There are some limitation listed for IAM auth approach:
Limitations
When using IAM authentication, the following limitations apply:
IAM authentication is available when using ElastiCache for Redis version 7.0 or above.
For IAM-enabled ElastiCache users the username and user id properties must be identical.
The IAM authentication token is valid for 15 minutes. For long-lived connections, we recommend using a Redis client that supports a credentials provider interface.
An IAM authenticated connection to ElastiCache for Redis will automatically be disconnected after 12 hours. The connection can be prolonged for 12 hours by sending an AUTH or HELLO command with a new IAM authentication token.
IAM authentication is not supported in MULTI EXEC commands.
Teleport can leverage the IAM Auth for Redis 7.0 or above and simplify the integration.
Probably to support log living connection:
The IAM authentication token is valid for 15 minutes. For long-lived connections, we recommend using a Redis client that supports a credentials provider interface.
Teleport needs to implement internal mechanism for refreshing the IAM token.
What:
According to the https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/auth-iam.html ElastiCache right now support IAM auth where current Teleport AWS ElastiCache integration uses the AWS KMS and password rotation approach.
There are some limitation listed for IAM auth approach:
Teleport can leverage the IAM Auth for Redis 7.0 or above and simplify the integration.
Probably to support log living connection:
Teleport needs to implement internal mechanism for refreshing the IAM token.