I am currently using Heroku's Memcached in a Rails 3 app and would like to move over to Elasticache because the pricing is much more favorable. Is this possible? Is the configuration relatively straightforward? Is there anything that I should be aware of as regards the performance?
Can I use Amazon Elasticache on Heroku?
Asked Answered
DANGER: I do NOT recommend using this solution for production use. While this does work, @btucker pointed out that it allows any Heroku-hosted app to access your ElastiCache cluster.
Yes you can. The setup is similar to the guide Heroku has on Amazon RDS. The steps that differ go like this:
- Follow the "Get Started with Amazon ElastiCache" guide to create a cache cluster and node
- Install the ElastiCache Command Line Toolkit
Allow Heroku's servers ingress to your ElastiCache cluster like the RDS guide explains but replace the
rds-commands withelasticache-ones:elasticache-authorize-cache-security-group-ingress \ --cache-security-group-name default \ --ec2-security-group-name default \ --ec2-security-group-owner-id 098166147350 \ # If your AWS_CREDENTIAL_FILE environment setting is configured, # this option is not necessary. --aws-credential-file ../credential-file-path.templateSet a Heroku config value for your production app with your cluster's hostname:
heroku config:set MEMCACHE_SERVERS=elasticachehostname.amazonaws.com
After that, follow the Memcache Rails setup, and you're set.
Sorry if I just hijack this comment, but you probably want to use the private address to not get charged all the traffic? We have tried to do it with our EC2 instance but it didnt work, but heard it'd work with Elasticache –
Camelopardalis
Where do you find the private address, @nambrot? I use the "endpoint" listed in the AWS console and haven't seen charges for ElastiCache traffic yet. –
Wary
This is correct information. You can also do the same thing through the Cache Security Group edit screen in the AWS console if you don't want to install/configure this command line tool. The key is knowing the Heroku account owner id. –
Bridgeport
heroku no longer publishes their account id and security group devcenter.heroku.com/changelog-items/353 –
Spaniard
@KhoaNguyen What is the etiquette for removing answers that are no longer correct? I annotated my answer saying I no longer recommended it, but maybe I should delete it entirely? –
Wary
No, it isn't recommended you use Elasticache as there is no authentication mechanism with it. As such, anyone can access your cache! This is normally fine as you would use AWS security rules to restrict what machines can access it to yours. However, this obviously doesn't work with Heroku since your app is run on a randomly chosen machine of Herokus.
You could deploy memcache yourself with SASL authentication on an EC2 machine. ElastiCache doesn't really give you anything more than an EC2 machine with memcache pre-installed anyway.
There is another option: MemCachier
(Full disclaimer, I work for MemCachier).
There is another memcache provider on Heroku that is significantly cheaper than the membase provided one. It's called MemCachier, addon home page is here.
It's comparable in price to ElasticCache depending on your cache size and if you use reserved instances or not (at the very large cache sizes ElatiCache is cheaper).
Update (June, 2013): The membase memcache addon has shutdown, so MemCachier is the only provider of Memcache on Heroku.
Please reach out to me if you need any help even if you go with ElastiCache.
Cool. I've had a look at the docs but just to clarify - if I'm currently using the membase addon on Heroku, other than adding gem 'memcachier' to my Gemfile, are there any other changes I need to make to switch over to your system? –
Fleecy
@alpheus, yes, all you should need to do is add the
memcachier gem and everything else should work. Let us know if you have issues: [email protected]. (Full disclaimer: I work on MemCachier, too). –
Neckar DANGER: I do NOT recommend using this solution for production use. While this does work, @btucker pointed out that it allows any Heroku-hosted app to access your ElastiCache cluster.
Yes you can. The setup is similar to the guide Heroku has on Amazon RDS. The steps that differ go like this:
- Follow the "Get Started with Amazon ElastiCache" guide to create a cache cluster and node
- Install the ElastiCache Command Line Toolkit
Allow Heroku's servers ingress to your ElastiCache cluster like the RDS guide explains but replace the
rds-commands withelasticache-ones:elasticache-authorize-cache-security-group-ingress \ --cache-security-group-name default \ --ec2-security-group-name default \ --ec2-security-group-owner-id 098166147350 \ # If your AWS_CREDENTIAL_FILE environment setting is configured, # this option is not necessary. --aws-credential-file ../credential-file-path.templateSet a Heroku config value for your production app with your cluster's hostname:
heroku config:set MEMCACHE_SERVERS=elasticachehostname.amazonaws.com
After that, follow the Memcache Rails setup, and you're set.
Sorry if I just hijack this comment, but you probably want to use the private address to not get charged all the traffic? We have tried to do it with our EC2 instance but it didnt work, but heard it'd work with Elasticache –
Camelopardalis
Where do you find the private address, @nambrot? I use the "endpoint" listed in the AWS console and haven't seen charges for ElastiCache traffic yet. –
Wary
This is correct information. You can also do the same thing through the Cache Security Group edit screen in the AWS console if you don't want to install/configure this command line tool. The key is knowing the Heroku account owner id. –
Bridgeport
heroku no longer publishes their account id and security group devcenter.heroku.com/changelog-items/353 –
Spaniard
@KhoaNguyen What is the etiquette for removing answers that are no longer correct? I annotated my answer saying I no longer recommended it, but maybe I should delete it entirely? –
Wary
It's worth noting that while @ssorallen's answer above will work as described, it also allows ANY heroku-deployed app to access your memcached server. So if you store anything at all confidential, or you're concerned about other people making use of your ElatiCache cluster, don't do it. In the context of RDS you have the access control built into the database, but memcached has no such authentication supported by ElastiCache. So opening up the security group to all of Heroku is a pretty big risk.
That's a great point. Given ElastiCache doesn't use authentication, is there a way to prevent this? Security through obscurity of the hostname is barely security. –
Wary
@ssorallen, unfortunately there is no way around this with ElastiCache that I'm aware of. There are some alternative distributions of memcached which support authentication, but you'd need to run this yourself on an ec2 instance. –
Derwin
Just had this topic come up again, and one possible solution to this is to have your code on heroku talk to the AWS API and add a rule to the ElasticCache security group for traffic coming from the current Dyno. I think that would probably work. It would just need to run prior to the memcache client attempting to connect to ElastiCache. –
Derwin
Did you have any luck with your setup? I haven't had a chance to try it out yet. –
Wary
I haven't actually tried, as I haven't needed this myself-- ended up just hosting the app on EC2. But in reading the documentation, unfortunately I don't think it'll work. ElastiCache security groups only allow configuring ingress from an EC2 Security group, not a particular IP. So that leaves you back at the beginning where you're forced to open up to all of heroku. Some day, hopefully, heroku will allow you to run under a custom security group. –
Derwin
There are several Heroku addons that will kinda solve this problem. They provide a SOCKS5 proxy with a static IP address that you can whitelist.
- https://elements.heroku.com/addons/proximo
- https://elements.heroku.com/addons/quotaguardstatic
- https://elements.heroku.com/addons/fixie-socks
You can also do this yourself by setting up your own SOCKS5 proxy on ec2.
Note the caveats here though: http://docs.aws.amazon.com/AmazonElastiCache/latest/UserGuide/Access.Outside.html
It's slower, unencrypted, and some NAT monkey business will be required to get it working.
If you are using Heroku Private spaces, then it should be possible to do using VPC peering. Follow the instructions here so that your AWS VPC and Heroku VPC can access each other's resources: https://devcenter.heroku.com/articles/private-space-peering
Once you have the above setup working, just create an elastic cache cluster in the AWS VPC and allow access from the dyno CIDR ranges in the AWS security group or to the complete Heroku VPC CIDR and your dynos will be able to access elastic cache URLs. I was able to get a working setup for Redis, and it should work for any other resource in the AWS VPC.
© 2022 - 2024 — McMap. All rights reserved.