Disabling access control on an ElastiCache Valkey or Redis OSS cache

Follow the instructions below to disable access control on a Valkey or Redis OSS TLS-enabled cache. Your cache will have one of two different types of configurations: AUTH default user access or User group access control list (RBAC). If your cache was created with the AUTH configuration, you have to change it to the RBAC configuration before you can disable the cache by removing the user groups. If your cache was created with the RBAC configuration, you can go straight into disabling it.

To disable a Valkey or Redis OSS serverless cache configured with RBAC

Remove the user groups to disable the access control.


aws elasticache modify-serverless-cache --serverless-cache-name <serverless-cache> --remove-user-group

(Optional) Verify that no user groups are associated with the serverless cache.


aws elasticache describe-serverless-caches --serverless-cache-name <serverless-cache>    
{
    "..."
    "UserGroupId": ""
    "..."
}

To disable a Valkey or Redis OSS cache with configured with an AUTH token

Change the AUTH token to RBAC and specify a user group to add.


aws elasticache modify-replication-group --replication-group-id <replication-group-id-value> --auth-token-update-strategy DELETE --user-group-ids-to-add <user-group-value>

Verify that the AUTH token got disabled and that a user group was added.


aws elasticache describe-replication-groups --replication-group-id <replication-group-id-value>
{
    "..."
    "AuthTokenEnabled": false,
    "UserGroupIds": [
        "<user-group-value>"
    ]
    "..."
}

Remove the user groups to disable the access control.


aws elasticache modify-replication-group --replication-group-id <replication-group-value> --user-group-ids-to-remove <user-group-value>
{
    "..."
    "PendingModifiedValues": {
    "UserGroups": {
      "UserGroupIdsToAdd": [],
      "UserGroupIdsToRemove": [
        "<user-group-value>"
      ]
    }
    "..."
}

(Optional) Verify that no user groups are associated with the cluster. The AuthTokenEnabled field should also read false.


aws elasticache describe-replication-groups --replication-group-id <replication-group-value>    
"AuthTokenEnabled": false

To disable a Valkey or Redis OSS cluster configured with RBAC

Remove the user groups to disable the access control.


aws elasticache modify-replication-group --replication-group-id <replication-group-value> --user-group-ids-to-remove <user-group-value>
{
    "..."
    "PendingModifiedValues": {
    "UserGroups": {
      "UserGroupIdsToAdd": [],
      "UserGroupIdsToRemove": [
        "<user-group-value>"
      ]
    }
    "..."
}

(Optional) Verify that no user groups are associated with the cluster. The AuthTokenEnabled field should also read false.


aws elasticache describe-replication-groups --replication-group-id <replication-group-value>    
"AuthTokenEnabled": false

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Authenticating with AUTH

Internetwork traffic privacy