Creating IAM Entities for AWS Cloud Accounts
In most Redis Cloud deployments, the infrastructure of your Redis Cloud subscriptions on AWS is created in dedicated AWS accounts that we manage for you. In Redis Cloud Ultimate, you can choose to have this infrastructure on your own AWS accounts. You’ll want these accounts to be separate from any AWS application accounts, and you’ll need to create some dedicated IAM entities to let us manage the infrastructure for you.
In the new AWS account, you need to create:
- An instance role
- A user with an access key
- A role that grants AWS console access
Make sure that you save the access key in a secure location so that you can enter the key when you create the Redis Cloud account.
We use the provided credentials to configure your AWS environment and provision required resources.
To make sure that we can manage your AWS resources, you must not:
- Manually change the configurations of provisioned resources, such as security groups
- Manually stop or terminate provisioned instances
For more about creating an AWS user, see the AWS IAM documentation.
Step 1: Create the IAM instance policy
First, create a policy to use for the new instance role:
-
In the AWS IAM console, go to Policies > Create policy.
-
In the JSON tab, paste the contents of the RedisLabsInstanceRolePolicy.json policy file.
-
Validate it and press Review Policy.
-
Enter RedisLabsInstanceRolePolicy as the policy name and click Create Policy.
Step 2: Create the service role
Now create the role that uses the policy:
- In AWS IAM console, go to Roles and click Create Role.
- Select AWS Service as the trusted entity, EC2 as the service and use case, and click Next: Permissions.
- Enter
RedisLabsInstanceRolePolicy
in the search box to lookup the policy we just created, select it, and click Next: Review. - Name the role
redislabs-cluster-node-role
and click Create Role.
Step 3: Create the user policy
Now create a policy to assign to the user:
-
In AWS IAM console, go to Policies > Create policy.
-
In the JSON tab, paste the contents of the RedislabsIAMUserRestrictedPolicy.json policy file.
-
Validate the policy and click Review Policy.
-
Enter
RedislabsIAMUserRestrictedPolicy
as the policy name and click Create Policy.
Step 4: Create the programmatic access user
Create a user and attach the policy you created:
- In AWS IAM console, go to Users > select Add user.
- Name it
redislabs-user
and check only the Programmatic access checkbox. - Click Next: Permissions.
- Select Attach existing policies directly and select RedislabsIAMUserRestrictedPolicy from the list.
- Click Next: Review.
- Click Create user.
- Download the user credentials and store them in a secure location.
Step 5: Create the console access role
Last, create a role and attach the policy you created:
- In AWS IAM console, go to Roles > select Create role.
- Select the Another AWS account.
- Under Account ID enter account number
168085023892
(Redis Cloud’s AWS account). - Under Options, check the Require MFA checkbox only. Do not check Require external ID.
- Click Next: Permissions.
- Attach the policy RedisLabsIAMUserRestrictedPolicy to the role.
- Click Next: Review.
- Name the role
redislabs-role
and then click Create role.