Amazon MemoryDB for Redis has supported username/password-based authentication using Access Control Lists since the very beginning.
You can also use IAM-based authentication that allows you to associate IAM users and roles with MemoryDB users so that applications can use IAM credentials to authenticate to the MemoryDB cluster.
With this authentication method, you don't need to use a user password.
Instead, you use an authentication token generated using AWS Signature Version 4.
Instead of managing username and password-based credentials, you can use IAM to centrally manage access to MemoryDB clusters.
MemoryDB documentation has an example for a Java application with the Lettuce client.
As a bonus, this is also applicable to ElastiCache for Redis, which also supports IAM authentication.
Start by creating a MemoryDB user, Access Control list and add the user to it.
While the cluster is being provisioned, create an IAM role.
Once the MemoryDB cluster and Cloud9 instance are ready, go ahead and execute the client application.
Sh file to enter the MemoryDB cluster endpoint and username.
Once the app is up and running, simply invoke its HTTP endpoints to verify that it works with IAM authentication.
Let's move on to the important bits, which is about the IAM authentication part.
You can refer to the authentication code in the GitHub repository.
First, the IAM policy has to be updated to reflect ElastiCache resources.
This example assumes you are using a Redis Cluster connection mode.
In the case of ElastiCache, be mindful of whether you are using cluster-mode-enabled configuration.
If not, you will have to tweak the code to use redis.
Instead of managing usernames and passwords in multiple locations/applications, delegate the heavy lifting to IAM. All you need is to provide configure appropriate permissions.
You also need to be aware of the limitations; e.g., IAM authentication is not supported in MULTI EXEC commands.
This Cyber News was published on feeds.dzone.com. Publication date: Thu, 07 Dec 2023 19:43:09 +0000