Reputation: 40878
redis-cli connection to Amazon ElastiCache Redis cluster hangs up
I have installed and compiled Redis from source and am attempting to connect to an Amazon ElastiCache (Redis) cluster.
I can connect to the default localhost with no problem, but attempting to connect to an AWS endpoint causes what seems to be an infinite hangup.
With defaults:
$ redis-server /etc/redis.conf # daemonized, uses localhost
$ redis-cli ping
PONG
$ sudo service redis_6379 status
Redis is running (12919)
$ redis-cli shutdown # or sudo service redis_6379 stop
Now, here is an attempt to connect to the endpoint, copies from AWS documentation on the topic:
redis-cli -c -h my_example_endpoint_name.eaogs8.ng.0001.use1.cache.amazonaws.com -p 6379 ping
This hangs up infinitely without anything being issued to stderr/stdout.
(Please note this is an example endpoint name; I have verified I am using the primary endpoint listed at the AWS console.)
I suspect this may be related to the security group settings for the cluster on the AWS side but am not sure specifically what could/should be modified. I appreciate suggestions of what could be blocking the connection and can provide info on the cluster itself as needed.
Upvotes: 31
Views: 43804
Answers (3)
Reputation: 1344
After confirming the security groups and seeing that we had 'Encryption in-transit' enabled, our redis-cli command which included -a/--askpass to supply a password was still hanging indefinitely and the --verbose flag wasn't showing anything. The aws docs which first calls for a custom build of the redis-cli is unnecessary, what is required though is to include the --tls flag as part of the command and then it works.
This form of command should work
redis-cli -h <primary endpoint> --tls -p <port> -a <password> <optional command>,
eg. redis-cli -h master.redis.abc7bh.usw2.cache.amazonaws.com --tls -p 6379 -a password ping
The redis-cli docker image versions 4.0.10 and 6.2.6 as well as redis-cli 6.2.6 installed through brew on a mac worked.
To run using a docker image you can use a command like docker run -it redis:6.2.6 /bin/bash and then run the redis-cli command above.
Upvotes: 23
Reputation: 383
I was also seeing the call to redis-cli hang up infinitely, but in my case it did not stem from incorrectly-configured security groups.
Instead, it occurred because I had created my Redis cluster with the 'Encryption in-transit' option set to 'Yes'. This meant my database endpoint needed to be accessed through an SSL tunnel, which redis-cli does not do.
For my application, encryption in-transit wasn't actually necessary so I created a new Redis cluster with that option not selected. More details on what you need to do differently when using in-transit encryption can be found here: https://aws.amazon.com/premiumsupport/knowledge-center/elasticache-connect-redis-node/
Upvotes: 26
Reputation: 40878
The connection was being prohibited by the security groups of the EC2 instance and the ElastiCache cluster to which it was trying to connect not being properly aligned.
From the AWS docs:
All ElastiCache clusters are designed to be accessed from an Amazon EC2 instance. The most common scenario is to access an ElastiCache cluster from an Amazon EC2 instance in the same Amazon Virtual Private Cloud (Amazon VPC).
The steps that I took to correct this were:
- Navigate to the ElastiCache Dashboard > Redis and click on the Cluster Name in question. This will show a Security Group field where the value is a Group ID such as sg-x8xxxxxx.
- Navigate to your Security Groups table under https://console.aws.amazon.com/ec2 > Network & Security > Security Groups. Find the Group ID from step 1 and note its corresponding Group Name.
- Navigate to your EC2 Management Console at https://console.aws.amazon.com/ec2 > Instances > Instances. For the server you are using to try to connect to the Redis cluster, take note of the Security Groups field. This must include whatever the Group Name was from step 2. If it doesn't, you need to add this security group. Check the box next to the server name, Actions > Networking > Change Security Groups. Add the security Group Name so that the two components share the same VPC.
You should now be able to connect with something like (example):
redis-cli -c -h mycachecluster.eaogs8.0001.usw2.cache.amazonaws.com -p 6379 ping
Upvotes: 18
Related Questions
- Unable to connect to AWS Redis endpoint using redis-cli. Connection timed out
- Cannot Connect To AWS Elasticache Redis Cluster From Local Machine
- elasticache redis not responding to redis-cli commands
- AWS redis connection error on my Kubernetes cluster
- Cant connect redis-cli with amazon elastic cache
- Can't connect to elasticache redis from docker container running in EC2
- Could not connect to Redis node on aws
- Unable to access Redis (cluster mode enabled) Cluster's Endpoints
- Redis commands on AWS from ECS hang forever
- Connection to Redis (ElastiCache) from ElasticBeanstalk EC2 Fails