By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

AWS port forwarding session does not work for redis cluster with cluster mode

0
aws ssm start-session \                                                                                  
    --target i-123 \
    --document-name AWS-StartPortForwardingSessionToRemoteHost \
    --parameters '{"host":["<cache configuration endpoint>"],"portNumber":["6379"], "localPortNumber":["6379"]}'



Starting session with SessionId: <iam profile>
Port 6379 opened for sessionId <iam profile>
Waiting for connections...

Connection accepted for session [<iam profile>]

❯ python3 cache.py                                                                                         
INFO:rediscluster.client:Created new instance of RedisCluster client instance
INFO:rediscluster.client:Using ClusterConnectionPool
ERROR:root:Failed to connect to Redis Cluster: Timeout connecting to server

While the connection works through redis-cli through shell it does not work with programming language client

❯ redis-cli -c -h localhost -p 6379                                                                         
localhost:6379>
localhost:6379>
localhost:6379>
localhost:6379> randomkey
"test"
localhost:6379>

Anyone have any clue how to solve this issue, tried the code with python client, go client and rust client none work

Here's the python client code

import logging
from rediscluster import RedisCluster

# Configure logging
logging.basicConfig(level=logging.INFO)

def connect_to_redis_cluster():
    try:
        startup_nodes = [{"host": "localhost", "port": "6379"}]

        # Create a Redis cluster client
        rc = RedisCluster(startup_nodes=startup_nodes,decode_responses=True, socket_timeout=20, skip_full_coverage_check=True)

        # Test the connection
        if rc.ping():
            logging.info("Connected to Redis Cluster")

        # You can perform other Redis operations here

    except Exception as e:
        logging.error(f"Failed to connect to Redis Cluster: {e}")

if __name__ == "__main__":
    connect_to_redis_cluster()

Tried rerouting configuration endpoint to localhost through /etc/hosts file, appreciate any explanations or ideas to try

Topics
Management & Governance
Tags
AWS Systems ManagerManagement & GovernanceNetwork SecuritySession Management
Language
English
Harsha kalyan
asked 5 months ago321 views
2 Answers
0

I can see different hotspots where some improvement may be due.

  • Using "localhost" as the Redis host: In the Python client code, the Redis cluster client is configured with "localhost" as the host. However, when using port forwarding with AWS SSM, the Redis endpoint should typically be accessed through the SSM session, not locally on "localhost". Ensure that you're using the correct endpoint provided by AWS SSM port forwarding.
  • Handling of Redis Cluster Configuration: The Python client code initializes the RedisCluster client with a single startup node. However, Redis cluster clients typically require the entire list of cluster nodes to connect properly. Ensure that the startup_nodes parameter includes all the nodes in the Redis cluster.
  • Error Handling in Connection: The connect_to_redis_cluster() function catches all exceptions and logs them. While this is useful for debugging, it might be beneficial to handle specific types of exceptions differently. For example, connection timeout errors might require different handling compared to other types of errors.
  • Missing Configuration in AWS SSM Command: The AWS SSM command for starting a port forwarding session does not specify the correct value for the "host" parameter. It should be replaced with the actual cache configuration endpoint provided by AWS.
  • Inadequate Logging: The logging in the Python client code is minimal and may not provide enough information to diagnose connection issues effectively. Consider adding more detailed logging statements, especially around connection attempts and failures.
  • Security Considerations: Ensure that appropriate security measures are in place, such as using secure connections (e.g., TLS/SSL) and implementing access controls, especially when accessing resources over the internet.
profile picture
EXPERT
Giovanni Lauria
answered 22 days ago
0

Make sure your Redis Cache cluster security group allows access from your EC2 you are using as the SSM tunnel endpoint.

Your <cache configuration endpoint> needs to be resolvable to the VPC Endpoint from your EC2..

profile picture
EXPERT
Gary Mclean
answered 21 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content