Skip to main content

Redis Public and Any IP Access Check

ID: rule:aliyun:redis-public-and-any-ip-access-check
Severity: high
IaC Types: ROS, Terraform

Description

Ensures that Redis instances do not have an open whitelist allowing access from any IP.

Reason for Violation

Public access to Redis is a severe security risk, as it is often targets for brute force attacks and data theft.

Recommendation

Restrict security_ips to specific IP ranges instead of 0.0.0.0/0.

Resource Types

  • ROS: ALIYUN::REDIS::Instance
  • Terraform: alicloud_kvstore_instance