
  "SubServiceName": "",
-  "ResourceIdTemplate": "arn:aws:memorydb:region:account-id:db-cluster",
+  "ResourceIdTemplate": "",
  "Severity": "medium",
-  "ResourceType": "AwsMemoryDb",
-  "Description": "Ensure Memory DB clusters have minor version upgrade enabled.",
-  "Risk": "Auto Minor Version Upgrade is a feature that you can enable to have your database automatically upgraded when a new minor database engine version is available. Minor version upgrades often patch security vulnerabilities and fix bugs and therefore should be applied.",
-  "RelatedUrl": "https://docs.aws.amazon.com/memorydb/latest/devguide/engine-versions.html",
+  "ResourceType": "Other",
+  "Description": "**MemoryDB clusters** are evaluated for the `auto_minor_version_upgrade` setting that automatically applies new minor engine versions.",
+  "Risk": "Without automatic minor upgrades, clusters may run **known-vulnerable engine versions**.\n- Exploitable CVEs enable unauthorized reads/writes (confidentiality, integrity)\n- Unpatched bugs can cause **DoS** or data loss (availability)\n- Version drift raises operational risk and slows incident response",
+  "RelatedUrl": "",
+  "AdditionalURLs": [
+    "https://docs.aws.amazon.com/memorydb/latest/devguide/engine-versions.html",
+    "https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.Upgrading.html#USER_UpgradeDBInstance.Upgrading.AutoMinorVersionUpgrades"
+  ],
  "Remediation": {
    "Code": {
-      "CLI": "aws memorydb update-cluster --cluster-name <cluster-name> --auto-minor-version-upgrade ",
-      "NativeIaC": "",
-      "Other": "",
-      "Terraform": ""
+      "CLI": "aws memorydb update-cluster --cluster-name <cluster-name> --auto-minor-version-upgrade",
+      "NativeIaC": "```yaml\n# Enable automatic minor version upgrades for a MemoryDB cluster\nResources:\n  <example_resource_name>:\n    Type: AWS::MemoryDB::Cluster\n    Properties:\n      ClusterName: <example_resource_name>\n      ACLName: <example_acl_name>\n      NodeType: <example_node_type>\n      NumShards: 1\n      AutoMinorVersionUpgrade: true  # Critical: enables automatic minor version upgrades\n```",
+      "Other": "1. In the AWS Console, go to MemoryDB > Clusters\n2. Select the cluster <cluster-name> and click Edit\n3. Enable \"Auto minor version upgrade\"\n4. Click Save changes",
+      "Terraform": "```hcl\nresource \"aws_memorydb_cluster\" \"<example_resource_name>\" {\n  name       = \"<example_resource_name>\"\n  acl_name   = \"<example_acl_name>\"\n  node_type  = \"<example_node_type>\"\n  num_shards = 1\n\n  auto_minor_version_upgrade = true  # Critical: enables automatic minor version upgrades\n}\n```"
    },
    "Recommendation": {
-      "Text": "Enable auto minor version upgrade for all Memory DB clusters.",
-      "Url": "https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.Upgrading.html#USER_UpgradeDBInstance.Upgrading.AutoMinorVersionUpgrades"
+      "Text": "Enable **automatic minor version upgrades** (`auto_minor_version_upgrade=true`) for all clusters. Schedule updates in a maintenance window, validate in staging, and keep rollback plans. Apply **defense in depth** with strict ACLs and monitoring to limit exposure between releases.",
+      "Url": "https://hub.prowler.com/check/memorydb_cluster_auto_minor_version_upgrades"
    }
  },
-  "Categories": [],
+  "Categories": [
+    "vulnerabilities"
+  ],
  "DependsOn": [],
  "RelatedTo": [],
  "Notes": ""