Limit public network access to Redis cache instances#
Security · Azure Cache for Redis · 2022_03
Redis cache should disable public network access.
Description#
Public access to redis instances can be disabled. This ensures secure and private connectivity to redis instances using private endpoints instead.
Private endpoint is a network interface that connects you privately and securely to Azure Cache for Redis powered by Azure Private Link.
Recommendation#
Redis cache should disable public network access when public connectivity is not required.
Examples#
Configure with Azure template#
To disable public network access:
- Set
properties.publicNetworkAccess
toDisabled
.
For example:
Azure Template snippet
{
"type": "Microsoft.Cache/Redis",
"apiVersion": "2021-06-01",
"name": "[parameters('Redis_name')]",
"location": "Australia East",
"properties": {
"redisVersion": "4.1.14",
"sku": {
"name": "Standard",
"family": "C",
"capacity": 1
},
"enableNonSslPort": false,
"publicNetworkAccess": "Disabled",
"redisConfiguration": {
"maxmemory-reserved": "50",
"maxfragmentationmemory-reserved": "50",
"maxmemory-delta": "50"
}
}
}
Configure with Bicep#
To disable public network access:
- Set
properties.publicNetworkAccess
toDisabled
.
For example:
Azure Bicep snippet
resource Redis__resource 'Microsoft.Cache/Redis@2021-06-01' = {
name: Redis_name
location: 'Australia East'
properties: {
redisVersion: '4.1.14'
sku: {
name: 'Standard'
family: 'C'
capacity: 1
}
enableNonSslPort: false
publicNetworkAccess: 'Disabled'
redisConfiguration: {
'maxmemory-reserved': '50'
'maxfragmentationmemory-reserved': '50'
'maxmemory-delta': '50'
}
}
Links#
- Azure Cache for Redis with Azure Private Link
- Best practices for endpoint security on Azure
- What is Azure Private Endpoint?
Last update:
2022-10-17