Accessing Redis from an external app not hosted on AWS

0

Hello, I am looking into using redis from an app not hosted in AWS. I saw in documentation that it's not recommended due to security concerns other than in testing/development with a VPN. Is there any documentation on what those concerns are? I need to present to my manager an explanation of why it's not recommended.

1개 답변
1
수락된 답변

Given that Redis is a database (yes, in-memory but that's the idea - for speed): We strongly recommend that you don't expose databases to the Internet directly. It opens them to attack, abuse, etc.

Could you limit access to Redis (or any database) to specific remote IP addresses? Yes. But it's pretty easy to make a mistake there; and if there are many users of the application then that becomes impractical and difficult to maintain.

Could you limit access using some sort of authentication (could be username/password; could be API key; etc.)? Yes. But now your database is open to brute-force attacks; potential DDoS; and so on.

If you allow access to Redis via a VPN (presumably site-so-site but client VPN also qualifies) and only allow access via the VPN then generally (from a security perspective) that's a "private" connection (the "P" in VPN") so you have controlled who can connect.

TL;DR: Security best practice says "don't allow access to databases over the Internet unless you really know what you're getting into".

profile pictureAWS
전문가
답변함 2년 전
profile picture
전문가
검토됨 4달 전
  • Thanks for the information, that really helps in what I tell my manager.

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠