En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

automatically update ElasticCache security group with new ElasticBeanstalk environment

0

I recently added an ElasticCache Redis cluster to my ElasticBeanstalk (EB) environment. When I updated my environment the application could no longer reach the redis cluster and hung, failing the application startup. I had to update the redis security group I had created to include the new EB environment. Is there a way this can happen automatically when I launch a new EB environment?

Sujets
Base de donnéesCalculConteneursFramework AWS Well-ArchitectedRéseaux et diffusion de contenu
Balises
Amazon ElastiCache pour RedisAWS Elastic BeanstalkService de conteneur élastique AmazonSécuritéGroupe de sécurité
Langue
English
rePost-User-7887088
demandé il y a un an281 vues
1 réponse
0
Réponse acceptée

I'm assuming the Elasticache resource is defined outside your EB environment. It is also possible to create the Elasticache cluster within EB eg in this example.

If defined outside we can still use ebextensions within your EB environment to dynamically update the security group ingress rules for this elasticache cluster. You will want to create a Security Group Ingress rule for the existing security group. You will need the security group id for the cluster to be saved in SSM parameters, cloudformation export or statically defined within the ebextension yaml file. AWSEBSecurityGroup is what you will use as a Ref within the security group rule (This is the group which is attached to your instances which EB creates) - see here and the example which includes the Elasticache cluster

AWS
EXPERT
Peter_G
répondu il y a un an
  • rePost-User-7887088
    il y a un an

    Thanks Peter, This helps a lot. After reading your references I settled on using the example here.

    However, I don't know how to get the redis endpoint URL I need to connect from my app. I expect I need to use a Fn::GetAtt for ConfigurationEndpoin.Address in the config file but how do I then make that visible to my app? I currently set a REDIS_URL environment variable with the URL of the redis cluster I created manually.

  • rePost-User-7887088
    il y a un an

    I've pieced together a way to get the redis URL that works but I'm not entirely comfortable with it. First I pull the MyElastiCache reference in setup.config by using:

          AWS_REDIS_NODE = '`{ "Ref" : "MyElastiCache" }`'

    In my application I can then build my URL like this:

            redis_url = 'redis://' + app.config.get('AWS_REDIS_NODE') + '.qihti6.0001.use1.cache.amazonaws.com:6379'

    I'm not sure I can rely on the last part of the string concat. Is there a better way to get the endpoint?

  • Peter_G EXPERT
    il y a un an

    Use what you mentioned previously for AWS_REDIS_NODE but combine with Sub. EG in yaml.

    !Sub "redis://${MyElastiCache.ConfigurationEndpoint.Address}:${${MyElastiCache.ConfigurationEndpoint.Port}"
  • rePost-User-7887088
    il y a un an

    Thanks again Peter, This got me looking in the right direction. I had to use RedisEndpoint because cluster mode is disabled for my setup. There was an extra "${" typo in your response. I ended up with this statement in my setup.config:

    REDIS_URL = '`{ "Fn::Sub": "redis://${MyElastiCache.RedisEndpoint.Address}:${MyElastiCache.RedisEndpoint.Port}" }`'

    and I now use:

            redis_url = app.config.get('REDIS_URL')

    in my app. Everything works fine now.

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents