Ensure GCP Memorystore for Redis uses intransit encryption
Error: GCP Memorystore for Redis does not use intransit encryption
Bridgecrew Policy ID: BC_GCP_GENERAL_11
Checkov Check ID: CKV_GCP_97
Severity: LOW
GCP Memorystore for Redis does not use intransit encryption
Description
This policy identifies the GCP Memorystore for Redis that are configured with disabled in-transit data encryption. It is recommended that these resources will be configured with in-transit data encryption to minimize risk for sensitive data being leaked.
Fix - Runtime
Fix - Buildtime
Terraform
esource "google_redis_instance" "pass" {
provider = google-beta
name = "mrr-memory-cache"
tier = "STANDARD_HA"
memory_size_gb = 5
location_id = "us-central1-a"
alternative_location_id = "us-central1-f"
authorized_network = data.google_compute_network.redis-network.id
redis_version = "REDIS_6_X"
display_name = "Terraform Test Instance"
reserved_ip_range = "192.168.0.0/28"
replica_count = 5
read_replicas_mode = "READ_REPLICAS_ENABLED"
# auth_enabled=true
labels = {
my_key = "my_val"
other_key = "other_val"
}
transit_encryption_mode = "SERVER_AUTHENTICATION"
}
Updated 9 months ago