Redis won’t talk to Web Server.

The Problem: #

Thinking you’ve correctly configured everything in your shiny new cloud architecture, and having a key piece not work properly can be extremely frustrating.

For me, it was trying to get a web server (on EC2) to talk to a Redis cluster (on ElasticCache).

Trying to use redis-cli on my local machine kept getting me to this point:

Could not connect to Redis at xxx.usw2.cache.amazonaws.com:6379: Operation timed out

This is when I found out that Redis by default isn’t meant to be accessed from outside the sphere of AWS. Since I was running redis-cli from my laptop, this wasn’t going to work.

The next logical step was to SSH into my EC2 machine, and then run the redis-cli command to try and PING the Redis host. But this method also ran into the timed out error.

Since the machine on AWS couldn’t even produce a handshake with the Redis host, this is when I knew that there was something wrong with the security permissions which was restricting any traffic from communicating with the Redis host.

The Fix: #

First, go to your Elastic Cache Console and click on the specific Redis instance which is giving you a hard time. Take note of the Security Group ID (marked by the purple arrow):

Next, go to your VPC Management Console and head to the Security Groups section. Make sure that your Redis Group ID (purple arrow) has allowed inbound connection (custom TCP Rule on Port Range 6379) with the Source being the Group ID of the group which your EC2 instance is on (orange arrows). As for the Outbound Rules, allow ALL Traffic.

This finally made it so my “PING” was met with a “PONG” from the Redis host. When you observe errors like this, make sure your security groups are able to properly talk to the respective servers.