# How to Deploy and Manage Redis Databases on AWS Using Terraform **Authors:** Ajeet Raina | **Category:** For operators | **Published:** 2026-02-25 | **Updated:** 2026-02-26 > **TL;DR:** > > You can deploy Redis Cloud databases on AWS using Terraform by configuring the [Redis Cloud Terraform provider](https://registry.terraform.io/providers/RedisLabs/rediscloud/latest), defining your subscription and database resources in a `.tf` file, and running `terraform apply`. This gives you repeatable, version-controlled infrastructure-as-code (IaC) for your Redis deployments. ![Terraform logo alongside Redis Cloud logo on a dark background, representing infrastructure-as-code integration](https://cdn.sanity.io/images/sy1jschh/production/772d4b82390da3929ab3164c58e130d58c5c2b27-1047x613.jpg) ## What you'll learn - How to install and configure the Redis Cloud Terraform provider - How to define Redis Cloud subscriptions and databases as Terraform resources - How to use Terraform data sources for payment methods and cloud accounts - How to create an execution plan and apply it to provision Redis on AWS - How to clean up resources with `terraform destroy` ## Prerequisites - **Terraform** installed on your machine ([installation guide](https://developer.hashicorp.com/terraform/tutorials/aws-get-started/install-cli)) - A **Redis Cloud** account with a Flexible or Annual subscription ([sign up](https://redis.io/partners/aws/)) - **Redis Cloud API** access enabled with an API account key and API user key - An **AWS account** (Redis Cloud provisions resources in your chosen AWS region) ## What is Terraform and why use it with Redis? Development teams today are embracing DevOps principles like continuous integration and continuous delivery (CI/CD). Managing infrastructure-as-code (IaC) has become essential for any cloud service. IaC tools let you manage infrastructure with configuration files rather than through a graphical user interface, allowing you to build, change, and manage your infrastructure in a safe, consistent, and repeatable way. [HashiCorp Terraform](https://www.terraform.io/) is a leading open-source IaC tool that provides a consistent CLI workflow to manage hundreds of cloud services. Terraform codifies cloud APIs into declarative configuration files that can be shared among team members, versioned, reviewed, and reused. ### Why Terraform for Redis Cloud? - **Multi-cloud support** — Terraform works with AWS, Google Cloud, Azure, DigitalOcean, and more, using a single unified syntax. - **Declarative configuration** — Describe the desired state of your Redis infrastructure and let Terraform handle the provisioning. - **Immutable infrastructure** — Configuration changes are applied smoothly and predictably. - **Plugin-based extensibility** — The provider model supports almost any service that exposes APIs, including Redis Cloud. - **Client-only architecture** — No server-side configuration management is required. ## How does the Redis Cloud Terraform provider work? Redis has developed a [Terraform provider for Redis Cloud](https://registry.terraform.io/providers/RedisLabs/rediscloud/latest) that allows you to deploy and manage Redis Cloud subscriptions, databases, and network peering as code on any cloud provider. It is a plugin for Terraform that lets Redis Cloud Flexible customers manage the full lifecycle of their subscriptions and related Redis databases. The provider needs to be configured with the proper credentials before it can be used. ![Diagram showing the three Terraform components — Providers, Data Sources, and Resources — and how they relate to each other](https://cdn.sanity.io/images/sy1jschh/production/3bd0a4ba113026ef224a0663229cf16beaa41750-1047x1001.jpg) A Terraform configuration is a complete document in the Terraform language that tells Terraform how to manage a given collection of infrastructure. It consists of three main components: - **Providers** — connect to cloud APIs - **Data sources** — read existing infrastructure information - **Resources** — define infrastructure to be created ### How do you configure a Terraform provider? A provider is the first resource that must be defined in any Terraform configuration file. It gives you access to the cloud API you will interact with to create resources. Terraform supports more than 100 cloud providers. A provider defines resources and data for a particular infrastructure, such as AWS. The `terraform {}` block contains settings including the required providers Terraform will use to provision your infrastructure (for example, the `rediscloud` provider). ```bash terraform { required_providers { rediscloud = { source = "RedisLabs/rediscloud" version = "0.2.2" } } } ``` The provider {} block configures the specific provider. In the following example, it is AWS. ```bash cloud_provider { provider = "AWS" cloud_account_id = 1 region { region = "us-east-1" networking_deployment_cidr = "10.0.0.0/24" preferred_availability_zones = ["us-east-1a"] } } ``` ### What are Terraform resources? Resources are the most important element in the Terraform language. They describe the infrastructure to be created, from compute instances to specific permissions and more. The `resource {}` block defines components of your infrastructure. A resource can be a physical or virtual component (such as an EC2 instance) or a logical component (such as a random password). ```bash resource "random_password" "passwords" { count = 2 length = 20 upper = true lower = true number = true } ``` The resource {} block has two strings before the block: resource types and resource names. The prefix of the type maps to the name of the provider. For example, the resource type “random_password” and the resource name “passwords” form a unique identifier of the resource. Terraform uses this ID to identify the resource. ### What are Terraform data sources? Data sources allow Terraform to use information defined outside of Terraform, defined by another separate Terraform configuration, or modified by functions. Each provider may offer data sources alongside its set of resource types. A data source is accessed via a `data` block. ```bash data "rediscloud_payment_method" "card" { card_type = "Visa" last_four_numbers = "XXXX" } ``` A data block requests that Terraform read from a given data source ("rediscloud_payment_method") and export the result under the given local name ("card"). The name is used to refer to this resource from elsewhere in the same Terraform module, but has no significance outside of the scope of a module. Within the block body (between { and }) are query constraints defined by the data source. Most arguments in this section depend on the data source, and indeed in this example card_type and last_four_numbers are all arguments defined specifically for the rediscloud_payment_method data source. ## How do you configure Redis Cloud programmatic access? To authenticate with the Redis Cloud provider, you need a programmatic API key. The [Redis Cloud documentation](https://redis.io/docs/latest/operate/rc/api/) contains up-to-date instructions for creating and managing your keys and IP access. > **TIP** > > Flexible and Annual Redis Cloud subscriptions can leverage a RESTful API that permits operations against a variety of resources, including servers, services, and related infrastructure. The REST API is not supported for Fixed or Free subscriptions. ```bash provider "rediscloud" { } # Example resource configuration resource "rediscloud_subscription" "example" { # ... } ``` ## Step 1: How do you install Terraform? Install Terraform using your platform's package manager. On macOS, use Homebrew: ```bash brew install terraform ``` For other platforms, see the [official Terraform installation guide](https://developer.hashicorp.com/terraform/tutorials/aws-get-started/install-cli). ## Step 2: How do you sign up for Redis Cloud? [Sign up for a free Redis Cloud account](https://redis.io/partners/aws/) if you don't already have one. You'll need a Flexible or Annual subscription to use the REST API with Terraform. ![Redis Cloud login and registration page showing sign-up and sign-in options](https://cdn.sanity.io/images/sy1jschh/production/70bdfed72b2ae48570536f08c76a689250bad04b-1047x737.jpg) ## Step 3: How do you enable the Redis Cloud API? If you have a Flexible (or Annual) Redis Cloud subscription, you can use a REST API to manage your subscription programmatically. The Redis Cloud REST API is available only to Flexible or Annual subscriptions. It is not supported for Fixed or Free subscriptions. For security reasons, the Redis Cloud API is disabled by default. To enable the API: - Sign in to your Redis Cloud subscription as an account owner. - From the menu, choose Access Management. - When the Access Management screen appears, select the API Keys tab. ![Redis Cloud Access Management screen showing the API Keys tab with options to enable the API and copy account keys](https://cdn.sanity.io/images/sy1jschh/production/3bad957874ef5a22c057def5576017b35fdc3dbd-1047x551.jpg) If a Copy button appears to the right of the API account key, the API is enabled. This button copies the account key to the clipboard. If you see an Enable API button, select it to enable the API and generate your API account key. To authenticate REST API calls, you need to combine the API account key with an API user key to make API calls. ![Redis Cloud interface showing the form to generate a new API User Key with name field and confirmation button](https://cdn.sanity.io/images/sy1jschh/production/eb53bbf429f4440910631ce2e1ec0c58e85e5cb1-1047x587.jpg) ## Step 4: How do you create the Terraform configuration file? Create a file named `main.tf` and add the provider, resource, and data source blocks. This configuration defines your Redis Cloud subscription and database: ```bash terraform { required_providers { rediscloud = { source = "RedisLabs/rediscloud" version = "0.2.2" } } } # Provide your credit card details data "rediscloud_payment_method" "card" { card_type = "Visa" last_four_numbers = "XXXX" } # Generates a random password for the database resource "random_password" "passwords" { count = 2 length = 20 upper = true lower = true number = true special = false } resource "rediscloud_subscription" "rahul-test-terraform" { name = "rahul-test-terraform" payment_method_id = data.rediscloud_payment_method.card.id memory_storage = "ram" cloud_provider { provider = "AWS" cloud_account_id = 1 region { region = "us-east-1" networking_deployment_cidr = "10.0.0.0/24" preferred_availability_zones = ["us-east-1a"] } } database { name = "db-json" protocol = "redis" memory_limit_in_gb = 1 replication = true data_persistence = "aof-every-1-second" module { name = "RedisJSON" } throughput_measurement_by = "operations-per-second" throughput_measurement_value = 10000 password = random_password.passwords[1].result } } ``` ## Step 5: How do you preview changes with terraform plan? The `terraform plan` command creates an execution plan, letting you preview changes before applying them. Terraform reads the current state of existing remote objects, compares the configuration to prior state, and proposes a set of change actions. ```bash % terraform plan Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: # random_password.passwords[0] will be created + resource "random_password" "passwords" { + id = (known after apply) + length = 20 + lower = true + min_lower = 0 + min_numeric = 0 + min_special = 0 + min_upper = 0 + number = true + result = (sensitive value) + special = false + upper = true } # random_password.passwords[1] will be created + resource "random_password" "passwords" { + id = (known after apply) + length = 20 + lower = true + min_lower = 0 + min_numeric = 0 + min_special = 0 + min_upper = 0 + number = true + result = (sensitive value) + special = false + upper = true } # rediscloud_subscription.rahul-test-terraform will be created + resource "rediscloud_subscription" "rahul-test-terraform" { + id = (known after apply) + memory_storage = "ram" + name = "rahul-test-terraform" + payment_method_id = "XXXX" + persistent_storage_encryption = true + cloud_provider { + cloud_account_id = "1" + provider = "AWS" + region { + multiple_availability_zones = false + networking_deployment_cidr = "10.0.0.0/24" + networks = (known after apply) + preferred_availability_zones = [ + "us-east-1a", ] + region = "us-east-1" } } + database { # At least one attribute in this block is (or was) sensitive, # so its contents will not be displayed. } } Plan: 3 to add, 0 to change, 0 to destroy. ``` > **NOTE** > > You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply" now. ## Step 6: How do you apply the Terraform configuration? The `terraform apply` command executes the actions proposed in a Terraform plan. It will prompt for confirmation before making any changes. ```bash terraform apply Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: # random_password.passwords[0] will be created + resource "random_password" "passwords" { + id = (known after apply) + length = 20 + lower = true + min_lower = 0 + min_numeric = 0 + min_special = 0 + min_upper = 0 + number = true + result = (sensitive value) + special = false + upper = true } # random_password.passwords[1] will be created + resource "random_password" "passwords" { + id = (known after apply) + length = 20 + lower = true + min_lower = 0 + min_numeric = 0 + min_special = 0 + min_upper = 0 + number = true + result = (sensitive value) + special = false + upper = true } # rediscloud_subscription.rahul-test-terraform will be created + resource "rediscloud_subscription" "rahul-test-terraform" { + id = (known after apply) + memory_storage = "ram" + name = "rahul-test-terraform" + payment_method_id = "XXXX" + persistent_storage_encryption = true + cloud_provider { + cloud_account_id = "1" + provider = "AWS" + region { + multiple_availability_zones = false + networking_deployment_cidr = "10.0.0.0/24" + networks = (known after apply) + preferred_availability_zones = [ + "us-east-1a", ] + region = "us-east-1" } } + database { # At least one attribute in this block is (or was) sensitive, # so its contents will not be displayed. } } Plan: 3 to add, 0 to change, 0 to destroy. Do you want to perform these actions? Terraform will perform the actions described above. Only 'yes' will be accepted to approve. Enter a value: yes random_password.passwords[0]: Creating... random_password.passwords[1]: Creating... random_password.passwords[1]: Creation complete after 0s [id=none] random_password.passwords[0]: Creation complete after 0s [id=none] rediscloud_subscription.rahul-test-terraform: Creating... rediscloud_subscription.rahul-test-terraform: Still creating... [10s elapsed] rediscloud_subscription.rahul-test-terraform: Still creating... [20s elapsed] rediscloud_subscription.rahul-test-terraform: Creation complete after 8m32s [id=1649277] Apply complete! Resources: 3 added, 0 changed, 0 destroyed. ``` ## Step 7: How do you verify the deployed database? You can verify the new database was created successfully under your subscription. The database named "db-json" should appear in your Redis Cloud console. Here is the complete configuration to deploy a Redis database with JSON support on AWS using Terraform: ```bash terraform { required_providers { rediscloud = { source = "RedisLabs/rediscloud" version = "0.2.2" } } } # Provide your credit card details data "rediscloud_payment_method" "card" { card_type = "Visa" last_four_numbers = "XXXX" } # Generates a random password for the database resource "random_password" "passwords" { count = 2 length = 20 upper = true lower = true number = true special = false } resource "rediscloud_subscription" "rahul-test-terraform" { name = "rahul-test-terraform" payment_method_id = data.rediscloud_payment_method.card.id memory_storage = "ram" cloud_provider { provider = "AWS" cloud_account_id = 1 region { region = "us-east-1" networking_deployment_cidr = "10.0.0.0/24" preferred_availability_zones = ["us-east-1a"] } } database { name = "db-json" protocol = "redis" memory_limit_in_gb = 1 replication = true data_persistence = "aof-every-1-second" module { name = "RedisJSON" } throughput_measurement_by = "operations-per-second" throughput_measurement_value = 10000 password = random_password.passwords[1].result } } ``` ## Step 8: How do you clean up Terraform-managed resources? The `terraform destroy` command removes all remote objects managed by a particular Terraform configuration. This is useful for cleaning up ephemeral infrastructure used for development or testing. ```bash % terraform destroy random_password.passwords[0]: Refreshing state... [id=none] random_password.passwords[1]: Refreshing state... [id=none] rediscloud_subscription.rahul-test-terraform: Refreshing state... [id=1649277] Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: - destroy Terraform will perform the following actions: # random_password.passwords[0] will be destroyed - resource "random_password" "passwords" { - id = "none" -> null - length = 20 -> null - lower = true -> null - min_lower = 0 -> null - min_numeric = 0 -> null - min_special = 0 -> null - min_upper = 0 -> null - number = true -> null - result = (sensitive value) - special = false -> null - upper = true -> null } # random_password.passwords[1] will be destroyed - resource "random_password" "passwords" { - id = "none" -> null - length = 20 -> null - lower = true -> null - min_lower = 0 -> null - min_numeric = 0 -> null - min_special = 0 -> null - min_upper = 0 -> null - number = true -> null - result = (sensitive value) - special = false -> null - upper = true -> null } # rediscloud_subscription.rahul-test-terraform will be destroyed - resource "rediscloud_subscription" "rahul-test-terraform" { - id = "1649277" -> null - memory_storage = "ram" -> null - name = "rahul-test-terraform" -> null - payment_method_id = "XXXX" -> null - persistent_storage_encryption = true -> null - cloud_provider { - cloud_account_id = "1" -> null - provider = "AWS" -> null - region { - multiple_availability_zones = false -> null - networking_deployment_cidr = "10.0.0.0/24" -> null - networks = [ - { - networking_deployment_cidr = "10.0.0.0/24" - networking_subnet_id = "subnet-0055e8e3ee3ea796e" - networking_vpc_id = "" }, ] -> null - preferred_availability_zones = [ - "us-east-1a", ] -> null - region = "us-east-1" -> null } } - database { # At least one attribute in this block is (or was) sensitive, # so its contents will not be displayed. } } Plan: 0 to add, 0 to change, 3 to destroy. Do you really want to destroy all resources? Terraform will destroy all your managed infrastructure, as shown above. There is no undo. Only 'yes' will be accepted to confirm. Enter a value: yes rediscloud_subscription.rahul-test-terraform: Destroying... [id=1649277] … rediscloud_subscription.rahul-test-terraform: Destruction complete after 1m34s random_password.passwords[0]: Destroying... [id=none] random_password.passwords[1]: Destroying... [id=none] random_password.passwords[0]: Destruction complete after 0s random_password.passwords[1]: Destruction complete after 0s Destroy complete! Resources: 3 destroyed. ``` ## Next steps Now that you've deployed Redis Cloud on AWS with Terraform, consider exploring: - **Network peering** — Set up [VPC peering](https://redis.io/docs/latest/operate/rc/security/vpc-peering/) between your Redis Cloud subscription and your AWS VPC for private connectivity. - **Multiple databases** — Add more `database` blocks to your Terraform configuration to provision additional Redis databases within the same subscription. - **Terraform state management** — Use [remote state backends](https://developer.hashicorp.com/terraform/language/state/remote) (such as S3) to share Terraform state across your team. - **CI/CD integration** — Incorporate `terraform plan` and `terraform apply` into your CI/CD pipeline for automated Redis infrastructure deployment. ## Further references - [Provision and Manage Redis Cloud Anywhere with HashiCorp Terraform](https://redis.io/blog/provision-manage-redis-enterprise-cloud-hashicorp-terraform/) - [The HashiCorp Terraform Redis Cloud provider](https://registry.terraform.io/providers/RedisLabs/rediscloud/latest) - [Redis Cloud REST API documentation](https://redis.io/docs/latest/operate/rc/api/) - [Terraform Getting Started guide](https://developer.hashicorp.com/terraform/tutorials/aws-get-started)