Applications AWS

Redis on AWS User Guide

Last updated: 2025-01-01

Redis on AWS User Guide

This guide covers launching a Redis instance from the cloudimg AWS Marketplace AMI, retrieving your per-instance credentials, connecting with redis-cli, and common configuration tasks.

What Is Included

Redis 8 installed from the official packages.redis.io APT repository
redis-server running on port 6379 with requirepass authentication enforced
Per-instance password generated on first boot, written to /root/redis-credentials.txt
Dedicated 20 GiB gp3 data volume at /var/lib/redis for RDB snapshots and AOF journal
nginx identity page on port 80 confirming the instance type

Connecting to Your Instance

OS Variant	SSH Login User
Ubuntu 24.04	`ubuntu`

Connect using your EC2 key pair:

ssh -i /path/to/key.pem ubuntu@<instance-public-ip>

Retrieving Your Redis Credentials

On first boot a one-shot service generates a cryptographically strong 64-character hex password unique to your instance. The password is stored in a root-only file:

sudo cat /root/redis-credentials.txt

Example output:

# Redis 8 - Per-Instance Credentials
# Generated: 2026-05-27T22:15:18Z
# Instance public IP: 44.204.241.110
#
# Connect:
#   redis-cli -a '<requirepass>' --no-auth-warning
#   redis-cli -a '<requirepass>' --no-auth-warning PING  -> PONG
#
requirepass=4924b08334899934bd96ad6d10d59e5e8a815e09a73a16236bac515b99b98021

Set the password as a shell variable for convenience:

REDIS_PASS=$(sudo awk -F= '/^requirepass/{print $2}' /root/redis-credentials.txt)

Verifying the Service

Check the installed version and confirm redis-server is active:

redis-server --version
systemctl status redis-server --no-pager

Example output:

Redis server v=8.8.0 sha=00000000:1 malloc=jemalloc-5.3.0 bits=64 build=b3ac31808ca8181e

redis-server.service - Advanced key-value store
     Loaded: loaded (/usr/lib/systemd/system/redis-server.service; enabled; preset: enabled)
     Active: active (running) since Wed 2026-05-27 22:15:28 UTC; 8s ago
       Docs: http://redis.io/documentation, man:redis-server(1)
   Main PID: 35251 (redis-server)
     Status: "Ready to accept connections"
     CGroup: /system.slice/redis-server.service
             35251 "/usr/bin/redis-server 0.0.0.0:6379"

Connecting with redis-cli

Test connectivity with a PING command:

redis-cli -a "${REDIS_PASS}" --no-auth-warning PING

Expected output:

PONG

View server information including the Redis version:

redis-cli -a "${REDIS_PASS}" --no-auth-warning INFO server

Example output:

# Server
redis_version:8.8.0
redis_git_sha1:00000000
redis_git_dirty:1
redis_build_id:b3ac31808ca8181e
redis_mode:standalone
os:Linux 6.8.0-1009-aws x86_64
arch_bits:64
tcp_port:6379
executable:/usr/bin/redis-server

Basic Operations

Store and retrieve a key-value pair:

redis-cli -a "${REDIS_PASS}" --no-auth-warning SET mykey "Hello Redis"
redis-cli -a "${REDIS_PASS}" --no-auth-warning GET mykey
redis-cli -a "${REDIS_PASS}" --no-auth-warning DEL mykey

Expected output:

OK
Hello Redis
1

Unauthenticated Connection Rejection

Connections without the requirepass are rejected:

redis-cli PING

Expected output:

(error) NOAUTH Authentication required.

Data Volume

Redis persistence files are stored on a dedicated 20 GiB gp3 volume at /var/lib/redis. This volume is separate from the OS disk and can be resized independently:

df -h /var/lib/redis

Example output:

Filesystem      Size  Used Avail Use% Mounted on
/dev/nvme1n1     20G   28K   19G   1% /var/lib/redis

Configuration

The main Redis configuration file is /etc/redis/redis.conf. cloudimg writes per-instance settings as drop-in files in /etc/redis/conf.d/. The authentication password is in /etc/redis/conf.d/cloudimg-auth.conf (owned by the redis user, mode 640).

After editing redis.conf, reload configuration without restarting:

redis-cli -a "${REDIS_PASS}" --no-auth-warning CONFIG REWRITE

Or restart the service to apply changes that require a restart:

sudo systemctl restart redis-server

Enabling AOF Persistence

Redis ships with RDB snapshot persistence enabled by default. For stronger durability on write-heavy workloads, enable the Append Only File:

appendonly yes
appendfilename "appendonly.aof"
appenddirname "/var/lib/redis/appendonlydir"

Add these lines to /etc/redis/redis.conf and restart redis-server.

Memory Limits

Redis has no memory cap enforced by default. For use as a cache, set a memory limit and eviction policy:

maxmemory 2gb
maxmemory-policy allkeys-lru

Add these lines to /etc/redis/redis.conf and restart redis-server.

Changing the Password

Generate a new password and update the configuration:

NEW_PASS=$(openssl rand -hex 32)
echo "requirepass ${NEW_PASS}" | sudo tee /etc/redis/conf.d/cloudimg-auth.conf
sudo chown redis:redis /etc/redis/conf.d/cloudimg-auth.conf
sudo chmod 640 /etc/redis/conf.d/cloudimg-auth.conf
sudo systemctl restart redis-server

Update /root/redis-credentials.txt with the new password for future reference.

Firewall and Network Access

The security group for this AMI opens port 6379 from all sources. For production use, restrict the Redis security group inbound rule to trusted IP ranges or VPC CIDRs only.

Identity Page

An nginx server on port 80 serves a plain-text identity page confirming the instance is a cloudimg Redis AMI. This is useful for health checks in automation:

curl http://<instance-public-ip>/

Support

24/7 technical support is available from cloudimg at cloudimg.co.uk. Support covers Redis deployment, authentication and ACL configuration, persistence tuning, cluster setup and version upgrades.