Detections
Analytics

Ensure that firewall rules does not allow unrestricted access to Azure Redis Cache from other Azure sources

HIGH

Description

Firewall rules allow unrestricted access to Azure Redis Cache from other Azure sources, this may weaken infrastructure security.

Remediation

In Azure Console -

  1. Open the Azure Portal and go to Azure Cache for Redis.
  2. Select the Redis Cache you wish to edit.
  3. Under Settings, select Firewall.
  4. Remove/edit rules where the start or end IP addresses are 0.0.0.0.
  5. Save.

In Terraform -

  1. For each azurerm_redis_cache resource, configure an azurerm_redis_firewall_rule.
  2. Ensure that the azurerm_redis_firewall_rule resource has start_ip and end_ip explicitly defined and neither are 0.0.0.0.

References:
https://learn.microsoft.com/en-us/azure/azure-cache-for-redis/
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/redis_cache
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/redis_firewall_rule

Policy Details

Rule Reference ID: AC_AZURE_0391
CSP: Azure
Remediation Available: Yes
Domain: Infrastructure Security
Resource: azurerm_redis_cache
Resource Category: Database
Resource Type: Redis

Frameworks