Ensure only SSL connections are enabled for Azure Redis Cache

MEDIUM

Description

Azure Redis Cache accepts non-SSL connections, this may impact the confidentiality & integrity of data in transit.

Remediation

In Azure Console -

Open the Azure Portal and go to Azure Cache for Redis.
Select the Redis Cache you wish to edit.
Under Settings, select Advanced Settings.
Set Allow access only via SSL to Yes.
Ensure Non-SSL Port gets set to Disabled when changing the prior setting.
Save.

In Terraform -

In the azurerm_redis_cache resource, set enable_non_ssl_port to false.

References:
https://learn.microsoft.com/en-us/azure/azure-cache-for-redis/
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/redis_cache#enable_non_ssl_port

Policy Details

Rule Reference ID: AC_AZURE_0394

CSP: Azure

Remediation Available: Yes

Domain: Infrastructure Security

Resource: azurerm_redis_cache

Resource Category: Database

Resource Type: Redis

Frameworks

GDPR
HIPAA
NIST-800-171
NIST-800-53
NIST-CSF
PCI-DSSv3.2.1
PCI-DSSv4.0
ISO-27001
NY-DFS
SOC2