Configure ACL permissions in Aiven for Redis¶
Use the Aiven console or the Aiven client to create custom Access Control Lists (ACLs).
Redis uses ACLs to restrict the usage of commands and keys available for connecting for a specific username and password. Aiven for Redis, however, does not allow use of the ACL * commands directly in order to guarantee the reliability of replication, configuration management, or backups for disaster recovery for the default user. You can use the console or the client to create custom ACLs instead.
Create an ACL using the Aiven console¶
Log in to the Aiven web console.
From the Services page, select the Redis service you want to create an ACL for.
The Overview page for the service opens.
Click the Users and ACL.
Click + Add Service User.
The New Redis User pop-up opens.
Create a user, and define which Keys, Categories, Commands or Channels the user can access.
In this example, the
testuser can only retrieve keys with the pattern
Create an ACL using the Aiven CLI¶
Set up the CLI tool if you don’t have it already.
Create a user for
mynewuserwith read-only access to the
avn service user-create --project myproject myservicename --username mynewuser --redis-acl-keys 'mykeys.*' --redis-acl-commands '+get' --redis-acl-categories ''
Confirm the ACL is applied by connecting to the service using the new username and password:
redis-cli --user mynewuser --pass ... --tls -h myservice-myproject.aivencloud.com -p 12719 myservice-myproject.aivencloud.com:12719> get mykeys.hello (nil) myservice-myproject.aivencloud.com:12719> set mykeys.hello world (error) NOPERM this user has no permissions to run the 'set' command or its subcommand