0

I have created a elastic cache instance with redis, using terraform. This is the code I have used:

resource "aws_security_group" "main" {
  name        = "redis-security-group"
  description = "Controls access to the redis instance"
  vpc_id      = var.vpc_id

  ingress {
    protocol    = "-1"
    from_port   = 0
    to_port     = 0
    cidr_blocks = ["0.0.0.0/0"]
  }

  egress {
    protocol    = "-1"
    from_port   = 0
    to_port     = 0
    cidr_blocks = ["0.0.0.0/0"]
  }
}

resource "aws_elasticache_subnet_group" "main" {
  name       = "db-subnet-group"
  subnet_ids = var.public_subnets_ids
}

resource "aws_elasticache_cluster" "main" {
  cluster_id               = "redis-cluster"
  subnet_group_name        = aws_elasticache_subnet_group.main.name
  security_group_ids       = [aws_security_group.main.id]
  engine                   = "redis"
  node_type                = "cache.t3.small"
  num_cache_nodes          = 1
  parameter_group_name     = "default.redis6.x"
  snapshot_retention_limit = 0
  engine_version           = "6.x"
  port                     = 6379
}

As you can see, I have not defined any kind of password (I have not seen the option in the documentation). If I try to connect from an EC2 instance properly configured (you cannot access redis elastic cache from outside aws) I can connect perfectly fine without specifying an user/password.

The problem comes when my web server tries to connect to it, because I do not specify a password. I'm getting the following error:

redis.exceptions.ResponseError: AUTH <password> called without any password configured for the default user. Are you sure your configuration is correct?

The connection string without password works great with redis-cli, but not with redis in python. So, I wonder the following:

  • Is there a way to setup a password in my redis instance from terraform/bash script? This way I could use it normally from my python web server.
  • Is there a way to setup python redis to not need a password?
Antonio Gamiz Delgado
  • 1,871
  • 1
  • 12
  • 33
  • 2
    Add your python code which you've tried so far. maybe there's a problem with your connection string – Peyman.H Aug 21 '21 at 10:18
  • 1
    How are you connecting to it from Python? "No password" should be the default, unless you're using some framework that makes assumptions? – Jiří Baum Aug 21 '21 at 10:19
  • I'm using django redis module, so I do not really have to setup anything. If I use a redis instance with password setup it works (I'm trying to pass from the redis addon on heroku to elastic cache on aws) – Antonio Gamiz Delgado Aug 21 '21 at 12:23
  • This is the connection string template I'm using: 'redis://:{password}@{endpoint}/0', where password is an empty string and the endpoint is the endpoint from aws. – Antonio Gamiz Delgado Aug 21 '21 at 12:24
  • It's worth mentioning that I'm using redis==2.10.3 (I know, very old version, but it's a legacy system) – Antonio Gamiz Delgado Aug 21 '21 at 12:29
  • 1
    I believe you should change your connection string template to `'redis://{endpoint}/0'`. The `@` is triggering the password authentication, even if the password you are passing is empty. – Mark B Aug 21 '21 at 14:30
  • You're totally right, thanks! – Antonio Gamiz Delgado Aug 21 '21 at 14:45

0 Answers0