Ensure that Redis is updated regularly with security and operational updates.

Enable Azure Redis Cache scheduled updates. This allows security (or operational) updates to be applied, with minimal effect to a running Redis Cache. Note: this feature refers to the Redis Cache server updates and not Azure updates or updates to the operating system of the VMs that host the cache.

Risk Level: Low
Cloud Entity: Azure Redis Cache
CloudGuard Rule ID: D9.AZU.NET.14
Covered by Spectral: Yes
Category: Database

GSL LOGIC

RedisCache should have updateSchedules length()>=1

REMEDIATION

From Portal

  1. Go to 'Redis Cache' from Azure Management console.
  2. For each Redis Cache, select 'Schedule updates' under 'settings'.
  3. To specify a maintenance window, check the desired days and specify the maintenance window start hour for each day. Note that the maintenance window time is in UTC.
  4. Click OK.
    NOTE : By default no schedules are set.
    The default maintenance window for updates is five hours. This value is not configurable from the Azure portal, but you can configure it in PowerShell using the Maintenance Window parameter of the New-AzureRmRedisCacheScheduleEntry cmdlet.

From TF
To schedule patch updates , use following configuration:

resource "azurerm_redis_cache" "example" {
	...
	patch_schedule {
		day_of_week  = "WEEKDAY_NAME"
		start_hour_utc ="START_HOURS_FOR_MAINTENANCE"
	}
	...
}

From Command Line
Run

az redis patch-schedule create --resource-group RESOURCEGROUP --name REDISNAME --schedule-entries LIST_OF_PATCH_SCHEDULE_ENTRIES

References

  1. https://docs.microsoft.com/en-us/azure/redis-cache/cache-administration#schedule-updates
  2. https://docs.microsoft.com/en-us/powershell/module/azurerm.rediscache/new-azurermrediscachescheduleentry?view=azurermps-6.0.0
  3. https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/redis_cache
  4. https://learn.microsoft.com/en-us/cli/azure/redis/patch-schedule?view=azure-cli-latest#az-redis-patch-schedule-create

Azure Redis Cache

Fully managed, open source���compatible in-memory data store to power fast, scalable application. Azure Redis Cache is based on the popular open-source Redis cache. It is typically used as a cache to improve the performance and scalability of systems that rely heavily on backend data-stores. Performance is improved by temporarily copying frequently accessed data to fast storage located close to the application. With Redis cache, this fast storage is located in-memory with Redis Cache instead of being loaded from disk by a dat

Compliance Frameworks

  • Azure CloudGuard Best Practices
  • Azure CloudGuard Network Security Alerts
  • Azure LGPD regulation
  • CloudGuard Azure All Rules Ruleset