Detections
Analytics

Ensure accessibility is restricted to 256 hosts for Azure Redis Cache

MEDIUM

Description

Firewall rules are set to allow Azure Redis Cache access for a large number of IPs, this may lead to undetected unauthorized access.

Remediation

In Azure Console -

  1. Open the Azure Portal and go to Azure Cache for Redis.
  2. Select the Redis Cache you wish to edit.
  3. Under Settings, select Firewall.
  4. Remove/edit rules where the start or end IP addresses are 0.0.0.0.
  5. Save.

In Terraform -

  1. For each azurerm_redis_cache resource, configure an azurerm_redis_firewall_rule.
  2. Ensure that the azurerm_redis_firewall_rule resource has start_ip and end_ip explicitly defined and neither are 0.0.0.0.

References:
https://learn.microsoft.com/en-us/azure/azure-cache-for-redis/
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/redis_cache
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/redis_firewall_rule

Policy Details

Rule Reference ID: AC_AZURE_0390
CSP: Azure
Remediation Available: Yes
Domain: Infrastructure Security
Resource: azurerm_redis_cache
Resource Category: Database
Resource Type: Redis

Frameworks