AWS ElastiCache User
This page shows how to write Terraform and CloudFormation for ElastiCache User and write them securely.
aws_elasticache_user (Terraform)
The User in ElastiCache can be configured in Terraform with the resource name aws_elasticache_user
. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
An example could not be found in GitHub.
Parameters
The following arguments are required:
access_string
- (Required) Access permissions string used for this user. See Specifying Permissions Using an Access String for more details.engine
- (Required) The current supported value isREDIS
.user_id
- (Required) The ID of the user.user_name
- (Required) The username of the user.
The following arguments are optional:
no_password_required
- (Optional) Indicates a password is not required for this user.passwords
- (Optional) Passwords used for this user. You can create up to two passwords for each user.tags
- (Optional) A list of tags to be added to this resource. A tag is a key-value pair.
In addition to all arguments above, the following attributes are exported:
arn
- The ARN of the created ElastiCache User.
Explanation in Terraform Registry
Provides an ElastiCache user resource.
Note: All arguments including the username and passwords will be stored in the raw state as plain-text. Read more about sensitive data in state.
Tips: Best Practices for The Other AWS ElastiCache Resources
In addition to the aws_elasticache_cluster, AWS ElastiCache has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.
aws_elasticache_cluster
Ensure to enable backup retention of Elasitcache
It's better to take snapshots of Redis clusters to improve data availability.
aws_elasticache_replication_group
Ensure to enable in-transit encryption of ElastiCache
It's better to enable in-transit encryption of ElastiCahe. If the ElastiCache replication group uses unencrypted traffic, it is vulnerable to meet-in-the-middle (MITM) attacks.
AWS::ElastiCache::User (CloudFormation)
The User in ElastiCache can be configured in CloudFormation with the resource name AWS::ElastiCache::User
. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
An example could not be found in GitHub.
Parameters
-
UserId
required - String -
UserName
required - String -
Engine
required - String -
AccessString
optional - String -
NoPasswordRequired
optional - Boolean -
Passwords
optional - List
Explanation in CloudFormation Registry
For Redis engine version 6.
x onwards: Creates a Redis user. For more information, see Using Role Based Access Control (RBAC).