checkov icon indicating copy to clipboard operation
checkov copied to clipboard
verified publisher icon bridgecrewio

Azure Cache for Redis - Ensure "Standard replication" is enabled

Open tdefise opened this issue 2 years ago • 2 comments

Describe the issue It seems that there are no Checkov checks related to the best practice of ensuring that "Standard Replication" is enabled by having at least the "Standard" Tier azurerm_redis_cache

Examples

resource "azurerm_redis_cache" "example" {
  name                = "example-cache"
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name
  capacity            = 2
  family              = "C"
  sku_name            = "Standard"
  enable_non_ssl_port = false
  minimum_tls_version = "1.2"

  redis_configuration {
  }
}

Version (please complete the following information):

  • N.A.

Additional context

image

Azure Cache for Redis has a high availability architecture that ensures that managed instance are functioning, even when outages affect the underlying virtual machines (VMs). Whether the outage is planned or unplanned outages, Azure Cache for Redis delivers greater percentage availability rates than what's attainable by hosting Redis on a single VM.

An Azure Cache for Redis in the applicable tiers runs on a pair of Redis servers by default starting from the "Standard Tier". The two servers are hosted on dedicated VMs. Open-source Redis allows only one server to handle data write requests.

This can be seen in the Azure Portal

image

tdefise avatar Sep 18 '23 15:09 tdefise

Thanks for contributing to Checkov! We've automatically marked this issue as stale to keep our issues list tidy, because it has not had any activity for 6 months. It will be closed in 14 days if no further activity occurs. Commenting on this issue will remove the stale tag. If you want to talk through the issue or help us understand the priority and context, feel free to add a comment or join us in the Checkov slack channel at codifiedsecurity.slack.com Thanks!

stale[bot] avatar Mar 17 '24 10:03 stale[bot]

This is still required

tdefise avatar Mar 18 '24 14:03 tdefise

Hi @tdefise , thanks for reaching out. Would you like to contribute the new checks? It would be very helpful. 🙂 For now, I’m going to close this issue because I see no engagement for this request.

Saarett avatar Jul 02 '24 08:07 Saarett