Can you connect to Amazon ElastiСache Redis outside of Amazon?

Question

I\'m able to connect to an ElastiCache Redis instance in a VPC from EC2 instances. But I would like to know if there is a way to connect to

Answer 1

This is a solid node script that will do all the dirty work for you. Tested and verified it worked.

https://www.npmjs.com/package/uzys-elasticache-tunnel

How to use Usage: uzys-elasticache-tunnel [options] [command]

Commands:

start [filename]  start tunneling with configuration file (default: config.json)
stop              stop tunneling
status            show tunneling status

Options:

-h, --help     output usage information
-V, --version  output the version number

Usage Example

• start - uzys-elasticache-tunnel start ./config.json
• stop - uzys-elasticache-tunnel stop
• status - uzys-elasticache-tunnel status

Answer 2

Its is not possible to directly access the classic-cluster from a VPC instance. The workaround would be configuring NAT on the classic instance.

NAT need to have a simple tcp proxy

YourIP=1.2.3.4
YourPort=80
TargetIP=2.3.4.5
TargetPort=22

iptables -t nat -A PREROUTING --dst $YourIP -p tcp --dport $YourPort -j DNAT \
--to-destination $TargetIP:$TargetPort
iptables -t nat -A POSTROUTING -p tcp --dst $TargetIP --dport $TargetPort -j SNAT \
--to-source $YourIP
iptables -t nat -A OUTPUT --dst $YourIP -p tcp --dport $YourPort -j DNAT \
--to-destination $TargetIP:$TargetPort

Answer 3

We are using HAProxy as a reserved proxy server.

Your system outside AWS ---> Internet --> HAProxy with public IP --> Amazon Redis (Elasticache)

Notice that there is another good reason to do that (at that time)

As we use node.js client, which don't support Amazon DNS fail over, the client driver don't support dns look up again. If the redis fail, the client driver will keep connect to the old master, which is slave after failed over.

By using HAProxy, it solved that problem.

Now using the latest ioredis driver, it support amazon dns failover.