Best IT Recipes

Can you connect to Amazon Elasticache Redis outside of Amazon

I can connect to the Redis Elasticache instance in VPC from EC2 instances , but I would like to know if there is a way to connect to the Elasticache Redis host outside of Amazon EC2 instances, for example, from my local dev setting or VPS instances provided by other providers.

Currently trying from my local installation:

redis-cli -h my-node-endpoint -p 6379

I only get time out after a while.

+69
amazon-web-services amazon-ec2 amazon-elasticache redis
Feb 20 '14 at 19:29
source share
9 answers

No, you cannot help resorting to β€œtricks” such as a tunnel, which may be suitable for testing, but will kill any real benefit from using an ultrafast cache with added delay / overhead.

... access to the Amazon ElastiCache cluster inside or outside the VPC is denied access from the Internet .

From here: http://aws.amazon.com/elasticache/faqs/#Can_I_access_Amazon_ElastiCache_from_outside_AWS

EDIT 2018: The answer above was accurate when writing, but now with some settings you can now access the redis cache from the outside using the instructions about 1/2 way down this page: https://docs.aws.amazon.com/ AmazonElastiCache / latest / red-ug / accessing-elasticache.html

+58
Feb 21 '14 at 14:32
source share

SSH port forwarding should do the trick. Try running this from your client.

 ssh -f -N -L6379:<your redis node endpoint>:6379 <your EC2 node that you use to connect to redis>

Then from your client

 redis-cli -h 127.0.0.1 -p 6379

It works for me.

Note that the default port for redis is 6379 not 6739 . Also, make sure that you enable the EC2 host security group that you use to connect to your redis instance in your Cache security group.

In addition, AWS now supports access to your cluster. More info here

+75
Feb 20 '14 at 23:04
source share

These answers are out of date.

You can access the elastic cache outside of AWS by doing the following:

  1. Create an NAT instance in the same VPC as your cache cluster, but on a public subnet.
  2. Create security group rules for the cache cluster and NAT instance.
  3. Approve the rules.
  4. Add the iptables rule to the NAT instance.
  5. Verify that the trusted client can connect to the cluster.
  6. Save the iptables configuration.

For a more detailed description, see the aws manual:

https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/accessing-elasticache.html#access-from-outside-aws

+17
Apr 7 '17 at 19:08
source share

Not a very old question, I myself ran into the same problem and solved it:

Sometimes, for development reasons, you need to access from outside (perhaps to avoid multiple deployments just for a simple bug fix?)

Amazon has published a new guide that uses EC2 as a proxy for the outside world:

http://docs.aws.amazon.com/AmazonElastiCache/latest/UserGuide/Access.Outside.html

Good luck

+5
Nov 23 '15 at 8:42
source share

We use HAProxy as a reserved proxy server.

Your system outside AWS ---> Internet β†’ HAProxy with open IP β†’ Amazon Redis (Elasticache)

Please note that there is another good reason to do this (at this time)

As we use a node.js client that does not support Amazon DNS firmware, the client driver does not support dns look again. If redis fails, the client driver will maintain a connection to the old master, which is the slave after the failure.

Using HAProxy, he solved this problem.

Now, using the latest ioredis driver, it supports Amazon dns recovery.

+4
Oct. 15 '15 at 6:53
source share

By the way, if someone wants a solution to Windows EC2, try them on the DOS prompt (on the mentioned Windows EC2 machines):

Add Port Migration

C: \ Users \ Administrator> netsh interface portproxy add v4tov4 listenport=6379 listenaddress=10.xxx.64.xxx connectport=6379 connectaddress=xxx.xxxxxx.ng.0001.use1.cache.amazonaws.com

Port Forwarded Ports List

C: \ Users \ Administrator> netsh interface portproxy show all

Listen to ipv4: Connect to ipv4:

Port Address Port Port



10.xxx.128.xxx 6379 xxx.xxxxx.ng.0001.use1.cache.amazonaws.com 6379

To remove port forwarding

C: \ Users \ Administrator> netsh interface portproxy delete v4tov4 listenport=6379 listenaddress=10.xxx.128.xxx

+4
Jul 11 '16 at 18:41
source share

This is a solid node script that will do all the dirty work for you. Tested and verified that this worked.

https://www.npmjs.com/package/uzys-elasticache-tunnel

How to use Usage: uzys-elasticache-tunnel [options] [command]

Teams

 start [filename] start tunneling with configuration file (default: config.json) stop stop tunneling status show tunneling status

Options:

 -h, --help output usage information -V, --version output the version number

Usage example

  • start - uzys-elasticache-tunnel start./config.json
  • stop - stop uzys-elastic-tunnel Status
  • - status of uzys-elasticache-tunnel
+3
Mar 03 '16 at 20:56
source share

It is not possible to directly access the classic cluster from a VPC instance. A workaround would be to configure NAT in the classic instance.

NAT must have a simple tcp proxy

 YourIP=1.2.3.4 YourPort=80 TargetIP=2.3.4.5 TargetPort=22 iptables -t nat -A PREROUTING --dst $YourIP -p tcp --dport $YourPort -j DNAT \ --to-destination $TargetIP:$TargetPort iptables -t nat -A POSTROUTING -p tcp --dst $TargetIP --dport $TargetPort -j SNAT \ --to-source $YourIP iptables -t nat -A OUTPUT --dst $YourIP -p tcp --dport $YourPort -j DNAT \ --to-destination $TargetIP:$TargetPort
+1
Jun 30 '16 at 1:15
source share

I decided to use this Amazon documentation, which says that you will have to install stunnel on another ec2 computer.

https://aws.amazon.com/premiumsupport/knowledge-center/elasticache-connect-redis-node/

0
May 08 '19 at 6:37
source share


More articles:


All Articles