Tyk 4.1 not connecting to AWS MemoryDB when ACL username+pass is set


Tyk is running in AWS EKS K8S cluster. Local single Redis pod is working fine. I am trying to move it to an AWS MemoryDB redis cluster.

When I have my MemoryDB redis cluster set to open access ("user default on nopass sanitize-payload ~* &* +@all") Tyk can connect to it and I can see all the keys when connecting via redis-cli at the same time:

> keys *
1) "redis-test-03499c6e-8d15-4ee2-a72b-4cf75631b003"
2) "host-checker:PollerActiveInstanceID"
4) "redis-test-99e197d4-f8fc-49f6-a663-ce94dc4f76ad"
5) "redis-test-a64494a4-779b-4cc3-a94b-1ac7067b1969"
6) "tyk-liveness-probe"
7) "redis-test-377acecf-2da7-414c-b66b-153948123e75"
8) "redis-test-085cbef2-c294-460c-9721-64fbd89debcb"

When I configure an ACL user in AWS, I can still connect and do everything via redis-cli but Tyk is stuck trying to connect to redis.

"user myuser on sanitize-payload #0000000000000000000000000000000000000000000000000000000000000000 ~* resetchannels +@all"

Tyk log in this case:

time="Jan 11 14:33:34" level=error msg="Redis health check failed" error="storage: Redis is either down or was not configured" liveness-check=true prefix=main
time="Jan 11 14:33:34" level=debug msg="No Primary instance found, assuming control" prefix=host-check-mgr
time="Jan 11 14:33:34" level=error msg="cannot set key in pollerCacheKey" error="storage: Redis is either down or was not configured"
time="Jan 11 14:33:34" level=error msg="Connection to Redis failed, reconnect in 10s" error="storage: Redis is either down or was not configured" prefix=pub-sub

tyk.conf storage:

"storage": {
        "type": "redis",
        "enable_cluster": true,
        "addrs": [ "clustercfg. <endpoint > .memorydb.us-west-2.amazonaws.com:6379" ],
        "username": "myuser",
        "password": "<pwd>",
        "use_ssl": true,
        "database": 0,
        "optimisation_max_idle": 6000,
        "optimisation_max_active": 10000

I also have the following set up for the Tyk pod.:

            value: "256"

Again, if MemoryDB is set to the default open-access ACL mode and no username and pw is configured in tyk.con for redis storage:

"username": "",
"password": "",

It works perfectly.

Any help is appreciated. Thanks!

Hi @VikingPingvin,

Welcome to the community. :tada:

I’m afraid MemoryDB is not officially supported by Tyk.

This might be a compatibility issue, maybe something to do with encoding/encryption, but I cannot say for sure.

1 Like


Thanks for the reply!
I saw mentions for Elasticache in Tyk docs, so I just assumed it could work.

I will try it with that.

Hi @Ubong

I tried it with a basic Elasticache in AWS.
No ACL, Encryption in transit is enabled.
Same error.

"storage": {
        "type": "redis",
        "enable_cluster": false,
        "addrs": [ "master.<endpoint>.usw2.cache.amazonaws.com" ],
        "port": 6379,
        "username": "",
        "password": "",
        "use_ssl": true,
        "database": 0,
        "optimisation_max_idle": 2000,
        "optimisation_max_active": 4000

Can this be related to Redis encryption in transit doesn't work · Issue #4613 · TykTechnologies/tyk · GitHub ?

Hi @VikingPingvin,

I see, in the Github issue, that you’ve been able to get it working :raised_hands:

I’m adding the solution(s) for visibility:

  • Tyk supports Redis 2.8.x to 6.0.x (see reference)
  • Set ssl_insecure_skip_verify: true in storage section of the config

HI @VikingPingvin , I am also interested in using AWS Elasticache for REDIS
It’s been 10 months since you posted this, is it still working for you? Are there any caveats? Would you recommend it?

Hi @Ubong , could you please provide a link to the Github issue? I would like to follow the conversation since i’m working on this right now.

Hi @Jonathan_Gurwitz,

Its just above.