rules/findings/azure/databases/redis/azure-cache-redis-lack-of-system-managed-identity.json
|
{
"args": [], "provider": "Azure", "serviceType": "Cache for Redis", "serviceName": "Databases", "displayName": "Ensure that 'System Assigned Managed Identity' is set to 'On'", "description": "System Assigned Managed Identities provide the Azure Cache for Redis instance with a unique account like a service principle but automatically assigned and managed by Azure. These identities are unique to the resource instance they are created for, and removed when the resource is deleted.", "rationale": "The System Assigned Managed Identity is authenticated with Entra ID, and allows for privileges required for the instance of Azure Cache for Redis to be granted or restricted using Azure Role Based Access Control (RBAC). Additionally, the managed identity provides a means for the Azure Cache for Redis instance to authenticate without storing credentials in code.", "impact": "", "remediation": { "text": " ##### Remediate From Azure Portal 1. Search for and open the Azure Cache for Redis service 2. For each instance, repeat the remaining steps 3. Click on the name of the instance 4. In the blade menu on the left, under Settings, click on Identity 5. Under the System assigned tab, toggle the status to On 6. Click the Save button 7. In the pop-up dialog titled Enable system assigned managed identity that appears after clicking save, click the Yes button. ", "code": { "powerShell": null, "iac": null, "terraform": null, "other": null } }, "recommendation": null, "references": [ "https://learn.microsoft.com/en-us/azure/azure-cache-for-redis/cache-managed-identity" ], "compliance": [ { "name": "CIS Microsoft Azure Database Services", "version": "2.0.0", "reference": "2.5", "profile": [ "Level 1" ] } ], "level": "low", "tags": [], "rule": { "path": "az_redis", "subPath": null, "selectCondition": {}, "query": [ { "filter": [ { "conditions": [ [ "identity.type", "eq", "SystemAssigned" ] ] } ] } ], "shouldExist": "true", "returnObject": null, "removeIfNotExists": null }, "output": { "html": { "data": { "properties": { "name": "Name", "location": "location", "resourceGroupName": "Resource Group Name", "identity": "Managed Identities" }, "expandObject": null }, "table": "default", "decorate": [], "emphasis": [], "actions": { "objectData": { "properties": [ "id", "name", "location", "identity" ], "expandObject": null, "limit": null }, "showGoToButton": "True", "showModalButton": "True", "directLink": null } }, "text": { "data": { "properties": { "name": "Name", "location": "location", "resourceGroupName": "Resource Group Name", "identity": "Managed Identities" }, "expandObject": null }, "status": { "keyName": ["name"], "message": "Ensure that 'System Assigned Managed Identity' is set to 'On' for {name}", "defaultMessage": null }, "properties": { "resourceName": "name", "resourceId": "id", "resourceType": "type" }, "onlyStatus": false } }, "idSuffix": "cache_redis_system_managed_instance_disabled", "notes": [], "categories": [], "immutable_properties": [ "name", "id" ], "id": "azure_redis_005" } |