redis · cmilesb · Oct 3, 2025 · Sep 26, 2025 · Sep 26, 2025 · Sep 26, 2025
diff --git a/content/embeds/rc-rdi-secrets-permissions.md b/content/embeds/rc-rdi-secrets-permissions.md
@@ -14,4 +14,6 @@
         }
     } ]
 }
-```
+```
+
+After you store this secret, you can view and copy the [Amazon Resource Name (ARN)](https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#iam-resources) of your secret on the secret details page. Save the secret ARN to use when you [define your source database]({{<relref "/operate/rc/databases/rdi/define">}}).
diff --git a/content/operate/rc/changelog/september-2025.md b/content/operate/rc/changelog/september-2025.md
@@ -0,0 +1,25 @@
+---
+Title: Redis Cloud changelog (September 2025)
+alwaysopen: false
+categories:
+- docs
+- operate
+- rc
+description: New features, enhancements, and other changes added to Redis Cloud during
+  September 2025.
+highlights: Data Integration
+linktitle: September 2025
+weight: 70
+tags:
+- changelog
+---
+
+## New features
+
+### Data Integration
+
+Redis Cloud now supports [Redis Data Integration (RDI)]({{< relref "/operate/rc/databases/rdi" >}}) to create data pipelines that ingest data from a supported primary database to Redis. 
+
+Using a data pipeline lets you have a cache that is always ready for queries. RDI Data pipelines ensure that any changes made to your primary database are captured in your Redis cache within a few seconds, preventing cache misses and stale data within the cache. 
+
+See [Data Integration]({{< relref "/operate/rc/databases/rdi" >}}) to learn how to set up data pipelines with Redis Cloud.
diff --git a/content/operate/rc/databases/rdi/setup.md b/content/operate/rc/databases/rdi/setup.md
@@ -80,7 +80,7 @@ In the [AWS Management Console](https://console.aws.amazon.com/), use the **Serv
     - **Scheme**: Select **Internal**.
     - **Load balancer IP address type**: Select **IPv4**.
 1. In **Network mapping**, select the VPC and availability zone associated with your source database.
-1. In **Security groups**, select the security group associated with your source database.
+1. In **Security groups**, select the security group associated with your source database, or another security group that allows traffic from PrivateLink and allows traffic to the database.
 1. In **Listeners and routing**: 
     1. Select **Create target group** to [create a target group](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-target-group.html) with the following settings:
         1. In **Specify group details**:
@@ -93,7 +93,11 @@ In the [AWS Management Console](https://console.aws.amazon.com/), use the **Serv
         - **Port**: Enter your source database's port.
         - **Default action**: Select the target group you created in the previous step.
 1. Review the network load balancer settings, and then select **Create load balancer** to continue.
-1. After the network load balancer is active, select **Security**, and then select the security group ID to open the Security group settings.
+1. After the network load balancer is active, select **Security**. 
+
+    If you selected the same security group as your source database, you must not enforce security group rules on PrivateLink traffic. Select **Edit** and then deselect **Enforce inbound rules on PrivateLink traffic**, and then select **Save changes**.
+
+1. Select the security group ID to open the Security group settings.
 1. Select **Edit inbound rules**, then **Add rule** to add a rule with the following settings:
     - **Type**: Select **HTTP**.
     - **Source**: Select **Anywhere - IPv4**.
@@ -146,7 +150,7 @@ In the [AWS Management Console](https://console.aws.amazon.com/), use the **Serv
     - **Scheme**: Select **Internal**.
     - **Load balancer IP address type**: Select **IPv4**.
 1. In **Network mapping**, select the VPC and availability zone associated with your source database.
-1. In **Security groups**, select the security group associated with your source database.
+1. In **Security groups**, select the security group associated with your source database, or another security group that allows traffic from PrivateLink and allows traffic to the database.
 1. In **Listeners and routing**: 
     1. Select **Create target group** to [create a target group](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-target-group.html) with the following settings:
         1. In **Specify group details**:
@@ -164,7 +168,12 @@ In the [AWS Management Console](https://console.aws.amazon.com/), use the **Serv
         - **Port**: Enter your source database's port.
         - **Default action**: Select the target group you created in the previous step.
 1. Review the network load balancer settings, and then select **Create load balancer** to continue.
-1. After the network load balancer is active, select **Security**, and then select the security group ID to open the Security group settings.
+1. After the network load balancer is active, select **Security**. 
+
+    If you selected the same security group as your source database, you must not enforce security group rules on PrivateLink traffic. Select **Edit** and then deselect **Enforce inbound rules on PrivateLink traffic**, and then select **Save changes**.
+
+1. Select the security group ID to open the Security group settings.
+
 1. Select **Edit inbound rules**, then **Add rule** to add a rule with the following settings:
     - **Type**: Select **HTTP**.
     - **Source**: Select **Anywhere - IPv4**.
@@ -224,10 +233,10 @@ The required secrets depend on your source database's security configuration. Th
 
 | Security configuration | Required secrets |
 | :-- | :-- |
-| Username and password only | <ul><li>Credentials secret (username and password)</li></ul> |
-| TLS connection | <ul><li>Credentials secret (username and password)</li><li>CA Certificate secret (server certificate)</li></ul> |
-| mTLS connection | <ul><li>Credentials secret (username and password)</li><li>CA Certificate secret (server certificate)</li><li>Client certificate secret</li><li>Client key secret</li></ul> |
-| mTLS connection with client key passphrase | <ul><li>Credentials secret (username and password)</li><li>CA Certificate secret (server certificate)</li><li>Client certificate secret</li><li>Client key secret</li><li>Client key passphrase secret</li></ul> |
+| Username and password only | <ul><li>Credentials secret (username and password for the RDI pipeline user)</li></ul> |
+| TLS connection | <ul><li>Credentials secret (username and password for the RDI pipeline user)</li><li>CA Certificate secret (server certificate)</li></ul> |
+| mTLS connection | <ul><li>Credentials secret (username and password for the RDI pipeline user)</li><li>CA Certificate secret (server certificate)</li><li>Client certificate secret</li><li>Client key secret</li></ul> |
+| mTLS connection with client key passphrase | <ul><li>Credentials secret (username and password for the RDI pipeline user)</li><li>CA Certificate secret (server certificate)</li><li>Client certificate secret</li><li>Client key secret</li><li>Client key passphrase secret</li></ul> |
 
 Select a tab to learn how to create the required secret.
 
@@ -242,8 +251,8 @@ In the [AWS Management Console](https://console.aws.amazon.com/), use the **Serv
 
 - **Key/value pairs**: Enter the following key/value pairs.
 
-    - `username`: Database username
-    - `password`: Database password
+    - `username`: Database username for the RDI pipeline user
+    - `password`: Database password for the RDI pipeline user
 
 {{< embed-md "rc-rdi-secrets-encryption-permissions.md" >}}
 
@@ -285,12 +294,10 @@ After you create the secret, you need to add permissions to allow the data pipel
 
 In the [AWS Management Console](https://console.aws.amazon.com/), use the **Services** menu to locate and select **Security, Identity, and Compliance** > **Secrets Manager**. Select the private key secret you just created and then select **Edit permissions**. 
 
-Add the following permissions to your secret:
+Add the following permissions to your secret. Replace `<AWS ACCOUNT ID>` with the AWS account ID for the Redis Cloud cluster that you saved earlier.
 
 {{< embed-md "rc-rdi-secrets-permissions.md" >}}
 
-Replace `<AWS ACCOUNT ID>` with the AWS account ID for the Redis Cloud cluster that you saved earlier.
-
 --tab-sep--
 
 In the [AWS Management Console](https://console.aws.amazon.com/), use the **Services** menu to locate and select **Security, Identity, and Compliance** > **Secrets Manager**. [Create a secret](https://docs.aws.amazon.com/secretsmanager/latest/userguide/create_secret.html) of type **Other type of secret** with the following settings:
@@ -301,8 +308,6 @@ In the [AWS Management Console](https://console.aws.amazon.com/), use the **Serv
 
 {{< /multitabs >}}
 
-After you store this secret, you can view and copy the [Amazon Resource Name (ARN)](https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#iam-resources) of your secret on the secret details page. 
-
 ## Next steps
 
 After you have set up your source database and prepared connectivity and credentials, select **Define source database** to [define your source connection and data pipeline]({{<relref "/operate/rc/databases/rdi/define">}}).
-Original file line number
+Diff line change
@@ Expand Up / @@ -14,4 +14,6 @@ @@
             }
         } ]
     }
-    ```
+    ```
+    After you store this secret, you can view and copy the [Amazon Resource Name (ARN)](https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#iam-resources) of your secret on the secret details page. Save the secret ARN to use when you [define your source database]({{<relref "/operate/rc/databases/rdi/define">}}).