I am not totally sure if this a [QUESTION] or a [BUG] , and if the latter, if the bug is on Redis directly or on AWS.
Environment
- Redis version:
7.1. - Connecting to an AWS Elasticache serverless Redis cluster.
- Using a read-only user:
on ~* -@all +@connection +@read +@keyspace +@slow
When running a SCAN against the database using the read-only user, we receive the following error:
ERR internal error
Note: other read-only commands like ZRANGE work as expected. Also, using a user whose ACL is on ~* +@all, then the SCAN also works as expected.
My gut feeling is that considering that the same command works when using a user with all permissions, it feels only natural to assume that the issue is related to permissions. Yet, when checking the official Redis docs for SCAN it only mentions the following ACL categories: @keyspace, @read, @slow, all of which are assigned to the read-only user.
Thus, I wonder if the problem is that the documentation is outdated and we need an extra or different set of permissions? Or if AWS is doing something weird on their side?
Comment From: sundb
@BalmungSan it works in my local by using Redis, and i don't see any internal error reply in the Redis source code.
Comment From: BalmungSan
@sundb so I guess AWS is the faulty one here, but not sure where to report that.
Comment From: sundb
@BalmungSan you can make an issue through the support page in the aws.
Comment From: BalmungSan
Hi, sorry for not replying before.
I did contact AWS using our internal communication channels, after two weeks they confirmed that this was a known issue with ElastiCache and that they are working on a fix. However, they didn't provide an estimated timeline.
Anyways, I am closing this but I wanted to leave the note in case anyone has the same problem and ends up finding this issue.
Comment From: ra-cen
Hiya @BalmungSan - did AWS get back to you with a work around? it doesn't look like it's fixed still :(
Comment From: BalmungSan
Hi @ra-cen sadly no, we keep using a user with write access despite the application only reading data.