diff --git a/content/operate/rc/changelog/june-2025.md b/content/operate/rc/changelog/june-2025.md new file mode 100644 index 0000000000..bc06ad8b4b --- /dev/null +++ b/content/operate/rc/changelog/june-2025.md @@ -0,0 +1,19 @@ +--- +Title: Redis Cloud changelog (June 2025) +alwaysopen: false +categories: +- docs +- operate +- rc +description: New features, enhancements, and other changes added to Redis Cloud during + June 2025. +highlights: Block public endpoints +linktitle: June 2025 +weight: 28 +--- + +## New features + +### Block public endpoints + +Users with Redis Cloud Pro databases can now choose to block public endpoints for all databases in their subscription. See [Block public endpoints]({{< relref "/operate/rc/security/database-security/block-public-endpoints" >}}) for more information. diff --git a/content/operate/rc/databases/create-database/create-pro-database-new.md b/content/operate/rc/databases/create-database/create-pro-database-new.md index a9937c9fd2..ed864e0761 100644 --- a/content/operate/rc/databases/create-database/create-pro-database-new.md +++ b/content/operate/rc/databases/create-database/create-pro-database-new.md @@ -123,6 +123,7 @@ The following settings are defined in the **Advanced options** of the **Setup** | **Multi-AZ** | Determines if replication spans multiple Availability Zones, which provides automatic failover when problems occur. See [High Availability]({{< relref "/operate/rc/databases/configuration/high-availability" >}}). | | **Allowed Availability Zones** | The availability zones for your selected region.

If you choose **Manual selection**, you must select at least one zone ID from the **Zone IDs** list. For more information, see [Availability zones]({{< relref "/operate/rc/databases/configuration/high-availability#availability-zones" >}}). | | **Cloud account** | To deploy these databases to an existing cloud account, select it here. Use the **Add** button to add a new cloud account.

(Available only if [Redis Cloud Bring your own Cloud]({{< relref "/operate/rc/subscriptions/bring-your-own-cloud" >}}) is enabled) | +| **Public endpoint access** | Select whether or not to [block public endpoints]({{< relref "/operate/rc/security/database-security/block-public-endpoints" >}}) for all databases in the subscription. | | **VPC configuration** | Select **In a new VPC** to deploy to a new [virtual private cloud](https://en.wikipedia.org/wiki/Virtual_private_cloud) (VPC).

To deploy these databases to an existing virtual private cloud, select **In existing VPC** and then set VPC ID to the appropriate ID value.

(Available only if [Redis Cloud Bring your own Cloud]({{< relref "/operate/rc/subscriptions/bring-your-own-cloud" >}}) is enabled) | | **Deployment CIDR** | The [CIDR](https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) range of IP addresses for your deployment. Redis creates a new [subnet](https://en.wikipedia.org/wiki/Subnetwork) for the **Deployment CIDR** in your [virtual private cloud](https://en.wikipedia.org/wiki/Virtual_private_cloud) (VPC). It cannot overlap with the CIDR ranges of other subnets used by your account.

For deployments in an existing VPC, the **Deployment CIDR** must be within your VPC's **primary** CIDR range (secondary CIDRs are not supported). | | **Auto Tiering**| Determines if your databases are stored only in memory (RAM) or are split between memory and Flash storage (RAM+Flash). See [Auto Tiering]({{< relref "/operate/rs/databases/auto-tiering/" >}})| diff --git a/content/operate/rc/security/database-security/block-public-endpoints.md b/content/operate/rc/security/database-security/block-public-endpoints.md new file mode 100644 index 0000000000..6cb1fcf03e --- /dev/null +++ b/content/operate/rc/security/database-security/block-public-endpoints.md @@ -0,0 +1,53 @@ +--- +Title: Block public endpoints +alwaysopen: false +categories: +- docs +- operate +- rc +description: Learn how to block the public endpoints of your databases. +weight: 40 +--- + +By default, you can connect to Redis Cloud databases through the database's public endpoint, or through the database's private endpoint with a private connectivity method. + +Public endpoints are accessible from the public internet and don't require a private connectivity method. While this makes Redis Cloud databases convenient to use, it also exposes the databases to potential unauthorized access or brute force attacks, even with a database password in place. Some organizations may want to block public access to their databases to comply with security policies or to better meet stringent compliance standards. + +Users with Redis Cloud Pro databases can choose to block public endpoints for all databases in their subscription. + +## Block public endpoints + +You can block public endpoints for a [new subscription](#new-subscription) or an [existing subscription](#existing-subscription). + +### New subscription + +To block the public endpoints when you [create a new Pro subscription]({{< relref "/operate/rc/databases/create-database/create-pro-database-new" >}}): + +1. Follow the instructions to [create a Pro database with custom settings]({{< relref "/operate/rc/databases/create-database/create-pro-database-new#custom-settings" >}}). +1. On the **Setup** tab, go to **Advanced options > Security** to select persistent storage encryption options. +1. Select **Block public endpoint** to block the public endpoint for all databases on the subscription. +1. Select **Continue** to go to the [Sizing tab]({{< relref "/operate/rc/databases/create-database/create-pro-database-new#sizing-tab" >}}). Follow the instructions to provision your database(s). + +After you block the public endpoints for a new subscription, you will need to set up a [private connectivity method](#private-connectivity-methods) to connect to your databases. + +### Existing subscription + +For existing subscriptions, we recommend setting up a [private connectivity method](#private-connectivity-methods) to connect to your databases before blocking the private endpoint and migrating all connections to the private endpoint. + +To block the public endpoints of an existing Pro subscription: + +1. From the [Redis Cloud console](https://cloud.redis.io/), select the **Subscriptions** menu and then select your subscription from the list. +1. Open the **Security** tab to view security settings. +1. In the **Endpoint** section, select **Edit**. +1. Select **Block public endpoint**. +1. Select **Save** to save your changes. +1. A window will appear asking you to confirm that blocking the public endpoint will reject clients connecting to the public endpoint. Select **I understand** and then **Block** to confirm. + +After your changes are saved, any incoming connections to the public endpoint of your database will be rejected. + +## Private connectivity methods + +Redis Cloud supports the following private connectivity options: +- [VPC peering]({{< relref "/operate/rc/security/vpc-peering" >}}) +- [Google Cloud Private Service Connect]({{< relref "/operate/rc/security/private-service-connect" >}}) _(Google Cloud only)_ +- [AWS Transit Gateway]({{< relref "/operate/rc/security/aws-transit-gateway" >}}) _(AWS only)_ \ No newline at end of file diff --git a/content/operate/rc/subscriptions/view-pro-subscription.md b/content/operate/rc/subscriptions/view-pro-subscription.md index a343946ec2..f8854a45bd 100644 --- a/content/operate/rc/subscriptions/view-pro-subscription.md +++ b/content/operate/rc/subscriptions/view-pro-subscription.md @@ -41,6 +41,8 @@ In addition, three tabs are available: 3. The **Connectivity** tab lets you limit access to the subscription by defining a VPC peering or other connectivity options. +4. The **Security** tab lets you set security settings for the databases in your subscription. + The following sections provide more info. ## **Databases** tab @@ -122,3 +124,9 @@ Here, you can: - Set up [Private Service Connect]({{< relref "/operate/rc/security/private-service-connect" >}}) (*Google Cloud only*) or [Transit Gateway]({{< relref "/operate/rc/security/aws-transit-gateway" >}}) (*AWS only*). See the individual links to learn more. + +## **Security** tab + +The **Security** tab lets you set security settings for the databases in your subscription. + +Here, you can [block public endpoints]({{< relref "/operate/rc/security/database-security/block-public-endpoints" >}}) for all databases in the subscription.