Looks good! Moved on?

[nathanielks]

Hiya, @Jonty!

This project looks really interesting! I'm curious why development stopped? Lack of interest or did you find a better solution to the problem you were solving?

[Jonty]

Hi @nathanielks!

The team leads decided to use an externally hosted provider (compose.com) rather than build our own in-house solution. There's nothing wrong with this approach and personally I think it's probably the best way to go about it if you need to use elasticache in a multi-tenant environment.

As-is the code works probably works perfectly and could be deployed, but you might want to harden up the error handling and write a few tests.

Obviously you also need to build something that sets up the elasticache instances for the users in your environment (and also generates the authentication tokens to give them) but if you don't have a lot of users that could just be a person creating them and using a small tool to generate the tokens.

Happy to comment on deploying/fixing/patching/using this if you think it's something you actually want to do!

[nathanielks]

@Jonty I will let you know! In all my research this definitely sits at the top of my list of "most accurately solves the problem we're looking to solve." I'm looking for something to authenticate the endpoint and encrypt the data in transmission. Well done, sir, this is awesome! 👏 👏 👏

Should we decide to use this, I'll be more than happy to contribute. I just need to learn Go first 😅

[nathanielks]

@Jonty been playing with this the last few days and am really pleased! Great work! I'm unfortunately at a loss with how to integrate TLS . I was looking at stunnel and spiped, but I forgot that you had this baked in already! The "exercise for the reader" hasn't been working out too well. I'm curious if you could nudge me in a direction?

[Jonty]

@nathanielks I'm pretty sure I tested it, so I think it works. Usage is something like this:

• Run ./generate_certs.sh to generate a self-signed certificate using openssl
• ./proxy 0.0.0.0:6379 SHARED_SECRET server.crt server.key

Then configure your redis client to use SSL mode. It should just work - if it isn't let me know what errors you're getting.

[nathanielks]

@Jonty ah, brilliant! For some reason I was under the impression redis clients didn't have SSL at all. Thanks, mate!

[Jonty]

@nathanielks They didn't used to, but most major clients now do - and if yours doesn't there's definitely another one available that will!

There's a list of well-supported SSL-capable Redis clients at the bottom of this blog post: https://redislabs.com/blog/secure-redis-ssl-added-to-redsmin-and-clients/

[nathanielks]

💥 You're awesome, @Jonty!

[Jonty]

@nathanielks Out of interest, did you ever use this?

[nathanielks]

@Jonty I did for a bit! AWS released official support for AUTH and TLS, so I submitted a PR to Terraform to add support, which sufficiently took care of our needs hashicorp/terraform-provider-aws#2090. Thanks for putting this together, it was a really good learning experience for me!

[Jonty]

@nathanielks Oh that's brilliant news! I'll pass that on to my old team.