Creating IAM Resources an be performed manually using the AWS Console. This page describes that process in detail.

Step 1: Create the IAM instance policy

First, create a policy to use for the new instance role:

  1. In the AWS IAM console, go to Policies > Create policy.

  2. In the JSON tab, paste the contents of the RedisLabsInstanceRolePolicy.json policy file.

    View RedisLabsInstanceRolePolicy.json
  3. Validate it and press Review Policy.

  4. Enter RedisLabsInstanceRolePolicy as the policy name and click Create Policy.

Step 2: Create the service role

Now create the role that uses the policy:

  1. In AWS IAM console, go to Roles and click Create Role.
  2. Select AWS Service as the trusted entity, EC2 as the service and use case, and click Next: Permissions.
  3. Enter RedisLabsInstanceRolePolicy in the search box to lookup the policy we just created, select it, and click Next: Review.
  4. Name the role redislabs-cluster-node-role and click Create Role.

Step 3: Create the user policy

Now create a policy to assign to the user:

  1. In AWS IAM console, go to Policies > Create policy.

  2. In the JSON tab, paste the contents of the RedisLabsIAMUserRestrictedPolicy.json policy file.

    View RedislabsIAMUserRestrictedPolicy.json
  3. Validate the policy and click Review Policy.

  4. Enter RedislabsIAMUserRestrictedPolicy as the policy name and click Create Policy.

Step 4: Create the programmatic access user

Create a user and attach the policy you created:

  1. In AWS IAM console, go to Users > select Add user.
  2. Name it redislabs-user and check only the Programmatic access checkbox.
  3. Click Next: Permissions.
  4. Select Attach existing policies directly and select RedislabsIAMUserRestrictedPolicy from the list.
  5. Click Next: Review.
  6. Click Create user.
  7. Download the user credentials and store them in a secure location.

Step 5: Create the console access role

Last, create a role and attach the policy you created:

  1. In AWS IAM console, go to Roles > select Create role.
  2. Select the Another AWS account.
  3. Under Account ID enter account number 168085023892 (Redis Cloud’s AWS account).
  4. Under Options, check the Require MFA checkbox only. Do not check Require external ID.
  5. Click Next: Permissions.
  6. Attach the policy RedisLabsIAMUserRestrictedPolicy to the role.
  7. Click Next: Review.
  8. Name the role redislabs-role and then click Create role.