Use VPC Service Controls with Memorystore for Redis

You can protect your Memorystore for Redis instances using VPC Service Controls.

VPC Service Controls protect against data exfiltration and provide an extra layer of security for your instances. For more information about VPC Service Controls, see Overview of VPC Service Controls.

Once the Memorystore for Redis API is protected by your service perimeter, Memorystore for Redis API requests coming from clients outside of the perimeter must have the proper access level rules.

Protecting your Redis instances using VPC Service Controls

  1. Create a service perimeter.

  2. Add the Memorystore for Redis API to your service perimeter. For instructions on adding a service to your service perimeter, see Updating a service perimeter.

Configuration requirements

If you use both Shared VPC and VPC Service Controls, you must have the host project that provides the network and the service project that contains the Redis instance inside the same perimeter in order for Redis requests to succeed. Otherwise, requests between the service project instance and the host project network are blocked by the VPC Service Controls service perimeter.

At any time, separating the host project and service project with a perimeter can cause a Redis instance failure, in addition to blocked requests.

Limitations of VPC Service Controls for Redis instances

For a list of VPC Service Controls limitations for Memorystore, see Supported products and limitations