DEV Community

loading...
AWS Community Builders

How to connect to ElastiCache Redis

Arun Kumar
AWS Community Builder
・2 min read

Rationale

If ElastiCache/Redis deployments default encryption for both inflight and at-rest, then this could cause issues with connectivity for some clients, like redis-cli.

Solution Summary

[https://aws.amazon.com/premiumsupport/knowledge-center/elasticache-connect-redis-node/]

Two parts

  • Deploy EC2 for your app/branch and run stunnel to Redis (then use SSM to SSH into the server and run Redis commands from CLI)
  • Use SSM to port forward 2 x ports from your EC2 + stunnel setup to localhost, and connect with a desktop client.

Steps

  • Using an ec2 I have an ec2 keypair for (app server):
INSTANCE_NAME=demo-app
Enter fullscreen mode Exit fullscreen mode
  • Find the instance ID based on Tag Name
INSTANCE_ID=$(aws ec2 describe-instances \
 --filter “Name=tag:Name,Values=${INSTANCE_NAME}” \
 --query “Reservations[].Instances[?State.Name == ‘running’].InstanceId[]” \
 --output text)
Enter fullscreen mode Exit fullscreen mode
  • To connect to the EC2 to test connectivity
aws ssm start-session — target “${INSTANCE_ID}” 
# — — — — — — — — — — — -
# On the EC2
# — — — — — — — — — — — -
Enter fullscreen mode Exit fullscreen mode
  • Test EC2 connectivity to redis is OK
curl -v telnet://master.demo.cache.amazonaws.com:6379
Enter fullscreen mode Exit fullscreen mode
  • Setup stunnel as per -

[https://aws.amazon.com/premiumsupport/knowledge-center/elasticache-connect-redis-node/]

  • Install stunnel on ec2
sudo yum install -y stunnel
Enter fullscreen mode Exit fullscreen mode
cat /etc/stunnel/redis-cli.conf

fips = no
setuid = root
setgid = root
pid = /var/run/stunnel.pid
debug = 7
options = NO_SSLv2
options = NO_SSLv3
[redis-cli]
 client = yes
 accept = 127.0.0.1:6379
 connect = master.demo.cache.amazonaws.com:6379
[redis-cli-slave]
 client = yes
 accept = 127.0.0.1:6380
 connect = demo.app.cache.amazonaws.com:6379
Enter fullscreen mode Exit fullscreen mode
  • Run stunnel (as root)
sudo stunnel /etc/stunnel/redis-cli.conf
Enter fullscreen mode Exit fullscreen mode
  • Check if it’s up
netstat -tulnp | grep -i stunnel
exit
# — — — — — — — — — — — -
# Back on the laptop
# — — — — — — — — — — — -
Enter fullscreen mode Exit fullscreen mode
  • Create 2 port forwarding tunnels for stunnel redis
aws ssm start-session --target $INSTANCE_ID \
 --document-name AWS-StartPortForwardingSession \
 --parameters ‘{“portNumber”:[“6379”],”localPortNumber”:[“6379”]}’

aws ssm start-session — target $INSTANCE_ID \
 --document-name AWS-StartPortForwardingSession \
 --parameters ‘{“portNumber”:[“6380”],”localPortNumber”:[“6380”]}’
Enter fullscreen mode Exit fullscreen mode
  • Now test from laptop
redis-cli -h localhost -p 6379 -a eNdU35somebigpasswordXpvD ping
Enter fullscreen mode Exit fullscreen mode

Discussion (0)