Skip to content

Commit 3593d9a

Browse files
authored
Merge pull request #1569 from redis/DOC-5037
RC: Block public endpoints
2 parents 4444f8a + 9527536 commit 3593d9a

File tree

4 files changed

+68
-2
lines changed

4 files changed

+68
-2
lines changed

content/operate/rc/changelog/june-2025.md

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -7,15 +7,19 @@ categories:
77
- rc
88
description: New features, enhancements, and other changes added to Redis Cloud during
99
June 2025.
10-
highlights: Free database selection
10+
highlights: Block public endpoints, Free database selection
1111
linktitle: June 2025
1212
weight: 28
1313
---
1414

1515
## New features
1616

17+
### Block public endpoints
18+
19+
Users with Redis Cloud Pro databases can now choose to block public endpoints for all databases in their subscription. See [Block public endpoints]({{< relref "/operate/rc/security/database-security/block-public-endpoints" >}}) for more information.
20+
1721
### Free database selection
1822

1923
You can now create a free database from the [Create a database]({{< relref "/operate/rc/databases/create-database/create-free-database" >}}) page. Free databases are perfect for learning and exploring Redis. You get 30 MB of space for you to learn Redis concepts and develop application prototypes.
2024

21-
You can only have one free database per account. If you already have a free database, you can [delete it]({{< relref "/operate/rc/databases/delete-database" >}}) or [upgrade it to a paid Essentials plan]({{< relref "/operate/rc/subscriptions/view-essentials-subscription#upgrade-plan" >}}) before creating a new one.
25+
You can only have one free database per account. If you already have a free database, you can [delete it]({{< relref "/operate/rc/databases/delete-database" >}}) or [upgrade it to a paid Essentials plan]({{< relref "/operate/rc/subscriptions/view-essentials-subscription#upgrade-plan" >}}) before creating a new one.

content/operate/rc/databases/create-database/create-pro-database-new.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -125,6 +125,7 @@ The following settings are defined in the **Advanced options** of the **Setup**
125125
| **Multi-AZ** | Determines if replication spans multiple Availability Zones, which provides automatic failover when problems occur. See [High Availability]({{< relref "/operate/rc/databases/configuration/high-availability" >}}). |
126126
| **Allowed Availability Zones** | The availability zones for your selected region.<br/><br/>If you choose **Manual selection**, you must select at least one zone ID from the **Zone IDs** list. For more information, see [Availability zones]({{< relref "/operate/rc/databases/configuration/high-availability#availability-zones" >}}). |
127127
| **Cloud account** | To deploy these databases to an existing cloud account, select it here. Use the **Add** button to add a new cloud account.<br/><br/>(Available only if [Redis Cloud Bring your own Cloud]({{< relref "/operate/rc/subscriptions/bring-your-own-cloud" >}}) is enabled) |
128+
| **Public endpoint access** | Select whether or not to [block public endpoints]({{< relref "/operate/rc/security/database-security/block-public-endpoints" >}}) for all databases in the subscription. |
128129
| **VPC configuration** | Select **In a new VPC** to deploy to a new [virtual private cloud](https://en.wikipedia.org/wiki/Virtual_private_cloud) (VPC).<br/><br/>To deploy these databases to an existing virtual private cloud, select **In existing VPC** and then set VPC ID to the appropriate ID value.<br/><br/>(Available only if [Redis Cloud Bring your own Cloud]({{< relref "/operate/rc/subscriptions/bring-your-own-cloud" >}}) is enabled) |
129130
| **Deployment CIDR** | The [CIDR](https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) range of IP addresses for your deployment. Redis creates a new [subnet](https://en.wikipedia.org/wiki/Subnetwork) for the **Deployment CIDR** in your [virtual private cloud](https://en.wikipedia.org/wiki/Virtual_private_cloud) (VPC). It cannot overlap with the CIDR ranges of other subnets used by your account.<br/><br/>For deployments in an existing VPC, the **Deployment CIDR** must be within your VPC's **primary** CIDR range (secondary CIDRs are not supported). |
130131
| **Auto Tiering**| Determines if your databases are stored only in memory (RAM) or are split between memory and Flash storage (RAM+Flash). See [Auto Tiering]({{< relref "/operate/rs/databases/auto-tiering/" >}})|
Lines changed: 53 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,53 @@
1+
---
2+
Title: Block public endpoints
3+
alwaysopen: false
4+
categories:
5+
- docs
6+
- operate
7+
- rc
8+
description: Learn how to block the public endpoints of your databases.
9+
weight: 40
10+
---
11+
12+
By default, you can connect to Redis Cloud databases through the database's public endpoint, or through the database's private endpoint with a private connectivity method.
13+
14+
Public endpoints are accessible from the public internet and don't require a private connectivity method. While this makes Redis Cloud databases convenient to use, it also exposes the databases to potential unauthorized access or brute force attacks, even with a database password in place. Some organizations may want to block public access to their databases to comply with security policies or to better meet stringent compliance standards.
15+
16+
Users with Redis Cloud Pro databases can choose to block public endpoints for all databases in their subscription.
17+
18+
## Block public endpoints
19+
20+
You can block public endpoints for a [new subscription](#new-subscription) or an [existing subscription](#existing-subscription).
21+
22+
### New subscription
23+
24+
To block the public endpoints when you [create a new Pro subscription]({{< relref "/operate/rc/databases/create-database/create-pro-database-new" >}}):
25+
26+
1. Follow the instructions to [create a Pro database with custom settings]({{< relref "/operate/rc/databases/create-database/create-pro-database-new#custom-settings" >}}).
27+
1. On the **Setup** tab, go to **Advanced options > Security** to select persistent storage encryption options.
28+
1. Select **Block public endpoint** to block the public endpoint for all databases on the subscription.
29+
1. Select **Continue** to go to the [Sizing tab]({{< relref "/operate/rc/databases/create-database/create-pro-database-new#sizing-tab" >}}). Follow the instructions to provision your database(s).
30+
31+
After you block the public endpoints for a new subscription, you will need to set up a [private connectivity method](#private-connectivity-methods) to connect to your databases.
32+
33+
### Existing subscription
34+
35+
For existing subscriptions, we recommend setting up a [private connectivity method](#private-connectivity-methods) to connect to your databases before blocking the private endpoint and migrating all connections to the private endpoint.
36+
37+
To block the public endpoints of an existing Pro subscription:
38+
39+
1. From the [Redis Cloud console](https://cloud.redis.io/), select the **Subscriptions** menu and then select your subscription from the list.
40+
1. Open the **Security** tab to view security settings.
41+
1. In the **Endpoint** section, select **Edit**.
42+
1. Select **Block public endpoint**.
43+
1. Select **Save** to save your changes.
44+
1. A window will appear asking you to confirm that blocking the public endpoint will reject clients connecting to the public endpoint. Select **I understand** and then **Block** to confirm.
45+
46+
After your changes are saved, any incoming connections to the public endpoint of your database will be rejected.
47+
48+
## Private connectivity methods
49+
50+
Redis Cloud supports the following private connectivity options:
51+
- [VPC peering]({{< relref "/operate/rc/security/vpc-peering" >}})
52+
- [Google Cloud Private Service Connect]({{< relref "/operate/rc/security/private-service-connect" >}}) _(Google Cloud only)_
53+
- [AWS Transit Gateway]({{< relref "/operate/rc/security/aws-transit-gateway" >}}) _(AWS only)_

content/operate/rc/subscriptions/view-pro-subscription.md

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -41,6 +41,8 @@ In addition, three tabs are available:
4141

4242
3. The **Connectivity** tab lets you limit access to the subscription by defining a VPC peering or other connectivity options.
4343

44+
4. The **Security** tab lets you set security settings for the databases in your subscription.
45+
4446
The following sections provide more info.
4547

4648
## **Databases** tab
@@ -122,3 +124,9 @@ Here, you can:
122124
- Set up [Private Service Connect]({{< relref "/operate/rc/security/private-service-connect" >}}) (*Google Cloud only*) or [Transit Gateway]({{< relref "/operate/rc/security/aws-transit-gateway" >}}) (*AWS only*).
123125

124126
See the individual links to learn more.
127+
128+
## **Security** tab
129+
130+
The **Security** tab lets you set security settings for the databases in your subscription.
131+
132+
Here, you can [block public endpoints]({{< relref "/operate/rc/security/database-security/block-public-endpoints" >}}) for all databases in the subscription.

0 commit comments

Comments
 (0)