For AWS Elastic Redis Global Cache do we need to create again users and user group even in secondary region too again

0

I have created list of users and usergroups and associated it with the redis global datastore primary cluster (self designed Replication group Cluster), for accessing the secondary region do I need to create separate users and usergroup in that region too. Also are secondary region only read replicas or can we perform write operation too i.e are they enabled with write forwarding to the primary region's writer instance for performing write operations or are they just read replicas and so only get functions only can be performed on them.

asked 2 months ago125 views
2 Answers
0

Answering both your questions below:

for accessing the secondary region do I need to create separate users and usergroup in that region too.

Yes you should, User management in ElastiCache Global Datastore is independently managed on each cluster associated with a GD. Having User groups configured in one region will not copy the configuration to the secondary region. For example, you can setup RBAC roles/users in Primary region cluster while leaving the Secondary region cluster with only default user access using AUTH token strategy. Clients will have to use appropriate authentication method for that region when accessing each of these clusters.

Also are secondary region only read replicas or can we perform write operation too

The secondary region is passive and cannot take data writes, it only supports data reads.

AWS
answered 2 months ago
-1

In AWS Elastic Redis Global DataStore, you do not need to create separate users and user groups for the secondary region. The user and user group configurations are replicated from the primary region to the secondary region automatically.

Regarding your second question, the secondary region in Elastic Redis Global DataStore is configured as a read-replica of the primary region. This means that the secondary region can only serve read requests, while write operations are forwarded to the primary region's writer instance.

profile picture
EXPERT
answered 2 months ago
  • when checking list of users and usergroup created on one region (let us say us-east-1) but cannot find them replicated them in the user management or user groups in other secondary region us-west-2; Is it they are created in one region and managed in one region only but in the second region the users may not be visible in user management tab of us-west-2 but they are having the necessary permissions to access the secondary cluster and if some write operation are executed then they are write-forwarded to the primary cluster

    Usersgroup - ACL are manged externally by Redis cache externally and independent of the cluster. the users and usergroup are specific to AWS Region

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions