Menu
Amazon ElastiCache
User Guide (API Version 2015-02-02)

Step 5: Connect to a Cluster's Node

Before you continue, be sure you have completed Step 4: Authorize Access.

This section assumes that you've created an Amazon EC2 instance and can connect to it. For instructions on how to do this, go to the Amazon EC2 Getting Started Guide.

An Amazon EC2 instance can connect to a cluster node only if you have authorized it to do so. For more information, see Step 4: Authorize Access.

Step 5.1: Find your Node Endpoints

Once your cluster is in the available state and you've authorized access to it (Step 4: Authorize Access), you can log in to an Amazon EC2 instance and connect to the cluster. To do so, you must first determine the endpoint.

To find your endpoints, see the relevant topic for the engine and cluster type you're running. When you find the endpoint you need, copy it to your clipboard for use in Step 5.2.

Step 5.2: Connect to a Memcached Cluster

Once your cluster is in the available state and you've authorized access to it (Step 4: Authorize Access, you can log in to an Amazon EC2 instance and connect to the cluster.

To connect to a Memcached cluster

  1. Sign in to the AWS Management Console and open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

  2. At the command prompt of your Amazon EC2 instance, type the following command, substituting the endpoint of your cluster and port for those shown in this example.

    telnet mycachecluster.eaogs8.0001.usw2.cache.amazonaws.com 11211

    This will produce output similar to the following.

    Trying 128.0.0.1... Connected to mycachecluster.eaogs8.0001.usw2.cache.amazonaws.com. Escape character is '^]'. >
  3. Run Memcached commands.

    You are now connected to the cluster and can run Memcached commands like the following.

    set a 0 0 5 // Set key "a" with no expiration and 5 byte value hello // Set value as "hello" STORED get a // Get value for key "a" VALUE a 0 5 hello END get b // Get value for key "b" results in miss END >

Step 5.2: Connect to a Redis Cluster or Replication Group

Now that you have the endpoint you need, you can log in to an EC2 instance and connect to the cluster or replication group.

You need to use SSL enabled clients to access data from ElastiCache In-Transit encryption enabled Redis nodes. Unfortunately, redis-cli does not support SSL. However, there is a workaround using an stunnel. For instructions on connecting to your encryption enabled Redis cluster see Step 5.2.a: Connect to an Encrypted Redis Cluster or Replication Group.

Step 5.2.a: Connect to a Non Encrypted Redis Cluster or Replication Group

In the following example, you use the redis-cli utility to connect to a cluster that is not encryption enabled and running Redis. For more information about Redis and available Redis commands, see Redis commands webpage.

To connect to a Redis cluster that is not encryption enabled using the redis-cli

  1. Connect to your Amazon EC2 instance using the connection utility of your choice. For instructions on how to connect to an Amazon EC2 instance, see the Amazon EC2 Getting Started Guide.

  2. Download and install the GNU Compiler Collection (gcc).

    At the command prompt of your EC2 instance, type the following command then, at the confirmation prompt, type y .

    sudo yum install gcc

    This will produce output similar to the following.

    Loaded plugins: priorities, security, update-motd, upgrade-helper Setting up Install Process Resolving Dependencies --> Running transaction check ...(output omitted)... Total download size: 27 M Installed size: 53 M Is this ok [y/N]: y Downloading Packages: (1/11): binutils-2.22.52.0.1-10.36.amzn1.x86_64.rpm | 5.2 MB 00:00 (2/11): cpp46-4.6.3-2.67.amzn1.x86_64.rpm | 4.8 MB 00:00 (3/11): gcc-4.6.3-3.10.amzn1.noarch.rpm | 2.8 kB 00:00 ...(output omitted)... Complete!
  3. Download and compile the redis-cli utility. This utility is included in the Redis software distribution.

    At the command prompt of your EC2 instance, type the following commands:

    wget http://download.redis.io/redis-stable.tar.gz tar xvzf redis-stable.tar.gz cd redis-stable make distclean // Ubuntu systems only make
  4. At the command prompt of your EC2 instance, type the following command, substituting the endpoint of your cluster and port for what is shown in this example.

    src/redis-cli -c -h mycachecluster.eaogs8.0001.usw2.cache.amazonaws.com -p 6379

    This results in a Redis command prompt similar to the following.

    redis mycachecluster.eaogs8.0001.usw2.cache.amazonaws.com 6379>
  5. Run Redis commands.

    You are now connected to the cluster and can run Redis commands like the following.

    set a "hello" // Set key "a" with a string value and no expiration OK get a // Get value for key "a" "hello" get b // Get value for key "b" results in miss (nil) set b "Good-bye" EX 5 // Set key "b" with a string value and a 5 second expiration "Good-bye" get b // Get value for key "b" "Good-bye" // wait >= 5 seconds get b (nil) // key has expired, nothing returned quit // Exit from redis-cli

Step 5.2.a: Connect to an Encrypted Redis Cluster or Replication Group

Amazon ElastiCache introduced Encryption in In-Transit, At-Rest and Authentication. To connect to an Encryption in transit enabled cluster we need to use a client that supports SSL. Unfortunately, redis-cli does not support SSL.

Thank you to Jayakrishnan L for the following process and code.

The redis-cli does not support SSL/TLS connections.

redis-cli -h master.ssltest.xxxxxx.use1.cache.amazonaws.com -p 6379 master.ssltest.xxxxxx.use1.cache.amazonaws.com:6379>set key1 value

Output from the preceding command:

Error: Connection reset by peer

Because tools like redis-cli and telnet are useful for running ad-hoc commands, this section will show you how to create and use an SSL tunnel to your Redis cluster and then use redis-cli to run commands.

We can create SSL tunnel using stunnel and use redis-cli over it to connect to encrypted Redis. It is very easy to setup stunnel as most of the configuration setup are already done at the ElastiCache layer.

  1. Install stunnel.

    sudo yum install stunnel
  2. Configure stunnel. You can set up as many connections as are needed.

    cat /etc/stunnel/redis-cli.conf fips=no setuid=root setgid=root pid=/var/run//stunnel.pid debug=7 options=NO_SSLv2 options=NO_SSLv3 [redis-cli] client = yes accept = 127.0.0.1:6379 connect = master.ssltest.xxxxxx.use1.cache.amazonaws.com:6379 [redis-cli-slave] client = yes accept = 127.0.0.1:6380 connect = ssltest-002.ssltest.xxxxxx.use1.cache.amazonaws.com:6379
  3. Start stunnel.

    sudo stunnel /etc/stunnel/redis-cli.conf

    Output from the preceding command:

    # netstat -tulnp | grep -i stunnel tcp 0 0 127.0.0.1:6379 0.0.0.0:* LISTEN 3189/stunnel tcp 0 0 127.0.0.1:6380 0.0.0.0:* LISTEN 3189/stunnel
  4. Use redis-cli to connect to the encrypted redis node using the local endpoint of the tunnel.

    Using redis-cli:

    redis-cli -h localhost -p 6379 -a MySecretPassword

    Run redis-cli commands.

    set key1 value get key1 "value"

    Using telnet:

    telnet localhost 6379 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. auth MySecretPassword +OK get key1 $5 value
  5. Stop and close the SSL tunnel by killing the stunnel process.

    sudo pkill stunnel