Accessing Redis from an external app not hosted on AWS

0

Hello, I am looking into using redis from an app not hosted in AWS. I saw in documentation that it's not recommended due to security concerns other than in testing/development with a VPN. Is there any documentation on what those concerns are? I need to present to my manager an explanation of why it's not recommended.

asked 10 months ago80 views
1 Answer
1
Accepted Answer

Given that Redis is a database (yes, in-memory but that's the idea - for speed): We strongly recommend that you don't expose databases to the Internet directly. It opens them to attack, abuse, etc.

Could you limit access to Redis (or any database) to specific remote IP addresses? Yes. But it's pretty easy to make a mistake there; and if there are many users of the application then that becomes impractical and difficult to maintain.

Could you limit access using some sort of authentication (could be username/password; could be API key; etc.)? Yes. But now your database is open to brute-force attacks; potential DDoS; and so on.

If you allow access to Redis via a VPN (presumably site-so-site but client VPN also qualifies) and only allow access via the VPN then generally (from a security perspective) that's a "private" connection (the "P" in VPN") so you have controlled who can connect.

TL;DR: Security best practice says "don't allow access to databases over the Internet unless you really know what you're getting into".

profile picture
EXPERT
answered 10 months ago
  • Thanks for the information, that really helps in what I tell my manager.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions