Using CloudFormation to set up Amazon Elasticache Serverless for Valkey

Valkey is a high-performance key-value store compatible with Redis protocols. This guide walks through setting up an Amazon Elasticache Serverless for Valkey and connecting to it from developer's desktop/laptop. I'll use CloudFormation to automate the entire infrastructure deployment with parameterized Vpc-Ids and Subnet Ids. At the end of this exercise, AWS Elasticache Valkey can be accessed from the developer's local desktop.

My setup consists of:

The above 3 items form the key components of my CloudFormation template:

First, I create security group that allows SSH from my IP (obtained using curl checkip.amazonaws.com).

Second, I create an EC2 instance and associate it with the security group I created in the first step.

Now that previous two steps are completed, I create a new security group that allows Valkey's ports(6379 and 6380) from the EC2 instance. I specify EC2's security group for ingress rule.

Finally, I deploy ElastiCache Serverless for Valkey with 2 subnets (one can specify up to 3 subnets).

I specify outputs from AWS CloudFormation, so that they can be used from my shell later:

Finally, I run the CloudFormation template at the CLI. One can also do the same using AWS Console.

The parameters required for the CloudFormation CLI can be passed using command line parameters:

I set up SSH tunnel from my laptop:

This creates a secure tunnel with port forwarding from my local machine to ElastiCache Serverless for Valkey through the EC2 host.

In a separate shell window, I connect to ElastiCache Valkey using redis-cli.

This setup provides a secure, scalable Valkey deployment. The serverless nature of ElastiCache Valkey means I only pay for what I use, while the EC2 instance ensures secure access to my data store from my laptop.

If you are following these steps, remember to regularly update security group rules, monitor access patterns, and keep the bastion host updated with the latest security patches.