EC2 instance can't access to elasticache

5
votes

As the title suggests, I'm struggling to connect to my elasticache instance via my EC2 instance. I have a orm to connect to redis in my EC2 instance that was just failing on my logs, so I sshed into my EC2 instance to try to manually connect to the redis instance and got a timeout:

Could not connect to Redis at <redis uri>: Connection timed out

They're in different VPC's (the elasticache instance and the EC2 instance), but in my elasticache instance's security group, I have a custom TCP inbound rule at port 6379 from any source.

Halp.

2
amazon-web-servicestcpamazon-ec2redisamazon-elasticache

2 Answers

3
votes

You setup the security rule, but did you setup the VPC peering properly:

A VPC peering connection is a networking connection between two VPCs that enables you to route traffic between them using private IP addresses. Instances in either VPC can communicate with each other as if they are within the same network. You can create a VPC peering connection between your own VPCs, or with a VPC in another AWS account within a single region.

http://docs.aws.amazon.com/AmazonVPC/latest/PeeringGuide/Welcome.html

0
votes

After you create VPC Peer connection, you also need to modify routing table. Keep in mind that you need to modify BOTH of the routing tables. Also you need to add CIDR of the local VPC.

It can be confusing which is "local" VPC and which is "target". In my case, the local VPC contained EC2 instances that needed Redis database in other VPC. After creating peer connection in this format, I needed to do two things:

  • edit routing table for both local and target VPC.
  • edit security group of Redis database to accept connections from local VPC.

If set accordingly, you should be able to connect from EC2 instance at local VPC to Redis database in target VPC.

Here is documentation from AWS that is relatively easy to follow: http://docs.aws.amazon.com/AmazonVPC/latest/PeeringGuide/vpc-pg.pdf

Your scenario can be found on page 16.