aws · mazyu36 · Nov 1, 2025 · Nov 2, 2025 · Nov 2, 2025
diff --git a/packages/@aws-cdk/aws-elasticache-alpha/README.md b/packages/@aws-cdk/aws-elasticache-alpha/README.md
@@ -291,9 +291,6 @@ You can also create a no password required user by using `NoPasswordUser` constr
 
 ```ts
 const user = new elasticache.NoPasswordUser(this, 'User', {
-  // set user engine  
-  engine: elasticache.UserEngine.REDIS, 
-
   // set user id
   userId: 'my-user-id',
 
@@ -305,6 +302,8 @@ const user = new elasticache.NoPasswordUser(this, 'User', {
 });
 ```
 
+> NOTE: `NoPasswordUser` is only available for Redis Cache.
+
 ### Default user
 
 ElastiCache automatically creates a default user with both a user ID and username set to `default`. This default user cannot be modified or deleted. The user is created as a no password authentication user.

diff --git a/packages/@aws-cdk/aws-elasticache-alpha/lib/iam-user.ts b/packages/@aws-cdk/aws-elasticache-alpha/lib/iam-user.ts
@@ -19,6 +19,13 @@ export interface IamUserProps extends UserBaseProps {
    * @default - Same as userId.
    */
   readonly userName?: string;
+  /**
+   * The engine type for the user.
+   * Enum options: UserEngine.VALKEY, UserEngine.REDIS.
+   *
+   * @default UserEngine.VALKEY.
+   */
+  readonly engine?: UserEngine;
 }
 
 /**

diff --git a/packages/@aws-cdk/aws-elasticache-alpha/lib/no-password-user.ts b/packages/@aws-cdk/aws-elasticache-alpha/lib/no-password-user.ts
@@ -2,7 +2,6 @@ import { Construct } from 'constructs';
 import { UserEngine } from './common';
 import { CfnUser } from 'aws-cdk-lib/aws-elasticache';
 import { UserBase, UserBaseProps } from './user-base';
-import { ValidationError } from 'aws-cdk-lib/core';
 import { addConstructMetadata } from 'aws-cdk-lib/core/lib/metadata-resource';
 import { propertyInjectable } from 'aws-cdk-lib/core/lib/prop-injectable';
 
@@ -81,15 +80,11 @@ export class NoPasswordUser extends UserBase {
     // Enhanced CDK Analytics Telemetry
     addConstructMetadata(this, props);
 
-    this.engine = props.engine ?? UserEngine.REDIS;
+    this.engine = UserEngine.REDIS;
     this.userId = props.userId;
     this.userName = props.userName ?? props.userId;
     this.accessString = props.accessControl.accessString;
 
-    if (this.engine === UserEngine.VALKEY) {
-      throw new ValidationError('Valkey engine does not support no-password authentication.', this);
-    }
-
     this.resource = new CfnUser(this, 'Resource', {
       engine: this.engine,
       userId: props.userId,

diff --git a/packages/@aws-cdk/aws-elasticache-alpha/lib/password-user.ts b/packages/@aws-cdk/aws-elasticache-alpha/lib/password-user.ts
@@ -18,6 +18,13 @@ export interface PasswordUserProps extends UserBaseProps {
    * @default - Same as userId.
    */
   readonly userName?: string;
+  /**
+   * The engine type for the user.
+   * Enum options: UserEngine.VALKEY, UserEngine.REDIS.
+   *
+   * @default UserEngine.VALKEY.
+   */
+  readonly engine?: UserEngine;
   /**
    * The passwords for the user.
    * Password authentication requires using 1-2 passwords.

diff --git a/packages/@aws-cdk/aws-elasticache-alpha/lib/user-base.ts b/packages/@aws-cdk/aws-elasticache-alpha/lib/user-base.ts
@@ -40,13 +40,6 @@ class AccessControlString extends AccessControl {
  * Properties for defining an ElastiCache base user.
  */
 export interface UserBaseProps {
-  /**
-   * The engine type for the user.
-   * Enum options: UserEngine.VALKEY, UserEngine.REDIS.
-   *
-   * @default UserEngine.VALKEY.
-   */
-  readonly engine?: UserEngine;
   /**
    * The ID of the user.
    */

diff --git a/packages/@aws-cdk/aws-elasticache-alpha/test/no-password-user.test.ts b/packages/@aws-cdk/aws-elasticache-alpha/test/no-password-user.test.ts
@@ -3,21 +3,6 @@ import { Stack } from 'aws-cdk-lib';
 import { NoPasswordUser, AccessControl, UserEngine } from '../lib';
 
 describe('NoPasswordUser', () => {
-  describe('validation errors', () => {
-    let stack: Stack;
-    beforeEach(() => {
-      stack = new Stack();
-    });
-
-    test('when using Valkey engine throws validation error', () => {
-      expect(() => new NoPasswordUser(stack, 'TestUser', {
-        userId: 'test-user',
-        engine: UserEngine.VALKEY,
-        accessControl: AccessControl.fromAccessString('on ~* +@all'),
-      })).toThrow('Valkey engine does not support no-password authentication.');
-    });
-  });
-
   describe('constructor', () => {
     let stack: Stack;
     beforeEach(() => {
@@ -27,7 +12,6 @@ describe('NoPasswordUser', () => {
     test('creates user with minimal required properties', () => {
       new NoPasswordUser(stack, 'TestUser', {
         userId: 'test-user',
-        engine: UserEngine.REDIS,
         accessControl: AccessControl.fromAccessString('on ~* +@all'),
       });
 
@@ -49,7 +33,6 @@ describe('NoPasswordUser', () => {
       new NoPasswordUser(stack, 'TestUser', {
         userId: 'test-user',
         accessControl: AccessControl.fromAccessString('on ~app:* +@read +@write'),
-        engine: UserEngine.REDIS,
         userName: 'test-user-name',
       });
 
@@ -71,7 +54,6 @@ describe('NoPasswordUser', () => {
       new NoPasswordUser(stack, 'TestUser', {
         userId: 'test-user',
         accessControl: AccessControl.fromAccessString('on ~* +@all'),
-        engine: UserEngine.REDIS,
       });
 
       const template = Template.fromStack(stack);
@@ -89,7 +71,6 @@ describe('NoPasswordUser', () => {
       const user = new NoPasswordUser(stack, 'TestUser', {
         userId: 'test-user-id',
         userName: 'test-user-name',
-        engine: UserEngine.REDIS,
         accessControl: AccessControl.fromAccessString('on ~app:* +@read'),
       });
 
@@ -104,7 +85,6 @@ describe('NoPasswordUser', () => {
     test('userName defaults to userId when not provided', () => {
       const user = new NoPasswordUser(stack, 'TestUser', {
         userId: 'my-user-id',
-        engine: UserEngine.REDIS,
         accessControl: AccessControl.fromAccessString('on ~* +@all'),
       });
 
@@ -118,7 +98,6 @@ describe('NoPasswordUser', () => {
       const stack = new Stack();
       const user = new NoPasswordUser(stack, 'TestUser', {
         userId: 'test-user',
-        engine: UserEngine.REDIS,
         accessControl: AccessControl.fromAccessString('on ~* +@all'),
       });
 

diff --git a/packages/@aws-cdk/aws-elasticache-alpha/test/user-group.test.ts b/packages/@aws-cdk/aws-elasticache-alpha/test/user-group.test.ts
@@ -102,13 +102,11 @@ describe('UserGroup', () => {
         new NoPasswordUser(stack, 'TestUser1', {
           userId: 'user1',
           userName: 'duplicate-name',
-          engine: UserEngine.REDIS,
           accessControl: AccessControl.fromAccessString('on ~* +@all'),
         }),
         new NoPasswordUser(stack, 'TestUser2', {
           userId: 'user2',
           userName: 'duplicate-name',
-          engine: UserEngine.REDIS,
           accessControl: AccessControl.fromAccessString('on ~* +@all'),
         }),
       ];
@@ -179,7 +177,6 @@ describe('UserGroup', () => {
     test('creates Redis user group with minimal required properties', () => {
       const user = new NoPasswordUser(stack, 'TestUser', {
         userId: 'default',
-        engine: UserEngine.REDIS,
         accessControl: AccessControl.fromAccessString('on ~app:* +@read +@write'),
       });
 
@@ -220,7 +217,6 @@ describe('UserGroup', () => {
     test('creates Valkey user group with both Redis and Valkey users', () => {
       const redisUser = new NoPasswordUser(stack, 'RedisUser', {
         userId: 'redis-user',
-        engine: UserEngine.REDIS,
         accessControl: AccessControl.fromAccessString('on ~* +@all'),
       });
 
@@ -325,7 +321,6 @@ describe('UserGroup', () => {
       });
       const user = new NoPasswordUser(stack, 'TestUser', {
         userId: 'test-user',
-        engine: UserEngine.REDIS,
         accessControl: AccessControl.fromAccessString('on ~* +@all'),
       });
 
@@ -338,7 +333,6 @@ describe('UserGroup', () => {
     test('adds second user to group that already has one user', () => {
       const existingUser = new NoPasswordUser(stack, 'ExistingUser', {
         userId: 'existing-user',
-        engine: UserEngine.REDIS,
         accessControl: AccessControl.fromAccessString('on ~* +@all'),
       });
 
@@ -349,7 +343,6 @@ describe('UserGroup', () => {
 
       const newUser = new NoPasswordUser(stack, 'NewUser', {
         userId: 'new-user',
-        engine: UserEngine.REDIS,
         accessControl: AccessControl.fromAccessString('on ~* +@all'),
       });
 
@@ -425,7 +418,6 @@ describe('UserGroup', () => {
     test('fromUserGroupAttributes preserves users when provided', () => {
       const user = new NoPasswordUser(stack, 'TestUser', {
         userId: 'test-user',
-        engine: UserEngine.REDIS,
         accessControl: AccessControl.fromAccessString('on ~* +@all'),
       });
 
@@ -441,7 +433,6 @@ describe('UserGroup', () => {
     test('fromUserGroupAttributes works with both engine and users', () => {
       const user = new NoPasswordUser(stack, 'TestUser', {
         userId: 'test-user',
-        engine: UserEngine.REDIS,
         accessControl: AccessControl.fromAccessString('on ~* +@all'),
       });
 
@@ -462,7 +453,6 @@ describe('UserGroup', () => {
       const arn = 'arn:aws:elasticache:us-east-1:123456789012:usergroup:my-group';
       const user = new NoPasswordUser(stack, 'TestUser', {
         userId: 'test-user',
-        engine: UserEngine.REDIS,
         accessControl: AccessControl.fromAccessString('on ~* +@all'),
       });