AWS Elasticache Redis

Table of Contents

cloud.gov offers aws-elasticache-redis Redis as a service.

Plans

Pricing

$200/month per 10 nodes block. First 10 nodes included at no cost. More information on the pricing page.

How to create an instance

To create a service instance, run the following command (replace my-ec-service with a name for the service):

cf create-service aws-elasticache-redis redis-3node my-ec-service

Setting optional parameters

There are several optional parameters that you can specify when creating a new instance:

A couple of notes regarding the optional version parameter:

• It only supports major version numbers; if you specify a minor/patch level version, e.g., “6.2.1” , the command will fail with the exception of 5.0.6 which is a major version with a minor version release.
• The version number must be provided in double quotes ("); this is because the value is treated as a string to account for different versions.

These are the current supported major versions for Redis:

• 5.0.6
• 6.0
• 6.2
• 7.0

Examples of optional parameters

If you want to specify the engine version:

cf create-service aws-elasticache-redis \
    ${SERVICE_PLAN_NAME} \
    ${SERVICE_NAME} \
    -c '{"engineVersion": "6.2"}'

Managing backups

As part of the aws-elasticache-redis service, AWS will be doing daily snapshots of all EC instances between 06:00-07:00 UTC. The service is configured to keep 3 snapshots. If you need one of these automated snapshots restored, please email cloud.gov support.

For manual backups, the Elasticache service does not expose access to files generated by the Elasticache Redis SAVE command. To back up data from your Elasticache Redis instance, you can iterate over keys, fetch their values and expiration times using DUMP and TTL, and save them to a file. To restore, use the RESTORE command for each saved key.

Please see https://github.com/cloud-gov/aws-redis-example our AWS Elasticache Redis example repo for some ideas on moving data as well.

Connecting to your Elasticache service locally

To facilitate backing up your Elasticache service, cloud.gov offers port forwarding if SSH is enabled for your organization and application. Follow the following instructions to create a service key and use it to set up a SSH tunnel.

Create a service key to access Elasticache credentials:

cf create-service-key my-elasticache my-key

Connect to your Elasticache service using port forwarding (see Using SSH). You’ll need to leave the cf ssh command running and follow the next steps in a different terminal so that you can access the remote Elasticache instance from your local environment. These steps assume you have jq installed locally.

elasticache_credentials=$(cf service-key my-elasticache my-key | tail -n +3)

elasticache_hostname=$(echo "${elasticache_credentials}" | jq -r '.hostname')
elasticache_port=$(echo "${elasticache_credentials}" | jq -r '.port')
elasticache_password=$(echo "${elasticache_credentials}" | jq -r '.password')

cf ssh my-app -L "8000:${elasticache_hostname}:${elasticache_port}"

You can now connect to your Elasticache service from your local machine using port 8000 and the password set to $elasticache_password, e.g. using the latest version of Redis CLI:

redis-cli -a "${elasticache_password}" -p 8000 --tls

Encryption

Every AWS Elasticache instance configured through cloud.gov is encrypted at rest. We use the industry standard AES-256 encryption algorithm to encrypt your data on the server that hosts your AWS Elasticache instance.

Rotating credentials

You can rotate credentials by creating a new instance and deleting the existing instance. If this is not an option, email cloud.gov support to request rotating the credentials manually.

The broker in GitHub

You can find the broker here: https://github.com/cloud-gov/aws-broker.