Securing your RedisMonitor

RedisMonitor works by connecting to your Redis server from one of several monitoring servers in Amazon's us-east-1 EC2 Region and recording your server's PING, SLOWLOG, and INFO results. RedisMonitor does not run any other commands on your server.

RedisMonitor connects from any one of the following IPs:

  • 52.4.225.198
  • 52.22.9.210
  • 52.22.8.155
  • 52.72.75.249
  • 52.73.73.70

Use the following instructions to allow RedisMonitor to access your Redis server securely. If you have different security requirements or have any questions, send us an email.

We do not currently recommend using RedisMonitor outside of AWS EC2's us-east-1 region. If you'd like to use RedisMonitor in another region, send us an email.

AWS EC2 VPC Security Group

If you use Security Groups to restrict traffic from outside your VPC to your VPC EC2 instances, you can add the following rules to your Security Group to allow RedisMonitor to connect:

For more information on using Security Groups with VPC instances, see: Security Groups for Your VPC.

AWS EC2 VPC Network ACL

If you use ACLs to restrict traffic from outside your VPC to your VPC EC2 instances, allow the following sources to access your Redis port in your ACL's "Inbound Rules" tab:

  • 52.4.225.198/32
  • 52.22.9.210/32
  • 52.22.8.155/32
  • 52.72.75.249/32
  • 52.73.73.70/32

If you also use Security Groups to restrict traffic to your VPC EC2 instances, you'll need to add rules to allow RedisMonitor there, as well.

For more information about using Network ACLs to restrict traffic to your VPC EC2 instances, see: Network ACLs.

AWS ElastiCache

Due to AWS restrictions, we do not currently support ElastiCache directly.

One option, however, is to create a NAT instance inside your VPC that can forward RedisMonitor traffic to your ElastiCache servers. See AWS's "Accessing ElastiCache Resources from Outside AWS" page for more information. Once your NAT instance is running, you can use Security Groups, Network ACLs, firewall rules, or iptables rules to restrict access to RedisMonitor.

Firewalls

To allow RedisMonitor access to your server through a firewall, you'll need to allow TCP traffic from the following IP addresses to your Redis server's port (6379 by default).

  • 52.4.225.198
  • 52.22.9.210
  • 52.22.8.155
  • 52.72.75.249
  • 52.73.73.70

ufw

ufw (Uncomplicated Firewall) is the default firewall tool for Ubuntu. Run the following to allow RedisMonitor to connect to your server:

sudo ufw allow proto tcp from 52.4.225.198 to any port 6379
sudo ufw allow proto tcp from 52.22.9.210 to any port 6379
sudo ufw allow proto tcp from 52.22.8.155 to any port 6379
sudo ufw allow proto tcp from 52.72.75.249 to any port 6379
sudo ufw allow proto tcp from 52.73.73.70 to any port 6379

(Where 6379 is replaced with your Redis server's port, of course.)

iptables

If you are using iptables directly to restrict access to Redis, you'll need to add a rule that allows TCP traffic from the following IPs:

  • 52.4.225.198
  • 52.22.9.210
  • 52.22.8.155
  • 52.72.75.249
  • 52.73.73.70

Because every iptables configuration is different, we recommend testing your configuration on a staging server before updating your configuration on a production server.

The following pages have good introductions to iptables:


Explore Your Redis Memory Usage with an Interactive Map

RedisMonitor shows you large keys, memory leaks, old keys, and other potential problems quickly. Try it today without a credit card.

← Back to docs