Skip to content

Limit public network access to Redis cache instances#

Security · Azure Cache for Redis · 2022_03

Redis cache should disable public network access.

Description#

Public access to redis instances can be disabled. This ensures secure and private connectivity to redis instances using private endpoints instead.

Private endpoint is a network interface that connects you privately and securely to Azure Cache for Redis powered by Azure Private Link.

Recommendation#

Redis cache should disable public network access when public connectivity is not required.

Examples#

Configure with Azure template#

To disable public network access:

  • Set properties.publicNetworkAccess to Disabled.

For example:

{
  "type": "Microsoft.Cache/Redis",
  "apiVersion": "2021-06-01",
  "name": "[parameters('Redis_name')]",
  "location": "Australia East",
  "properties": {
    "redisVersion": "4.1.14",
    "sku": {
      "name": "Standard",
      "family": "C",
      "capacity": 1
    },
    "enableNonSslPort": false,
    "publicNetworkAccess": "Disabled",
    "redisConfiguration": {
      "maxmemory-reserved": "50",
      "maxfragmentationmemory-reserved": "50",
      "maxmemory-delta": "50"
    }
  }
}

Configure with Bicep#

To disable public network access:

  • Set properties.publicNetworkAccess to Disabled.

For example:

resource Redis__resource 'Microsoft.Cache/Redis@2021-06-01' = {
  name: Redis_name
  location: 'Australia East'
  properties: {
    redisVersion: '4.1.14'
    sku: {
      name: 'Standard'
      family: 'C'
      capacity: 1
    }
    enableNonSslPort: false
    publicNetworkAccess: 'Disabled'
    redisConfiguration: {
      'maxmemory-reserved': '50'
      'maxfragmentationmemory-reserved': '50'
      'maxmemory-delta': '50'
    }
  }

Last update: 2022-02-17