Redis 6 introduced ACLs to the popular in-memory database. This allowed users to restrict the commands and keys available to connections using a particular username and password.
In Aiven for Redis we do not allow use of the
ACL * commands directly because we rely on a certain set of permissions for the
default user in order to manage the service. Without this we could not guarantee the reliability of replication, configuration management, or backups for disaster recovery.
Instead to configure custom ACLs can use the Aiven Console or
For example, using the Aiven Console to create a user who can only retrieve keys with the pattern
Or with the CLI:
$ avn service user-create --project myproject myservicename --username mynewuser --redis-acl-keys 'mykeys.*' --redis-acl-commands '+get' --redis-acl-categories ''
Then you can confirm that the ACL is applied when connecting to the service using the new username and password.
$ redis-cli --user mynewuser --pass ... --tls -h myservice-myproject.aivencloud.com -p 12719
myservice-myproject.aivencloud.com:12719> get mykeys.hello
myservice-myproject.aivencloud.com:12719> set mykeys.hello world
(error) NOPERM this user has no permissions to run the 'set' command or its subcommand
For lists of available categories and commands please refer to the Redis project documentation.