GCP Memorystore for Redis does not use intransit encryption

Description

This policy identifies the GCP Memorystore for Redis that are configured with disabled in-transit data encryption. It is recommended that these resources will be configured with in-transit data encryption to minimize risk for sensitive data being leaked.

Code Example

resource "google_redis_instance" "pass" {
  provider       = google-beta
  name           = "mrr-memory-cache"
  tier           = "STANDARD_HA"
  memory_size_gb = 5

  location_id             = "us-central1-a"
  alternative_location_id = "us-central1-f"

  authorized_network = data.google_compute_network.redis-network.id

  redis_version      = "REDIS_6_X"
  display_name       = "Terraform Test Instance"
  reserved_ip_range  = "192.168.0.0/28"
  replica_count      = 5
  read_replicas_mode = "READ_REPLICAS_ENABLED"
  # auth_enabled=true
  labels = {
    my_key    = "my_val"
    other_key = "other_val"
  }
  transit_encryption_mode = "SERVER_AUTHENTICATION"
}

Remediation

Terraform

Rule Details

Field	Value
ID	IAC-0955
Severity	LOW
IaC Type	Terraform
Frameworks	Terraform
Checkov ID	CKV_GCP_97

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

GCP Memorystore for Redis does not use intransit encryption

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

GCP Memorystore for Redis does not use intransit encryption ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

GCP Memorystore for Redis does not use intransit encryption

Description

Code Example

Remediation

Rule Details

References