Elastic Cash Regis deployment permissions

Question

Hello, I'm trying to deploy Elastic Cash Redis with CacheSubnetGroup with restricted IAM
here is serverless example

```
resources:
  Resources:
    CacheSubnetGroup:
      Type: AWS::ElastiCache::SubnetGroup
      Properties:
        CacheSubnetGroupName: elastic-subnet-1
        Description: Subnet Group for caching
        SubnetIds:
          - subnet-050bd501beafaaaa
          - subnet-04bb70f444d89aaaa
    ElasticCacheCluster:
      Type: AWS::ElastiCache::CacheCluster
      Properties:
        ClusterName: exmple-cluster
        CacheNodeType: cache.t4g.micro
        Engine: redis
        NumCacheNodes: 1
        VpcSecurityGroupIds:
          - sg-0dad686dbce50aaaa
        CacheSubnetGroupName:
          Ref: CacheSubnetGroup
```

And I wanted to double check which permissions I need 
currently I have this list but not sire it's enough, could you please suggest if I need more ...

```
- elasticache:CreateCacheCluster
- elasticache:DescribeCacheClusters
- elasticache:DeleteCacheCluster
- elasticache:CreateReplicationGroup
- elasticache:ModifyCacheCluster
- elasticache:AddTagsToResource
- elasticache:CreateCacheSubnetGroup
- elasticache:DeleteCacheSubnetGroup
- elasticache:ModifyCacheSubnetGroup
- elasticache:DescribeCacheSubnetGroups
- elasticache:ListTagsForResource
```
Thanks!

Andrew Langford · Answer

Hello

From https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/IAM.APIReference.html it looks like you maybe missing the `s3:GetObject` permission from what I'm seeing.
You can also find a list of needed permissions from the link above to scope down the role to only the needed permissions.

Elastic Cash Regis deployment permissions

Add your answer

Relevant content