I'm able to connect to an Elasticache redis instance in a VPC from EC2 instances, but I would like to know if there is a way to connect to an Elasticache Redis node outside of Amazon EC2 instances, such as from my local dev setup or VPS instances provided by other vendors.

Currently when trying from my local set up:

redis-cli -h my-node-endpoint -p 6379

I only get a timeout after some time.

No, you can't without resorting to 'tricks' such as a tunnel, which maybe OK for testing but will kill any real benefit of using a super-fast cache with the added latency/overhead.

...an Amazon ElastiCache Cluster, inside or outside a VPC, is never allowed to be accessed from the Internet.

From here: http://aws.amazon.com/elasticache/faqs/#Can_I_access_Amazon_ElastiCache_from_outside_AWS

EDIT 2018: This answer above was accurate when written, however it is now possible with some configuation to access redis cache from outside using the directions approximately 1/2 way down this page: https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/accessing-elasticache.html

SSH port forwarding should do the trick. Try running this from you client.

ssh -f -N -L6379:<your redis node endpoint>:6379 <your EC2 node that you use to connect to redis>

Then from your client

redis-cli -h 127.0.0.1 -p 6379

It works for me.

Please note that default port for redis is 6379 not 6739. An also make sure you allow the allow the security group of the EC2 node that you are using to connect to your redis instance into your Cache security group.

Also, AWS now supports accessing your cluster more info here

These answers are out of date.

You can access elastic-cache outside of AWS by following these steps:

1. Create a NAT instance in the same VPC as your cache cluster but in a public subnet.
2. Create security group rules for the cache cluster and NAT instance.
3. Validate the rules.
4. Add an iptables rule to the NAT instance.
5. Confirm that the trusted client is able to connect to the cluster.
6. Save the iptables configuration.

For a more detailed description see the aws guide:

https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/accessing-elasticache.html#access-from-outside-aws

Not so old question, I ran to the same issue myself and solved it:

Sometimes, for developing reasons you need to access from outside (to avoid multi-deployments just for a simple bug-fix maybe?)

Amazon have published a new guide that uses the EC2 as proxies for the outside world:

http://docs.aws.amazon.com/AmazonElastiCache/latest/UserGuide/Access.Outside.html

Good luck!

We are using HAProxy as a reserved proxy server.

Your system outside AWS ---> Internet --> HAProxy with public IP --> Amazon Redis (Elasticache)

Notice that there is another good reason to do that (at that time)

As we use node.js client, which don't support Amazon DNS fail over, the client driver don't support dns look up again. If the redis fail, the client driver will keep connect to the old master, which is slave after failed over.

By using HAProxy, it solved that problem.

Now using the latest ioredis driver, it support amazon dns failover.

BTW if anyone wants a windows EC2 solution, try these at the DOS prompt (on said windows EC2 machine):

To Add port-forwarding

C:\Users\Administrator>netsh interface portproxy add v4tov4 listenport=6379 listenaddress=10.xxx.64.xxx connectport=6379 connectaddress=xxx.xxxxxx.ng.0001.use1.cache.amazonaws.com

To list port-forwarded ports

C:\Users\Administrator>netsh interface portproxy show all

Listen on ipv4: Connect to ipv4:

Address Port Address Port

10.xxx.128.xxx 6379 xxx.xxxxx.ng.0001.use1.cache.amazonaws.com 6379

To remove port-forwarding

C:\Users\Administrator>netsh interface portproxy delete v4tov4 listenport=6379 listenaddress=10.xxx.128.xxx

This is a solid node script that will do all the dirty work for you. Tested and verified it worked.

https://www.npmjs.com/package/uzys-elasticache-tunnel

How to use Usage: uzys-elasticache-tunnel [options] [command]

Commands:

start [filename]  start tunneling with configuration file (default: config.json)
stop              stop tunneling
status            show tunneling status

Options:

-h, --help     output usage information
-V, --version  output the version number

Usage Example

• start - uzys-elasticache-tunnel start ./config.json
• stop - uzys-elasticache-tunnel stop
• status - uzys-elasticache-tunnel status

Its is not possible to directly access the classic-cluster from a VPC instance. The workaround would be configuring NAT on the classic instance.

NAT need to have a simple tcp proxy

YourIP=1.2.3.4
YourPort=80
TargetIP=2.3.4.5
TargetPort=22

iptables -t nat -A PREROUTING --dst $YourIP -p tcp --dport $YourPort -j DNAT \
--to-destination $TargetIP:$TargetPort
iptables -t nat -A POSTROUTING -p tcp --dst $TargetIP --dport $TargetPort -j SNAT \
--to-source $YourIP
iptables -t nat -A OUTPUT --dst $YourIP -p tcp --dport $YourPort -j DNAT \
--to-destination $TargetIP:$TargetPort