By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

automatically update ElasticCache security group with new ElasticBeanstalk environment

0

I recently added an ElasticCache Redis cluster to my ElasticBeanstalk (EB) environment. When I updated my environment the application could no longer reach the redis cluster and hung, failing the application startup. I had to update the redis security group I had created to include the new EB environment. Is there a way this can happen automatically when I launch a new EB environment?

Topics
DatabaseComputeContainersAWS Well-Architected FrameworkNetworking & Content Delivery
Tags
Amazon ElastiCache for RedisAWS Elastic BeanstalkAmazon Elastic Container ServiceSecuritySecurity Group
Language
English
rePost-User-7887088
asked a year ago270 views
1 Answer
0
Accepted Answer

I'm assuming the Elasticache resource is defined outside your EB environment. It is also possible to create the Elasticache cluster within EB eg in this example.

If defined outside we can still use ebextensions within your EB environment to dynamically update the security group ingress rules for this elasticache cluster. You will want to create a Security Group Ingress rule for the existing security group. You will need the security group id for the cluster to be saved in SSM parameters, cloudformation export or statically defined within the ebextension yaml file. AWSEBSecurityGroup is what you will use as a Ref within the security group rule (This is the group which is attached to your instances which EB creates) - see here and the example which includes the Elasticache cluster

AWS
EXPERT
Peter_G
answered a year ago
  • rePost-User-7887088
    a year ago

    Thanks Peter, This helps a lot. After reading your references I settled on using the example here.

    However, I don't know how to get the redis endpoint URL I need to connect from my app. I expect I need to use a Fn::GetAtt for ConfigurationEndpoin.Address in the config file but how do I then make that visible to my app? I currently set a REDIS_URL environment variable with the URL of the redis cluster I created manually.

  • rePost-User-7887088
    a year ago

    I've pieced together a way to get the redis URL that works but I'm not entirely comfortable with it. First I pull the MyElastiCache reference in setup.config by using:

          AWS_REDIS_NODE = '`{ "Ref" : "MyElastiCache" }`'

    In my application I can then build my URL like this:

            redis_url = 'redis://' + app.config.get('AWS_REDIS_NODE') + '.qihti6.0001.use1.cache.amazonaws.com:6379'

    I'm not sure I can rely on the last part of the string concat. Is there a better way to get the endpoint?

  • Peter_G EXPERT
    a year ago

    Use what you mentioned previously for AWS_REDIS_NODE but combine with Sub. EG in yaml.

    !Sub "redis://${MyElastiCache.ConfigurationEndpoint.Address}:${${MyElastiCache.ConfigurationEndpoint.Port}"
  • rePost-User-7887088
    a year ago

    Thanks again Peter, This got me looking in the right direction. I had to use RedisEndpoint because cluster mode is disabled for my setup. There was an extra "${" typo in your response. I ended up with this statement in my setup.config:

    REDIS_URL = '`{ "Fn::Sub": "redis://${MyElastiCache.RedisEndpoint.Address}:${MyElastiCache.RedisEndpoint.Port}" }`'

    and I now use:

            redis_url = app.config.get('REDIS_URL')

    in my app. Everything works fine now.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content