Azure Redis Cache does not use the latest version of TLS encryption
Description
Disabling the public network access properly improves security by ensuring your Azure AKS cluster nodes can only be accessed from a non-public IP address.
Code Example
go
resource "azurerm_redis_cache" "pass" {
name = "timeout-redis"
location = "West Europe"
resource_group_name = azurerm_resource_group.example_rg.name
subnet_id = azurerm_subnet.example_redis_snet.id
family = "P"
capacity = 1
sku_name = "Premium"
shard_count = 1
enable_non_ssl_port = false
minimum_tls_version = "1.2"
public_network_access_enabled = true
redis_configuration {
enable_authentication = true
maxmemory_policy = "volatile-lru"
}
}Remediation
Terraform
- Resource: azurerm_kubernetes_cluster
- Arguments: enable_node_public_ip (default is "false")
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0655 |
| Severity | LOW |
| IaC Type | Terraform |
| Frameworks | Terraform |
| Checkov ID | CKV_AZURE_148 |