Amazon managed policies for Amazon ElastiCache - Amazon ElastiCache
ElastiCacheServiceRolePolicyAmazonElastiCacheFullAccessAmazonElastiCacheReadOnlyAccessPolicy updates
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Amazon managed policies for Amazon ElastiCache

An Amazon managed policy is a standalone policy that is created and administered by Amazon. Amazon managed policies are designed to provide permissions for many common use cases so that you can start assigning permissions to users, groups, and roles.

Keep in mind that Amazon managed policies might not grant least-privilege permissions for your specific use cases because they're available for all Amazon customers to use. We recommend that you reduce permissions further by defining customer managed policies that are specific to your use cases.

You cannot change the permissions defined in Amazon managed policies. If Amazon updates the permissions defined in an Amazon managed policy, the update affects all principal identities (users, groups, and roles) that the policy is attached to. Amazon is most likely to update an Amazon managed policy when a new Amazon Web Service is launched or new API operations become available for existing services.

For more information, see Amazon managed policies in the IAM User Guide.

Amazon managed policy: ElastiCacheServiceRolePolicy

You can't attach ElastiCacheServiceRolePolicy to your IAM entities. This policy is attached to a service-linked role that allows ElastiCache to perform actions on your behalf.

This policy allows ElastiCache to manage Amazon resources on your behalf as necessary for managing your cache:

  • ec2 – Manage EC2 networking resources to attach to cache nodes, including VPC endpoints (for serverless caches), Elastic Network Interfaces (ENIs) (for self-designed clusters), and security groups.

  • cloudwatch – Emit metric data from the service into CloudWatch.

  • outposts – Allow creation of cache nodes on Amazon Outposts.

You can find the ElastiCacheServiceRolePolicy policy on the IAM console and ElastiCacheServiceRolePolicy in the Amazon Managed Policy Reference Guide.

Amazon managed policy: AmazonElastiCacheFullAccess

You can attach the AmazonElastiCacheFullAccess policy to your IAM identities.

This policy allows principals full access to ElastiCache using the Amazon Management Console:

  • elasticache — Access all APIs.

  • iam — Create service-linked role necessary for service operation.

  • ec2 — Describe dependent EC2 resources necessary for cache creation (VPC, subnet, security group) and allow creation of VPC endpoints (for serverless caches).

  • kms — Allow usage of customer-managed CMKs for encryption-at-rest.

  • cloudwatch — Allow access to metrics to display ElastiCache metrics in the console.

  • application-autoscaling — Allow access to describe autoscaling policies for caches.

  • logs — Used to populate log streams for log delivery functionality in the console.

  • firehose — Used to populate delivery streams for log delivery functionality in the console.

  • s3 — Used to populate S3 buckets for snapshot restore functionality in the console.

  • outposts — Used to populate Amazon Outposts for cache creation in the console.

  • sns — Used to populate SNS topics for notification functionality in the console.

You can find the AmazonElastiCacheFullAccess policy on the IAM console and AmazonElastiCacheFullAccess in the Amazon Managed Policy Reference Guide.

Amazon managed policy: AmazonElastiCacheReadOnlyAccess

You can attach the AmazonElastiCacheReadOnlyAccess policy to your IAM identities.

This policy allows principals read-only access to ElastiCache using the Amazon Management Console:

  • elasticache — Access read-only Describe APIs.

You can find the AmazonElastiCacheReadOnlyAccess policy on the IAM console and AmazonElastiCacheReadOnlyAccess in the Amazon Managed Policy Reference Guide.

ElastiCache updates to Amazon managed policies

View details about updates to Amazon managed policies for ElastiCache since this service began tracking these changes. For automatic alerts about changes to this page, subscribe to the RSS feed on the ElastiCache Document history page.

Change Description Date

AmazonElastiCacheFullAccess – Update to an existing policy

ElastiCache added new permissions to allow management of serverless caches, and to enable usage of all service features via the console.

 November 27, 2023

ElastiCacheServiceRolePolicy – Update to an existing policy

ElastiCache added new permissions to allow management of VPC endpoints for serverless cache resources.

 November 27, 2023

ElastiCache started tracking changes

ElastiCache started tracking changes for its Amazon managed policies.

 February 07, 2020