Documentation - Redise Cloud Private

open all | close all

Creating an AWS User for Redis Enterprise Cloud Private

Redis Enterprise Cloud Private (RCP) automatically manages your cluster and provisions instances when needed. In order for RCP to be able to perform its duties, you must have an AWS account that is separate from your AWS application account, along with a user on that separate account.

Within that new AWS account, you need to create an instance role and a user with a specific policy. The user requires both UI console access and an Access Key so that RCP can programmatically create and manage AWS resources on your behalf. After the user is created, generate an Access Key for the user. Save the keys in a secure location, as these keys are required when creating an RCP Cloud Account.

For assistance with creating the user, please see the AWS documentation on the topic.

Step #1 – Create the IAM Instance Policy

First, let’s create a policy that we will attach to the new instance role that we create later:

  1. In AWS IAM console go to Policies -> Create policy
  2. Select the JSON tab and copy-paste the below policy or get it from our github.
    redislabs-cluster-node-role.json
  3. Validate it and press Review Policy.
  4. Enter RedisLabsInstanceRolePolicy as the policy name and save it by clicking Create Policy

Step #2 – Create the Role

Now that we have the policy, let’s create the role that uses it:

  1. In AWS IAM console go to Roles and click on Create Role

  2. Select AWS Service as the trusted entity, EC2 as the service and use case and click Next: Permissions

  3. Type RedisLabsInstanceRolePolicy in the search box to lookup the policy we have just created, select it and click Next: Review.
  4. Name the role redislabs-cluster-node-role and save it by clicking on Create Role.

Step #3 – Create the User Policy

Let’s continue with creating a policy that will be assigned to the user RCP will utilize:

  1. In AWS IAM console go to Policies -> Create policy
  2. Select the JSON tab and copy-paste the below policy or get it from our GitHub.
    ATTENTION: Replace ACCOUNT-ID-WITHOUT-HYPHENS with the AWS account ID that RCP will be using
    RedislabsIAMUserRestrictedPolicy.json

  3. Validate it and press Review Policy
  4. Enter RedislabsIAMUserRestrictedPolicy as the policy name and save it by clicking Create Policy

Step #4 – Create the User

Last, you will have to create a user and attach the policy you have created before:

  1. In AWS IAM console go to Users -> select Add user

  2. Name it redislabs-user and select both options: Programmatic access and AWS Management Console access
  3. Set a password or auto-generate one and press Next: Permissions
  4. Select Attach existing policies directly and select RedislabsIAMUserRestrictedPolicy from the list (the policy you previously created)
  5. Press Next: Review
  6. Press Create user
  7. Please make sure to save the user credentials