Posted On: May 7, 2024

Today, Amazon MemoryDB launched two new condition keys for IAM policies that enable you to control user authentication and encryption in transit settings during cluster creation. The new condition keys let you create IAM policies or Service Control Policies (SCPs) to enhance security and meet compliance requirements.

The first condition key called, memorydb:TLSEnabled, enables you to require a specific encryption in transit setting in your AWS Accounts. For example, you can use the new memorydb:TLSEnabled condition key to enforce that MemoryDB clusters can only be created with encryption in transit enabled. The second condition key called, memorydb:UserAuthenticationMode, enables you to enforce that MemoryDB users have a user authentication setting. For example, you can use the new memorydb:UserAuthenticationMode condition key to require that MemoryDB users have IAM authentication enabled. 

Amazon MemoryDB condition keys are now available in all regions where MemoryDB is generally available. To learn more about using condition keys with MemoryDB, please refer to our documentation