How to connect to AWS elasticache?

8
votes

Could someone give a step-by-step procedure for connecting to elasticache.

I'm trying to connect to a redis elasticache node from inside my EC2 instance (sshed in). I'm getting Connection Timed Out errors each time, and I can't figure out what's wrong with how I've configured my AWS settings.

They are in different VPCs, but in my elasticache VPC, I have a custom TCP inbound rule at port 6379 to accept from anywhere. And the two VPCs share an Active Peer connection that I set up. What more am I intended to do?

EDIT:

I am trying to connect via the redis-cli command. I sshed in because I was originally trying to connect via the node-redis module since my EC2 instance hosts a node server. So officially my two attempts are 1. A scripted module and 2. The redis-cli command provided in the AWS documentation.

As far as I can tell, I have also set up the route tables correctly according to this: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Route_Tables.html#route-tables-vpc-peering

4
amazon-web-servicesredisamazon-elasticache
How are you trying to connect, via the redis-cli command or via some application library? Please provide more details.Mark B
Updated to reflect - I've tried bothJimmy Gong

4 Answers

15
votes

You cannot connect to Elasticache from outside its VPC. It's a weird design decision on AWS' part, and although it's not documented well, it is documented here:

Amazon ElastiCache Nodes, deployed within a VPC, can never be accessed from the Internet or from EC2 Instances outside the VPC.

You can set your security groups to allow connections from everywhere, and it will look like it worked, but it won't matter or let you actually connect from outside the VPC (also a weird design decision).

1
votes

In your Redis cluster properties you have a reference to the Security Group. Copy it.

In our EC2 instance you also have a Security Group. You should edit this Security Group and add the ID of the Redis Security Group as CIDR in the outbound connections + the port 6379.

This way the two Security Groups are linked and the connection can be established.

1
votes

Two things we might forget when trying to connect to ElasticCache,

  1. Configuring inbound TCP rule to allow incoming requests on port 6379
  2. Adding EC2 security group in ElasticCache instance

enter image description here

Second one helped me.

Reference to (2) : https://www.youtube.com/watch?v=fxjsxtcgDoc&ab_channel=HendyIrawanSocialEnterprise

0
votes

Here is step-by-step instructions for connection to Redis Elasticache cluster from EC2 inctance located in the same VPC as Elasticache: Connect to a Elasticache Redis Cluster's Node