GCP Memorystore for Redis has AUTH disabled
Description
https://cloud.google.com/memorystore/docs/redis/auth-overview[AUTH] is an optional security feature on Memorystore for Redis that requires incoming connections to authenticate with an AUTH string. Every AUTH string is a Universally Unique Identifier (UUID), and each Redis instance with AUTH enabled has a unique AUTH string. When you enable the AUTH feature on your Memorystore instance, incoming client connections must authenticate in order to connect. Once a client authenticates with an AUTH string, it remains authenticated for the lifetime of that connection, even if you change the AUTH string. We recommend that you enble AUTH on your Memorystore for Redis database to protect against unwanted or non-approved connections.
Code Example
{
"gcloud beta redis instances update INSTANCE-ID \\
--enable-auth \\
--region=REGION",
"name": "supported_resources"
}Remediation
- GCP Console*
To enable * AUTH* on your Memorystore for Redis database:
. Log in to the GCP Console at https://console.cloud.google.com.
. Navigate to https://console.cloud.google.com/memorystore/redis/instances [Memorystore for Redis].
. View your instance's Instance details page by clicking on your * Instance ID*.
. Select the * EDIT* button.
. Scroll to the Security section and select the checkbox for * Enable AUTH*.
- CLI Command*
To enable * AUTH* on your Memorystore for Redis instance execute the following command:
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0953 |
| Severity | MEDIUM |
| IaC Type | Terraform |
| Frameworks | Terraform |
| Checkov ID | CKV_GCP_95 |