Risk Level: Low
Cloud Entity: Azure Redis Cache
CloudGuard Rule ID: D9.AZU.DR.01
Covered by Spectral: Yes
Category: Database

GSL LOGIC

RedisCache should have linkedServers contain-any [ linkedRedisCacheServerRole='Secondary' ]

REMEDIATION

From Portal

Go to Azure Cache for Redis.
For each Redis Cache: make sure you have at least 2 Redis Caches in Premium tier.
Click on 'Geo-replication' under 'settings'.
Click Add cache replication link
Click the name of the desired secondary cache from the Compatible caches list.
Click the 3 dots on the right to open the context menu.
Select Link as secondary.
Select Save.

From TF
Set the 'replicas_per_master' argument under 'azurerm_redis_cache':

resource "azurerm_redis_cache" "example" {
	..
	replicas_per_master = NUMBEROFREPLICAS
	..
}

From Command Line
Run

az redis create --location LOCATION --name REDISCACHENAME --resource-group RESOURCEGROUP --sku Premium --vm-size p1 --zones 1 2 --replicas-per-master NUMBEROFREPLICAS

References

https://learn.microsoft.com/en-us/azure/azure-cache-for-redis/cache-how-to-geo-replication
https://azure.microsoft.com/en-us/blog/azure-redis-cache-geo-replication-is-now-generally-available/
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/redis_cache#replicas_per_master
https://learn.microsoft.com/en-us/cli/azure/redis?view=azure-cli-latest#az-redis-create

Azure Redis Cache

Fully managed, open source—compatible in-memory data store to power fast, scalable application. Azure Redis Cache is based on the popular open-source Redis cache. It is typically used as a cache to improve the performance and scalability of systems that rely heavily on backend data-stores. Performance is improved by temporarily copying frequently accessed data to fast storage located close to the application. With Redis cache, this fast storage is located in-memory with Redis Cache instead of being loaded from disk by a dat

Compliance Frameworks

Azure CSA CCM v.3.0.1
Azure CSA CCM v.4.0.1
Azure CloudGuard Best Practices
Azure CloudGuard CheckUp
Azure CloudGuard SOC2 based on AICPA TSC 2017
Azure HIPAA
Azure ISO 27001:2013
Azure ITSG-33
Azure NIST 800-53 Rev 4
Azure NIST 800-53 Rev 5
Azure NIST CSF v1.1
Azure PCI-DSS 3.2
CloudGuard Azure All Rules Ruleset