IAM auth using go-redis

Question

Currently, I am using go-redis package to interface with AWS elasticache for Redis. I am authenticating into the redis instance like so,

import "github.com/go-redis/redis"

func pingRedis() {
    cli := redis.NewClient(redis.Options{
        Addr:     "redis-address",
        Password: "redis-password",
        DB:       0,
    })

    _, err := cli.Ping().Result()
    if err != nil {
        log.Error(err, "could not establish connection")
        return
    }
}

With the recent addition of support for IAM auth for redis clusters, I'm looking to move away from the Password usage and take advantage of the IAM auth. How should I go about authenticating into elasticache redis using IAM with the go-redis package?

Answer 1

With IAM Authentication you can authenticate a connection to ElastiCache for Redis using AWS IAM identities. The go-redis library supports passing a credential provider to the client initializer ("CredentialsProvider") for auto-generation of temporary credentials. You can create an IAM credential provider to get the updated username and password, for example:

rdb := redis.NewClient(&redis.Options{
        Addr: ":6379",
        CredentialsProvider: func() (username string, password string) {
                userID, iamAuthToken := iamAuth(.....)
                return userID, iamAuthToken
        },
})

You can find a full example for using ElastiCache with IAM here: https://github.com/redis/go-redis/discussions/2343#discussioncomment-5367088