Menu
AWS Identity and Access Management
User Guide

Actions, Resources, and Condition Keys for Amazon ElastiCache

Amazon ElastiCache (service prefix: elasticache) provides the following service-specific resources, actions, and condition context keys for use in IAM permission policies.

References:

Actions Defined by Amazon ElastiCache

You can specify the following actions in the Action element of an IAM policy statement. By using policies, you define the permissions for anyone performing an operation in AWS. When you use an action in a policy, you usually allow or deny access to the API operation or CLI command with the same name. However, in some cases, a single action controls access to more than one operation. Alternatively, some operations require several different actions. For details about the columns in the following table, see The Actions Table.

When you create an ElastiCache policy in IAM you must use the "*" wildcard character for the Resource block. For information about using the following ElastiCache API actions in an IAM policy, see ElastiCache Actions and IAM in the Amazon ElastiCache User Guide.

Actions Description Access Level Resource Types (*required) Condition Keys Dependent Actions
AddTagsToResource The AddTagsToResource action adds up to 10 cost allocation tags to the named resource. Tagging
AuthorizeCacheSecurityGroupIngress The AuthorizeCacheSecurityGroupIngress action allows network ingress to a cache security group. Write

ec2:AuthorizeSecurityGroupIngress

CopySnapshot The CopySnapshot action makes a copy of an existing snapshot. Write

s3:DeleteObject

s3:GetBucketAcl

s3:PutObject

CreateCacheCluster The CreateCacheCluster action creates a cache cluster. Write

ec2:CreateNetworkInterface

ec2:DeleteNetworkInterface

ec2:DescribeNetworkInterfaces

ec2:DescribeSubnets

ec2:DescribeVpcs

s3:GetObject

CreateCacheParameterGroup The CreateCacheParameterGroup action creates a new cache parameter group. Write
CreateCacheSecurityGroup The CreateCacheSecurityGroup action creates a new cache security group. Write
CreateCacheSubnetGroup The CreateCacheSubnetGroup action creates a new cache subnet group. Write
CreateReplicationGroup The CreateReplicationGroup action creates a replication group. Write

ec2:CreateNetworkInterface

ec2:DeleteNetworkInterface

ec2:DescribeNetworkInterfaces

ec2:DescribeSubnets

ec2:DescribeVpcs

s3:GetObject

CreateSnapshot The CreateSnapshot action creates a copy of an entire cache cluster at a specific moment in time. Write
DeleteCacheCluster The DeleteCacheCluster action deletes a previously provisioned cache cluster. Write
DeleteCacheParameterGroup The DeleteCacheParameterGroup action deletes the specified cache parameter group. Write
DeleteCacheSecurityGroup The DeleteCacheSecurityGroup action deletes a cache security group. Write
DeleteCacheSubnetGroup The DeleteCacheSubnetGroup action deletes a cache subnet group. Write
DeleteReplicationGroup The DeleteReplicationGroup action deletes an existing replication group. Write
DeleteSnapshot The DeleteSnapshot action deletes an existing snapshot. Write
DescribeCacheClusters The DescribeCacheClusters action returns information about all provisioned cache clusters if no cache cluster identifier is specified, or about a specific cache cluster if a cache cluster identifier is supplied. List
DescribeCacheEngineVersions The DescribeCacheEngineVersions action returns a list of the available cache engines and their versions. List
DescribeCacheParameterGroups The DescribeCacheParameterGroups action returns a list of cache parameter group descriptions. List
DescribeCacheParameters The DescribeCacheParameters action returns the detailed parameter list for a particular cache parameter group. List
DescribeCacheSecurityGroups The DescribeCacheSecurityGroups action returns a list of cache security group descriptions. List
DescribeCacheSubnetGroups The DescribeCacheSubnetGroups action returns a list of cache subnet group descriptions. List
DescribeEngineDefaultParameters The DescribeEngineDefaultParameters action returns the default engine and system parameter information for the specified cache engine. List
DescribeEvents The DescribeEvents action returns events related to cache clusters, cache security groups, and cache parameter groups. List
DescribeReplicationGroups The DescribeReplicationGroups action returns information about a particular replication group. List
DescribeReservedCacheNodes The DescribeReservedCacheNodes action returns information about reserved cache nodes for this account, or about a specified reserved cache node. List
DescribeReservedCacheNodesOfferings The DescribeReservedCacheNodesOfferings action lists available reserved cache node offerings. List
DescribeSnapshots The DescribeSnapshots action returns information about cache cluster snapshots. List
ListAllowedNodeTypeModifications List Allowed Node Type Modifications List
ListTagsForResource The ListTagsForResource action lists all cost allocation tags currently on the named resource. Read
ModifyCacheCluster The ModifyCacheCluster action modifies the settings for a cache cluster. Write
ModifyCacheParameterGroup The ModifyCacheParameterGroup action modifies the parameters of a cache parameter group. Write
ModifyCacheSubnetGroup The ModifyCacheSubnetGroup action modifies an existing cache subnet group. Write
ModifyReplicationGroup The ModifyReplicationGroup action modifies the settings for a replication group. Write
PurchaseReservedCacheNodesOffering The PurchaseReservedCacheNodesOffering action allows you to purchase a reserved cache node offering. Write
RebootCacheCluster The RebootCacheCluster action reboots some, or all, of the cache nodes within a provisioned cache cluster. Write
RemoveTagsFromResource The RemoveTagsFromResource action removes the tags identified by the TagKeys list from the named resource. Tagging
ResetCacheParameterGroup The ResetCacheParameterGroup action modifies the parameters of a cache parameter group to the engine or system default value. Write
RevokeCacheSecurityGroupIngress The RevokeCacheSecurityGroupIngress action revokes ingress from a cache security group. Write

Resources Defined by ElastiCache

Amazon ElastiCache has no service-defined resources that can be used as the Resource element of an IAM policy statement.

Condition Keys for Amazon ElastiCache

ElastiCache has no service-specific context keys that can be used in the Condition element of policy statements. For the list of the global context keys that are available to all services, see Available Keys for Conditions in the IAM Policy Reference.

For information about conditions in an IAM policy to control access to ElastiCache, see ElastiCache Keys in the Amazon ElastiCache User Guide.