Redis 6 introduced ACLs to the popular in-memory database. This allowed users to restrict the commands and keys available to connections using a particular username and password.

In Aiven for Redis we do not allow use of the ACL * commands directly because we rely on a certain set of permissions for the default user in order to manage the service. Without this we could not guarantee the reliability of replication, configuration management, or backups for disaster recovery.

Instead to configure custom ACLs can use the Aiven Console or avn CLI.

For example, using the Aiven Console to create a user who can only retrieve keys with the pattern mykeys.*:

Or with the CLI:

$ avn service user-create --project myproject myservicename --username mynewuser --redis-acl-keys 'mykeys.*' --redis-acl-commands '+get' --redis-acl-categories ''

Then you can confirm that the ACL is applied when connecting to the service using the new username and password.

$ redis-cli --user mynewuser --pass ... --tls -h myservice-myproject.aivencloud.com -p 12719

myservice-myproject.aivencloud.com:12719> get mykeys.hello
(nil)
myservice-myproject.aivencloud.com:12719> set mykeys.hello world
(error) NOPERM this user has no permissions to run the 'set' command or its subcommand

For lists of available categories and commands please refer to the Redis project documentation.

Did this answer your question?