All geek questions in one place

Secure Distributed Cache Solutions

Problem: I want to cache user information so that all my applications can read data quickly, but I want only one specific application to write to this cache.

I'm on AWS, so one of the solutions that came to my mind was the memcached version with two ports: one port that accepts only read commands, and one that accepts read and write. Then I could use security groups to control access.

Since I'm on AWS, if there are solutions that use memcached or redis outside the box, that would be great.

+5
source share
2 answers

I suggest you use ElastiCache with one open port in 11211 (Memcached), and then create an EC2 instance, configure a security group so that only this server can access your ElastiCache cluster. Use this server to filter your applications, so only one specific application can write to it. You control access using a security group, script, or iptable. If you are not using VPC, you can use the cache security group .

+3
source

I believe that you can do this using Redis (instead of Memcached), which is also available through ElastiCache. After creating the instance, you will want to create a replication group and associate it with an already running cache cluster.

You can then add instances to the replication group. Instances in the replication group are simply replicated from the primary cache cluster (single instance of Redis) and therefore (by default) are read-only.

So, in this setup, you have a node wizard (single endpoint) that you can write and how many read nodes (multiple endpoints) you would like.

You can increase security and assign different routing rules for the replication group (via VPC) so that applications that read data do not have access to the main node (the only one that can write data).

+1
source

Source: https://habr.com/ru/post/1204145/

More articles: