Open kdeyko opened 1 month ago
Port 6380 should be added to the security group by default if we use ElastiCache Serverless for Valkey. Currently, only 6379 is added.
From Get started with Amazon ElastiCache for Valkey | Amazon Web Services
ElastiCache Serverless for Valkey cache uses both ports 6379 and port 6380. To successfully connect and execute Valkey commands from your EC2 instance, your security group must allow access to these ports as needed.
See Finding replication group endpoints - Amazon ElastiCache on Primary and Reader endpoints explanation.
Other links: https://docs.aws.amazon.com/AmazonElastiCache/latest/dg/RedisConfiguration.html#RedisConfiguration.Serverless https://docs.aws.amazon.com/AmazonElastiCache/latest/dg/wwe-troubleshooting.html#wwe-troubleshooting.connection
When create_security_group and serverless_enabled are true and engine is redis, both 6379 and 6380 ports are allowed for ingress connection in the created SG.
true
redis
Create ElastiCache Serverless for Valkey.
Both ports 6379 and 6380 are added to SG in we use ElastiCache Serverless for Valkey.
This can be work arounded (in theory) using additional_security_group_rules:
additional_security_group_rules = [ { type = "ingress" from_port = 6380 to_port = 6380 protocol = "tcp" } ]
(assuming that rule for port 6379 is added by default)
No response
Alternatively, allow passing a list of ports in the port field.
Describe the Feature
Port 6380 should be added to the security group by default if we use ElastiCache Serverless for Valkey. Currently, only 6379 is added.
From Get started with Amazon ElastiCache for Valkey | Amazon Web Services
See Finding replication group endpoints - Amazon ElastiCache on Primary and Reader endpoints explanation.
Other links: https://docs.aws.amazon.com/AmazonElastiCache/latest/dg/RedisConfiguration.html#RedisConfiguration.Serverless https://docs.aws.amazon.com/AmazonElastiCache/latest/dg/wwe-troubleshooting.html#wwe-troubleshooting.connection
Expected Behavior
When create_security_group and serverless_enabled are
true
and engine isredis
, both 6379 and 6380 ports are allowed for ingress connection in the created SG.Use Case
Create ElastiCache Serverless for Valkey.
Describe Ideal Solution
Both ports 6379 and 6380 are added to SG in we use ElastiCache Serverless for Valkey.
Alternatives Considered
This can be work arounded (in theory) using additional_security_group_rules:
(assuming that rule for port 6379 is added by default)
Additional Context
No response