Checks whether the password-based authentication feature is enabled for each ApsaraDB for Redis instance in your virtual private clouds (VPCs). If so, the evaluation result is Compliant.
Scenarios
This rule applies when you need to enable the password-based authentication feature for an ApsaraDB for Redis instance in your VPC. This helps you improve the security of the resources on the instances.
Risk level
Default risk level: high.
When you apply this rule, you can change the risk level based on your business requirements.
Compliance evaluation logic
- If the password-based authentication feature is enabled for each ApsaraDB for Redis instance in your VPCs, the evaluation result is Compliant.
- If the password-based authentication feature is enabled for an ApsaraDB for Redis instance in the classic network, the evaluation result is Incompliant. If the password-based authentication feature is disabled for an ApsaraDB for Redis instances in your VPC, the evaluation result is also Incompliant. For more information about how to remediate an incompliant configuration, see Incompliance remediation.
Rule details
| Item | Description |
|---|---|
| Rule name | redis-instance-open-auth-mode |
| Rule identifier | redis-instance-open-auth-mode |
| Tag | Redis |
| Automatic remediation | Not supported |
| Trigger type | Configuration change |
| Supported resource type | ApsaraDB for Redis instance |
| Input parameter | None. |
Incompliance remediation
Disable password-free access for an ApsaraDB for Redis instance in your VPC. For more information, see Enable password-free access.