Menu
ElastiCache with encryption uses TLS to communicate with redis client, yet as I've seen redis clients in all languages (ioredis, predis, go-redis) require a pem file when configuring the client to us TLS.
How can I connect to Elasticache with in-transit encryption without given the ceritificate for the TLS?
595
Enabling in-transit encryption on a cluster for Redis (Cluster Mode Enabled) (CLI) Use the AWS CLI operation create-replication-group and the following parameters to create a Redis (cluster mode enabled) replication group that has in-transit encryption enabled: Key parameters: --engine —Must be redis .
Sign in to the AWS Management Console and open the ElastiCache console at https://console.aws.amazon.com/elasticache/ . From the navigation pane, choose Redis clusters. The clusters screen will appear with a list of Redis (cluster mode disabled) and Redis (cluster mode enabled) clusters.
Choose the box to the left of default security group. From the list at the bottom of the screen, choose the EC2 Security Group Name you want to authorize. To authorize access, choose Add. Amazon EC2 instances that are associated with the security group are now authorized to connect to your ElastiCache cluster.
ElastiCache for Redis offers default (service managed) encryption at rest, as well as ability to use your own symmetric customer managed AWS KMS keys in AWS Key Management Service (KMS). The default (service managed) encryption is the only option available in the GovCloud (US) Regions.
solution - no certificate is needed, just to enable TLS in the client (ioredis for example is just to have tls: {}
87
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
