/aws-cdk-elasticache-redis-iam-rbac

Demonstrates a sample architecture that will allow you to define AWS IAM roles that are mapped to Amazon ElastiCache Redis RBAC users by using AWS Secrets Manager as a proxy to manage access to login credentials.

Primary LanguageTypeScriptMIT No AttributionMIT-0

Managing ElastiCache Redis access with Redis RBAC, AWS SecretsManager and AWS IAM

This project demonstrates how to manage access to ElastiCache Redis by storing Redis RBAC username and passwords in AWS Secrets Manager. Granting or denying access to the secret will by proxy grant or deny access to Redis via RBAC.

This project creates an ElastiCache Redis Replication group, IAM roles, Lambdas, Secrets and ElastiCache RBAC users and user groups.

Details on the architecture can be found here

Installing CDK

This project uses the AWS Cloud Development Kit (CDK). You can find instructions on installing CDK here

How to build and deploy

  1. Run npm install to install the node dependencies for the project
  2. You may need to run cdk bootstrap aws://<account_id>/<region> to initialize the region to use CDK
  3. Build the zip files which contain lambda functions by calling npm run-script zip
  4. Deploy the project by calling cdk deploy

Useful commands

  • npm run-script zip bundle lambda functions into zip files
  • npm run build compile typescript to js
  • npm run watch watch for changes and compile
  • npm run test perform the jest unit tests
  • cdk deploy deploy this stack to your default AWS account/region
  • cdk diff compare deployed stack with current state
  • cdk synth emits the synthesized CloudFormation template

License

This library is licensed under the MIT-0 License. See the LICENSE file.