Amazon managed policies for Amazon ElastiCache
An Amazon managed policy is a standalone policy that is created and administered by Amazon. Amazon managed policies are designed to provide permissions for many common use cases so that you can start assigning permissions to users, groups, and roles.
Keep in mind that Amazon managed policies might not grant least-privilege permissions for your specific use cases because they're available for all Amazon customers to use. We recommend that you reduce permissions further by defining customer managed policies that are specific to your use cases.
You cannot change the permissions defined in Amazon managed policies. If Amazon updates the permissions defined in an Amazon managed policy, the update affects all principal identities (users, groups, and roles) that the policy is attached to. Amazon is most likely to update an Amazon managed policy when a new Amazon Web Service is launched or new API operations become available for existing services.
For more information, see Amazon managed policies in the IAM User Guide.
Amazon managed policy: ElastiCacheServiceRolePolicy
You can't attach ElastiCacheServiceRolePolicy to your IAM entities. This policy is attached to a service-linked role that allows ElastiCache to perform actions on your behalf.
This policy allows ElastiCache to manage Amazon resources on your behalf as necessary for managing your cache:
ec2
– Manage EC2 networking resources to attach to cache nodes, including VPC endpoints (for serverless caches), Elastic Network Interfaces (ENIs) (for self-designed clusters), and security groups.cloudwatch
– Emit metric data from the service into CloudWatch.outposts
– Allow creation of cache nodes on Amazon Outposts.
You can find the ElastiCacheServiceRolePolicy
Amazon managed policy: AmazonElastiCacheFullAccess
You can attach the AmazonElastiCacheFullAccess
policy to your IAM identities.
This policy allows principals full access to ElastiCache using the Amazon Management Console:
elasticache
— Access all APIs.iam
— Create service-linked role necessary for service operation.ec2
— Describe dependent EC2 resources necessary for cache creation (VPC, subnet, security group) and allow creation of VPC endpoints (for serverless caches).kms
— Allow usage of customer-managed CMKs for encryption-at-rest.cloudwatch
— Allow access to metrics to display ElastiCache metrics in the console.application-autoscaling
— Allow access to describe autoscaling policies for caches.logs
— Used to populate log streams for log delivery functionality in the console.firehose
— Used to populate delivery streams for log delivery functionality in the console.s3
— Used to populate S3 buckets for snapshot restore functionality in the console.outposts
— Used to populate Amazon Outposts for cache creation in the console.sns
— Used to populate SNS topics for notification functionality in the console.
You can find the AmazonElastiCacheFullAccess
Amazon managed policy: AmazonElastiCacheReadOnlyAccess
You can attach the AmazonElastiCacheReadOnlyAccess
policy to your IAM identities.
This policy allows principals read-only access to ElastiCache using the Amazon Management Console:
elasticache
— Access read-onlyDescribe
APIs.
You can find the AmazonElastiCacheReadOnlyAccess
ElastiCache updates to Amazon managed policies
View details about updates to Amazon managed policies for ElastiCache since this service began tracking these changes. For automatic alerts about changes to this page, subscribe to the RSS feed on the ElastiCache Document history page.
Change | Description | Date |
---|---|---|
AmazonElastiCacheFullAccess – Update to an existing policy |
ElastiCache added new permissions to allow management of serverless caches, and to enable usage of all service features via the console. |
November 27, 2023 |
ElastiCacheServiceRolePolicy – Update to an existing policy |
ElastiCache added new permissions to allow management of VPC endpoints for serverless cache resources. |
November 27, 2023 |
ElastiCache started tracking changes |
ElastiCache started tracking changes for its Amazon managed policies. |
February 07, 2020 |