Using AWS MemoryDB with Go Redis client

Question

I am using go-redis library to use AWS MemoryDB cluster as a database.

I am able to connect to cluster with VPN connection, however

the following cli command connects to database:

redis-cli --tls -u redis://<memory-db-endpoint> -p 6379

but the following Go code does not work and get i/o timeout error.

conf, err := redis.ParseURL("redis://$CLUSTER_ENDPOINT:6379")
if err != nil {
   panic(err)
}

cl := redis.NewClient(conf)
res, err := cl.Ping(context.Background()).Result()
if err != nil {
    panic(err)
}

what is needed to establish a connection with a single node AWS MemoryDB cluster?

Are you literally passing `"redis://$CLUSTER_ENDPOINT:6379"`, or are you just redacting `$CLUSTER_ENDPOINT`? — Gavin, Apr 18 '23 at 20:38

score 2 · Answer 1 · answered Apr 24 '23 at 07:34

Redis URIs with TLS must begin with "rediss://", not "redis://"; see https://www.iana.org/assignments/uri-schemes/prov/rediss for more information.

This code works:

conf, err := redis.ParseURL("rediss://$CLUSTER_ENDPOINT:6379")
if err != nil {
   panic(err)
}

cl := redis.NewClient(conf)
res, err := cl.Ping(context.Background()).Result()
if err != nil {
    panic(err)
}

score 1 · Answer 2 · answered Apr 22 '23 at 12:27

The problem is go-redis library does not know how to get system certificates for TLS connections.

So, here is how to pass system certificate pool to connection config.

...

pool, err := x509.SystemCertPool()
if err != nil {
   panic(err)
}

conf.TLSConfig = &tls.Config{
    RootCAs: pool,
}

...

Using AWS MemoryDB with Go Redis client

2 Answers2