By using AWS re:Post, you agree to the Terms of Use
/Amazon ElastiCache for Redis/

Questions tagged with Amazon ElastiCache for Redis

Sort by most recent
  • 1
  • 90 / page

Browse through the questions and answers listed below or filter and sort to narrow down your results.

How to securely connect to ElastiCache Redis instances?

I have a few AWS Elasticache clusters (redis 5.0.6 w/ cluster mode off). I have to connect to them using `--insecure` in: ``` docker run -it --rm redis redis-cli --verbose -h ***.cache.amazonaws.com --tls --insecure ``` How do I connect more securely without using `--insecure` ? These clusters are all in the same VPC. I have another redis 5.0.6 cluster, on a different VPC and I don't have to use `--insecure`. I've checked the certificate of the redis point using `openssl s_client -connect ***.cache.amazonaws.com:6379` Excerpt of openssl output (for server that needed `--insecure`: ``` CONNECTED(00000003) depth=2 C = US, O = Amazon, CN = Amazon Root CA 1 verify return:1 depth=1 C = US, O = Amazon, OU = Server CA 1B, CN = Amazon verify return:1 depth=0 CN = *.cccccc.bbbbb.aaa.cache.amazonaws.com verify return:1 --- Certificate chain 0 s:/CN=*.cccccc.bbbbb.aaa.cache.amazonaws.com i:/C=US/O=Amazon/OU=Server CA 1B/CN=Amazon 1 s:/C=US/O=Amazon/OU=Server CA 1B/CN=Amazon i:/C=US/O=Amazon/CN=Amazon Root CA 1 2 s:/C=US/O=Amazon/CN=Amazon Root CA 1 i:/C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies, Inc./CN=Starfield Services Root Certificate Authority - G2 3 s:/C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies, Inc./CN=Starfield Services Root Certificate Authority - G2 i:/C=US/O=Starfield Technologies, Inc./OU=Starfield Class 2 Certification Authority --- Server certificate -----BEGIN CERTIFICATE----- xxxx -----END CERTIFICATE----- subject=/CN=*.cccccc.bbbbb.aaa.cache.amazonaws.com issuer=/C=US/O=Amazon/OU=Server CA 1B/CN=Amazon --- No client certificate CA names sent Peer signing digest: SHA256 Server Temp Key: ECDH, P-256, 256 bits --- SSL handshake has read 5115 bytes and written 415 bytes --- New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES128-GCM-SHA256 Session-ID: 1BFF846257522719FF5F8A4361C456875C5E22BB60F9F098B781A01904E0104E Session-ID-ctx: Master-Key: 31AB1BB12538735DB42BF8A85D7E4FA4849F4C4681650375D0D3FD5DE145E40AC670FCCD0A7755C3CAE3473C70256BFC Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None Start Time: 1644444088 Timeout : 300 (sec) Verify return code: 0 (ok) ```
1
answers
0
votes
11
views
asked 3 months ago

Unable to copy Elasticache for redis backup

I have followed those instructions step by step: https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/backups-exporting.html However I have the following error: ``` An error occurred (InvalidParameterValue) when calling the CopySnapshot operation: Elasticache was unable to validate the authenticated user has access on the S3 bucket ... ``` The bucket is in the same region of the backup. This is my bucket configuration: ``` { "LocationConstraint": "eu-central-1" } ``` ``` { "Version": "2012-10-17", "Id": "xxxxxxxx", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "eu-central-1.elasticache-snapshot.amazonaws.com" }, "Action": [ "s3:PutObject", "s3:GetObject", "s3:ListBucket", "s3:GetBucketAcl", "s3:ListMultipartUploadParts", "s3:ListBucketMultipartUploads" ], "Resource": [ "arn:aws:s3:::my-bucket-name/*", "arn:aws:s3:::my-bucket-name" ] } ] } ``` This is the snapshot ``` { "Snapshots": [ { "SnapshotName": "my-snapshot-name", "CacheClusterId": "xxxxxxxx-xxx", "SnapshotStatus": "available", "SnapshotSource": "manual", "CacheNodeType": "cache.t2.micro", "Engine": "redis", "EngineVersion": "5.0.3", "NumCacheNodes": 1, "PreferredAvailabilityZone": "eu-central-1c", "CacheClusterCreateTime": "xxxxxxx", "PreferredMaintenanceWindow": "mon:02:30-mon:03:30", "Port": 6379, "CacheParameterGroupName": "default.redis5.0", "CacheSubnetGroupName": "internal", "VpcId": "xxxxx", "AutoMinorVersionUpgrade": true, "SnapshotRetentionLimit": 7, "SnapshotWindow": "00:00-02:00", "NodeSnapshots": [ { "CacheNodeId": "0001", "CacheSize": "33 MB", "CacheNodeCreateTime": "xxxxxx", "SnapshotCreateTime": "xxxxxx" } ], "ARN": "arn:aws:elasticache:eu-central-1:000000000:snapshot:my-snapshot-name", "DataTiering": "disabled" } ] } ```
1
answers
0
votes
6
views
asked 4 months ago

Unable to connect to redis cluster with node client, what am I doing wrong?

I have spun up an AWS ElastiCache redis instance running in clustered mode, which currently has 1 shard and 2 nodes In order to connect to it from my local machine I have opened up an SSH tunnel using my SSH config file ```yml Host myRedisTunnel HostName 1.2.3.4 ... LocalForward 6378 5.6.7.8:6379 ``` the tunnel works, I can connect to my VPC successfully ```bash $ ssh myRedisTunnel Welcome to Ubuntu 18.04.6 LTS (GNU/Linux 5.4.0-1060-aws x86_64) ... ``` I can connect to the redis cluster locally via `redis-cli` after opening my tunnel and passing -c as an argument for clustered mode ```bash $ redis-cli -c -h localhost -p 6378 localhost:6378> ping PONG ``` but when I try to use `redis` for nodejs it wont connect, it just times out, am i missing some configuration settings, or is it physically impossible to connect to my remote redis via tunnel? ```javascript const { createCluster } = require('redis') const client = createCluster({ rootNodes: [ { url: 'redis://localhost:6378' } ] }) await client.connect() const res = await client.ping() console.log({ res }) ``` ```bash Error: Connection timeout at Socket.<anonymous> (node_modules/@node-redis/client/dist/lib/client/socket.js:163:124) at Object.onceWrapper (node:events:513:28) at Socket.emit (node:events:394:28) at Socket._onTimeout (node:net:486:8) at listOnTimeout (node:internal/timers:557:17) at processTimers (node:internal/timers:500:7) ``` I have tried several nodejs clients for redis and all of them have timed out in the same way, so I know the issue has to either be that I have a config setting wrong in my nodejs redis client configuration - or it has something to do with only one of the redis ip addresses is accessible via tunnel, all the rest of the cluster would likely not be accessible unless i open tunnels for each one. Im just at a loss for how mock my production environment in development so i can write code.
0
answers
0
votes
8
views
asked 4 months ago
  • 1
  • 90 / page