Setting up ami

Estimated time: ~5 minutes

If this is the first time you're setting up one of our AWS AMI, we've got you covered.


Accessing your instance

First of all, log into your EC2 instance using SSH:

ssh -i <your-cert-file.pem> <user>@<ip>

If you're using the Ubuntu 22.04 image, the user will be ubuntu. If you're using Amazon Linux 2023, it'll be ec2-user.


Connecting to the Valkey Server

You can connect to the Valkey Server using valkey-cli:

ubuntu@valkey:~$ valkey-cli
127.0.0.1:6379> ping
PONG

The valkey-server is listening to all the interfaces (0.0.0.0/0).
However, if you try to connect to the server from outside your instance, you'll see this message:

user@local:~$ valkey-cli -h <instance-public-ip>
<instance-public-ip>:6379> ping
(error) DENIED Redis is running in protected mode because protected mode is enabled and no password is set for the default user. In this mode connections are only accepted from the loopback interface. If you want to connect from external computers to Redis you may adopt one of the following solutions: 1) Just disable protected mode sending the command 'CONFIG SET protected-mode no' from the loopback interface by connecting to Redis from the same host the server is running, however MAKE SURE Redis is not publicly accessible from internet if you do so. Use CONFIG REWRITE to make this change permanent. 2) Alternatively you can just disable the protected mode by editing the Redis configuration file, and setting the protected mode option to 'no', and then restarting the server. 3) If you started the server manually just for testing, restart it with the '--protected-mode no' option. 4) Set up an authentication password for the default user. NOTE: You only need to do one of the above things in order for the server to start accepting connections from the outside.

Now it's time for you to decide how you want to configure authentication based on your needs.


Setting up Authentication

Depending on how you need to use Valkey, you'll want to set up auth in a way or another.
If you need Valkey to be accessible throught the internet, we would recommend setting autentication credentials.
If you're only going to allow traffic from your internat network, disabling the protection mode may be enough for you.

Disabling protected mode

To disable the protected mode, you just need to connect to the Valkey server using valkey-cli and run the following command:

ubuntu@valkey:~$ valkey-cli
127.0.0.1:6379> CONFIG SET protected-mode no
OK

After running the command, you'll notice you can access Valkey from outside your instance.

user@local:~$ valkey-cli -h <instance-public-ip>
<instance-public-ip>:6379> ping
PONG


Setting default user password

Even if you're only allowing connections from your private network, you may want to set some credentials.
To set the password for the default user, run the following command:

ubuntu@valkey:~$ valkey-cli
127.0.0.1:6379> CONFIG SET requirepass yourPass
OK

After doing that, you'll be able to log into Valkey from outside your instance.

user@local:~$ valkey-cli -h <instance-public-ip>
<instance-public-ip>:6379> auth yourPass
OK
<instance-public-ip>:6379> ping
PONG


Setting ACL Users

If you want to be even more restrictive, you can set ACLs to give specific permissions to your users by running:

ubuntu@valkey:~$ valkey-cli
127.0.0.1:6379> ACL SETUSER yourUser on >yourPass ~* +@all
OK

For more information about ACLs and permissions, visit the Redis ACL documentation.

After adding a user, you'll be able to log in from the outside of your instance:

user@local:~$ valkey-cli -h <instance-public-ip>
<instance-public-ip>:6379> auth yourUser yourPass
OK
<instance-public-ip>:6379> ping
PONG


Managing the Valkey server

The Valkey server Service file is located at /etc/systemd/system/valkey-server.service.
So, you can use systemctl to control the service:

sudo systemctl <start|stop|restart|status|enable|disable> valkey-server

By default, the service will start when the system boots.