redis-cli connection to Amazon ElastiCache Redis cluster hangs up
I was also seeing the call to
redis-cli hang up infinitely, but in my case it did not stem from incorrectly-configured security groups.
Instead, it occurred because I had created my Redis cluster with the 'Encryption in-transit' option set to 'Yes'. This meant my database endpoint needed to be accessed through an SSL tunnel, which
redis-cli does not do.
For my application, encryption in-transit wasn't actually necessary so I created a new Redis cluster with that option not selected. More details on what you need to do differently when using in-transit encryption can be found here: https://aws.amazon.com/premiumsupport/knowledge-center/elasticache-connect-redis-node/
The connection was being prohibited by the security groups of the EC2 instance and the ElastiCache cluster to which it was trying to connect not being properly aligned.
From the AWS docs:
All ElastiCache clusters are designed to be accessed from an Amazon EC2 instance. The most common scenario is to access an ElastiCache cluster from an Amazon EC2 instance in the same Amazon Virtual Private Cloud (Amazon VPC).
The steps that I took to correct this were:
- Navigate to the ElastiCache Dashboard > Redis and click on the Cluster Name in question. This will show a Security Group field where the value is a Group ID such as sg-x8xxxxxx.
- Navigate to your Security Groups table under https://console.aws.amazon.com/ec2 > Network & Security > Security Groups. Find the Group ID from step 1 and note its corresponding Group Name.
- Navigate to your EC2 Management Console at https://console.aws.amazon.com/ec2 > Instances > Instances. For the server you are using to try to connect to the Redis cluster, take note of the Security Groups field. This must include whatever the Group Name was from step 2. If it doesn't, you need to add this security group. Check the box next to the server name, Actions > Networking > Change Security Groups. Add the security Group Name so that the two components share the same VPC.
You should now be able to connect with something like (example):
redis-cli -c -h mycachecluster.eaogs8.0001.usw2.cache.amazonaws.com -p 6379 ping