Disabling access control on an ElastiCache Redis OSS cache

Follow the instructions below to disable access control on a Redis OSS TLS-enabled cache. Your Redis OSS cache will have one of two different types of configurations: Redis OSS AUTH default user access or User group access control list (RBAC). If your cache was created with the AUTH configuration, you have to change it to the RBAC configuration before you can disable the cache by removing the user groups. If your cache was created with the RBAC configuration, you can go straight into disabling it.

To disable a Redis OSS serverless cache configured with RBAC

Remove the user groups to disable the access control.


aws elasticache modify-serverless-cache --serverless-cache-name <serverless-cache> --remove-user-group

(Optional) Verify that no user groups are associated with the serverless cache.


aws elasticache describe-serverless-caches --serverless-cache-name <serverless-cache>    
{
    "..."
    "UserGroupId": ""
    "..."
}

To disable a Redis OSS cache with configured with an AUTH token

Change the AUTH token to RBAC and specify a user group to add.


aws elasticache modify-replication-group --replication-group-id <replication-group-id-value> --auth-token-update-strategy DELETE --user-group-ids-to-add <user-group-value>

Verify that the AUTH token got disabled and that a user group was added.


aws elasticache describe-replication-groups --replication-group-id <replication-group-id-value>
{
    "..."
    "AuthTokenEnabled": false,
    "UserGroupIds": [
        "<user-group-value>"
    ]
    "..."
}

Remove the user groups to disable the access control.


aws elasticache modify-replication-group --replication-group-id <replication-group-value> --user-group-ids-to-remove <user-group-value>
{
    "..."
    "PendingModifiedValues": {
    "UserGroups": {
      "UserGroupIdsToAdd": [],
      "UserGroupIdsToRemove": [
        "<user-group-value>"
      ]
    }
    "..."
}

(Optional) Verify that no user groups are associated with the cluster. The AuthTokenEnabled field should also read false.


aws elasticache describe-replication-groups --replication-group-id <replication-group-value>    
"AuthTokenEnabled": false

To disable a Redis OSS cluster configured with RBAC

Remove the user groups to disable the access control.


aws elasticache modify-replication-group --replication-group-id <replication-group-value> --user-group-ids-to-remove <user-group-value>
{
    "..."
    "PendingModifiedValues": {
    "UserGroups": {
      "UserGroupIdsToAdd": [],
      "UserGroupIdsToRemove": [
        "<user-group-value>"
      ]
    }
    "..."
}

(Optional) Verify that no user groups are associated with the cluster. The AuthTokenEnabled field should also read false.


aws elasticache describe-replication-groups --replication-group-id <replication-group-value>    
"AuthTokenEnabled": false

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Authenticating with Redis OSS AUTH

Internetwork traffic privacy