Redis versions and features compatibility list

[hebbo]

Hi there.

We are aiming to use the Phoenix Redis Pubsub (https://github.com/phoenixframework/phoenix_pubsub_redis) package in our Phoenix app and had some problems to connect to our ElastiCache Redis instance:

  RedisReplicationGroup:
    Type: AWS::ElastiCache::ReplicationGroup
    Properties:
      AtRestEncryptionEnabled: true
      AutomaticFailoverEnabled: true
      Engine: redis
      EngineVersion: 5.0.3
      NumCacheClusters: 2
      Port: 6379
      TransitEncryptionEnabled: true

We found out that the problem was in the following settings:

AtRestEncryptionEnabled: true
TransitEncryptionEnabled: true

Wondering whether there is any way we can check which Redis versions and features the Redix package is compatible with.

Any guidance will be very welcome! Thanks!

[whatyouhide]

Hey @hebbo, thanks for the report. I don't really know what AtRestEncryptionEnabled and TransitEncryptionEnabled do except from what I've quickly read from the ElastiCache docs.

Could you please:

• Specify your Redix version
• Specify what errors you are seeing when connecting to your ElastiCache instance?

Redix should be compatible with any decently modern Redis (the protocol has been the same for a long time).

[hebbo]

Hey,

thanks for your reply. We are using the following versions: Redis 0.9.3 phoenix_pubsub_redis 2.1.7

Found out a bit more about the issue: when setting AtRestEncryptionEnabled to true my service can connect to the Redis instance. However, TransitEncryptionEnabled seem to be the root of the problem.

Digging a bit in the AWS docs:

To access data from ElastiCache for Redis nodes enabled with in-transit encryption, you use clients that work with Secure Socket Layer (SSL). However, redis-cli doesn't support SSL or Transport Layer Security (TLS).

https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/in-transit-encryption.html

Seems like Redis clients are generally not compatible with in-transit encrypted communication?

This is the error I am getting:

06:47:49.149 [error] Failed to connect to Redis (master.inr10p33bfd4jnw7.mk862x.usw2.cache.amazonaws.com:6379): :timeout

when:

• set TransitEncryptionEnabled to true on my Redis ElastiCache instance
• set a password for the Redis server and use the same password in my service: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticache-replicationgroup.html#cfn-elasticache-replicationgroup-authtoken

  phoenix_pubsub: [
    adapter: Phoenix.PubSub.Redis,
    host: System.get_env("REDIS_HOSTNAME") || raise("REDIS_HOSTNAME not set"),
    node_name: System.get_env("REDIS_NODE_NAME") || raise("REDIS_NODE_NAME not set"),
    password: System.get_env("REDIS_AUTH_TOKEN") || raise("REDIS_AUTH_TOKEN not set"),
    pool_size: 1,
    port: 6379
  ]

Not sure how useful this info is going to be for you but thought I may share it just in case.

We may just give on in-transit encryption for now :)

Thanks! Angel

[whatyouhide]

Hey @hebbo, I see. Did you try using ssl: true when connecting to Redis or using rediss:// as the scheme in the Redis URL you're using?

[hebbo]

Hey @whatyouhide Using the ssl: true option actually did the job. Totally missed it!

We also set the Redix password config entry to whatever value we set in the AuthToken field in the Cloudformation configuration for the Redis instances. https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticache-replicationgroup.html#cfn-elasticache-replicationgroup-authtoken

Thanks a lot for your help! We are almost there now! Angel