Deleting a cluster - Amazon MemoryDB for Redis

• Where do I go from here? (p. 23)

Setting up

Following, you can ﬁnd topics that describe the one-time actions you must take to start using MemoryDB.

Topics

• Getting an AWS Access Key (p. 12)

• Conﬁguring Your Credentials (p. 13)

• Downloading and Conﬁguring the AWS CLI (p. 13)

• Set up your permissions (new MemoryDB users only) (p. 13)

Getting an AWS Access Key

Before you can access MemoryDB programmatically or through the AWS Command Line Interface (AWS CLI), you must have an AWS access key. You don't need an access key if you plan to use the MemoryDB console only. Access keys consist of an access key ID and secret access key, which are used to sign programmatic requests that you make to AWS. If you don't have access keys, you can create them from the AWS Management Console. As a best practice, do not use the AWS account root user access keys for any task where it's not required. Instead, create a new administrator IAM user with access keys for yourself. The only time that you can view or download the secret access key is when you create the keys.

You cannot recover them later. However, you can create new access keys at any time. You must also have permissions to perform the required IAM actions. For more information, see Permissions Required to Access IAM Resources in the IAM User Guide.

To create access keys for an IAM user

1. Sign in to the AWS Management Console and open the IAM console at https://

console.aws.amazon.com/iam/.

2. In the left navigation pane, choose Users.

3. Choose the name of the user whose access keys you want to create, and then choose the Security credentials tab.

4. In the Access keys section, choose Create access key.

5. To view the new access key pair, choose Show. You will not have access to the secret access key again after this page closes. Your credentials will look something like this:

Conﬁguring Your Credentials

• Access key ID: AKIAIOSFODNN7EXAMPLE

• Secret access key: wJalrXUtnFEMI/K7MDENG/bPxRﬁCYEXAMPLEKEY

6. To download the key pair, choose Download .csv ﬁle. Store the keys in a secure location. You will not have access to the secret access key again after this page closes.

7. Keep the keys conﬁdential in order to protect your AWS account and never email them. Do not share them outside your organization, even if an inquiry appears to come from Amazon or Amazon.com.

No one who legitimately represents Amazon will ever ask you for your secret key.

8. After you download the .csv ﬁle, choose Close. When you create an access key, the key pair is active by default, and you can use the pair right away.

Related topics:

• What is IAM in the IAM User Guide.

• AWS Security Credentials in AWS General Reference.

Conﬁguring Your Credentials

Before you can access MemoryDB programmatically or through the AWS CLI, you must conﬁgure your credentials to enable authorization for your applications.

There are several ways to do this. For example, you can manually create the credentials ﬁle to store your access key ID and secret access key. You also can use the aws configure command of the AWS CLI to automatically create the ﬁle. Alternatively, you can use environment variables. For more information about conﬁguring your credentials, see the programming-speciﬁc AWS SDK developer guide at Tools to Build on AWS.

Downloading and Conﬁguring the AWS CLI

The AWS CLI is available at http://aws.amazon.com/cli. It runs on Windows, MacOS and Linux. After you download the AWS CLI, follow these steps to install and conﬁgure it:

1. Go to the AWS Command Line Interface User Guide.

2. Follow the instructions for Installing the AWS CLI and Conﬁguring the AWS CLI.

Set up your permissions (new MemoryDB users only)

MemoryDB for Redis creates and uses service-linked roles to provision resources and access other AWS resources and services on your behalf. For MemoryDB to create a service-linked role for you, use the AWS-managed policy named AmazonMemoryDBFullAccess. This role comes preprovisioned with permission that the service requires to create a service-linked role on your behalf.

You might decide not to use the default policy and instead to use a custom-managed policy. In this case, make sure that you have either permissions to call iam:createServiceLinkedRole or that you have created the MemoryDB service-linked role.

For more information, see the following:

• Creating a New Policy (IAM)

• AWS-managed (predeﬁned) policies for MemoryDB for Redis (p. 172)

• Using Service-Linked Roles for Amazon MemoryDB for Redis (p. 163)

Step 1: Create a cluster

Before creating a cluster for production use, you obviously need to consider how you will conﬁgure the cluster to meet your business needs. Those issues are addressed in the Preparing a cluster (p. 28)

section. For the purposes of this Getting Started exercise, you can accept the default conﬁguration values where they apply.

The cluster you create will be live, and not running in a sandbox. You will incur the standard MemoryDB usage fees for the instance until you delete it. The total charges will be minimal (typically less than a dollar) if you complete the exercise described here in one sitting and delete your cluster when you are ﬁnished. For more information about MemoryDB usage rates, see MemoryDB.

Your cluster is launched in a virtual private cloud (VPC) based on the Amazon VPC service.

Creating a MemoryDB cluster

The following examples show how to create a cluster using the AWS Management Console, AWS CLI and MemoryDB API.

Creating a cluster (Console)

To create a cluster using the MemoryDB console

1. Sign in to the AWS Management Console and open the MemoryDB for Redis console at https://

console.aws.amazon.com/memorydb/.

2. Choose Clusters In the left navigation pane and then choose Create cluster.

3. Complete the Cluster info section.

a. In Name, enter a name for your cluster.

Cluster naming constraints are as follows:

• Must contain 1–40 alphanumeric characters or hyphens.

• Must begin with a letter.

• Can't contain two consecutive hyphens.

• Can't end with a hyphen.

b. In the Description box, enter a description for this cluster.

4. Complete the Subnet groups section:

• For Subnet groups, create a new subnet group or choose an existing one from the available list that you want to apply to this cluster. If you are creating a new one:

• Enter a Name

• Enter a Description

• If you enabled Multi-AZ, the subnet group must contain at least two subnets that reside in diﬀerent availability zones. For more information, see Subnets and subnet groups (p. 198).

• If you are creating a new subnet group and do not have an existing VPC, you will be asked to create a VPC. For more information, see What is Amazon VPC? in the Amazon VPC User Guide.

5. Complete the Cluster settings section:

a. For Redis version compatibility, accept the default 6.2.

b. For Port, accept the default Redis port of 6379 or, if you have a reason to use a diﬀerent port, enter the port number..

c. For Parameter group, accept the default.memorydb-redis6 parameter group.

Creating a MemoryDB cluster

Parameter groups control the runtime parameters of your cluster. For more information on parameter groups, see Redis speciﬁc parameters (p. 133).

d. For Node type, choose a value for the node type (along with its associated memory size) that you want.

e. For Number of shards, choose the number of shards that you want for this cluster. For higher availability of your clusters, we recommend that you add at least 2 shards.

You can change the number of shards in your cluster dynamically. For more information, see Scaling MemoryDB clusters (p. 104).

f. For Replicas per shard, choose the number of read replica nodes that you want in each shard.

The following restrictions exist:

• If you have Multi-AZ enabled, make sure that you have at least one replica per shard.

• The number of replicas is the same for each shard when creating the cluster using the console.

g. Choose Next

h. Complete the Advanced settings section:

i. For Security groups, choose the security groups that you want for this cluster. A security group acts as a ﬁrewall to control network access to your cluster. You can use the default security group for your VPC or create a new one.

For more information on security groups, see Security groups for your VPC in the Amazon VPC User Guide.

ii. To encrypt your data, you have the following options:

• Encryption at rest – Enables encryption of data stored on disk. For more information, see Encryption at Rest.

NoteYou have the option to supply an encryption key other than default by choosing Customer Managed AWS-owned KMS key and choosing the key.

• Encryption in-transit – Enables encryption of data on the wire. If you select no encryption, then an open Access control list called “open access” will be created with a default user. For more information, see Authenticating users with Access Control Lists (ACLs) (p. 144).

iii. For Snapshot, optionally specify a snapshot retention period and a snapshot window. By default, Enable automatic snapshots is pre-selected.

iv. For Maintenance window optionally specify a maintenance window. The maintenance window is the time, generally an hour in length, each week when MemoryDB schedules system maintenance for your cluster. You can allow MemoryDB to choose the day and time for your maintenance window (No preference), or you can choose the day, time, and duration yourself (Specify maintenance window). If you choose Specify maintenance window from the lists, choose the Start day, Start time, and Duration (in hours) for your maintenance window. All times are UCT times.

For more information, see Managing maintenance (p. 58).

v. For Notiﬁcations, choose an existing Amazon Simple Notiﬁcation Service (Amazon SNS) topic, or choose Manual ARN input and enter the topic's Amazon Resource Name (ARN).

Amazon SNS allows you to push notiﬁcations to Internet-connected smart devices. The default is to disable notiﬁcations. For more information, see https://aws.amazon.com/sns/.

vi. For Tags, you can optionally apply tags to search and ﬁlter your clusters or track your AWS costs.

Creating a MemoryDB cluster

i. Review all your entries and choices, then make any needed corrections. When you're ready, choose Create cluster to launch your cluster, or Cancel to cancel the operation.

As soon as your cluster's status is available, you can grant EC2 access to it, connect to it, and begin using it. For more information, see Step 2: Authorize access to the cluster (p. 19)

Important

As soon as your cluster becomes available, you're billed for each hour or partial hour that the cluster is active, even if you're not actively using it. To stop incurring charges for this cluster, you must delete it. See Step 4: Deleting a cluster (p. 22).

Creating a MemoryDB cluster

Creating a cluster (AWS CLI)

To create a cluster using the AWS CLI, see create-cluster. The following is an example:

For Linux, macOS, or Unix:

aws memorydb create-cluster \ --cluster-name my-cluster ^ --node-type db.r6g.large ^ --acl-name my-acl ^ --subnet-group my-sg

You should get the following JSON response:

{ "Cluster": {

"Name": "my-cluster", "Status": "creating", "NumberOfShards": 1,

"AvailabilityMode": "MultiAZ", "ClusterEndpoint": {

"ParameterGroupName": "default.memorydb-redis6", "ParameterGroupStatus": "in-sync",

"SubnetGroupName": "my-sg", "TLSEnabled": true,

"ARN": "arn:aws:memorydb:us-east-1:xxxxxxxxxxxxxx:cluster/my-cluster", "SnapshotRetentionLimit": 0,

"MaintenanceWindow": "wed:03:00-wed:04:00", "SnapshotWindow": "04:30-05:30",

"ACLName": "my-acl",

"AutoMinorVersionUpgrade": true }

}

You can begin using the cluster once its status changes to available.

Important

Creating a cluster (MemoryDB API)

To create a cluster using the MemoryDB API, use the CreateCluster action.

Creating a MemoryDB cluster

Important

As soon as your cluster becomes available, you're billed for each hour or partial hour that the cluster is active, even if you're not using it. To stop incurring charges for this cluster, you must delete it. See Step 4: Deleting a cluster (p. 22).

Step 2: Authorize access to the cluster

This section assumes that you are familiar with launching and connecting to Amazon EC2 instances. For more information, see the Amazon EC2 Getting Started Guide.

All MemoryDB clusters are designed to be accessed from an Amazon EC2 instance. The most common scenario is to access a MemoryDB cluster from an Amazon EC2 instance in the same Amazon Virtual Private Cloud (Amazon VPC), which will be the case for this exercise.

Before you can connect to a cluster from an EC2 instance, you must authorize the EC2 instance to access the cluster.

The most common use case is when an application deployed on an EC2 instance needs to connect to a cluster in the same VPC. The simplest way to manage access between EC2 instances and clusters in the same VPC is to do the following:

1. Create a VPC security group for your cluster. This security group can be used to restrict access to the clusters. For example, you can create a custom rule for this security group that allows TCP access using the port you assigned to the cluster when you created it and an IP address you will use to access the cluster.

The default port for MemoryDB clusters is 6379.

2. Create a VPC security group for your EC2 instances (web and application servers). This security group can, if needed, allow access to the EC2 instance from the Internet via the VPC's routing table. For example, you can set rules on this security group to allow TCP access to the EC2 instance over port 22.

3. Create custom rules in the security group for your cluster that allow connections from the security group you created for your EC2 instances. This would allow any member of the security group to access the clusters.

To create a rule in a VPC security group that allows connections from another security group 1. Sign in to the AWS Management Console and open the Amazon VPC console at https://

console.aws.amazon.com/vpc.

2. In the left navigation pane, choose Security Groups.

3. Select or create a security group that you will use for your clusters. Under Inbound Rules, select Edit Inbound Rules and then select Add Rule. This security group will allow access to members of another security group.

4. From Type choose Custom TCP Rule.

a. For Port Range, specify the port you used when you created your cluster.

The default port for MemoryDB clusters is 6379.

b. In the Source box, start typing the ID of the security group. From the list select the security group you will use for your Amazon EC2 instances.

5. Choose Save when you ﬁnish.

Once you have enabled access, you are now ready to connect to the cluster, as discussed in the next section.

For information on accessing your MemoryDB cluster from a diﬀerent Amazon VPC, a diﬀerent AWS Region, or even your corporate network, see the following:

• Access Patterns for Accessing a MemoryDB Cluster in an Amazon VPC (p. 210)

Step 2: Authorize access to the cluster

• Accessing MemoryDB resources from outside AWS (p. 38)

Step 3: Connect to the cluster

Before you continue, complete Step 2: Authorize access to the cluster (p. 19).

This section assumes that you've created an Amazon EC2 instance and can connect to it. For instructions on how to do this, see the Amazon EC2 Getting Started Guide.

An Amazon EC2 instance can connect to a cluster only if you have authorized it to do so.

Find your cluster endpoint

When your cluster is in the available state and you've authorized access to it, you can log in to an Amazon EC2 instance and connect to the cluster. To do so, you must ﬁrst determine the endpoint.

To further explore how to ﬁnd your endpoints, see the following:

• Finding the Endpoint for a MemoryDB Cluster (AWS CLI) (p. 43)

• Finding the Endpoint for a MemoryDB Cluster (MemoryDB API) (p. 44)

Connect to a MemoryDB cluster (Linux)

Now that you have the endpoint you need, you can log in to an EC2 instance and connect to the cluster.

In the following example, you use the cli utility to connect to a cluster. The latest version of cli also supports SSL/TLS for connecting encryption/authentication enabled clusters.

Connecting to MemoryDB nodes using redis-cli

To access data from MemoryDB nodes, you use clients that work with Secure Socket Layer (SSL). You can also use redis-cli with TLS/SSL on Amazon Linux and Amazon Linux 2.

To use redis-cli to connect to a MemoryDB cluster on Amazon Linux 2 or Amazon Linux 1. Download and compile the redis-cli utility. This utility is included in the Redis software distribution.

2. At the command prompt of your EC2 instance, type the following commands:

Amazon Linux 2

$ sudo yum -y install openssl-devel gcc

$ wget http://download.redis.io/redis-stable.tar.gz

$ tar xvzf redis-stable.tar.gz

$ cd redis-stable

$ make distclean

$ make redis-cli BUILD_TLS=yes

$ sudo install -m 755 src/redis-cli /usr/local/bin/

Amazon Linux

$ sudo yum install gcc jemalloc-devel openssl-devel tcl tcl-devel clang wget

$ wget http://download.redis.io/redis-stable.tar.gz

$ tar xvzf redis-stable.tar.gz

$ cd redis-stable

$ make redis-cli CC=clang BUILD_TLS=yes

$ sudo install -m 755 src/redis-cli /usr/local/bin/

Step 4: Deleting a cluster

3. After this, it is recommended that you run the optional make-test command.

4. At the command prompt of your EC2 instance, type the following command, substituting the endpoint of your cluster and port for what is shown in this example.

src/redis-cli -c -h Cluster Endpoint --tls -p 6379

Step 4: Deleting a cluster

As long as a cluster is in the available state, you are being charged for it, whether or not you are actively using it. To stop incurring charges, delete the cluster.

Warning

When you delete a MemoryDB cluster, your manual snapshots are retained. You can also create a ﬁnal snapshot before the cluster is deleted. Automatic snapshots are not retained. For more information, see Snapshot and restore (p. 78).

Using the AWS Management Console

The following procedure deletes a single cluster from your deployment. To delete multiple clusters, repeat the procedure for each cluster that you want to delete. You do not need to wait for one cluster to ﬁnish deleting before starting the procedure to delete another cluster.

To delete a cluster

1. Sign in to the AWS Management Console and open the MemoryDB for Redis console at https://

console.aws.amazon.com/memorydb/.

2. To choose the cluster to delete, choose the radio button next to the cluster's name from the list of clusters. In this case, the name of the cluster you created at Step 1: Create a cluster (p. 14).

3. For Actions, choose Delete.

4. First choose whether to create a snapshot of the cluster before deleting it and then enter delete in the conﬁrmation box and Delete to delete the cluster, or choose Cancel to keep the cluster.

If you chose Delete, the status of the cluster changes to deleting.

As soon as your cluster is no longer listed in the list of clusters, you stop incurring charges for it.

Using the AWS CLI

The following code deletes the cluster my-cluster. In this case, substitute my-cluster with the name

在文檔中 Amazon MemoryDB for Redis (頁 17-200)