AWS Elasticache Redis
cloud.gov offers aws-elasticache-redis Redis 5.0.6 as a service.
Plans
Service Name | Plan Name | Description | Number of nodes |
---|---|---|---|
aws-elasticache-redis |
redis-dev |
Single EC node for non-prod use only | 1 |
aws-elasticache-redis |
redis-3node |
3 node EC, persistent storage, 512Mb memory limit | 3 |
aws-elasticache-redis |
redis-5node |
5 node EC, persistent storage, 512Mb memory limit | 5 |
aws-elasticache-redis |
redis-3node-large |
3 node EC, persistent storage, 1.3GB memory limit | 3 |
aws-elasticache-redis |
redis-5node-large |
5 node EC, persistent storage, 1.3GB memory limit | 5 |
Pricing
$200/month per 10 nodes block. First 10 nodes included at no cost. More information on the pricing page.
How to create an instance
To create a service instance, run the following command (replace my-ec-service
with a name for the service):
cf create-service aws-elasticache-redis redis-3node my-ec-service
Managing backups
As part of the aws-elasticache-redis service, AWS will be doing daily snapshots of all EC instances between 06:00-07:00 UTC. The service is configured to keep 3 snapshots. If you need one of these automated snapshots restored, please email cloud.gov support.
For manual backups, the Elasticache service does not expose access to files generated by the Elasticache Redis SAVE command. To back up data from your Elasticache Redis instance, you can iterate over keys, fetch their values and expiration times using DUMP and TTL, and save them to a file. To restore, use the RESTORE command for each saved key.
Please see https://github.com/cloud-gov/aws-redis-example our AWS Elasticache Redis example repo for some ideas on moving data as well.
Connecting to your Elasticache service locally
To facilitate backing up your Elasticache service, cloud.gov offers port forwarding if SSH is enabled for your organization and application. Follow the following instructions to create a service key and use it to set up a SSH tunnel.
Create a service key to access Elasticache credentials:
cf create-service-key my-elasticache my-key
Connect to your Elasticache service using port forwarding (see Using SSH). You’ll need to
leave the cf ssh
command running
and follow the next steps in a different terminal so that you can access the
remote Elasticache instance from your local environment. These steps assume you have jq installed locally.
elasticache_credentials=$(cf service-key my-elasticache my-key | tail -n +3)
elasticache_hostname=$(echo "${elasticache_credentials}" | jq -r '.hostname')
elasticache_port=$(echo "${elasticache_credentials}" | jq -r '.port')
elasticache_password=$(echo "${elasticache_credentials}" | jq -r '.password')
cf ssh my-app -L "8000:${elasticache_hostname}:${elasticache_port}"
You can now connect to your Elasticache service from your local machine using port 8000
and the password set to $elasticache_password
, e.g. using the latest version of Redis CLI:
redis-cli -a "${elasticache_password}" -p 8000 --tls
Encryption
Every AWS Elasticache instance configured through cloud.gov is encrypted at rest. We use the industry standard AES-256 encryption algorithm to encrypt your data on the server that hosts your AWS Elasticache instance.
Rotating credentials
You can rotate credentials by creating a new instance and deleting the existing instance. If this is not an option, email cloud.gov support to request rotating the credentials manually.
The broker in GitHub
You can find the broker here: https://github.com/cloud-gov/aws-broker.