Beta - Redis Cache Managed Identity Is Not Set To System Assigned
- Query id: d501246e-45d4-48fd-8975-a23e7124bdfc
- Query name: Beta - Redis Cache Managed Identity Is Not Set To System Assigned
- Platform: Terraform
- Severity: Medium
- Category: Insecure Configurations
- CWE: 522
- Risk score: 3.0
- URL: Github
Description¶
Without a System Assigned identity, the Redis instance cannot use Entra ID for secure RBAC access, increasing the risk of credential exposure or overly permissive access.
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "azurerm_redis_cache" "positive1" {
name = "example-cache-positive1"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
capacity = 2
family = "C"
sku_name = "Standard"
}
Positive test num. 2 - tf file
resource "azurerm_redis_cache" "positive2" {
name = "example-cache-negative2"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
capacity = 2
family = "C"
sku_name = "Standard"
identity {
type = "UserAssigned"
identity_ids = [
azurerm_user_assigned_identity.example.id
]
}
}
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
resource "azurerm_redis_cache" "negative1" {
name = "example-cache"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
capacity = 2
family = "C"
sku_name = "Standard"
identity {
type = "SystemAssigned"
}
}
Negative test num. 2 - tf file
resource "azurerm_redis_cache" "negative2" {
name = "example-cache-negative2"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
capacity = 2
family = "C"
sku_name = "Standard"
identity {
type = "SystemAssigned, UserAssigned"
identity_ids = [
azurerm_user_assigned_identity.example.id
]
}
}