From b91f6e492b9b4a9561ec3d4b46d1862aa920ed80 Mon Sep 17 00:00:00 2001 From: stack72 Date: Fri, 24 Oct 2025 20:10:56 +0100 Subject: [PATCH] Fix redis connection for https --- packages/web/src/index.ts | 6 ++++++ packages/web/src/utils/elasticache-iam-auth.ts | 6 ++++-- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/packages/web/src/index.ts b/packages/web/src/index.ts index 1d6d105..bca447b 100644 --- a/packages/web/src/index.ts +++ b/packages/web/src/index.ts @@ -71,6 +71,10 @@ async function initializeRedisClient(): Promise { // Create Redis client with IAM credentials and TLS // TLS is REQUIRED for IAM authentication with AWS ElastiCache + // + // Based on AWS documentation and examples (Python, Java, Go): + // Both username and password (IAM token) must be provided for AUTH + // The redis client will send: AUTH username token client = createClient({ socket: { host, @@ -89,6 +93,8 @@ async function initializeRedisClient(): Promise { return Math.min(retries * 100, 3000); // Exponential backoff, max 3s }, }, + // Provide both username and IAM-generated token for authentication + // This matches AWS documentation for IAM auth with ElastiCache username, password: token, }); diff --git a/packages/web/src/utils/elasticache-iam-auth.ts b/packages/web/src/utils/elasticache-iam-auth.ts index 0fb75f6..36423c0 100644 --- a/packages/web/src/utils/elasticache-iam-auth.ts +++ b/packages/web/src/utils/elasticache-iam-auth.ts @@ -54,10 +54,12 @@ export async function generateIAMAuthToken( query.ResourceType = 'ServerlessCache'; } - // Create the HTTP request to sign + // Create the HTTPS request to sign + // IMPORTANT: Must use https:// protocol for signature (even though final token strips the protocol) + // This matches the Python implementation in AWS docs const request = new HttpRequest({ method: 'GET', - protocol: 'http:', + protocol: 'https:', hostname: endpoint, port, path: '/',