Create IAM resources using AWS console

Redis Cloud

Follow these steps to manually create IAM resources using the AWS console.

Warning:

We use the provided credentials to configure your AWS environment and provision required resources.

You must not change the configurations of provisioned resources or stop or terminate provisioned instances. If you do, your databases will be inaccessible and Redis will not be able to ensure database stability. See Avoid service disruption for more details.

Step 1: Create the IAM instance policy

The IAM instance policy controls the permissions for the instances that Redis Cloud creates in your AWS account.

Follow the steps to create an IAM policy using the JSON editor with the following settings:

  • In Specify permissions, select JSON, and then enter the contents of the RedisLabsInstanceRolePolicy.json policy file:

    View RedisLabsInstanceRolePolicy.json

  • In Review and Create, enter RedisLabsInstanceRolePolicy in the Policy name field.

Select Create policy to finish policy creation.

Step 2: Create the service role

After creating the instance role policy, you must create a role to assign the policy.

Follow the steps to create a role for an AWS service with the following settings:

  • In Select trusted entity:
    • Trusted entity: Select AWS service.
    • Service or use case: Select EC2.
    • Use case: Select EC2.
  • In Add permissions, select the RedisLabsInstanceRolePolicy you created.
  • In Name, review, and create, enter redislabs-cluster-node-role in the Role name field.

Select Create role to finish role creation.

Step 3: Create the user policy

The user policy controls the permissions for the user that Redis Cloud uses to manage your AWS account.

Follow the steps to create an IAM policy using the JSON editor with the following settings:

  • In Specify permissions, select JSON, and then enter the contents of the RedisLabsIAMUserRestrictedPolicy.json policy file:

    View RedislabsIAMUserRestrictedPolicy.json

  • In Review and Create, enter RedislabsIAMUserRestrictedPolicy in the Policy name field.

Select Create policy to finish policy creation.

Step 4: Create the programmatic access user

After you create the user policy, you must create a programmatic access user and attach the policy to it.

Follow the steps to create a user on the AWS console, with the following settings:

  • In Specify user details, For User name, enter redislabs-user.
  • In Set permissions:
    • Permissions options: Select Attach existing policies directly.
    • Permissions policies: Select the RedislabsIAMUserRestrictedPolicy you created from the list.

Select Create user to create the user.

After you create the user, you need to add an access key for the user.

Follow the steps to create an access key for the user you just created. Save the access key ID and secret access key in a secure location.

Step 5: Create the console access role

The console access role controls the permissions for the user that Redis Cloud uses to access the AWS console.

Follow the steps to Create a role for an IAM user with the following settings:

  • In Select trusted entity:
    • Trusted entity: Select AWS account.
    • An AWS account: Select Another AWS account.
    • Account ID: Enter account number 168085023892 (Redis Cloud's AWS account).
    • Options: Select Require MFA.
      Warning:
      Do not check the Require external ID checkbox.
  • In Add permissions, select the RedisLabsInstanceRolePolicy you created.
  • In Name, review, and create, enter redislabs-role in the Role name field.

Select Create role to finish role creation. Save the Role name for later.

Next steps

When you've finished creating all of the resources, you can create a Cloud Account in the Redis Cloud console. To do this, you'll need the following information:

RATE THIS PAGE
Back to top ↑