New user sign up using AWS Builder ID

New user sign up using AWS Builder ID is currently unavailable on re:Post. To sign up, please use the AWS Management Console instead.

How do I resolve ElastiCache Serverless cluster creation issues?

4 minute read

I want to resolve issues that I experience when I create an Amazon ElastiCache Serverless cluster.

Short description

The following reasons can cause an ElastiCache Serverless cluster to fail:

AWS Identity and Access Management (IAM) permission issues
IP address exhaustion
Virtual Private Cloud (VPC) endpoint quotas
Network interface (NIC) or security group quotas
AWS Key Management Service (AWS KMS) key access issues
Insufficient subnets

Resolution

IAM permission issues

If you don't have the required permissions to create VPC endpoints, then you might get one of the following error messages:

For cluster events: "Failed to create cache [cluster-name]. You do not have permissions to create a VPC endpoint."
For AWS CloudTrail: Look for "errorCode": "Client.UnauthorizedOperation" and "errorMessage": "You are not authorized to perform this operation. User: [ARN] is not authorized to perform: ec2:CreateVpcEndpoint on resource: [resource-ARN] with an explicit deny in an identity-based policy."

To create VPC endpoints, the IAM role or user must have the necessary permissions. To check if your have the required permissions to create the VPC endpoint, use the DryRun parameter when you run the CreateVpcEndpoint API.

IP address exhaustion

If you don't have sufficient IP addresses to create VPC endpoints, then you might get an error message that's similar to the following:

"Failed to create cache [cluster-name]. Insufficient free IP addresses to create vpc endpoint."

To resolve this issue, take one of the following actions:

Deploy your cluster in a different subnet.
Delete unused resources, such as NICs, that might occupy your IP addresses.

VPC endpoint quotas

If you reached your quota for VPC endpoint creation, then you might get one of the following error messages:

For cluster events: "Failed to create cache [cluster-name]. Quota limit reached for creating VPC endpoint."
For AWS CloudTrail: Look for "errorCode": "Client.VpcEndpointLimitExceeded" and "errorMessage": "Limit of [current quota] VPC endpoints per VPC exceeded."

To resolve this issue, complete the following steps to request a quota increase:

Open the Service Quotas console in your AWS Region.
For AWS Services, choose Amazon Virtual Private Cloud (Amazon VPC).
Choose Interface VPC endpoints per VPC, and then request an increase.

NIC or security group quotas

If you reached the NIC or security group quota, then you might get the following error message in AWS CloudTrail:

"errorCode": "Client.NetworkInterfaceLimitExceeded" and "errorMessage": "Limit on network interfaces or security groups has been reached!"

To resolve this issue, delete unused NICs or security groups. Also, associate security groups with multiple VPCs.

Or, complete the following steps to request a quota increase:

Open the Service Quotas console in your Region.
For AWS Services, choose Amazon Virtual Private Cloud (Amazon VPC).
Choose Network interfaces per Region or VPC security groups per Region, and then request an increase.

AWS KMS key access issues

If you try to use AWS KMS key access when you create the serverless cache, then the key access is denied.

You get the following error message:

"An error occurred (InvalidParameterValue) when calling the CreateServerlessCache operation: KMS key access is denied with key id: [kms-key-arn]"

To resolve this issue, update the IAM role or user permissions. The role or user must have permissions to use the specified AWS KMS key.

Insufficient subnets

When you create a serverless cache, you might get the following error message:

"An error occurred (InvalidParameterValue) when calling the CreateServerlessCache operation: Customer account VPC should have a minimum of <number> default subnets."

The way that you select an ElastiCache Serverless subnet depends on your Region. When you don't provide a specific subnet ID, your subnets are selected by default across different Availability Zones within your VPC. For example, you might get two default subnets in the US West (N. California) us-west-1 Region and three default subnets for all other Regions.

To resolve this issue, add subnets to your VPC.

Related information

How Elasticache works

Troubleshoot access denied error messages

Topics

Database

Relevant content

How to gain access to Serverless Elasticache Redis from Firewalled VPC
Ashley Frieze
asked a year ago
AWS ElastiCache Serverless `Wait` Command and Durability
Petersoj
asked 11 days ago
About Elasticache Redis Serverless
Nguyen H H An
asked a month ago
Connect to Elasticache Serverless using NodeJS ioredis
dre
asked a year ago
ElastiCache serverless default storage price
ACKO
asked a year ago
How do I turn on log delivery in an ElastiCache for Redis OSS or ElastiCache for Valkey cluster?
AWS OFFICIALUpdated 14 days ago
How do I troubleshoot connectivity issues with my ElastiCache for Redis self-designed cluster?
AWS OFFICIALUpdated 8 months ago
How do I resolve a CurrItems metric that doesn’t decrease when keys expire in my ElastiCache for Memcached cluster?
AWS OFFICIALUpdated 8 months ago
How do I assign a new parameter group to my existing ElastiCache self-designed cluster without restarting the cluster?
AWS OFFICIALUpdated 9 months ago
Upgrade a CloudFormation or CDK managed Aurora Serverless v1 cluster to Aurora Serverless v2
EXPERT
ThomasAWS
published 2 months ago