Why does port 6379 need to be opened on the security group for elasticache?

amazon-ec2 amazon-web-services amazon-vpc amazon-elasticache
9,041

[the ElastiCache server] has security group(s) assigned, in my case just cache-access

Security groups apply to ElastiCache servers just like they do to EC2 servers (they're EC2 under the hood, even).

Port 6379 doesn't need to be open for the EC2 servers, but it does need to be open for the Redis server. You could put the cache or EC2 servers in separate security groups if you'd prefer to keep their firewall rules separate.

Share:
9,041

Related videos on Youtube

AJcodez
Author by

AJcodez

Updated on September 18, 2022

Comments

  • AJcodez
    AJcodez over 1 year

    I made a redis cluster and created a new security group called cache-access. If I ssh into an ec2 server and try to access a cache node, it works if two conditions are met:

    1. ec2 server belongs to cache-access security group
    2. cache-access security group opens inbound 6379 port

    It makes sense to me to whitelist ec2 access via security group (#1), considering a group may need to scale up or down, so whitelisting ip addresses wouldn't work.

    It doesn't make sense why I need to open the port (#2). The ec2 instance is not running redis-server. The elasticache servers are the ones listening on 6379.

    Why does the ec2 security group need the 6379 port open to work?

    • ceejayoz
      ceejayoz almost 9 years
      What security group does the cache node belong to?
    • AJcodez
      AJcodez almost 9 years
      It's in vpn, so it doesn't have a cache security group, it has security group(s) assigned, in my case just cache-access.
    • ceejayoz
      ceejayoz almost 9 years
      Well, that's why.
    • AJcodez
      AJcodez almost 9 years
      I see it now. It still doesn't make sense to me to have a sg for elasticache at all tho. What other port would i want open for a managed redis cluster? Like i'm not gonna host my mom's friend's website on 8080 on a managed redis cluster. Whatever.
    • ceejayoz
      ceejayoz almost 9 years
      ElastiCache has security groups because just like any other set of servers you might want to limit who has access to it. You might be running several apps in your AWS account and only want to let one app's servers access the cache. You might want to limit access just to a PHP tier and not let your database tier have access.
    • AJcodez
      AJcodez almost 9 years
      Yeah i get that aspect, i thought the sg was just to whitelist access, not also apply port configurations.
  • AJcodez
    AJcodez almost 9 years
    Thank you. It didn't occur to me the security group applied to the elasticache servers beyond granting access to ec2 instances.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to use IPSec / Openswan with Amazon's Virtual Private Cloud (VPC) and EC2?
How to assign EIP to Autoscaling Group of VPC in Cloudformation template
can't connect aws VPC private instance to internet through NAT
Routing between the instances in AWS
Can you connect to Amazon VPC VPN from Windows 7 without a hardware VPN on your end?
aws private instance cannot resolve hostname (VPC with NAT instance)
Is it okay to use an Elastic Load Balancer for ssh/sftp traffic?
How to allow inbound traffic for internal machines only on EC2?
ssh timeout issue connecting to an EC2 instance on OS X
Ec2 instance static private ip address