Skip to content

Commit

Permalink
* added the new redis parameter documentation (#18752)
Browse files Browse the repository at this point in the history
* added the new redis parameter documentation
* added changelog
  • Loading branch information
maxcoulombe authored Jan 18, 2023
1 parent ada5258 commit afac0f7
Show file tree
Hide file tree
Showing 3 changed files with 48 additions and 10 deletions.
3 changes: 3 additions & 0 deletions changelog/18752.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:improvement
**Redis ElastiCache DB Engine**: Renamed configuration parameters for disambiguation; old parameters still supported for compatibility.
```
21 changes: 16 additions & 5 deletions website/content/api-docs/secret/databases/rediselasticache.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -25,19 +25,30 @@ has a number of parameters to further configure a connection.

- `url` `(string: <required>)` – Specifies the primary endpoint to connect to.

- `username` `(string)` – Specifies the IAM access_key_id for Vault to use. If omitted, authentication fallbacks on the AWS credentials provider chain and tries to infer authentication from the environment.
- `access_key_id` `(string)` – Specifies the IAM `access_key_id` for Vault to use. If omitted, authentication falls back on
the AWS credentials provider chain and tries to infer authentication from the environment.

- `password` `(string)` – Specifies the IAM secret_access_key corresponding to
the given access_key_id. If omitted, authentication fallbacks on the AWS credentials provider chain and tries to infer authentication from the environment.
- `secret_access_key` `(string)` – Specifies the IAM `secret_access_key` corresponding to the given `access_key_id`.
If omitted, authentication falls back on the AWS credentials provider chain and tries to infer authentication from the environment.

- `region` `(string)` – Specifies the AWS region where to ElastiCache cluster is provisioned. If omitted, falls back on
the context from the environment.

### Deprecated Parameters

- `username` `(string)` – Use `access_key_id` instead, it is strictly equivalent.

- `password` `(string)` – Use `secret_access_key` instead, it is strictly equivalent.

### Sample Payload

```json
{
"plugin_name": "redis-elasticache-database-plugin",
"url": "primary-endpoint.my-cluster.xxx.yyy.cache.amazonaws.com:6379",
"username": "AKI***",
"password": "ktriNYvULAWLzUmTGb***",
"access_key_id": "AKI***",
"secret_access_key": "ktriNYvULAWLzUmTGb***",
"region": "us-east-1",
"allowed-roles": "*"
}
```
Expand Down
34 changes: 29 additions & 5 deletions website/content/docs/secrets/databases/rediselasticache.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -38,14 +38,38 @@ more information about setting up the database secrets engine.
$ vault write database/config/my-redis-elasticache-cluster \
plugin_name="redis-elasticache-database-plugin" \
url="primary-endpoint.my-cluster.xxx.yyy.cache.amazonaws.com:6379" \
username="AKI***" \
password="ktriNYvULAWLzUmTGb***" \
access_key_id="AKI***" \
secret_access_key="ktriNYvULAWLzUmTGb***" \
region=us-east-1 \
allowed_roles="*"
```

~> **Note**: The username and password parameters are optional. If omitted, authentication falls back on the AWS credentials provider chain.
Using a [temporary credential](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html) stored in the proper environment
variable is the preferred configuration method.
~> **Note**: The `access_key_id`, `secret_access_key` and `region` parameters are optional. If omitted, authentication falls back
on the AWS credentials provider chain.

~> **Deprecated**: The `username` & `password` parameters are deprecated but supported for backward compatibility. They are replaced
by the equivalent `access_key_id` and `secret_access_key` parameters respectively.

The Redis ElastiCache secrets engine must use AWS credentials that have sufficient permissions to manage ElastiCache users.
This IAM policy sample can be used as an example. Note that &lt;region&gt; and &lt;account-id&gt;
must correspond to your own environment.

```json
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Action": [
"elasticache:ModifyUser",
"elasticache:DescribeUsers"
],
"Resource": "arn:aws:elasticache:<region>:<account-id>:user:*"
}
]
}
```

## Usage

Expand Down

0 comments on commit afac0f7

Please sign in to comment.