To help keep your data secure, Amazon ElastiCache and Amazon EC2 provide mechanisms to guard against unauthorized access of your data on the server. By providing in-transit encryption capability, ElastiCache gives you a tool you can use to help protect your data when it is moving from one location to another. For example, you might move data from a primary node to a read replica node within a replication group, or between your replication group and your application.
In-transit encryption is optional and can only be enabled on Redis replication groups when they are created. You enable in-transit encryption on a replication group by setting the parameter TransitEncryptionEnabled
to true
(CLI: --transit-encryption-enabled
) when you create the replication group. You can do this whether you are creating the replication group using the AWS Management Console, the AWS CLI, or the ElastiCache API. If you enable in-transit encryption, you must also provide a value for CacheSubnetGroup
.
Amazon Linux 2
sudo yum -y install openssl-devel gcc
wget <http://download.redis.io/redis-stable.tar.gz>
tar xvzf redis-stable.tar.gz
cd redis-stable
make distclean
make redis-cli BUILD_TLS=yes
sudo install -m 755 src/redis-cli /usr/local/bin/
Amazon Linux
sudo yum install gcc jemalloc-devel openssl-devel tcl tcl-devel clang wget
wget <http://download.redis.io/redis-stable.tar.gz>
tar xvzf redis-stable.tar.gz
cd redis-stable
make redis-cli CC=clang BUILD_TLS=yes
sudo install -m 755 src/redis-cli /usr/local/bin/
sudo yum install clang
CC=clang make
sudo make install
After this, it is recommended that you run the optional make-test
command.
Type the following command, substituting the endpoint of your cluster and port for what is shown in this example.
redis-cli -h Primary or Configuration Endpoint --tls -p 6379
The following example connects to a cluster with encryption and authentication enabled (not recommended)
redis-cli -h Primary or Configuration Endpoint --tls -a 'your-password' -p 6379
aioredis==1.3.0
import aioredis
pool = aioredis.create_pool("redis://[host]:6379", ssl=True)
aioredis==2.0.0
import aioredis
redis = aioredis.from_url("rediss://[[username]:[password]]@[host]:6379/0")