ElastiCache API permissions: Actions, resources, and conditions reference

When you set up access control and write permissions policies to attach to an IAM policy (either idenity-based or resource-based), use the following table as a reference. The table lists each Amazon ElastiCache API operation and the corresponding actions for which you can grant permissions to perform the action. You specify the actions in the policy's Action field, and you specify a resource value in the policy's Resource field. Unless indicated otherwise, the resource is required. Some fields include both a required resource and optional resources. When there is no resource ARN, the resource in the policy is a wildcard (*).

You can use condition keys in your ElastiCache policies to express conditions. To see a list of ElastiCache-specific condition keys, along with the actions and resource types to which they apply, see Using condition keys. For a complete list of AWS-wide keys, see Available Keys for Conditions in the IAM User Guide.

Note

To specify an action, use the elasticache: prefix followed by the API operation name (for example, elasticache:DescribeCacheClusters).

Use the scroll bars to see the rest of the table.

Amazon ElastiCache API and required permissions for actions
ElastiCache API operations	Required permissions (API actions)	Resources
AddTagsToResource	`elasticache:AddTagsToResource`	(Optional) Cluster
AuthorizeCacheSecurityGroupIngress	`elasticache:AuthorizeCacheSecurityGroupIngress`	Security group
CreateCacheCluster	`elasticache:CreateCacheCluster` `elasticache:AddTagsToResource`	Parameter group. (Optional) Cache cluster, Replication group, Security group Ids and Subnet group
CreateCacheParameterGroup	`elasticache:CreateCacheParameterGroup` `elasticache:AddTagsToResource`	Parameter group
CreateCacheSecurityGroup	`elasticache:CreateCacheSecurityGroup` `elasticache:AddTagsToResource`	Security group
CreateCacheSubnetGroup	`elasticache:CreateCacheSubnetGroup` `elasticache:AddTagsToResource`	Subnet group
DecreaseNodeGroupsInGlobalReplicationGroup	`elasticache:DecreaseNodeGroupsInGlobalReplicationGroup`	GlobalReplicationGroup
DecreaseReplicaCount	`elasticache:DecreaseReplicaCount`	Replication group
DeleteCacheCluster	`elasticache:DeleteCacheCluster`	Cache cluster
DeleteCacheParameterGroup	`elasticache:DeleteCacheParameterGroup`	Parameter group
DeleteCacheSubnetGroup	`elasticache:DeleteCacheSubnetGroup`	Subnet group
DescribeCacheClusters	`elasticache:DescribeCacheClusters`	Cluster
DescribeCacheEngineVersions	`elasticache:DescribeCacheEngineVersions`	No Resource ARN: *
DescribeCacheParameterGroups	`elasticache:DescribeCacheParameterGroups`	Parameter group
DescribeCacheParameters	`elasticache:DescribeCacheParameters`	Parameter group
DescribeCacheSecurityGroups	`elasticache:DescribeCacheSecurityGroups`	Security group
DescribeCacheSubnetGroups	`elasticache:DescribeCacheSubnetGroups`	Subnet group	*
DescribeEngineDefaultParameters	`elasticache:DescribeEngineDefaultParameters`	No Resource ARN:*
DescribeEvents	`elasticache:DescribeEvents`	No Resource ARN: *
DescribeReservedCacheNodes	`elasticache:DescribeReservedCacheNodes`	Reserved-instance
DescribeReservedCacheNodesOfferings	`elasticache:DescribeReservedCacheNodesOfferings`	No Resource ARN: *
DescribeServiceUpdates	`elasticache:DescribeServiceUpdates`	No Resource ARN: *
ListTagsForResource	`elasticache:ListTagsForResource`	(Optional) Cluster
ModifyCacheCluster	`elasticache:ModifyCacheCluster`	Cache cluster. (Optional) Parameter group, Security group
ModifyCacheParameterGroup	`elasticache:ModifyCacheParameterGroup`	Parameter group
ModifyCacheSubnetGroup	`elasticache:ModifyCacheSubnetGroup`	Subnet group
ModifyReplicationGroupShardConfiguration	`elasticache:ModifyReplicationGroupShardConfiguration`	Replication group
PurchaseReservedCacheNodesOffering	`elasticache:PurchaseReservedCacheNodesOffering` `elasticache:AddTagsToResource`	Reserved-instance
RebootCacheCluster	`elasticache:RebootCacheCluster`	Cluster
RemoveTagsFromResource	`elasticache:RemoveTagsFromResource`	(Optional) Cluster
ResetCacheParameterGroup	`elasticache:ResetCacheParameterGroup`	Parameter group
RevokeCacheSecurityGroupIngress	`elasticache:RevokeCacheSecurityGroupIngress`	No Resource ARN: *

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Using Service-Linked Roles

Monitoring usage, events, and costs