AWS ElastiCache User

This page shows how to write Terraform and CloudFormation for ElastiCache User and write them securely.

aws_elasticache_user (Terraform)

The User in ElastiCache can be configured in Terraform with the resource name aws_elasticache_user. The following sections describe how to use the resource and its parameters.

Example Usage from GitHub

An example could not be found in GitHub.

Review your Terraform file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

The following arguments are required:

  • access_string - (Required) Access permissions string used for this user. See Specifying Permissions Using an Access String for more details.
  • engine - (Required) The current supported value is REDIS.
  • user_id - (Required) The ID of the user.
  • user_name - (Required) The username of the user.

The following arguments are optional:

  • no_password_required - (Optional) Indicates a password is not required for this user.
  • passwords - (Optional) Passwords used for this user. You can create up to two passwords for each user.
  • tags - (Optional) A list of tags to be added to this resource. A tag is a key-value pair.

In addition to all arguments above, the following attributes are exported:

  • arn - The ARN of the created ElastiCache User.

Explanation in Terraform Registry

Provides an ElastiCache user resource.

Note: All arguments including the username and passwords will be stored in the raw state as plain-text. Read more about sensitive data in state.

Tips: Best Practices for The Other AWS ElastiCache Resources

In addition to the aws_elasticache_cluster, AWS ElastiCache has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.

risk-label

aws_elasticache_cluster

Ensure to enable backup retention of Elasitcache

It's better to take snapshots of Redis clusters to improve data availability.

risk-label

aws_elasticache_replication_group

Ensure to enable in-transit encryption of ElastiCache

It's better to enable in-transit encryption of ElastiCahe. If the ElastiCache replication group uses unencrypted traffic, it is vulnerable to meet-in-the-middle (MITM) attacks.

Review your AWS ElastiCache settings

In addition to the above, there are other security points you should be aware of making sure that your .tf files are protected in Shisho Cloud.

AWS::ElastiCache::User (CloudFormation)

The User in ElastiCache can be configured in CloudFormation with the resource name AWS::ElastiCache::User. The following sections describe how to use the resource and its parameters.

Example Usage from GitHub

An example could not be found in GitHub.

Parameters

Explanation in CloudFormation Registry

For Redis engine version 6.

x onwards: Creates a Redis user. For more information, see Using Role Based Access Control (RBAC).

Frequently asked questions

What is AWS ElastiCache User?

AWS ElastiCache User is a resource for ElastiCache of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.