![]() ![]() Serverless caches and individual ElastiCache for Redis nodes support up to 65,000 concurrent client connections. Private static final HttpMethodName REQUEST_METHOD = HttpMethodName. Learn best practices for common scenarios and follow along with code examples of some of the most popular open source Redis client libraries (redis-py, PHPRedis, and Lettuce). RedisClient client = RedisClient.create(redisURI) īelow is the definition for IAMAuthTokenRequest. withAuthentication(userId, iamAuthToken) Construct Redis URL with IAM Auth credentials provider String iamAuthToken = iamAuthTokenRequest.toSignedRequestUri(awsCredentialsProvider.getCredentials()) IAMAuthTokenRequest iamAuthTokenRequest = new IAMAuthTokenRequest(userId, cacheName, region, isServerless) The pre-signed request URL is used as an IAM authentication token for ElastiCache Redis. Create an IAM authentication token request and signed it using the AWS credentials. This will look for AWS credentials defined in environment variables or system properties.ĪWSCredentialsProvider awsCredentialsProvider = new DefaultAWSCredentialsProviderChain() Create a default AWS Credentials provider. When using IAM authentication, the following limitations apply: A Redis client with support for credentials provider can auto-generate the temporary credentials automatically for each new connection.ĮlastiCache for Redis will perform IAM authentication for connection requests of IAM-enabled ElastiCache users and will validate the connection requests with IAM. Once configured, you can create an IAM authentication token using the AWS credentials of the IAM user or role.įinally you need to provide the short-lived IAM authentication token as a password in your Redis Client when connecting to your Redis cache. The IAM identity needs an associated policy to grant the elasticache:Connect action to the ElastiCache cache and ElastiCache user. To use AWS IAM with ElastiCache for Redis, you first need to create an ElastiCache user with authentication mode set to IAM, then you can create or reuse an IAM identity. You can also grant access to users from their federated Identity providers directly to Redis caches. You can use IAM identities and their associated policies to further restrict Redis access. IAM Authentication for ElastiCache Redis works by providing a short-lived IAM authentication token instead of a long-lived ElastiCache user password in the Redis AUTH or HELLO command.įor more information about the IAM authentication token, refer to the Signature Version 4 signing process in the the AWS General Reference Guide and the code example below. ![]() With IAM Authentication you can configure fine-grained access control forĮach individual ElastiCache cache and ElastiCache user and follow least-privilege permissions principles. This allows you to strengthen your security model and simplify many administrative security tasks. With IAM Authentication you can authenticate a connection to ElastiCache for Redis using AWS IAM identities, when your cache is configured to use Redis version 7 or above. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |