Skip to main content

ElasticCache: Redis on AWS


To deploy the GitGuardian app, a Redis instance is required. This page is dedicated to helping you set up a Redis on AWS using ElasticCache.

Note: The GitGuardian application is bundled with a basic Redis. This Redis can be used for testing but is not meant to be production-ready.


AWS handles failover by updating a DNS record. This creates a small window where the GitGuardian application will use the ReadOnly replica in case of maintenance.


From the AWS Console#

To create an ElasticCache from the AWS Console, we recommend reading the official documentation.

You need to set the following fields:

  • Ensure Multi-AZ is enabled.
  • Enable Encryption at-rest.
  • Enable Encryption in-transit.
  • Set Access Control Option to Redis AUTH Default User.
  • Set Redis AUTH Token to <SECRET_AUTH_TOKEN>. You must save this value as it is required to configure the GitGuardian application.

Do not enable Cluster Mode, this option is not supported by the GitGuardian application.

Using Terraform#

To create a Redis instance using TF, you need the following resources:

In addition to the fields required by Terraform, we require the following fields to be set:

  • transit_encryption_enabled=true: whether to enable encryption in transit.
  • auth_token=<SECRET_AUTH_TOKEN>: the password used to access a password-protected server.
  • at_rest_encryption_enabled=true: whether to enable encryption at rest.
  • automatic_failover_enabled=true: specifies whether a read-only replica will be automatically promoted to read/write primarily if the existing primary fails.
  • multi_az_enabled=true: specifies whether to enable Multi-AZ Support for the replication group.