Given that Redis supports optional authentication, it would be outrageous to deploy it to a public subnet hence exposing to the Internet. So, once you setup and configure Redis in a private subnet, bind the address, add a firewall rule, and on top of that you could implement ACLs (Access Control Lists) as well.
Although ACLs gives you this improved granular sense of security by implementing least-privilege and reducing the blast radius, it’s worth to know that
AUTH command as any other Redis command, is sent through the network unencrypted, including the password.
And another thing I had to figure out as a Redis newbie was that
redis-cli creates a new connection on every invocation therefore you have to authenticate on each run. If I do this:
redis-cli -h <IP_ADDRESS> -a "<SOME_SECRET>" <IP_ADDRESS>:6379> PING PONG
All good, right?! Now, once you exit the session and run something like:
redis-cli -h <IP_ADDRESS> PING (error) NOAUTH Authentication required.
So, let’s see how to do both. AUTH and execute a Redis command as a single command.
Step 1. Run the following command:
redis-cli -h <IP_ADDRESS> -a "<SOME_PASSWORD>" PING
Tried everything and nothing works? Let me know. On a side note, follow our official channel on Telegram.