Disabling access control on an ElastiCache Redis OSS cache
Follow the instructions below to disable access control on a Redis OSS TLS-enabled cache. Your Redis OSS cache will have one of two different types of configurations: Redis OSS AUTH default user access or User group access control list (RBAC). If your cache was created with the AUTH configuration, you have to change it to the RBAC configuration before you can disable the cache by removing the user groups. If your cache was created with the RBAC configuration, you can go straight into disabling it.
To disable a Redis OSS serverless cache configured with RBAC
-
Remove the user groups to disable the access control.
aws elasticache modify-serverless-cache --serverless-cache-name <serverless-cache> --remove-user-group
-
(Optional) Verify that no user groups are associated with the serverless cache.
aws elasticache describe-serverless-caches --serverless-cache-name <serverless-cache> { "..." "UserGroupId": "" "..." }
To disable a Redis OSS cache with configured with an AUTH token
-
Change the AUTH token to RBAC and specify a user group to add.
aws elasticache modify-replication-group --replication-group-id <replication-group-id-value> --auth-token-update-strategy DELETE --user-group-ids-to-add <user-group-value>
-
Verify that the AUTH token got disabled and that a user group was added.
aws elasticache describe-replication-groups --replication-group-id <replication-group-id-value> { "..." "AuthTokenEnabled": false, "UserGroupIds": [ "<user-group-value>" ] "..." }
-
Remove the user groups to disable the access control.
aws elasticache modify-replication-group --replication-group-id <replication-group-value> --user-group-ids-to-remove <user-group-value> { "..." "PendingModifiedValues": { "UserGroups": { "UserGroupIdsToAdd": [], "UserGroupIdsToRemove": [ "<user-group-value>" ] } "..." }
-
(Optional) Verify that no user groups are associated with the cluster. The
AuthTokenEnabled
field should also read false.aws elasticache describe-replication-groups --replication-group-id <replication-group-value> "AuthTokenEnabled": false
To disable a Redis OSS cluster configured with RBAC
-
Remove the user groups to disable the access control.
aws elasticache modify-replication-group --replication-group-id <replication-group-value> --user-group-ids-to-remove <user-group-value> { "..." "PendingModifiedValues": { "UserGroups": { "UserGroupIdsToAdd": [], "UserGroupIdsToRemove": [ "<user-group-value>" ] } "..." }
-
(Optional) Verify that no user groups are associated with the cluster. The
AuthTokenEnabled
field should also read false.aws elasticache describe-replication-groups --replication-group-id <replication-group-value> "AuthTokenEnabled": false