valkey-io
diff --git a/‎README.md‎
Lines changed: 35 additions & 0 deletions b/‎README.md‎
Lines changed: 35 additions & 0 deletions
diff --git a/‎common.h‎
Lines changed: 28 additions & 2 deletions b/‎common.h‎
Lines changed: 28 additions & 2 deletions
diff --git a/‎examples/basic/configuration.php‎
Lines changed: 70 additions & 4 deletions b/‎examples/basic/configuration.php‎
Lines changed: 70 additions & 4 deletions
@@ -255,6 +255,41 @@ try {
 ?>
 ```
 
+### AWS ElastiCache/MemoryDB with IAM Authentication:
+
+```php
+<?php
+try {
+    // Create client with IAM authentication for AWS ElastiCache
+    $client = new ValkeyGlide(
+        addresses: [
+            ['host' => 'my-cluster.xxxxx.use1.cache.amazonaws.com', 'port' => 6379]
+        ],
+        use_tls: true,  // REQUIRED for IAM authentication
+        credentials: [
+            'username' => 'my-iam-user',  // REQUIRED for IAM
+            'iamConfig' => [
+                ValkeyGlide::IAM_CONFIG_CLUSTER_NAME => 'my-cluster',
+                ValkeyGlide::IAM_CONFIG_REGION => 'us-east-1',
+                ValkeyGlide::IAM_CONFIG_SERVICE => ValkeyGlide::IAM_SERVICE_ELASTICACHE,
+                ValkeyGlide::IAM_CONFIG_REFRESH_INTERVAL => 300  // Optional, defaults to 300 seconds
+            ]
+        ]
+    );
+    
+    // Use the client normally - IAM tokens are managed automatically
+    $client->set('key', 'value');
+    $value = $client->get('key');
+    echo "Value: " . $value . "\n";
+    
+    $client->close();
+    
+} catch (Exception $e) {
+    echo "Error: " . $e->getMessage() . "\n";
+}
+?>
+```
+
 ### Cluster Valkey:
 
 ```php
 
@@ -63,9 +63,22 @@ typedef struct {
     int   port;
 } valkey_glide_node_address_t;
 
+typedef enum {
+    VALKEY_GLIDE_SERVICE_TYPE_ELASTICACHE = 0,
+    VALKEY_GLIDE_SERVICE_TYPE_MEMORYDB    = 1
+} valkey_glide_service_type_t;
+
+typedef struct {
+    char*                       cluster_name;
+    char*                       region;
+    valkey_glide_service_type_t service_type;
+    int                         refresh_interval_seconds; /* 0 means use default (300s) */
+} valkey_glide_iam_config_t;
+
 typedef struct {
-    char* password;
-    char* username; /* Optional */
+    char*                      password;
+    char*                      username;   /* Optional for password auth, REQUIRED for IAM */
+    valkey_glide_iam_config_t* iam_config; /* NULL if using password auth */
 } valkey_glide_server_credentials_t;
 
 /* Default values for connection configuration options. */
@@ -76,6 +89,14 @@ typedef struct {
 
 #define VALKEY_GLIDE_DEFAULT_CONNECTION_TIMEOUT 250
 
+/* IAM Authentication Constants */
+#define VALKEY_GLIDE_IAM_SERVICE_ELASTICACHE "Elasticache"
+#define VALKEY_GLIDE_IAM_SERVICE_MEMORYDB "MemoryDB"
+#define VALKEY_GLIDE_IAM_CONFIG_CLUSTER_NAME "clusterName"
+#define VALKEY_GLIDE_IAM_CONFIG_REGION "region"
+#define VALKEY_GLIDE_IAM_CONFIG_SERVICE "service"
+#define VALKEY_GLIDE_IAM_CONFIG_REFRESH_INTERVAL "refreshIntervalSeconds"
+
 
 typedef struct {
     int num_of_retries;
@@ -219,4 +240,9 @@ zend_class_entry* get_valkey_glide_exception_ce(void);
 zend_class_entry* get_valkey_glide_cluster_ce(void);
 zend_class_entry* get_valkey_glide_cluster_exception_ce(void);
 
+/* Helper function to get the appropriate exception class based on client type */
+static inline zend_class_entry* get_exception_ce_for_client_type(bool is_cluster) {
+    return is_cluster ? get_valkey_glide_cluster_exception_ce() : get_valkey_glide_exception_ce();
+}
+
 #endif  // VALKEY_GLIDE
@@ -192,6 +192,71 @@
 }
 echo "\n";
 
+// =============================================================================
+// IAM AUTHENTICATION (AWS ElastiCache/MemoryDB)
+// =============================================================================
+echo "☁️  IAM Authentication Configuration (AWS):\n";
+echo "-------------------------------------------\n";
+
+// IAM authentication for AWS ElastiCache
+echo "Creating client with IAM authentication for ElastiCache...\n";
+try {
+    $iamClient = new ValkeyGlide(
+        [['host' => 'my-cluster.xxxxx.use1.cache.amazonaws.com', 'port' => 6379]],
+        true,                     // use_tls (REQUIRED for IAM)
+        [                         // credentials
+            'username' => 'my-iam-user',  // REQUIRED for IAM
+            'iamConfig' => [
+                ValkeyGlide::IAM_CONFIG_CLUSTER_NAME => 'my-cluster',
+                ValkeyGlide::IAM_CONFIG_REGION => 'us-east-1',
+                ValkeyGlide::IAM_CONFIG_SERVICE => ValkeyGlide::IAM_SERVICE_ELASTICACHE,
+                ValkeyGlide::IAM_CONFIG_REFRESH_INTERVAL => 300  // Optional
+            ]
+        ],
+        0,                        // read_from
+        5000                      // request_timeout
+    );
+
+    echo "✅ IAM ElastiCache client created\n";
+    $iamClient->ping();
+    $iamClient->close();
+} catch (Exception $e) {
+    echo "❌ IAM ElastiCache authentication failed (expected if not on AWS): " . $e->getMessage() . "\n";
+}
+
+// IAM authentication for AWS MemoryDB
+echo "Creating client with IAM authentication for MemoryDB...\n";
+try {
+    $memorydbClient = new ValkeyGlide(
+        [['host' => 'clustercfg.my-memorydb.xxxxx.memorydb.us-east-1.amazonaws.com', 'port' => 6379]],
+        true,                     // use_tls (REQUIRED for IAM)
+        [                         // credentials
+            'username' => 'my-iam-user',
+            'iamConfig' => [
+                ValkeyGlide::IAM_CONFIG_CLUSTER_NAME => 'my-memorydb',
+                ValkeyGlide::IAM_CONFIG_REGION => 'us-east-1',
+                ValkeyGlide::IAM_CONFIG_SERVICE => ValkeyGlide::IAM_SERVICE_MEMORYDB,
+                ValkeyGlide::IAM_CONFIG_REFRESH_INTERVAL => 120  // Refresh every 2 minutes
+            ]
+        ]
+    );
+
+    echo "✅ IAM MemoryDB client created\n";
+    $memorydbClient->ping();
+    $memorydbClient->close();
+} catch (Exception $e) {
+    echo "❌ IAM MemoryDB authentication failed (expected if not on AWS): " . $e->getMessage() . "\n";
+}
+
+echo "\nℹ️  IAM Authentication Notes:\n";
+echo "  - Requires TLS to be enabled (use_tls: true)\n";
+echo "  - Username is REQUIRED for IAM authentication\n";
+echo "  - AWS credentials must be configured (IAM role, env vars, or credentials file)\n";
+echo "  - Tokens are automatically refreshed in the background\n";
+echo "  - Default refresh interval is 300 seconds (5 minutes)\n";
+echo "  - IAM permissions required: elasticache:Connect or memorydb:Connect\n";
+echo "\n";
+
 // =============================================================================
 // TLS CONFIGURATION
 // =============================================================================
@@ -393,9 +458,10 @@
 echo "2. Set appropriate timeouts based on your network latency\n";
 echo "3. Configure reconnection strategy based on your availability needs\n";
 echo "4. Use TLS in production environments\n";
-echo "5. Set client names for easier debugging and monitoring\n";
-echo "6. Consider read preferences when using replicas\n";
-echo "7. Limit in-flight requests to prevent memory issues\n";
-echo "8. Use lazy connection for applications with conditional Redis usage\n";
+echo "5. Use IAM authentication for AWS ElastiCache/MemoryDB (more secure than passwords)\n";
+echo "6. Set client names for easier debugging and monitoring\n";
+echo "7. Consider read preferences when using replicas\n";
+echo "8. Limit in-flight requests to prevent memory issues\n";
+echo "9. Use lazy connection for applications with conditional Redis usage\n";
 
 echo "\n✅ Configuration examples completed!\n";