Requirements
Networking
Certain ports must be accessible to connect to Formal Resources. You can listen on multiple ports simultaneously for various Resources. For accessing Redis, you may assign any port except 8080 (Connector’s health check port). Ensure your security groups are configured to allow traffic on the designated port.Connect to Redis
redis-cli
To connect using redis-cli, execute the following command:CONNECTOR_HOSTNAME, PORT, and FORMAL_PASSWORD with the right values. To learn more about users, check out Native Users.
You can access your Formal Credentials in the Formal
console.
You are free to use any preferred client.
Redis Cluster
Formal supports Redis Cluster when clients connect to the Connector over TLS. Cluster nodes often advertise private addresses in redirects and topology replies. The Connector rewrites those addresses to Connector hostnames and routes reconnects to the right node using SNI. The Resource hostname should be the cluster endpoint, or another stable seed endpoint that returns cluster topology. Any cluster-aware Redis client should work.IAM authentication (Amazon ElastiCache)
Formal can authenticate to Amazon ElastiCache (Valkey 7.2+ or Redis OSS 7+) using AWS IAM. The Connector generates a short-lived IAM authentication token and sends it as the password in the upstreamAUTH command.
Create an ElastiCache user with its authentication mode set to IAM, and set the Formal native user’s username to that ElastiCache user id.
Configure the Redis Native User to use IAM authentication:
- AWS IAM: the Connector signs the token with the IAM role of its running environment. That role is the principal and needs the
elasticache:Connectpermission below. - AWS IAM with a role to assume: provide a role ARN such as
arn:aws:iam::123456789012:role/formal-redis-role. The Connector assumes that role before signing, and the assumed role is the principal that needselasticache:Connect.
elasticache:Connect action to the IAM principal for both the cache and the user:
ElastiCache requires in-transit encryption (TLS) for IAM authentication.
Policy Evaluation
Formal supports the following policy evaluation stages for Redis:- Session: Evaluate and enforce policies at connection time
- Request: Evaluate and enforce policies at request time before command execution
End-user Identity Propagation
Formal supports end-user identity propagation for Redis commands. To enable this, you can use theCLIENT SETNAME command to set the end-user identity.
example@example.com for the current connection.