Setting up - Amazon MemoryDB for Redis
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China.

Setting up

Following, you can find topics that describe the one-time actions you must take to start using MemoryDB.

Getting an Amazon Access Key

Before you can access MemoryDB programmatically or through the Amazon Command Line Interface (Amazon CLI), you must have an Amazon access key. You don't need an access key if you plan to use the MemoryDB console only. Access keys consist of an access key ID and secret access key, which are used to sign programmatic requests that you make to Amazon. If you don't have access keys, you can create them from the Amazon Management Console. As a best practice, do not use the Amazon account root user access keys for any task where it's not required. Instead, create a new administrator IAM user with access keys for yourself. The only time that you can view or download the secret access key is when you create the keys. You cannot recover them later. However, you can create new access keys at any time. You must also have permissions to perform the required IAM actions. For more information, see Permissions Required to Access IAM Resources in the IAM User Guide.

To create access keys for an IAM user

  1. Sign in to the Amazon Management Console and open the IAM console at https://console.aws.amazon.com/iam/.

  2. In the left navigation pane, choose Users.

  3. Choose the name of the user whose access keys you want to create, and then choose the Security credentials tab.

  4. In the Access keys section, choose Create access key.

  5. To view the new access key pair, choose Show. You will not have access to the secret access key again after this page closes. Your credentials will look something like this:

    • Access key ID: AKIAIOSFODNN7EXAMPLE

    • Secret access key: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

  6. To download the key pair, choose Download .csv file. Store the keys in a secure location. You will not have access to the secret access key again after this page closes.

  7. Keep the keys confidential in order to protect your Amazon account and never email them. Do not share them outside your organization, even if an inquiry appears to come from Amazon or Amazon.com. No one who legitimately represents Amazon will ever ask you for your secret key.

  8. After you download the .csv file, choose Close. When you create an access key, the key pair is active by default, and you can use the pair right away.

Related topics:

Configuring Your Credentials

Before you can access MemoryDB programmatically or through the Amazon CLI, you must configure your credentials to enable authorization for your applications.

There are several ways to do this. For example, you can manually create the credentials file to store your access key ID and secret access key. You also can use the aws configure command of the Amazon CLI to automatically create the file. Alternatively, you can use environment variables. For more information about configuring your credentials, see the programming-specific Amazon SDK developer guide at Tools to Build on Amazon.

Downloading and Configuring the Amazon CLI

The Amazon CLI is available at http://aws.amazon.com/cli. It runs on Windows, MacOS and Linux. After you download the Amazon CLI, follow these steps to install and configure it:

Set up your permissions (new MemoryDB users only)

MemoryDB for Redis creates and uses service-linked roles to provision resources and access other Amazon resources and services on your behalf. For MemoryDB to create a service-linked role for you, use the Amazon-managed policy named AmazonMemoryDBFullAccess. This role comes preprovisioned with permission that the service requires to create a service-linked role on your behalf.

You might decide not to use the default policy and instead to use a custom-managed policy. In this case, make sure that you have either permissions to call iam:createServiceLinkedRole or that you have created the MemoryDB service-linked role.

For more information, see the following: