Why is my lambda not able to talk to elasticache?


I have an Redis ElastiCache cluster that has a FQDN for the primary node in the format: master.clustername.x.euw1.cache.amazonaws.com. I also have a Route53 record with the CNAME pointing at that FQDN.

I have a .net core lambda in the same VPC as the cluster, with access to the cluster via security groups. The lambda talks to the cluster using the Redis library developed by Stack Overflow (Github repo here for reference).

If I give the lambda the hostname the FQDN for the Redis cluster (the one that starts with master) I can connect, save data and read it.

If I give the lambda the CNAME (and that CNAME gives the same IP address as the FQDN when I ping it from my local machine and also if I use Dns.GetHostEntry within the lambda) it doesn’t connect and I get the following error message:

Has anyone seen anything similar to this?


It turned out that because I was using an SSL certificate on the elasticache cluster and the SSL certificate was bound the the master. endpoint whereas I was trying to connect to the CNAME, the certificate validation was failing.

So I ended up querying the Route53 record within the code to get the master endpoint and it worked.

Leave a Reply