diff --git a/content/operate/rc/accounts/account-settings.md b/content/operate/rc/accounts/account-settings.md index 9d85472201..f79d3898c0 100644 --- a/content/operate/rc/accounts/account-settings.md +++ b/content/operate/rc/accounts/account-settings.md @@ -20,7 +20,7 @@ The available tabs depend on your subscription type and may include: - The **Account** tab displays basic information associated with your account, including general info, address details, time zone setting, security settings, and provider integration details. -- The **Cloud Account** tab is displayed if you have self-hosted Pro subscriptions on Amazon Web Services (AWS). To learn more, see [Manage AWS cloud accounts]({{< relref "/operate/rc/cloud-integrations/aws-cloud-accounts/" >}}). +- The **Cloud Account** tab is displayed for Redis Cloud Pro subscriptions hosted on Amazon Web Services (AWS). To learn more, see [Bring your own Cloud]({{< relref "/operate/rc/subscriptions/bring-your-own-cloud/" >}}). - The **Integrations** tab lets you manage certain integrations. For more information on the Confluent Cloud integration, see [Use the Redis Sink Confluent Connector]({{< relref "/integrate/confluent-with-redis-cloud/" >}}). diff --git a/content/operate/rc/changelog/may-2025.md b/content/operate/rc/changelog/may-2025.md new file mode 100644 index 0000000000..cc5d92d124 --- /dev/null +++ b/content/operate/rc/changelog/may-2025.md @@ -0,0 +1,19 @@ +--- +Title: Redis Cloud changelog (May 2025) +alwaysopen: false +categories: +- docs +- operate +- rc +description: New features, enhancements, and other changes added to Redis Cloud during + May 2025. +highlights: Redis Cloud Bring your own Cloud +linktitle: May 2025 +weight: 30 +--- + +## Enhancements + +### Redis Cloud Bring your own Cloud + +AWS Cloud Accounts are now known as Redis Cloud Bring your own Cloud (BYOC). See [Redis Cloud Bring your own Cloud]({{< relref "/operate/rc/subscriptions/bring-your-own-cloud" >}}) to learn how to use your own AWS cloud infrastructure to deploy Redis Cloud. diff --git a/content/operate/rc/cloud-integrations/aws-cloud-accounts/iam-resources/aws-console.md b/content/operate/rc/cloud-integrations/aws-cloud-accounts/iam-resources/aws-console.md deleted file mode 100644 index 640700a28e..0000000000 --- a/content/operate/rc/cloud-integrations/aws-cloud-accounts/iam-resources/aws-console.md +++ /dev/null @@ -1,217 +0,0 @@ ---- -LinkTitle: AWS console -Title: Create IAM resources using AWS console -alwaysopen: false -categories: -- docs -- operate -- rc -weight: $weight ---- -To manually create IAM resources using the [AWS console](https://console.aws.amazon.com/), follow these steps. - -## Step 1: Create the IAM instance policy - -First, create a policy to use for the new instance role: - - - -1. In the AWS IAM console, go to **Policies** > **Create policy**. -1. In the **JSON** tab, paste the contents of the RedisLabsInstanceRolePolicy.json policy file, shown here: - - {{< expand "View RedisLabsInstanceRolePolicy.json" >}} -```js -{ - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Ec2DescribeAll", - "Effect": "Allow", - "Action": "ec2:Describe*", - "Resource": "*" - }, - { - "Sid": "GetUserInfo", - "Effect": "Allow", - "Action": [ - "iam:GetUser", - "iam:GetUserPolicy" - ], - "Resource": "arn:aws:iam::*:user/${aws:username}" - }, - { - "Sid": "RolePolicyUserReadActions", - "Effect": "Allow", - "Action": [ - "iam:GetRole", - "iam:GetPolicy", - "iam:ListUsers", - "iam:ListPolicies", - "iam:ListRolePolicies", - "iam:ListAttachedRolePolicies", - "iam:ListInstanceProfiles", - "iam:ListInstanceProfilesForRole", - "iam:SimulatePrincipalPolicy" - ], - "Resource": "*" - }, - { - "Sid": "KeyPairActions", - "Effect": "Allow", - "Action": [ - "ec2:CreateKeyPair", - "ec2:DeleteKeyPair", - "ec2:ImportKeyPair" - ], - "Resource": "*" - }, - { - "Sid": "CreateInstancesSnapshotsVolumesAndTags", - "Effect": "Allow", - "Action": [ - "ec2:CreateVolume", - "ec2:AttachVolume", - "ec2:StartInstances", - "ec2:RunInstances", - "ec2:CreateSnapshot", - "ec2:CreateTags", - "ec2:ModifyInstanceAttribute" - ], - "Resource": "*" - }, - { - "Sid": "PassRlClusterNodeRole", - "Effect": "Allow", - "Action": "iam:PassRole", - "Resource": "arn:aws:iam::*:role/redislabs-cluster-node-role" - }, - { - "Sid": "ResourceAccessManagerActions", - "Effect": "Allow", - "Action": [ - "ram:AcceptResourceShareInvitation", - "ram:GetResourceShares", - "ram:RejectResourceShareInvitation", - "ram:GetResourceShareInvitations", - "ram:DisassociateResourceShare" - ], - "Resource": "*" - }, - { - "Sid": "NetworkAccess", - "Effect": "Allow", - "Action": [ - "ec2:*Vpc*", - "ec2:*VpcPeering*", - "ec2:*Subnet*", - "ec2:*Gateway*", - "ec2:*Vpn*", - "ec2:*Route*", - "ec2:*Address*", - "ec2:*SecurityGroup*", - "ec2:*NetworkAcl*", - "ec2:*DhcpOptions*" - ], - "Resource": "*" - }, - { - "Sid": "DeleteInstancesVolumesSnapshotsAndTagsWithIdentiferTag", - "Effect": "Allow", - "Action": [ - "ec2:RebootInstances", - "ec2:StopInstances", - "ec2:TerminateInstances", - "ec2:DeleteSnapshot", - "ec2:DeleteVolume", - "ec2:DetachVolume", - "ec2:DeleteTags" - ], - "Resource": "*", - "Condition": { - "StringEquals": { - "ec2:ResourceTag/RedisLabsIdentifier": "Redislabs-VPC" - } - } - }, - { - "Sid": "CreateAndChangeServiceLinkedRoleForTransitGateway", - "Effect": "Allow", - "Action": "iam:CreateServiceLinkedRole", - "Resource": "arn:aws:iam::*:role/aws-service-role/transitgateway.amazonaws.com/AWSServiceRoleForVPCTransitGateway*", - "Condition": {"StringLike": {"iam:AWSServiceName": "transitgateway.amazonaws.com"}} - }, - { - "Effect": "Allow", - "Action": [ - "iam:AttachRolePolicy", - "iam:PutRolePolicy" - ], - "Resource": "arn:aws:iam::*:role/aws-service-role/transitgateway.amazonaws.com/AWSServiceRoleForVPCTransitGateway*" - } - ] -} -``` - {{< /expand >}} - - -1. Validate it and then select **Review Policy**. -1. Enter **RedisLabsInstanceRolePolicy** as the policy name and then select **Create Policy**. - -## Step 2: Create the service role - -To create the role that uses the policy: - - - -1. In the AWS IAM console, go to **Roles** and click **Create Role**. -1. Select **AWS Service** as the trusted entity, **EC2** as the service - and use case, and click **Next: Permissions**. -1. Enter `RedisLabsInstanceRolePolicy` in the search box to look up the policy we just created, - select it, and click **Next: Review**. -1. Name the role `redislabs-cluster-node-role` and click **Create Role**. - -## Step 3: Create the user policy - -Now create a policy to assign to the user: - - - -1. In the AWS IAM console, go to **Policies** > **Create policy**. -1. In the **JSON** tab, paste the contents of the RedisLabsIAMUserRestrictedPolicy.json policy file. - - {{< expand "View RedislabsIAMUserRestrictedPolicy.json" >}} -{{% code-include file="rv/RedisLabsIAMUserRestrictedPolicy.json" language="js" %}} - {{< /expand >}} - -1. Validate the policy and click **Review Policy**. -1. Enter `RedislabsIAMUserRestrictedPolicy` as the policy name and click **Create Policy**. - -## Step 4: Create the programmatic access user - -Create a user and attach the policy you created: - - - -1. In the AWS IAM console, go to **Users** > select **Add user**. -1. Name it `redislabs-user` and check only the **Programmatic access** checkbox. -1. Click **Next: Permissions**. -1. Select **Attach existing policies directly** and select - **RedislabsIAMUserRestrictedPolicy** from the list. -1. Click **Next: Review**. -1. Click **Create user**. -1. Download the user credentials and store them in a secure location. - -## Step 5: Create the console access role - -Last, create a role and attach the policy you created: - - - -1. In the AWS IAM console, go to **Roles** > select **Create role**. -1. Select **Another AWS account**. -1. Under **Account ID**, enter account number `168085023892` (Redis Cloud's AWS account). -1. Under Options, check the **Require MFA** checkbox only. *Do not check Require external ID*. -1. Click **Next: Permissions**. -1. Attach the policy **RedisLabsIAMUserRestrictedPolicy** to the role. -1. Click **Next: Review**. -1. Name the role `redislabs-role` and then click **Create role**. diff --git a/content/operate/rc/databases/configuration/high-availability.md b/content/operate/rc/databases/configuration/high-availability.md index bb264ddeed..ca1067d5e9 100644 --- a/content/operate/rc/databases/configuration/high-availability.md +++ b/content/operate/rc/databases/configuration/high-availability.md @@ -62,7 +62,7 @@ You can reduce network transfer costs and network latency by ensuring your Redis To specify the availability zone(s) for your cluster, [create your Pro database with custom settings]({{< relref "/operate/rc/databases/create-database/create-pro-database-new" >}}), and select *Manual Selection* under **Allowed Availability Zones** in **Advanced options**. -For Google Cloud clusters and [self-managed AWS cloud accounts]({{< relref "/operate/rc/cloud-integrations/aws-cloud-accounts/" >}}), select an availability zone from the **Zone name** list. +For Google Cloud clusters and [Redis Cloud BYOC]({{< relref "/operate/rc/subscriptions/bring-your-own-cloud/" >}}), select an availability zone from the **Zone name** list. {{Select one availability zone when Multi-AZ is turned off.}} diff --git a/content/operate/rc/databases/create-database/create-pro-database-new.md b/content/operate/rc/databases/create-database/create-pro-database-new.md index fd5f885a0f..dd0c0b64e6 100644 --- a/content/operate/rc/databases/create-database/create-pro-database-new.md +++ b/content/operate/rc/databases/create-database/create-pro-database-new.md @@ -129,8 +129,8 @@ The following settings are defined in the **Advanced options** of the **Setup** |---|---| | **Multi-AZ** | Determines if replication spans multiple Availability Zones, which provides automatic failover when problems occur. See [High Availability]({{< relref "/operate/rc/databases/configuration/high-availability" >}}). | | **Allowed Availability Zones** | The availability zones for your selected region.

If you choose **Manual selection**, you must select at least one zone ID from the **Zone IDs** list. For more information, see [Availability zones]({{< relref "/operate/rc/databases/configuration/high-availability#availability-zones" >}}). | -| **Cloud account** | To deploy these databases to an existing cloud account, select it here. Use the **Add** button to add a new cloud account.

(Available only if [self-managed cloud vendor accounts]({{< relref "/operate/rc/cloud-integrations/aws-cloud-accounts" >}}) are enabled) | -| **VPC configuration** | Select **In a new VPC** to deploy to a new [virtual private cloud](https://en.wikipedia.org/wiki/Virtual_private_cloud) (VPC).

To deploy these databases to an existing virtual private cloud, select **In existing VPC** and then set VPC ID to the appropriate ID value.

(Available only if [self-managed cloud vendor accounts]({{< relref "/operate/rc/cloud-integrations/aws-cloud-accounts" >}}) are enabled) | +| **Cloud account** | To deploy these databases to an existing cloud account, select it here. Use the **Add** button to add a new cloud account.

(Available only if [Redis Cloud Bring your own Cloud]({{< relref "/operate/rc/subscriptions/bring-your-own-cloud" >}}) is enabled) | +| **VPC configuration** | Select **In a new VPC** to deploy to a new [virtual private cloud](https://en.wikipedia.org/wiki/Virtual_private_cloud) (VPC).

To deploy these databases to an existing virtual private cloud, select **In existing VPC** and then set VPC ID to the appropriate ID value.

(Available only if [Redis Cloud Bring your own Cloud]({{< relref "/operate/rc/subscriptions/bring-your-own-cloud" >}}) is enabled) | | **Deployment CIDR** | The [CIDR](https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) range of IP addresses for your deployment. Redis creates a new [subnet](https://en.wikipedia.org/wiki/Subnetwork) for the **Deployment CIDR** in your [virtual private cloud](https://en.wikipedia.org/wiki/Virtual_private_cloud) (VPC). It cannot overlap with the CIDR ranges of other subnets used by your account.

For deployments in an existing VPC, the **Deployment CIDR** must be within your VPC's **primary** CIDR range (secondary CIDRs are not supported). | | **Auto Tiering**| Determines if your databases are stored only in memory (RAM) or are split between memory and Flash storage (RAM+Flash). See [Auto Tiering]({{< relref "/operate/rs/databases/auto-tiering/" >}})| | **Maintenance windows** | Determines when Redis can perform [maintenance]({{< relref "/operate/rc/subscriptions/maintenance" >}}) on your databases. Select **Manual** if you want to set [manual maintenance windows]({{< relref "/operate/rc/subscriptions/maintenance/set-maintenance-windows" >}}). | diff --git a/content/operate/rc/security/aws-transit-gateway.md b/content/operate/rc/security/aws-transit-gateway.md index 1c69d8ee3c..845f68eda5 100644 --- a/content/operate/rc/security/aws-transit-gateway.md +++ b/content/operate/rc/security/aws-transit-gateway.md @@ -51,7 +51,7 @@ Before you can set up Transit Gateway, you need to: 1. [Create a transit gateway](https://docs.aws.amazon.com/vpc/latest/tgw/create-tgw.html) from the [AWS VPC console](https://console.aws.amazon.com/vpc/) in the same region as your database. {{< note >}} -If you have a self-managed AWS account, you will need to set its IAM Instance Policy to include Transit Gateway. See [Create IAM resources using the AWS console]({{< relref "/operate/rc/cloud-integrations/aws-cloud-accounts/iam-resources/aws-console.md" >}}) (deprecated) for more information. +If you use Redis Cloud Bring your own Cloud, you will need to set its IAM Instance Policy to include Transit Gateway. See [Create IAM resources using the AWS console]({{< relref "/operate/rc/subscriptions/bring-your-own-cloud/iam-resources/aws-console.md" >}}) for more information. {{< /note >}} ## AWS Transit Gateway diff --git a/content/operate/rc/subscriptions/bring-your-own-cloud/_index.md b/content/operate/rc/subscriptions/bring-your-own-cloud/_index.md new file mode 100644 index 0000000000..40967c97ce --- /dev/null +++ b/content/operate/rc/subscriptions/bring-your-own-cloud/_index.md @@ -0,0 +1,64 @@ +--- +LinkTitle: Bring your own Cloud +Title: Redis Cloud Bring your own Cloud +alwaysopen: false +categories: +- docs +- operate +- rc +description: Describes how to provision your Redis Cloud subscription to use an existing + cloud provider account. +bannerText: This article covers Redis Cloud Bring your Own Cloud (BYOC) deployments. To learn more or get started with Redis Cloud BYOC, [contact sales](https://redis.io/meeting/). +bannerChildren: true +hideListLinks: true +weight: 80 +aliases: + - /operate/rc/how-to/view-edit-cloud-account + - /operate/rc/cloud-accounts + - /operate/rc/cloud-integrations/aws-cloud-accounts +--- + +Redis Cloud Bring your own Cloud (BYOC) allows organizations to use their own cloud infrastructure to deploy Redis Cloud. + +By default, Redis hosts the infrastructure that runs Redis Cloud. However, if your organization has specific requirements, you may need to have more control over your data residency or security options. Redis Cloud BYOC lets you fulfill these requirements while still having a fully managed service experience of Redis Cloud. Like standard Redis Cloud, Redis manages deployment, scaling, monitoring, and support, so you can focus on building applications while Redis manages the backend. + +Redis Cloud BYOC availability requires approval from Redis. If you're interested, [contact sales](https://redis.io/meeting/). + +## Benefits of Redis Cloud BYOC + +Redis Cloud BYOC has some benefits over standard Redis Cloud: + +- **Full Data Control**: All data stays within your environment, giving you complete control over data security and reducing risks associated with data sovereignty. +- **Simplified Compliance**: BYOC simplifies adherence to regulatory standards like GDPR, HIPAA, and compliance frameworks like SOC 2 and PCI DSS since data remains within your own cloud account. +- **Maximize Cloud Commitments**: Infrastructure costs are billed directly through your cloud provider account, enabling you to fully utilize existing commitments. +- **Separation of Costs**: Customers pay Redis only for licensing and management, while infrastructure costs go directly to the cloud provider, offering clear visibility into each cost stream. +- **Instant Access Control**: You can revoke Redis’ access to your environment at any time, offering complete control over data and infrastructure. + +## Redis Cloud BYOC Use cases + +Consider using Redis Cloud BYOC if you have specific organizational needs or requirements, such as: + +- **Data Residency and Compliance**: Organizations operating in heavily regulated industries (such as finance, healthcare, and government) can use Redis Cloud BYOC to meet strict data residency and sovereignty requirements, ensuring sensitive data remains within their controlled environments. +- **Cloud spend optimization**: Companies with significant cloud provider commitments can use Redis Cloud BYOC to optimize their cloud spend. Since infrastructure costs are billed directly through the cloud provider, customers can fully utilize existing cloud provider discounts, improving cost efficiency. +- **Enhanced Security and Control**: Redis Cloud BYOC is ideal for organizations that require a higher degree of security and control over their data. By keeping data within your own cloud account, you can use existing security policies, tools, and procedures in your cloud’s security infrastructure. In this way, you can minimize external access to your data, and adhere to more strict organizational security guidelines. + +## Set up Redis Cloud BYOC + +To set up Redis Cloud BYOC on Amazon Web Services (AWS): + +1. [Create the Identity and Access Management (IAM) resources]({{< relref "/operate/rc/subscriptions/bring-your-own-cloud/iam-resources" >}}) needed to let Redis create, monitor, and maintain deployment infrastructure. + +1. [Set your AWS Account as a BYOC Cloud account]({{< relref "/operate/rc/subscriptions/bring-your-own-cloud/cloud-account-settings" >}}) on Redis Cloud. + +## Avoid Redis Cloud BYOC service disruption {#avoid-service-disruption} + +{{< warning >}} +Failing to follow the instructions in this section will cause your databases to become inaccessible, and Redis will not be able to ensure cluster and database stability. Please read them carefully. +{{< /warning >}} + +To keep your Redis Cloud BYOC service and all databases running without issues: +- Do not stop, delete, or modify Redis-managed resources through the cloud provider - including VPCs, subnets, virtual machines, and other infrastructure. +- Do not change roles or access policies. + +If you make any infrastructure changes, whether or not they are listed above, it may violate our SLA commitments. See [Appendix 1 in our Terms of Service](https://redis.io/legal/cloud-tos/#Appendix-1) for more details. + diff --git a/content/operate/rc/cloud-integrations/aws-cloud-accounts/_index.md b/content/operate/rc/subscriptions/bring-your-own-cloud/cloud-account-settings.md similarity index 65% rename from content/operate/rc/cloud-integrations/aws-cloud-accounts/_index.md rename to content/operate/rc/subscriptions/bring-your-own-cloud/cloud-account-settings.md index b947783aa0..0633dd779d 100644 --- a/content/operate/rc/cloud-integrations/aws-cloud-accounts/_index.md +++ b/content/operate/rc/subscriptions/bring-your-own-cloud/cloud-account-settings.md @@ -1,41 +1,29 @@ --- -LinkTitle: AWS cloud accounts -Title: Manage AWS cloud accounts -alwaysopen: false -bannerChildren: true -bannerText: Self-managed AWS accounts are deprecated, so this article has been archived. +Title: Create and edit Cloud accounts +LinkTitle: Create and edit Cloud accounts categories: - docs - operate - rc -description: Describes how to provision your Redis Cloud subscription to use existing - cloud provider accounts. -hidden: true +description: null hideListLinks: true -weight: 40 -aliases: - - /operate/rc/how-to/view-edit-cloud-account - - /operate/rc/cloud-accounts +weight: 2 --- -Many customers use cloud provider accounts provisioned and maintained by Redis. +Redis Cloud Bring your own Cloud (BYOC) lets you use your own cloud infrastructure to deploy Redis Cloud. -Customers with existing Amazon Web Services (AWS) accounts can provision their Redis Cloud Pro subscriptions to use their existing AWS accounts. - -To do so, you associate your existing AWS account as a _cloud account_ for your subscription. This requires setting up and entering credentials that enable monitoring, maintenance, and technical support of your subscription. +You can associate your existing AWS account as a _cloud account_ for your subscription. This requires setting up and entering credentials that enable monitoring, maintenance, and technical support of your subscription. To do this, you need: 1. A programmatic user with an access key and a secret access key for that user. 1. A console role that allows administrative access to the cloud account. -These resources need to exist before adding the cloud account to your subscription. To learn more, see [Create IAM resources]({{< relref "/operate/rc/cloud-integrations/aws-cloud-accounts/iam-resources" >}}). +You need to create these resources before adding the cloud account to your subscription. To learn more, see [Create IAM resources]({{< relref "/operate/rc/subscriptions/bring-your-own-cloud/iam-resources" >}}). -{{}} -Once an AWS account has been configured as a cloud account, you must _not_: -- Manually change the configuration of required resources, such as security groups
-- Manually suspend or stop (terminate) provisioned resources
-{{}} +{{}} +After an AWS account has been configured as a cloud account, you **must not** change the configurations of provisioned resources or stop or terminate provisioned instances. If you do, your databases will be inaccessible and Redis will not be able to ensure database stability. See [Avoid service disruption]({{< relref "/operate/rc/subscriptions/bring-your-own-cloud/cloud-account-settings#avoid-service-disruption" >}}) for more details. +{{}} ## View cloud account settings @@ -47,11 +35,11 @@ To create or edit a cloud account in Redis Cloud: This displays a list of cloud accounts associated with your Redis Cloud subscription. - {{Use the Cloud Account tab of the Account Settings screen to define cloud accounts for your Redis Cloud subscription.}} + {{Use the Cloud Account tab of the Account Settings screen to define cloud accounts for your Redis Cloud subscription.}} The **Cloud account** tab lets you manage cloud accounts associated with your Redis Cloud subscription. -The **Cloud Account** tab is not available (or supported) for Redis Cloud Essentials subscriptions. If you do not see a **Cloud Account** tab on the Account Settings page, verify that you have selected a Redis Cloud Essentials subscription. +The **Cloud Account** tab is only available for accounts with Redis Cloud Bring your own Cloud (BYOC) subscriptions. ## Add a new cloud account @@ -59,9 +47,9 @@ To add a new cloud account to your Redis Cloud subscription, select the **Add** {{Use the Add button to add new cloud accounts to your Redis Cloud subscription.}} -This displays the **Add cloud account** dialog +This displays the **Add cloud account** dialog. -{{Use the Add cloud account prompt to enter the details of the cloud account.}} +{{Use the Add cloud account prompt to enter the details of the cloud account.}} Each of the following fields are required. @@ -80,15 +68,13 @@ Be sure to create the resources before adding the cloud account to your subscrip When problems occur, an information icon appears and the field is highlighted in red. When this happens, the icon includes a tooltip that explains the issue. -{{When errors occur, the field is highlighted in red and a notification icon appears. The icon tooltip describes the problem.}} - If the **Add account** button is inactive, verify that: - You've specified all field values correctly - The resources exist in your AWS account - Each resource provides the required level of access -For help, see [Create IAM resources]({{< relref "/operate/rc/cloud-integrations/aws-cloud-accounts/iam-resources" >}}). +For help, see [Create IAM resources]({{< relref "/operate/rc/subscriptions/bring-your-own-cloud/iam-resources" >}}). ## Edit cloud account details @@ -98,21 +84,20 @@ To update the details of a cloud account associated with your Redis Cloud subscr This displays the **Edit cloud account** dialog: -{{Use the Edit cloud account prompt to update the details of the cloud account.}} +{{Use the Edit cloud account prompt to update the details of the cloud account.}} |Setting|Description| |-------|-----------| | _Account name_ | A descriptive name for your cloud account settings | | _AWS access key_ | The AWS access key for the programmatic user created to support your cloud account settings | | _AWS secret key_ | The AWS secret key for the programmatic user created to support your cloud account settings | -| _AWS console username_ | The username for the AWS console | -| _AWS console password_ | The password for AWS console access | +| _IAM role name_ | The name of the AWS console role with access to the AWS console | Use the **Update account** button to save your changes. {{Use the Update account button to save the updated cloud account details.}} -## Delete cloud account details +## Delete cloud account To remove a cloud account from your Redis cloud subscription, select the cloud account from the **Cloud account** tab and then select the **Delete** button. @@ -122,4 +107,4 @@ To remove a cloud account from your Redis cloud subscription, select the cloud a We strongly recommend using dedicated identity and access management (IAM) resources to manage your AWS cloud accounts. These resources should not be shared with any other task, account, or process. -To learn more, see [Create IAM resources for AWS cloud accounts]({{< relref "/operate/rc/cloud-integrations/aws-cloud-accounts/iam-resources" >}}). +To learn more, see [Create IAM resources for AWS cloud accounts]({{< relref "/operate/rc/subscriptions/bring-your-own-cloud/iam-resources" >}}). \ No newline at end of file diff --git a/content/operate/rc/cloud-integrations/aws-cloud-accounts/iam-resources/_index.md b/content/operate/rc/subscriptions/bring-your-own-cloud/iam-resources/_index.md similarity index 57% rename from content/operate/rc/cloud-integrations/aws-cloud-accounts/iam-resources/_index.md rename to content/operate/rc/subscriptions/bring-your-own-cloud/iam-resources/_index.md index 870a9b9fe2..cdcbe14f09 100644 --- a/content/operate/rc/cloud-integrations/aws-cloud-accounts/iam-resources/_index.md +++ b/content/operate/rc/subscriptions/bring-your-own-cloud/iam-resources/_index.md @@ -7,9 +7,9 @@ categories: description: null hideListLinks: true linkTitle: Create IAM resources -weight: $weight +weight: 1 --- -For most Redis Cloud Pro databases deployed to Amazon Web Services (AWS), we manage the supporting infrastructure for you in dedicated AWS accounts. +For Redis Cloud Bring your Own Cloud (BYOC) on Amazon Web Services (AWS), we manage the supporting infrastructure for you in dedicated AWS accounts. You can manage this infrastructure with your own AWS accounts. @@ -22,21 +22,18 @@ In the new AWS account, you need to create: - A user with an **access key** - A role that grants **AWS console access** -Save the access key in a secure location so that you can enter it when you [register the cloud account]({{< relref "/operate/rc/cloud-integrations/aws-cloud-accounts/" >}}) with your the Redis Cloud subscription. +Save the access key in a secure location so that you can enter it when you [register the cloud account]({{< relref "/operate/rc/subscriptions/bring-your-own-cloud/cloud-account-settings" >}}) with your Redis Cloud subscription. {{< warning >}} We use the provided credentials to configure your AWS environment and provision required resources. -To make sure that we can manage your AWS resources, you must not: - -- Manually change the configurations of provisioned resources, such as security groups -- Manually stop or terminate provisioned instances +You **must not** change the configurations of provisioned resources or stop or terminate provisioned instances. If you do, your databases will be inaccessible and Redis will not be able to ensure database stability. See [Avoid service disruption]({{< relref "/operate/rc/subscriptions/bring-your-own-cloud/cloud-account-settings#avoid-service-disruption" >}}) for more details. {{< /warning >}} For help creating an AWS user, see the [AWS IAM documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html). You can use one of the following tools to create IAM resources: -- [CloudFormation]({{< relref "/operate/rc/cloud-integrations/aws-cloud-accounts/iam-resources/cloudformation.md" >}}) - The AWS automation tool -- [Terraform]({{< relref "/operate/rc/cloud-integrations/aws-cloud-accounts/iam-resources/terraform.md" >}}) - Widely supported in the Redis community for additional automation -- The [AWS Console]({{< relref "/operate/rc/cloud-integrations/aws-cloud-accounts/iam-resources/aws-console.md" >}}) +- [CloudFormation]({{< relref "/operate/rc/subscriptions/bring-your-own-cloud/iam-resources/cloudformation" >}}) +- [Terraform]({{< relref "/operate/rc/subscriptions/bring-your-own-cloud/iam-resources/terraform" >}}) +- The [AWS Console]({{< relref "/operate/rc/subscriptions/bring-your-own-cloud/iam-resources/aws-console" >}}) diff --git a/content/operate/rc/subscriptions/bring-your-own-cloud/iam-resources/aws-console.md b/content/operate/rc/subscriptions/bring-your-own-cloud/iam-resources/aws-console.md new file mode 100644 index 0000000000..6b96040df8 --- /dev/null +++ b/content/operate/rc/subscriptions/bring-your-own-cloud/iam-resources/aws-console.md @@ -0,0 +1,394 @@ +--- +LinkTitle: AWS console +Title: Create IAM resources using AWS console +alwaysopen: false +categories: +- docs +- operate +- rc +weight: $weight +--- +Follow these steps to manually create IAM resources using the [AWS console](https://console.aws.amazon.com/). + +{{< warning >}} +We use the provided credentials to configure your AWS environment and provision required resources. + +You **must not** change the configurations of provisioned resources or stop or terminate provisioned instances. If you do, your databases will be inaccessible and Redis will not be able to ensure database stability. See [Avoid service disruption]({{< relref "/operate/rc/subscriptions/bring-your-own-cloud/cloud-account-settings#avoid-service-disruption" >}}) for more details. +{{< /warning >}} + +## Step 1: Create the IAM instance policy + +First, create a policy to use for the new instance role: + + + +1. In the AWS IAM console, go to **Policies** > **Create policy**. +1. In the **JSON** tab, paste the contents of the RedisLabsInstanceRolePolicy.json policy file, shown here: + + {{< expand "View RedisLabsInstanceRolePolicy.json" >}} +```js + { + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "DescribeReadOnlyEc2Resources", + "Effect": "Allow", + "Action": [ + "ec2:DescribeAvailabilityZones", + "ec2:DescribeRegions", + "ec2:DescribeSecurityGroups", + "ec2:DescribeTags", + "ec2:DescribeVolumes" + ], + "Resource": [ + "*" + ] + }, + { + "Sid": "EC2EBSActions", + "Effect": "Allow", + "Action": [ + "ec2:AttachVolume", + "ec2:CreateVolume" + ], + "Resource": [ + "*" + ], + "Condition": { + "StringEquals": { + "ec2:ResourceTag/RedisLabsIdentifier": "Redislabs-VPC" + } + } + }, + { + "Sid": "SecurityGroupAccessActions", + "Effect": "Allow", + "Action": [ + "ec2:AuthorizeSecurityGroupIngress", + "ec2:DeleteSecurityGroup", + ], + "Resource": "*", + "Condition": { + "StringEquals": { + "ec2:ResourceTag/RedisLabsIdentifier": "Redislabs-VPC" + } + } + }, + { + "Sid": "TagResourcesCreation", + "Effect": "Allow", + "Action": [ + "ec2:CreateTags" + ], + "Resource": [ + "*" + ] + }, + { + "Sid": "TagResourcesDelete", + "Effect": "Allow", + "Action": [ + "ec2:DeleteTags" + ], + "Resource": [ + "*" + ], + "Condition": { + "StringEquals": { + "ec2:ResourceTag/RedisLabsIdentifier": "Redislabs-VPC" + } + } + } + ] + } +``` + {{< /expand >}} + + +1. Validate it and then select **Review Policy**. +1. Enter **RedisLabsInstanceRolePolicy** as the policy name and then select **Create Policy**. + +## Step 2: Create the service role + +To create the role that uses the policy: + + + +1. In the AWS IAM console, go to **Roles** and click **Create Role**. +1. Select **AWS Service** as the trusted entity, **EC2** as the service + and use case, and click **Next: Permissions**. +1. Enter `RedisLabsInstanceRolePolicy` in the search box to look up the policy we just created. + Select it, and click **Next: Review**. +1. Name the role `redislabs-cluster-node-role` and click **Create Role**. + +## Step 3: Create the user policy + +Now create a policy to assign to the user: + + + +1. In the AWS IAM console, go to **Policies** > **Create policy**. +1. In the **JSON** tab, paste the contents of the RedisLabsIAMUserRestrictedPolicy.json policy file. + + {{< expand "View RedislabsIAMUserRestrictedPolicy.json" >}} +```json +{ + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "DescribeReadOnlyEc2Resources", + "Effect": "Allow", + "Action": [ + "ec2:DescribeAvailabilityZones", + "ec2:DescribeInstanceTypeOfferings", + "ec2:DescribeRegions", + "ec2:DescribeInstances", + "ec2:DescribeVolumes", + "ec2:DescribeSnapshots", + "ec2:DescribeVpcs", + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups", + "ec2:DescribeRouteTables", + "ec2:DescribeInternetGateways", + "ec2:DescribeImages", + "ec2:DescribeTransitGatewayVpcAttachments", + "ec2:DescribeVpcPeeringConnections" + ], + "Resource": "*" + }, + { + "Sid": "CloudWatchReadOnly", + "Effect": "Allow", + "Action": [ + "cloudwatch:Describe*", + "cloudwatch:Get*", + "cloudwatch:List*" + ], + "Resource": "*", + "Condition": { + "StringEquals": { + "ec2:ResourceTag/RedisLabsIdentifier": "Redislabs-VPC" + } + } + }, + { + "Sid": "IamUserOperations", + "Effect": "Allow", + "Action": [ + "iam:GetUser", + "iam:GetUserPolicy", + "iam:ChangePassword" + ], + "Resource": "arn:aws:iam::*:user/${aws:username}" + }, + { + "Sid": "PassRlClusterNodeRole", + "Effect": "Allow", + "Action": "iam:PassRole", + "Resource": "arn:aws:iam::*:role/redislabs-cluster-node-role" + }, + { + "Sid": "IAMRoleReadAccess", + "Effect": "Allow", + "Action": [ + "iam:GetRole", + "iam:GetPolicy", + "iam:ListRolePolicies", + "iam:ListAttachedRolePolicies", + "iam:ListInstanceProfiles", + "iam:ListInstanceProfilesForRole", + "iam:SimulatePrincipalPolicy" + ], + "Resource": [ + "arn:aws:iam::*:role/Redislabs-*", + "arn:aws:iam::*:policy/Redislabs-*" + ] + }, + { + "Sid": "CreateEc2ResourcesWithoutTag", + "Effect": "Allow", + "Action": [ + "ec2:CreateTags", + "ec2:RunInstances", + "ec2:ImportKeyPair", + "ec2:CreateKeyPair", + "ec2:CreateVpc", + "ec2:CreateSecurityGroup", + "ec2:CreateInternetGateway", + "ec2:CreateRouteTable", + "ec2:CreateSubnet" + ], + "Resource": "*" + }, + { + "Sid": "ForceUnderlyingResourcesToHaveIdentifierTags", + "Effect": "Deny", + "Action": [ + "ec2:RunInstances", + "ec2:CreateKeyPair" + ], + "Resource": [ + "arn:aws:ec2:*:*:instance/*", + "arn:aws:ec2:*:*:volume/*", + "arn:aws:ec2:*:*:keypair/*" + ], + "Condition": { + "Null": { + "aws:RequestTag/RedisLabsIdentifier": "true" + } + } + }, + { + "Sid": "DenyCreateVpcWithoutRequiredTag", + "Effect": "Deny", + "Action": [ + "ec2:CreateVpc" + ], + "Resource": "*", + "Condition": { + "Null": { + "aws:RequestTag/RedisLabsIdentifier": "true" + } + } + }, + { + "Sid": "AllowVpcPeeringManagement", + "Effect": "Allow", + "Action": [ + "ec2:CreateVpcPeeringConnection", + "ec2:AcceptVpcPeeringConnection" + ], + "Resource": "*" + }, + { + "Sid": "AllowVpcPeeringDeletion", + "Effect": "Allow", + "Action": [ + "ec2:DeleteVpcPeeringConnection" + ], + "Resource": "*", + "Condition": { + "StringEquals": { + "ec2:ResourceTag/RedisLabsIdentifier": "Redislabs-VPC" + } + } + }, + { + "Sid": "CreateEc2Resources", + "Effect": "Allow", + "Action": [ + "ec2:CreateVolume", + "ec2:CreateSnapshot", + "ec2:ImportKeyPair", + "ec2:AttachInternetGateway", + "ec2:CreateRoute", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:AuthorizeSecurityGroupEgress" + ], + "Resource": "*", + "Condition": { + "StringEquals": { + "ec2:ResourceTag/RedisLabsIdentifier": "Redislabs-VPC" + } + } + }, + { + "Sid": "ModifyEc2Resources", + "Effect": "Allow", + "Action": [ + "ec2:AttachVolume", + "ec2:ModifyInstanceAttribute", + "ec2:ModifySubnetAttribute", + "ec2:AssociateRouteTable", + "ec2:StartInstances", + "ec2:StopInstances", + "ec2:RebootInstances" + ], + "Resource": "*", + "Condition": { + "StringEquals": { + "ec2:ResourceTag/RedisLabsIdentifier": "Redislabs-VPC" + } + } + }, + { + "Sid": "DeleteEc2Resources", + "Effect": "Allow", + "Action": [ + "ec2:TerminateInstances", + "ec2:DeleteVolume", + "ec2:DeleteSnapshot", + "ec2:DetachVolume", + "ec2:DeleteKeyPair", + "ec2:DeleteTags", + "ec2:DeleteSubnet", + "ec2:DeleteSecurityGroup", + "ec2:DeleteRouteTable", + "ec2:DeleteRoute", + "ec2:DetachInternetGateway", + "ec2:DeleteInternetGateway", + "ec2:DeleteVpc" + ], + "Resource": "*", + "Condition": { + "StringEquals": { + "ec2:ResourceTag/RedisLabsIdentifier": "Redislabs-VPC" + } + } + }, + { + "Sid": "CreateAndChangeServiceLinkedRoleForTransitGateway", + "Effect": "Allow", + "Action": "iam:CreateServiceLinkedRole", + "Resource": "arn:aws:iam::*:role/aws-service-role/transitgateway.amazonaws.com/AWSServiceRoleForVPCTransitGateway*", + "Condition": { + "StringLike": { + "iam:AWSServiceName": "transitgateway.amazonaws.com" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "iam:AttachRolePolicy", + "iam:PutRolePolicy" + ], + "Resource": "arn:aws:iam::*:role/aws-service-role/transitgateway.amazonaws.com/AWSServiceRoleForVPCTransitGateway*" + } + ] +} +``` + {{< /expand >}} + +1. Validate the policy and click **Review Policy**. +1. Enter `RedislabsIAMUserRestrictedPolicy` as the policy name and click **Create Policy**. + +## Step 4: Create the programmatic access user + +Create a user and attach the policy you created: + + + +1. In the AWS IAM console, go to **Users** > select **Add user**. +1. Name it `redislabs-user` and check only the **Programmatic access** checkbox. +1. Click **Next: Permissions**. +1. Select **Attach existing policies directly** and select + **RedislabsIAMUserRestrictedPolicy** from the list. +1. Click **Next: Review**. +1. Click **Create user**. +1. Download the user credentials and store them in a secure location. + +## Step 5: Create the console access role + +Last, create a role and attach the policy you created: + + + +1. In the AWS IAM console, go to **Roles** > select **Create role**. +1. Select **Another AWS account**. +1. Under **Account ID**, enter account number `168085023892` (Redis Cloud's AWS account). +1. Under Options, check the **Require MFA** checkbox only. *Do not check Require external ID*. +1. Click **Next: Permissions**. +1. Attach the policy **RedisLabsIAMUserRestrictedPolicy** to the role. +1. Click **Next: Review**. +1. Name the role `redislabs-role` and then click **Create role**. diff --git a/content/operate/rc/cloud-integrations/aws-cloud-accounts/iam-resources/cloudformation.md b/content/operate/rc/subscriptions/bring-your-own-cloud/iam-resources/cloudformation.md similarity index 86% rename from content/operate/rc/cloud-integrations/aws-cloud-accounts/iam-resources/cloudformation.md rename to content/operate/rc/subscriptions/bring-your-own-cloud/iam-resources/cloudformation.md index 74df152fed..dc2505f55d 100644 --- a/content/operate/rc/cloud-integrations/aws-cloud-accounts/iam-resources/cloudformation.md +++ b/content/operate/rc/subscriptions/bring-your-own-cloud/iam-resources/cloudformation.md @@ -66,3 +66,9 @@ VersionStages: The JSON object is the value (less the single quotes) of the `SecretString` key. i.e. it is `{"password":"S3cr3tP@$$w0rd"}`. The password is the value associated with that key (less the double quotes): `S3cr3tP@$$w0rd`. + +{{< warning >}} +We use the provided credentials to configure your AWS environment and provision required resources. + +You **must not** change the configurations of provisioned resources or stop or terminate provisioned instances. If you do, your databases will be inaccessible and Redis will not be able to ensure database stability. See [Avoid service disruption]({{< relref "/operate/rc/subscriptions/bring-your-own-cloud/cloud-account-settings#avoid-service-disruption" >}}) for more details. +{{< /warning >}} diff --git a/content/operate/rc/cloud-integrations/aws-cloud-accounts/iam-resources/terraform.md b/content/operate/rc/subscriptions/bring-your-own-cloud/iam-resources/terraform.md similarity index 76% rename from content/operate/rc/cloud-integrations/aws-cloud-accounts/iam-resources/terraform.md rename to content/operate/rc/subscriptions/bring-your-own-cloud/iam-resources/terraform.md index 61ba8e273d..da58019870 100644 --- a/content/operate/rc/cloud-integrations/aws-cloud-accounts/iam-resources/terraform.md +++ b/content/operate/rc/subscriptions/bring-your-own-cloud/iam-resources/terraform.md @@ -10,6 +10,12 @@ linkTitle: Terraform --- You can use [HashiCorp Terraform](https://www.terraform.io/intro/index.html) to create identity and access management (IAM) resources to support AWS cloud account access to Redis Cloud subscriptions. +{{< warning >}} +We use the provided credentials to configure your AWS environment and provision required resources. + +You **must not** change the configurations of provisioned resources or stop or terminate provisioned instances. If you do, your databases will be inaccessible and Redis will not be able to ensure database stability. See [Avoid service disruption]({{< relref "/operate/rc/subscriptions/bring-your-own-cloud/cloud-account-settings#avoid-service-disruption" >}}) for more details. +{{< /warning >}} + The following example uses the `terraform-aws-Redislabs-Cloud-Account-IAM-Resources` module, located in Amazon S3: diff --git a/content/operate/rc/cloud-integrations/aws-cloud-accounts/subscription-whitelist.md b/content/operate/rc/subscriptions/bring-your-own-cloud/subscription-whitelist.md similarity index 61% rename from content/operate/rc/cloud-integrations/aws-cloud-accounts/subscription-whitelist.md rename to content/operate/rc/subscriptions/bring-your-own-cloud/subscription-whitelist.md index 83993ed183..a88107a0a8 100644 --- a/content/operate/rc/cloud-integrations/aws-cloud-accounts/subscription-whitelist.md +++ b/content/operate/rc/subscriptions/bring-your-own-cloud/subscription-whitelist.md @@ -13,13 +13,13 @@ weight: $weight The [CIDR](https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) [allow list](https://en.wikipedia.org/wiki/Whitelist) lets you restrict traffic to your Redis Cloud database. When you configure an allow list, only the [IP addresses](https://en.wikipedia.org/wiki/IP_address) defined in the list can connect to the database. Traffic from all other IP addresses is blocked. -If you use a [self-managed, external cloud account]({{< relref "/operate/rc/cloud-integrations/aws-cloud-accounts" >}}) to host your Redis Cloud deployment, you can configure a subscription-wide allow list +If you use [Redis Cloud Bring your Own Cloud]({{< relref "/operate/rc/subscriptions/bring-your-own-cloud" >}}) to host your Redis Cloud deployment, you can configure a subscription-wide allow list to restrict traffic to all databases associated with the subscription. The subscription CIDR allow list defines a range of IP addresses and [AWS security groups](https://docs.aws.amazon.com/managedservices/latest/userguide/about-security-groups.html) that control inbound and outbound traffic to the Redis Cloud [VPC](https://en.wikipedia.org/wiki/Virtual_private_cloud). When you add security groups to the allow list, you can also use the same security groups to manage access to your application. {{< note >}} -The subscription-level allow list is available for Redis Cloud deployments hosted on a self-managed, external AWS account. If you do not have a self-managed account, you can configure a [CIDR allow list]({{< relref "/operate/rc/security/cidr-whitelist.md" >}}) for each database. +The subscription-level allow list is available for Redis Cloud Bring your Own Cloud. If you don't have Redis Cloud Bring your Own Cloud, you can configure a [CIDR allow list]({{< relref "/operate/rc/security/cidr-whitelist" >}}) for each database. {{< /note >}} ## Allow IP address or security group @@ -32,6 +32,8 @@ To add IP addresses or [AWS security groups](https://docs.aws.amazon.com/managed 1. If the allow list is empty, select **Add allow list**. + {{Use the Add allow list button to create an allow list.}} + 1. Select an entry **Type** from the list: {{Select the type of entry to add to the allow list from the Type list.}} @@ -42,14 +44,22 @@ To add IP addresses or [AWS security groups](https://docs.aws.amazon.com/managed - The AWS security group ID -1. Select check to add the entry to the allow list. +1. Select the check to add the entry to the allow list. 1. To allow additional IP addresses or security groups: - 1. Select **Add entry**. + 1. Select **Add** to add a new entry. + + {{The Add button adds new entries to the allow list.}} - 1. Select the new entry's **Type**, enter the **Value**, and select check to add it to the allow list. + 1. Select the new entry's **Type**, enter the **Value**, and select the check to add it to the allow list. {{Define the new entry and select the Submit entry button to add it to the allow list.}} + + You can also select the **Edit** button to change an entry or the **Delete** button to remove it. + + {{The Edit button updates an entry in the allow list.}} {{The Delete button removes an entry from the allow list.}} + +1. Select **Apply all changes** to apply the allow list updates. -1. Select **Apply all changes** to apply the allow list updates. \ No newline at end of file + {{The Apply all changes button saves your allow list changes.}} \ No newline at end of file diff --git a/static/images/rc/account-settings-cloud-account-tab.png b/static/images/rc/account-settings-cloud-account-tab.png old mode 100755 new mode 100644 index d975af8682..4e0f946fbc Binary files a/static/images/rc/account-settings-cloud-account-tab.png and b/static/images/rc/account-settings-cloud-account-tab.png differ diff --git a/static/images/rc/account-settings-prompt-add-cloud-account.png b/static/images/rc/account-settings-prompt-add-cloud-account.png old mode 100755 new mode 100644 index ebcd2465e2..dfe90c557f Binary files a/static/images/rc/account-settings-prompt-add-cloud-account.png and b/static/images/rc/account-settings-prompt-add-cloud-account.png differ diff --git a/static/images/rc/account-settings-prompt-edit-cloud-account.png b/static/images/rc/account-settings-prompt-edit-cloud-account.png old mode 100755 new mode 100644 index 1500c5e8d2..6a9b77b190 Binary files a/static/images/rc/account-settings-prompt-edit-cloud-account.png and b/static/images/rc/account-settings-prompt-edit-cloud-account.png differ diff --git a/static/images/rc/button-cloud-account-add.png b/static/images/rc/button-cloud-account-add.png old mode 100755 new mode 100644 index 406fa40ae8..62f4fd4390 Binary files a/static/images/rc/button-cloud-account-add.png and b/static/images/rc/button-cloud-account-add.png differ diff --git a/static/images/rc/button-cloud-account-update.png b/static/images/rc/button-cloud-account-update.png old mode 100755 new mode 100644 index d16bec077b..54095d1a25 Binary files a/static/images/rc/button-cloud-account-update.png and b/static/images/rc/button-cloud-account-update.png differ diff --git a/static/images/rc/button-subscription-allow-list-add.png b/static/images/rc/button-subscription-allow-list-add.png new file mode 100644 index 0000000000..85da8cdeb5 Binary files /dev/null and b/static/images/rc/button-subscription-allow-list-add.png differ diff --git a/static/images/rc/button-subscription-allow-list-apply-all.png b/static/images/rc/button-subscription-allow-list-apply-all.png new file mode 100644 index 0000000000..e086993059 Binary files /dev/null and b/static/images/rc/button-subscription-allow-list-apply-all.png differ diff --git a/static/images/rc/icon-cloud-account-add.png b/static/images/rc/icon-cloud-account-add.png old mode 100755 new mode 100644 index eddc8bb0a3..20fd024117 Binary files a/static/images/rc/icon-cloud-account-add.png and b/static/images/rc/icon-cloud-account-add.png differ diff --git a/static/images/rc/icon-cloud-account-delete.png b/static/images/rc/icon-cloud-account-delete.png old mode 100755 new mode 100644 index 6cafad9336..789eb6cb4b Binary files a/static/images/rc/icon-cloud-account-delete.png and b/static/images/rc/icon-cloud-account-delete.png differ diff --git a/static/images/rc/icon-cloud-account-edit.png b/static/images/rc/icon-cloud-account-edit.png old mode 100755 new mode 100644 index 652d6912a8..008a9a362c Binary files a/static/images/rc/icon-cloud-account-edit.png and b/static/images/rc/icon-cloud-account-edit.png differ diff --git a/static/images/rc/subscription-connectivity-allow-list-add-entry.png b/static/images/rc/subscription-connectivity-allow-list-add-entry.png index 54b3eceeb6..add83d47d6 100644 Binary files a/static/images/rc/subscription-connectivity-allow-list-add-entry.png and b/static/images/rc/subscription-connectivity-allow-list-add-entry.png differ diff --git a/static/images/rc/subscription-connectivity-allow-list-type-dropdown.png b/static/images/rc/subscription-connectivity-allow-list-type-dropdown.png index 1c6b38d892..02b07c6315 100644 Binary files a/static/images/rc/subscription-connectivity-allow-list-type-dropdown.png and b/static/images/rc/subscription-connectivity-allow-list-type-dropdown.png differ