ElastiCache API Permissions: Actions, Resources, and Conditions Reference - Amazon ElastiCache for Redis

ElastiCache API Permissions: Actions, Resources, and Conditions Reference

When you set up access control and write permissions policies to attach to an IAM identity (identity-based policies), use the following table as a reference. The table lists each Amazon ElastiCache API operation and the corresponding actions for which you can grant permissions to perform the action. You specify the actions in the policy's Action field, and you specify a wildcard character (*) as the resource value in the policy's Resource field.

You can use AWS-wide condition keys in your ElastiCache policies to express conditions. For a complete list of AWS-wide keys, see Available Keys for Conditions in the IAM User Guide.

Note

To specify an action, use the elasticache: prefix followed by the API operation name (for example, elasticache:DescribeCacheClusters). For all ElastiCache actions, specify the wildcard character (*) as the resource.

Use the scroll bars to see the rest of the table.

Amazon ElastiCache API and Required Permissions for Actions
ElastiCache API Operations Required Permissions (API Actions) Resources

AddTagsToResource

elasticache:AddTagsToResource

*

AuthorizeCacheSecurityGroupIngress

elasticache:AuthorizeCacheSecurityGroupIngress

*

BatchApplyUpdateAction

elasticache:BatchApplyUpdateAction

*

BatchStopUpdateAction

elasticache:BatchStopUpdateAction

*

CompleteMigration

elasticache:CompleteMigration

*

CopySnapshot

elasticache:CopySnapshot

s3:GetBucketLocation

s3:ListAllMyBuckets

*

*

*

CreateCacheCluster

elasticache:CreateCacheCluster

s3:GetObject

Note

If you use the SnapshotArns parameter, each member of the SnapshotArns list requires its own s3:GetObject permission with the s3 ARN as its resource.

*

arn:aws:s3:::my_bucket/snapshot1.rdb

Where my_bucket/snapshot1 is an S3 bucket and snapshot that you want to create the cache cluster from.

CreateCacheParameterGroup

elasticache:CreateCacheParameterGroup

*

CreateCacheSecurityGroup

elasticache:CreateCacheSecurityGroup

*

CreateCacheSubnetGroup

elasticache:CreateCacheSubnetGroup

*

CreateGlobalReplicationGroup

elasticache:CreateGlobalReplicationGroup

*

CreateReplicationGroup

elasticache:CreateReplicationGroup

s3:GetObject

Note

If you use the SnapshotArns parameter, each member of the SnapshotArns list requires its own s3:GetObject permission with the s3 ARN as its resource.

*

arn:aws:s3:::my_bucket/snapshot1.rdb

Where my_bucket/snapshot1 is an S3 bucket and snapshot that you want to create the cache cluster from.

CreateSnapshot

elasticache:CreateSnapshot

*

DecreaseNodeGroupsInGlobalReplicationGroup

elasticache:DecreaseNodeGroupsInGlobalReplicationGroup

*

DecreaseReplicaCount

elasticache:DecreaseReplicaCount

*

DeleteCacheCluster

elasticache:DeleteCacheCluster

*

DeleteCacheParameterGroup

elasticache:DeleteCacheParameterGroup

*

DeleteCacheSecurityGroup

elasticache:DeleteCacheSecurityGroup

*

DeleteCacheSubnetGroup

elasticache:DeleteCacheSubnetGroup

*

DeleteGlobalReplicationGroup

elasticache:DeleteGlobalReplicationGroup

*

DeleteReplicationGroup

elasticache:DeleteReplicationGroup

*

DeleteSnapshot

elasticache:DeleteSnapshot

*

DescribeCacheClusters

elasticache:DescribeCacheClusters

*

DescribeCacheEngineVersions

elasticache:DescribeCacheEngineVersions

*

DescribeCacheParameterGroups

elasticache:DescribeCacheParameterGroups

*

DescribeCacheParameters

elasticache:DescribeCacheParameters

*

DescribeCacheSecurityGroups

elasticache:DescribeCacheSecurityGroups

*

DescribeCacheSubnetGroups

elasticache:DescribeCacheSubnetGroups

*

DescribeEngineDefaultParameters

elasticache:DescribeEngineDefaultParameters

*

DescribeEvents

elasticache:DescribeEvents

*

DescribeGlobalReplicationGroups

elasticache:DescribeGlobalReplicationGroups

*

DescribeReplicationGroups

elasticache:DescribeReplicationGroups

*

DescribeReservedCacheNodes

elasticache:DescribeReservedCacheNodes

Reserved-instance

DescribeReservedCacheNodesOfferings

elasticache:DescribeReservedCacheNodesOfferings

*

DescribeServiceUpdates

elasticache:DescribeServiceUpdates

*

DescribeSnapshots

elasticache:DescribeSnapshots

*

DescribeUpdateActions

elasticache:DescribeUpdateActions

*

DisassociateGlobalReplicationGroup

elasticache:DisassociateGlobalReplicationGroup

*

FailoverGlobalReplicationGroup

elasticache:FailoverGlobalReplicationGroup

*

IncreaseNodeGroupsInGlobalReplicationGroup

elasticache:IncreaseNodeGroupsInGlobalReplicationGroup

*

ListAllowedNodeTypeModifications

elasticache:ListAllowedNodeTypeModifications

*

IncreaseReplicaCount

elasticache:IncreaseReplicaCount

*

ListTagsForResource

elasticache:ListTagsForResource

*

ModifyCacheCluster

elasticache:ModifyCacheCluster

*

ModifyCacheParameterGroup

elasticache:ModifyCacheParameterGroup

*

ModifyCacheSubnetGroup

elasticache:ModifyCacheSubnetGroup

*

ModifyGlobalReplicationGroup

elasticache:ModifyGlobalReplicationGroup

*

ModifyReplicationGroup

elasticache:ModifyReplicationGroup

*

ModifyReplicationGroupShardConfiguration

elasticache:ModifyReplicationGroupShardConfiguration

*

PurchaseReservedCacheNodesOffering

elasticache:PurchaseReservedCacheNodesOffering

*

RebalanceSlotsInGlobalReplicationGroup

elasticache:RebalanceSlotsInGlobalReplicationGroup

*

RebootCacheCluster

elasticache:RebootCacheCluster

*

RemoveTagsFromResource

elasticache:RemoveTagsFromResource

*

ResetCacheParameterGroup

elasticache:ResetCacheParameterGroup

*

RevokeCacheSecurityGroupIngress

elasticache:RevokeCacheSecurityGroupIngress

*

StartMigration

elasticache:StartMigration

*

TestFailover

elasticache:TestFailover

*