DEV Community

AWS Community Builders profile image Arun Kumar
Arun Kumar for AWS Community Builders

Posted on

How to connect to ElastiCache Redis

#aws #elasticache #redis #stunnel

Rationale

If ElastiCache/Redis deployments default encryption for both inflight and at-rest, then this could cause issues with connectivity for some clients, like redis-cli.

Solution Summary

[https://aws.amazon.com/premiumsupport/knowledge-center/elasticache-connect-redis-node/]

Two parts

  • Deploy EC2 for your app/branch and run stunnel to Redis (then use SSM to SSH into the server and run Redis commands from CLI)
  • Use SSM to port forward 2 x ports from your EC2 + stunnel setup to localhost, and connect with a desktop client.

Steps

  • Using an ec2 I have an ec2 keypair for (app server): 
INSTANCE_NAME=demo-app
Enter fullscreen mode Exit fullscreen mode
  • Find the instance ID based on Tag Name 
INSTANCE_ID=$(aws ec2 describe-instances \ --filter “Name=tag:Name,Values=${INSTANCE_NAME}” \ --query “Reservations[].Instances[?State.Name == ‘running’].InstanceId[]” \ --output text)
Enter fullscreen mode Exit fullscreen mode
  • To connect to the EC2 to test connectivity 
aws ssm start-session — target “${INSTANCE_ID}” # — — — — — — — — — — — - # On the EC2 # — — — — — — — — — — — -
Enter fullscreen mode Exit fullscreen mode
  • Test EC2 connectivity to redis is OK 
curl -v telnet://master.demo.cache.amazonaws.com:6379
Enter fullscreen mode Exit fullscreen mode
  • Setup stunnel as per -

[https://aws.amazon.com/premiumsupport/knowledge-center/elasticache-connect-redis-node/]

  • Install stunnel on ec2 
sudo yum install -y stunnel
Enter fullscreen mode Exit fullscreen mode 
cat /etc/stunnel/redis-cli.conf fips = no setuid = root setgid = root pid = /var/run/stunnel.pid debug = 7 options = NO_SSLv2 options = NO_SSLv3 [redis-cli] client = yes accept = 127.0.0.1:6379 connect = master.demo.cache.amazonaws.com:6379 [redis-cli-slave] client = yes accept = 127.0.0.1:6380 connect = demo.app.cache.amazonaws.com:6379
Enter fullscreen mode Exit fullscreen mode
  • Run stunnel (as root) 
sudo stunnel /etc/stunnel/redis-cli.conf
Enter fullscreen mode Exit fullscreen mode
  • Check if it’s up 
netstat -tulnp | grep -i stunnel exit # — — — — — — — — — — — - # Back on the laptop # — — — — — — — — — — — -
Enter fullscreen mode Exit fullscreen mode
  • Create 2 port forwarding tunnels for stunnel redis 
aws ssm start-session --target $INSTANCE_ID \ --document-name AWS-StartPortForwardingSession \ --parameters ‘{“portNumber”:[“6379”],”localPortNumber”:[“6379”]}’ aws ssm start-session — target $INSTANCE_ID \ --document-name AWS-StartPortForwardingSession \ --parameters ‘{“portNumber”:[“6380”],”localPortNumber”:[“6380”]}’
Enter fullscreen mode Exit fullscreen mode
  • Now test from laptop 
redis-cli -h localhost -p 6379 -a eNdU35somebigpasswordXpvD ping
Enter fullscreen mode Exit fullscreen mode

Top comments (0)