Detections
Analytics

Ensure cross account access is disabled for Azure Redis Cache

MEDIUM

Description

Start and End IPs are too open, they may lead to cross account access for Azure Redis Cache.

Remediation

In Azure Console -

  1. Open the Azure Portal and go to Azure Cache for Redis.
  2. Select the Redis Cache you wish to edit.
  3. Under Settings, select Firewall.
  4. Remove rules where the start or end IP addresses are 0.0.0.0.
  5. Save.

In Terraform -

  1. For each azurerm_redis_cache resource, configure an azurerm_redis_firewall_rule.
  2. Ensure that the azurerm_redis_firewall_rule resource has start_ip and end_ip explicitly defined and neither are 0.0.0.0.

References:
https://learn.microsoft.com/en-us/azure/azure-cache-for-redis/
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/redis_cache
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/redis_firewall_rule

Policy Details

Rule Reference ID: AC_AZURE_0207
CSP: Azure
Remediation Available: No
Domain: Identity and Access Management
Resource: azurerm_redis_cache
Resource Category: Database
Resource Type: Redis

Frameworks