AUTH feature overview

This page gives an overview of AUTH on Memorystore for Redis.

For instructions on managing AUTH for your Redis instance, see Managing Redis AUTH.

AUTH behavior

Using AUTH is optional for Memorystore for Redis.

A connecting client starts by sending the AUTH command followed by the Redis instance's AUTH string. Every AUTH string is a Universally Unique Identifier (UUID). Each Redis instance with AUTH enabled has a unique AUTH string.

If you enable the AUTH feature on your Memorystore instance, incoming client connections must authenticate in order to connect. Existing connections that had not previously authenticated need to properly authenticate before they can continue issuing commands. Once a client authenticates with an AUTH string, it remains authenticated for the lifetime of that connection, even if you change the AUTH string.

For Memorystore for Redis, the AUTH string is automatically generated after AUTH is enabled on the instance. The AUTH string is a randomly generated string of 36 characters that is exclusive to each Memorystore instance. The AUTH string is uniquely generated each time that AUTH is enabled. Therefore, the AUTH string can be changed if necessary by toggling AUTH from off to on.

Like every command, the AUTH command is sent unencrypted.

Security and privacy

AUTH helps you ensure that known entities in your organization do not unintentionally access and modify your Redis instance. AUTH does not provide security during data transportation. Also, AUTH does not protect your instance against any malicious entities that have access to your VPC network.

Make sure to limit access to your VPC network to known users and clients. See Redis security for additional details.

What's next

  • Perform common tasks associated with Redis AUTH
  • See the permissions required to perform Redis AUTH tasks.