Currently, I am using go-redis
package to interface with AWS elasticache for Redis. I am authenticating into the redis instance like so,
import "github.com/go-redis/redis"
func pingRedis() {
cli := redis.NewClient(redis.Options{
Addr: "redis-address",
Password: "redis-password",
DB: 0,
})
_, err := cli.Ping().Result()
if err != nil {
log.Error(err, "could not establish connection")
return
}
}
With the recent addition of support for IAM auth for redis clusters, I'm looking to move away from the Password
usage and take advantage of the IAM auth. How should I go about authenticating into elasticache redis using IAM with the go-redis
package?
With IAM Authentication you can authenticate a connection to ElastiCache for Redis using AWS IAM identities. The go-redis library supports passing a credential provider to the client initializer ("CredentialsProvider") for auto-generation of temporary credentials. You can create an IAM credential provider to get the updated username and password, for example:
rdb := redis.NewClient(&redis.Options{
Addr: ":6379",
CredentialsProvider: func() (username string, password string) {
userID, iamAuthToken := iamAuth(.....)
return userID, iamAuthToken
},
})
You can find a full example for using ElastiCache with IAM here: https://github.com/redis/go-redis/discussions/2343#discussioncomment-5367088