playbooks

home / skills / giuseppe-trisciuoglio / developer-kit / aws-cloudformation-elasticache

aws-cloudformation-elasticache skill

/plugins/developer-kit-aws/skills/aws-cloudformation/aws-cloudformation-elasticache

This skill helps you model production-ready ElastiCache infrastructure with CloudFormation, covering clusters, replication groups, subnet and parameter groups.

npx playbooks add skill giuseppe-trisciuoglio/developer-kit --skill aws-cloudformation-elasticache

Review the files below or copy the command above to add this skill to your agents.

Files (3)
SKILL.md
34.1 KB
---
name: aws-cloudformation-elasticache
description: Provides AWS CloudFormation patterns for Amazon ElastiCache. Use when creating ElastiCache clusters (Redis, Memcached), replication groups, parameter groups, subnet groups, and implementing template structure with Parameters, Outputs, Mappings, Conditions, and cross-stack references for distributed caching infrastructure.
category: aws
tags: [aws, cloudformation, elasticache, redis, memcached, cache, infrastructure, iaac]
version: 1.0.0
allowed-tools: Read, Write, Bash
---

# AWS CloudFormation ElastiCache

## Overview

Create production-ready Amazon ElastiCache infrastructure using AWS CloudFormation templates. This skill covers Redis clusters, Memcached clusters, replication groups, parameter groups, subnet groups, security groups, template structure best practices, parameter patterns, and cross-stack references for modular, reusable infrastructure as code.

## When to Use

Use this skill when:
- Creating new ElastiCache Redis clusters (standalone or clustered)
- Setting up Redis Replication Groups for high availability
- Creating Memcached clusters for distributed caching
- Configuring ElastiCache Parameter Groups
- Setting up ElastiCache Subnet Groups for VPC deployment
- Implementing template Parameters with AWS-specific types
- Creating Outputs for cross-stack references
- Organizing templates with Mappings and Conditions
- Designing reusable, modular CloudFormation templates for caching infrastructure

## Instructions

Follow these steps to create ElastiCache infrastructure with CloudFormation:

1. **Define Cluster Parameters**: Specify engine, node type, and cluster settings
2. **Configure Subnet Group**: Set up VPC subnet configuration for cluster
3. **Create Parameter Group**: Define engine-specific parameter settings
4. **Set Up Security Groups**: Configure network access controls
5. **Create Replication Group**: Implement multi-node for high availability
6. **Configure Backups**: Set up automatic snapshot schedules
7. **Add Monitoring**: Enable CloudWatch metrics for cluster health
8. **Implement Scaling**: Configure auto-scaling for node count

For complete examples, see the [EXAMPLES.md](references/examples.md) file.

## Examples

The following examples demonstrate common ElastiCache patterns:

### Example 1: Redis Cluster

```yaml
RedisCluster:
  Type: AWS::ElastiCache::CacheCluster
  Properties:
    CacheNodeType: cache.t3.micro
    Engine: redis
    NumCacheNodes: 3
    CacheSubnetGroupName: !Ref CacheSubnetGroup
    VpcSecurityGroupIds:
      - !Ref CacheSecurityGroup
    ClusterName: !Sub "${AWS::StackName}-redis"
```

### Example 2: Redis Replication Group

```yaml
ReplicationGroup:
  Type: AWS::ElastiCache::ReplicationGroup
  Properties:
    ReplicationGroupId: !Sub "${AWS::StackName}-replica"
    ReplicationGroupDescription: Primary and read replicas
    NumNodeGroups: 2
    ReplicasPerNodeGroup: 1
    CacheNodeType: cache.t3.micro
    Engine: redis
    AutomaticFailoverEnabled: true
    MultiAZEnabled: true
```

### Example 3: Memcached Cluster

```yaml
MemcachedCluster:
  Type: AWS::ElastiCache::CacheCluster
  Properties:
    CacheNodeType: cache.t3.micro
    Engine: memcached
    NumCacheNodes: 4
    CacheSubnetGroupName: !Ref CacheSubnetGroup
    VpcSecurityGroupIds:
      - !Ref CacheSecurityGroup
```

For complete production-ready examples, see [EXAMPLES.md](references/examples.md).

## Quick Start

### Basic Redis Cluster

```yaml
AWSTemplateFormatVersion: 2010-09-09
Description: Simple Redis ElastiCache cluster with basic configuration

Parameters:
  CacheNodeType:
    Type: String
    Default: cache.t3.micro
    Description: Cache node instance type

  NumCacheNodes:
    Type: Number
    Default: 1
    Description: Number of cache nodes

Resources:
  CacheSubnetGroup:
    Type: AWS::ElastiCache::SubnetGroup
    Properties:
      Description: Subnet group for ElastiCache
      SubnetIds:
        - !Ref PrivateSubnet1
        - !Ref PrivateSubnet2

  CacheCluster:
    Type: AWS::ElastiCache::Cluster
    Properties:
      CacheNodeType: !Ref CacheNodeType
      NumCacheNodes: !Ref NumCacheNodes
      Engine: redis
      CacheSubnetGroupName: !Ref CacheSubnetGroup
      VpcSecurityGroupIds:
        - !Ref CacheSecurityGroup

Outputs:
  RedisEndpoint:
    Description: Redis cluster endpoint address
    Value: !GetAtt CacheCluster.RedisEndpoint.Address

  RedisPort:
    Description: Redis cluster port
    Value: !GetAtt CacheCluster.RedisEndpoint.Port
```

### Redis Replication Group

```yaml
AWSTemplateFormatVersion: 2010-09-09
Description: Redis Replication Group with primary and read replicas

Parameters:
  CacheNodeType:
    Type: String
    Default: cache.t3.micro
    Description: Cache node instance type

Resources:
  CacheSubnetGroup:
    Type: AWS::ElastiCache::SubnetGroup
    Properties:
      Description: Subnet group for Redis replication
      SubnetIds:
        - !Ref PrivateSubnet1
        - !Ref PrivateSubnet2

  ReplicationGroup:
    Type: AWS::ElastiCache::ReplicationGroup
    Properties:
      ReplicationGroupDescription: Primary and replicas for HA
      Engine: redis
      CacheNodeType: !Ref CacheNodeType
      NumNodeGroups: 1
      ReplicasPerNodeGroup: 1
      AutomaticFailoverEnabled: true
      MultiAZEnabled: true
      CacheSubnetGroupName: !Ref CacheSubnetGroup
      VpcSecurityGroupIds:
        - !Ref CacheSecurityGroup

Outputs:
  PrimaryEndpoint:
    Description: Primary endpoint for write operations
    Value: !GetAtt ReplicationGroup.PrimaryEndPoint.Address

  ReaderEndpoint:
    Description: Reader endpoint for read operations
    Value: !GetAtt ReplicationGroup.ReaderEndPoint.Address
```

## Template Structure

### Template Sections Overview

AWS CloudFormation templates are JSON or YAML files with specific sections. Each section serves a purpose in defining your infrastructure.

```yaml
AWSTemplateFormatVersion: 2010-09-09  # Required - template version
Description: Optional description string  # Optional description

# Section order matters for readability but CloudFormation accepts any order
Mappings: {}       # Static configuration tables
Metadata: {}       # Additional information about resources
Parameters: {}     # Input values for customization
Rules: {}          # Parameter validation rules
Conditions: {}     # Conditional resource creation
Transform: {}      # Macro processing (e.g., AWS::Serverless)
Resources: {}      # AWS resources to create (REQUIRED)
Outputs: {}        # Return values after stack creation
```

### Format Version

The `AWSTemplateFormatVersion` identifies the template version. Current version is `2010-09-09`.

```yaml
AWSTemplateFormatVersion: 2010-09-09
Description: ElastiCache Redis Cluster Template
```

### Description

Add a description to document the template's purpose. Must appear after the format version.

```yaml
AWSTemplateFormatVersion: 2010-09-09
Description: >
  This template creates an ElastiCache Redis cluster with:
  - Multi-AZ deployment for high availability
  - Automatic failover enabled
  - Encrypted at-rest and in-transit
  - Parameter group for custom configuration
```

### Metadata

Use `Metadata` for additional information about resources or parameters, including AWS::CloudFormation::Interface for parameter grouping.

```yaml
Metadata:
  AWS::CloudFormation::Interface:
    ParameterGroups:
      - Label:
          default: Cache Configuration
        Parameters:
          - CacheNodeType
          - NumCacheNodes
          - Engine
      - Label:
          default: Network
        Parameters:
          - CacheSubnetGroupName
          - VpcSecurityGroupIds
    ParameterLabels:
      CacheNodeType:
        default: Cache Node Instance Type
      NumCacheNodes:
        default: Number of Cache Nodes
```

### Resources Section

The `Resources` section is the only required section. It defines AWS resources to provision.

```yaml
Resources:
  # Cache Subnet Group (required for VPC deployment)
  CacheSubnetGroup:
    Type: AWS::ElastiCache::SubnetGroup
    Properties:
      Description: Subnet group for ElastiCache deployment
      SubnetIds:
        - !Ref PrivateSubnet1
        - !Ref PrivateSubnet2

  # Cache Parameter Group
  CacheParameterGroup:
    Type: AWS::ElastiCache::ParameterGroup
    Properties:
      Description: Custom parameter group for Redis
      Family: redis7.x
      Parameters:
        maxmemory-policy: allkeys-lru
        timeout: 300

  # Cache Cluster
  CacheCluster:
    Type: AWS::ElastiCache::Cluster
    Properties:
      CacheNodeType: cache.t3.micro
      NumCacheNodes: 1
      Engine: redis
      CacheSubnetGroupName: !Ref CacheSubnetGroup
      CacheParameterGroupName: !Ref CacheParameterGroup
```

## Parameters

### Parameter Types

Use AWS-specific parameter types for validation and easier selection in the console.

```yaml
Parameters:
  CacheNodeType:
    Type: String
    Description: ElastiCache node instance type
    Default: cache.t3.micro

  CacheSubnetGroup:
    Type: AWS::ElastiCache::SubnetGroup::Name
    Description: Existing cache subnet group

  VpcSecurityGroupId:
    Type: AWS::EC2::SecurityGroup::Id
    Description: Security group for cache cluster
```

### AWS::ElastiCache::CacheCluster::CacheNodeType Values

Common ElastiCache node types:

```yaml
Parameters:
  CacheNodeType:
    Type: String
    Default: cache.t3.micro
    AllowedValues:
      - cache.t3.micro
      - cache.t3.small
      - cache.t3.medium
      - cache.t3.large
      - cache.m5.large
      - cache.m5.xlarge
      - cache.m5.2xlarge
      - cache.m5.4xlarge
      - cache.r5.large
      - cache.r5.xlarge
      - cache.r5.2xlarge
      - cache.r5.4xlarge
      - cache.r6g.large
      - cache.r6g.xlarge
      - cache.r6g.2xlarge
```

### Parameter Constraints

Add constraints to validate parameter values.

```yaml
Parameters:
  CacheClusterId:
    Type: String
    Description: Cache cluster identifier
    Default: myrediscluster
    AllowedPattern: "[a-zA-Z][a-zA-Z0-9]*"
    ConstraintDescription: Must begin with a letter; contain only alphanumeric characters
    MinLength: 1
    MaxLength: 50

  NumCacheNodes:
    Type: Number
    Description: Number of cache nodes
    Default: 1
    MinValue: 1
    MaxValue: 10

  CachePort:
    Type: Number
    Description: Cache port number
    Default: 6379
    MinValue: 1024
    MaxValue: 65535
```

### Engine and Version Parameters

```yaml
Parameters:
  Engine:
    Type: String
    Description: Cache engine
    Default: redis
    AllowedValues:
      - redis
      - memcached

  EngineVersion:
    Type: String
    Description: Cache engine version
    Default: 7.0

  EngineVersionMajor:
    Type: String
    Description: Cache engine major version
    Default: "7.0"
    AllowedValues:
      - "6.x"
      - "7.0"
```

### SSM Parameter Types

Reference Systems Manager parameters for dynamic values.

```yaml
Parameters:
  LatestRedisVersion:
    Type: AWS::SSM::Parameter::Value<String>
    Description: Latest Redis version from SSM
    Default: /elasticache/redis/latest/version

  LatestMemcachedVersion:
    Type: AWS::SSM::Parameter::Value<String>
    Description: Latest Memcached version from SSM
    Default: /elasticache/memcached/latest/version
```

## Mappings

Use `Mappings` for static configuration data based on regions or instance types.

```yaml
Mappings:
  CacheNodeConfig:
    cache.t3.micro:
      CPU: 2
      MemoryMiB: 555
      NetworkGbits: 5
    cache.t3.medium:
      CPU: 2
      MemoryMiB: 3218
      NetworkGbits: 10
    cache.m5.large:
      CPU: 2
      MemoryMiB: 6910
      NetworkGbits: 10
    cache.r5.large:
      CPU: 2
      MemoryMiB: 13866
      NetworkGbits: 10

  RegionMap:
    us-east-1:
      RedisPort: 6379
      MemcachedPort: 11211
    us-west-2:
      RedisPort: 6379
      MemcachedPort: 11211
    eu-west-1:
      RedisPort: 6379
      MemcachedPort: 11211

Resources:
  CacheCluster:
    Type: AWS::ElastiCache::Cluster
    Properties:
      CacheNodeType: !Ref CacheNodeType
      NumCacheNodes: 1
      Engine: redis
      CachePort: !FindInMap [RegionMap, !Ref AWS::Region, RedisPort]
```

## Conditions

Use `Conditions` to conditionally create resources based on parameters.

```yaml
Parameters:
  EnableMultiAZ:
    Type: String
    Default: false
    AllowedValues:
      - true
      - false

  EnableEncryption:
    Type: String
    Default: true
    AllowedValues:
      - true
      - false

  Environment:
    Type: String
    Default: development
    AllowedValues:
      - development
      - staging
      - production

Conditions:
  IsMultiAZ: !Equals [!Ref EnableMultiAZ, true]
  IsEncrypted: !Equals [!Ref EnableEncryption, true]
  IsProduction: !Equals [!Ref Environment, production]

Resources:
  CacheCluster:
    Type: AWS::ElastiCache::Cluster
    Properties:
      CacheNodeType: !Ref CacheNodeType
      NumCacheNodes: !If [IsMultiAZ, 2, 1]
      Engine: redis
      AutomaticFailoverEnabled: !If [IsMultiAZ, true, false]
      CacheSubnetGroupName: !Ref CacheSubnetGroup
      VpcSecurityGroupIds:
        - !Ref CacheSecurityGroup
```

### Condition Functions

```yaml
Conditions:
  IsDev: !Equals [!Ref Environment, development]
  IsStaging: !Equals [!Ref Environment, staging]
  IsProduction: !Equals [!Ref Environment, production]

Resources:
  CacheCluster:
    Type: AWS::ElastiCache::Cluster
    Properties:
      # Production gets larger instances
      CacheNodeType: !If [IsProduction, cache.r5.large, cache.t3.micro]
      # Production gets multi-AZ
      NumCacheNodes: !If [IsProduction, 3, 1]
      AutomaticFailoverEnabled: !If [IsProduction, true, false]
```

## Transform

Use `Transform` for macros like AWS::Serverless for SAM templates.

```yaml
AWSTemplateFormatVersion: 2010-09-09
Transform: AWS::Serverless-2016-10-31
Description: Serverless ElastiCache application template

Globals:
  Function:
    Timeout: 30
    Runtime: python3.11

Resources:
  CacheFunction:
    Type: AWS::Serverless::Function
    Properties:
      Handler: app.handler
      CodeUri: function/
      Policies:
        - ElastiCacheFullAccessPolicy:
            CacheClusterId: !Ref CacheCluster
      Environment:
        Variables:
          CACHE_ENDPOINT: !GetAtt CacheCluster.RedisEndpoint.Address
          CACHE_PORT: !GetAtt CacheCluster.RedisEndpoint.Port
```

## Outputs and Cross-Stack References

### Basic Outputs

```yaml
Outputs:
  CacheClusterId:
    Description: Cache Cluster ID
    Value: !Ref CacheCluster

  CacheClusterEndpoint:
    Description: Cache cluster endpoint address
    Value: !GetAtt CacheCluster.RedisEndpoint.Address

  CacheClusterPort:
    Description: Cache cluster port
    Value: !GetAtt CacheCluster.RedisEndpoint.Port

  CacheClusterArn:
    Description: Cache Cluster ARN
    Value: !GetAtt CacheCluster.Arn

  CacheNodeType:
    Description: Cache Node Type
    Value: !Ref CacheNodeType
```

### Exporting Values for Cross-Stack References

Export values so other stacks can import them.

```yaml
Outputs:
  CacheClusterId:
    Description: Cache Cluster ID for other stacks
    Value: !Ref CacheCluster
    Export:
      Name: !Sub ${AWS::StackName}-CacheClusterId

  CacheClusterEndpoint:
    Description: Cache cluster endpoint for application stacks
    Value: !GetAtt CacheCluster.RedisEndpoint.Address
    Export:
      Name: !Sub ${AWS::StackName}-CacheEndpoint

  CacheClusterPort:
    Description: Cache cluster port for application stacks
    Value: !GetAtt CacheCluster.RedisEndpoint.Port
    Export:
      Name: !Sub ${AWS::StackName}-CachePort

  ConnectionString:
    Description: Full connection string for applications
    Value: !Sub redis://${CacheClusterEndpoint}:${CacheClusterPort}/0
    Export:
      Name: !Sub ${AWS::StackName}-CacheConnectionString
```

### Importing Values in Another Stack

```yaml
Parameters:
  CacheClusterId:
    Type: AWS::ElastiCache::Cluster::Id
    Description: Cache cluster ID from cache stack

  CacheEndpoint:
    Type: String
    Description: Cache cluster endpoint address

Resources:
  ApplicationConfig:
    Type: AWS::SSM::Parameter
    Properties:
      Name: /app/cache/endpoint
      Value: !Ref CacheEndpoint
      Type: String
```

### Cross-Stack Reference Pattern

Create a dedicated cache stack that exports values:

```yaml
# cache-stack.yaml
AWSTemplateFormatVersion: 2010-09-09
Description: Cache infrastructure stack

Parameters:
  EnvironmentName:
    Type: String
    Default: production

Resources:
  CacheSubnetGroup:
    Type: AWS::ElastiCache::SubnetGroup
    Properties:
      Description: !Sub Subnet group for ${EnvironmentName}
      SubnetIds:
        - !Ref PrivateSubnet1
        - !Ref PrivateSubnet2

  CacheParameterGroup:
    Type: AWS::ElastiCache::ParameterGroup
    Properties:
      Description: Redis parameter group
      Family: redis7.x
      Parameters:
        maxmemory-policy: allkeys-lru

  CacheSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Cache security group
      VpcId: !Ref VPCId
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: 6379
          ToPort: 6379
          SourceSecurityGroupId: !Ref AppSecurityGroup

  ReplicationGroup:
    Type: AWS::ElastiCache::ReplicationGroup
    Properties:
      ReplicationGroupDescription: Redis replication for ${EnvironmentName}
      Engine: redis
      CacheNodeType: cache.r5.large
      NumNodeGroups: 1
      ReplicasPerNodeGroup: 1
      AutomaticFailoverEnabled: true
      MultiAZEnabled: true
      CacheSubnetGroupName: !Ref CacheSubnetGroup
      CacheParameterGroupName: !Ref CacheParameterGroup
      VpcSecurityGroupIds:
        - !Ref CacheSecurityGroup

Outputs:
  CacheClusterId:
    Value: !Ref ReplicationGroup
    Export:
      Name: !Sub ${EnvironmentName}-CacheClusterId

  CacheEndpoint:
    Value: !GetAtt ReplicationGroup.PrimaryEndPoint.Address
    Export:
      Name: !Sub ${EnvironmentName}-CacheEndpoint

  CachePort:
    Value: !GetAtt ReplicationGroup.PrimaryEndPoint.Port
    Export:
      Name: !Sub ${EnvironmentName}-CachePort

  CacheReaderEndpoint:
    Value: !GetAtt ReplicationGroup.ReaderEndPoint.Address
    Export:
      Name: !Sub ${EnvironmentName}-CacheReaderEndpoint
```

Application stack imports these values:

```yaml
# application-stack.yaml
AWSTemplateFormatVersion: 2010-09-09
Description: Application stack that imports from cache stack

Parameters:
  CacheStackName:
    Type: String
    Description: Name of the cache stack
    Default: cache-stack

Resources:
  ApplicationConfig:
    Type: AWS::SSM::Parameter
    Properties:
      Name: /app/cache/endpoint
      Value: !ImportValue
        Fn::Sub: ${CacheStackName}-CacheEndpoint
      Type: String

  LambdaFunction:
    Type: AWS::Lambda::Function
    Properties:
      Runtime: python3.11
      Handler: app.handler
      Environment:
        Variables:
          CACHE_ENDPOINT: !ImportValue
            Fn::Sub: ${CacheStackName}-CacheEndpoint
```

## ElastiCache Components

### Cache Subnet Group

Required for VPC deployment. Must include at least 2 subnets in different AZs.

```yaml
Resources:
  CacheSubnetGroup:
    Type: AWS::ElastiCache::SubnetGroup
    Properties:
      Description: Subnet group for ElastiCache
      SubnetIds:
        - !Ref PrivateSubnet1
        - !Ref PrivateSubnet2
        - !Ref PrivateSubnet3
      Tags:
        - Key: Name
          Value: !Sub ${AWS::StackName}-cache-subnet
```

### Cache Parameter Group

Custom parameter groups for cache configuration.

```yaml
Resources:
  CacheParameterGroup:
    Type: AWS::ElastiCache::ParameterGroup
    Properties:
      Description: Custom parameter group for Redis 7.x
      Family: redis7.x
      Parameters:
        # Memory management
        maxmemory-policy: allkeys-lru
        maxmemory-samples: 5

        # Connection settings
        timeout: 300
        tcp-keepalive: 300

        # Slow log
        slowlog-log-slower-than: 10000
        slowlog-max-len: 128

      Tags:
        - Key: Name
          Value: !Sub ${AWS::StackName}-cache-param
```

### Redis Parameter Groups (Common Configurations)

```yaml
# For caching with LRU eviction
CacheParameterGroup:
  Type: AWS::ElastiCache::ParameterGroup
  Properties:
    Description: Redis LRU cache config
    Family: redis7.x
    Parameters:
      maxmemory-policy: allkeys-lru
      maxmemory-samples: 5

# For session storage
CacheParameterGroup:
  Type: AWS::ElastiCache::ParameterGroup
  Properties:
    Description: Redis session store config
    Family: redis7.x
    Parameters:
      maxmemory-policy: volatile-lru
      timeout: 3600
      tcp-keepalive: 60

# For Redis Cluster
CacheParameterGroup:
  Type: AWS::ElastiCache::ParameterGroup
  Properties:
    Description: Redis Cluster config
    Family: redis7.x
    Parameters:
      cluster-enabled: yes
      timeout: 5000
```

### Memcached Parameter Groups (Common Configurations)

```yaml
Resources:
  MemcachedParameterGroup:
    Type: AWS::ElastiCache::ParameterGroup
    Properties:
      Description: Memcached parameter group
      Family: memcached1.6
      Parameters:
        max_item_size: 10485760
        request_max_size: 2097152
        connection_idle_timeout: 600
```

### Cache Cluster - Redis Standalone

```yaml
Resources:
  RedisCacheCluster:
    Type: AWS::ElastiCache::Cluster
    Properties:
      CacheClusterIdentifier: redis-standalone
      CacheNodeType: cache.t3.medium
      NumCacheNodes: 1
      Engine: redis
      EngineVersion: "7.0"
      CacheSubnetGroupName: !Ref CacheSubnetGroup
      CacheParameterGroupName: !Ref CacheParameterGroup
      VpcSecurityGroupIds:
        - !Ref CacheSecurityGroup
      AutoMinorVersionUpgrade: true
      SnapshotRetentionLimit: 0
      SnapshotWindow: 05:00-06:00
```

### Cache Cluster - Memcached

```yaml
Resources:
  MemcachedCacheCluster:
    Type: AWS::ElastiCache::Cluster
    Properties:
      CacheClusterIdentifier: memcached-cluster
      CacheNodeType: cache.m5.large
      NumCacheNodes: 3
      Engine: memcached
      EngineVersion: "1.6"
      CacheSubnetGroupName: !Ref CacheSubnetGroup
      CacheParameterGroupName: !Ref MemcachedParameterGroup
      VpcSecurityGroupIds:
        - !Ref CacheSecurityGroup
```

### Replication Group - Redis with Automatic Failover

```yaml
Resources:
  RedisReplicationGroup:
    Type: AWS::ElastiCache::ReplicationGroup
    Properties:
      ReplicationGroupIdentifier: redis-replication
      ReplicationGroupDescription: Redis with automatic failover
      Engine: redis
      EngineVersion: "7.0"
      CacheNodeType: cache.r5.large
      NumNodeGroups: 1
      ReplicasPerNodeGroup: 2
      AutomaticFailoverEnabled: true
      MultiAZEnabled: true
      CacheSubnetGroupName: !Ref CacheSubnetGroup
      CacheParameterGroupName: !Ref CacheParameterGroup
      VpcSecurityGroupIds:
        - !Ref CacheSecurityGroup
```

### Replication Group - Redis Cluster Mode

```yaml
Resources:
  RedisClusterReplicationGroup:
    Type: AWS::ElastiCache::ReplicationGroup
    Properties:
      ReplicationGroupIdentifier: redis-cluster
      ReplicationGroupDescription: Redis Cluster with data partitioning
      Engine: redis
      EngineVersion: "7.0"
      CacheNodeType: cache.r5.xlarge
      NumNodeGroups: 3
      ReplicasPerNodeGroup: 1
      AutomaticFailoverEnabled: true
      MultiAZEnabled: true
      CacheSubnetGroupName: !Ref CacheSubnetGroup
      CacheParameterGroupName: !Ref CacheParameterGroup
      VpcSecurityGroupIds:
        - !Ref CacheSecurityGroup
```

### Cache Security Group

```yaml
Resources:
  CacheSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Security group for ElastiCache
      VpcId: !Ref VPCId
      GroupName: !Sub ${AWS::StackName}-cache-sg
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: 6379
          ToPort: 6379
          SourceSecurityGroupId: !Ref AppSecurityGroup
      Tags:
        - Key: Name
          Value: !Sub ${AWS::StackName}-cache-sg
```

### Global Replication Group (Cross-Region)

```yaml
Resources:
  GlobalReplicationGroup:
    Type: AWS::ElastiCache::GlobalReplicationGroup
    Properties:
      GlobalReplicationGroupIdSuffix: global
      GlobalReplicationGroupDescription: Global Redis replication
      Members:
        - ReplicationGroupId: !Ref PrimaryReplicationGroup
          ReplicationGroupRegion: !Ref AWS::Region
        - ReplicationGroupId: !Ref SecondaryReplicationGroup
          ReplicationGroupRegion: us-west-2
```

## Security and Encryption

### Encryption at Rest and In Transit

```yaml
Resources:
  CacheParameterGroup:
    Type: AWS::ElastiCache::ParameterGroup
    Properties:
      Description: Redis with encryption
      Family: redis7.x
      Parameters:
        # TLS configuration
        tls-enabled: yes

  CacheSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Encrypted cache security group
      VpcId: !Ref VPCId
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: 6379
          ToPort: 6379
          SourceSecurityGroupId: !Ref AppSecurityGroup

  CacheCluster:
    Type: AWS::ElastiCache::Cluster
    Properties:
      CacheNodeType: cache.r5.large
      NumCacheNodes: 1
      Engine: redis
      CacheSubnetGroupName: !Ref CacheSubnetGroup
      CacheParameterGroupName: !Ref CacheParameterGroup
      VpcSecurityGroupIds:
        - !Ref CacheSecurityGroup
      # Encryption settings
      AtRestEncryptionEnabled: true
      TransitEncryptionEnabled: true
      AuthToken: !Ref CacheAuthToken
```

### Using Secrets Manager for Auth Token

```yaml
Resources:
  CacheAuthTokenSecret:
    Type: AWS::SecretsManager::Secret
    Properties:
      Name: !Sub ${AWS::StackName}/elasticache/auth-token
      Description: ElastiCache Redis authentication token
      SecretString: !Sub '{"auth-token":"${CacheAuthToken}"}'

  CacheCluster:
    Type: AWS::ElastiCache::Cluster
    Properties:
      CacheNodeType: cache.r5.large
      NumCacheNodes: 1
      Engine: redis
      CacheSubnetGroupName: !Ref CacheSubnetGroup
      VpcSecurityGroupIds:
        - !Ref CacheSecurityGroup
      TransitEncryptionEnabled: true
      AuthToken: !Ref CacheAuthToken
```

## High Availability and Scaling

### Multi-AZ with Automatic Failover

```yaml
Resources:
  RedisReplicationGroup:
    Type: AWS::ElastiCache::ReplicationGroup
    Properties:
      ReplicationGroupDescription: Multi-AZ Redis with failover
      Engine: redis
      CacheNodeType: cache.r5.large
      NumNodeGroups: 1
      ReplicasPerNodeGroup: 2
      AutomaticFailoverEnabled: true
      MultiAZEnabled: true
      CacheSubnetGroupName: !Ref CacheSubnetGroup
      VpcSecurityGroupIds:
        - !Ref CacheSecurityGroup
```

### Memcached Horizontal Scaling

```yaml
Parameters:
  NumCacheNodes:
    Type: Number
    Default: 3
    MinValue: 1
    MaxValue: 20

Resources:
  MemcachedCluster:
    Type: AWS::ElastiCache::Cluster
    Properties:
      CacheClusterIdentifier: memcached-cluster
      CacheNodeType: cache.m5.xlarge
      NumCacheNodes: !Ref NumCacheNodes
      Engine: memcached
      CacheSubnetGroupName: !Ref CacheSubnetGroup
      VpcSecurityGroupIds:
        - !Ref CacheSecurityGroup
```

### Redis Scaling - Read Replicas

```yaml
Resources:
  RedisReplicationGroup:
    Type: AWS::ElastiCache::ReplicationGroup
    Properties:
      ReplicationGroupDescription: Redis with read replicas
      Engine: redis
      CacheNodeType: cache.r5.large
      NumNodeGroups: 1
      ReplicasPerNodeGroup: 3
      AutomaticFailoverEnabled: true
      MultiAZEnabled: true
      CacheSubnetGroupName: !Ref CacheSubnetGroup
      VpcSecurityGroupIds:
        - !Ref CacheSecurityGroup
```

## Best Practices

### Use AWS-Specific Parameter Types

Always use AWS-specific parameter types for validation and easier selection.

```yaml
Parameters:
  CacheNodeType:
    Type: AWS::ElastiCache::CacheCluster::CacheNodeType
    Description: ElastiCache node type

  CacheSubnetGroup:
    Type: AWS::ElastiCache::SubnetGroup::Name
    Description: Cache subnet group

  VpcSecurityGroup:
    Type: AWS::EC2::SecurityGroup::Id
    Description: Security group for cache
```

### Enable Encryption for Production

```yaml
Resources:
  CacheCluster:
    Type: AWS::ElastiCache::Cluster
    Properties:
      # Encryption at rest
      AtRestEncryptionEnabled: true
      # Encryption in transit
      TransitEncryptionEnabled: true
      # Authentication
      AuthToken: !Ref CacheAuthToken
```

### Use Multi-AZ for Production

```yaml
Conditions:
  IsProduction: !Equals [!Ref Environment, production]

Resources:
  RedisReplicationGroup:
    Type: AWS::ElastiCache::ReplicationGroup
    Properties:
      AutomaticFailoverEnabled: !If [IsProduction, true, false]
      MultiAZEnabled: !If [IsProduction, true, false]
      ReplicasPerNodeGroup: !If [IsProduction, 2, 1]
```

### Use Proper Naming Conventions

```yaml
Resources:
  CacheCluster:
    Type: AWS::ElastiCache::Cluster
    Properties:
      Tags:
        - Key: Name
          Value: !Sub ${Environment}-${Application}-redis
        - Key: Environment
          Value: !Ref Environment
        - Key: Application
          Value: !Ref ApplicationName
        - Key: ManagedBy
          Value: CloudFormation
```

### Separate Cache and Application Stacks

```yaml
# cache-stack.yaml - Rarely changes
AWSTemplateFormatVersion: 2010-09-09
Description: Cache infrastructure (VPC, subnets, ElastiCache)
Resources:
  CacheSubnetGroup: AWS::ElastiCache::SubnetGroup
  CacheParameterGroup: AWS::ElastiCache::ParameterGroup
  CacheSecurityGroup: AWS::EC2::SecurityGroup
  CacheCluster: AWS::ElastiCache::Cluster

# application-stack.yaml - Changes frequently
AWSTemplateFormatVersion: 2010-09-09
Description: Application resources
Parameters:
  CacheStackName:
    Type: String
Resources:
  ApplicationConfig: AWS::SSM::Parameter
```

### Use Pseudo Parameters

Use pseudo parameters for region-agnostic templates.

```yaml
Resources:
  CacheCluster:
    Type: AWS::ElastiCache::Cluster
    Properties:
      CacheClusterIdentifier: !Sub ${AWS::StackName}-${AWS::Region}
      Tags:
        - Key: Region
          Value: !Ref AWS::Region
        - Key: AccountId
          Value: !Ref AWS::AccountId
```

### Validate Before Deployment

```bash
# Validate template
aws cloudformation validate-template --template-body file://template.yaml

# Use cfn-lint for advanced validation
pip install cfn-lint
cfn-lint template.yaml

# Check for AWS-specific issues
cfn-lint template.yaml --region us-east-1
```

## Stack Policies

Stack policies protect critical resources from unintended updates during stack operations.

```yaml
{
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "Update:*",
      "Principal": "*",
      "Resource": "*"
    },
    {
      "Effect": "Deny",
      "Action": [
        "Update:Replace",
        "Update:Delete"
      ],
      "Principal": "*",
      "Resource": "LogicalResourceId/CacheCluster"
    },
    {
      "Effect": "Deny",
      "Action": [
        "Update:Replace",
        "Update:Delete"
      ],
      "Principal": "*",
      "Resource": "LogicalResourceId/ReplicationGroup"
    }
  ]
}
```

## Drift Detection

Drift detection identifies when the actual infrastructure configuration differs from the CloudFormation template.

### Detecting Drift

```bash
# Detect drift on entire stack
aws cloudformation detect-stack-drift \
  --stack-name production-elasticache

# Detect drift on specific resources
aws cloudformation detect-stack-drift \
  --stack-name production-elasticache \
  --logical-resource-ids CacheCluster,CacheParameterGroup

# Get drift detection status
aws cloudformation describe-stack-drift-detection-status \
  --stack-drift-detection-id <detection-id>
```

### Drift Detection Response

```json
{
  "StackResourceDrifts": [
    {
      "LogicalResourceId": "CacheCluster",
      "PhysicalResourceId": "production-cache-cluster",
      "ResourceType": "AWS::ElastiCache::Cluster",
      "StackId": "arn:aws:cloudformation:us-east-1:123456789:stack/production-elasticache/...",
      "DriftStatus": "MODIFIED",
      "PropertyDifferences": [
        {
          "PropertyPath": "NumCacheNodes",
          "ExpectedValue": "3",
          "ActualValue": "2"
        }
      ]
    }
  ]
}
```

## Related Resources

- For advanced patterns: See [EXAMPLES.md](EXAMPLES.md)
- For reference: See [REFERENCE.md](REFERENCE.md)
- AWS CloudFormation User Guide: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/
- ElastiCache Documentation: https://docs.aws.amazon.com/AmazonElastiCache/latest/redsug/
- Redis Documentation: https://redis.io/documentation
- Memcached Documentation: https://memcached.org/documentation

## Constraints and Warnings

### Resource Limits

- **Node Limits**: Maximum number of cache nodes per cluster varies by instance type and region
- **Shard Limits**: Maximum number of shards per Redis cluster varies by node type
- **Replication Group Limits**: Maximum number of replication groups per region is account-dependent
- **Parameter Groups**: Maximum number of parameter groups per region

### Operational Constraints

- **Node Replacement**: Replacing cache nodes results in temporary loss of data stored in memory
- **Cluster Scaling**: Adding or removing nodes can cause short service disruption
- **Multi-AZ Failover**: Automatic failover takes time (typically 1-3 minutes)
- **Redis Engine Versions**: Some Redis versions are not compatible with existing clusters

### Security Constraints

- **Encryption in Transit**: Enforcing encryption in transit requires specific parameter group settings
- **AUTH Token**: Default Redis auth token should be changed immediately after cluster creation
- **VPC Access**: ElastiCache clusters are only accessible within VPC; public access not supported
- **Security Groups**: Security group rules must allow traffic on the cluster port (6379 for Redis, 11211 for Memcached)

### Cost Considerations

- **Node Types**: Larger node types significantly increase hourly costs
- **Multi-AZ**: Read replicas in multiple AZs double or triple the cost
- **Data Transfer**: Inter-AZ data transfer between application and cache nodes incurs costs
- **Backup Storage**: Automatic backups and snapshots incur storage costs
- **Reserved Instances**: Consider reserved nodes for production workloads to reduce costs

### Performance Constraints

- **Eviction Policy**: Cache eviction can impact application performance
- **Connection Limits**: Maximum number of client connections varies by node type
- **Memory Fragmentation**: Redis may show less available memory than expected due to fragmentation
- **Network Bandwidth**: Network-intensive workloads may saturate network bandwidth

## Additional Files

Overview

This skill provides production-ready AWS CloudFormation patterns for provisioning Amazon ElastiCache (Redis and Memcached). It includes templates and reusable building blocks for clusters, replication groups, parameter groups, subnet groups, security, and template sections (Parameters, Mappings, Conditions, Outputs). Use it to create modular, validated, and cross-stack friendly caching infrastructure.

How this skill works

The skill supplies CloudFormation YAML examples and snippets that define ElastiCache resources and surrounding network and parameter constructs. It shows how to declare Parameters (including AWS-specific types), Mappings for region/type data, Conditions for environment variants, and Outputs for cross-stack references. Examples cover standalone Redis clusters, Redis replication groups, and Memcached clusters with parameter groups, subnet groups, security groups, backups, and monitoring hooks.

When to use it

  • When you need a new Redis cluster or Memcached cluster deployed via CloudFormation
  • When building high-availability Redis using ReplicationGroup with automatic failover
  • When creating parameter groups, subnet groups, and VPC-aware cache deployments
  • When you want strong template validation using AWS parameter types and constraints
  • When designing modular stacks with Outputs and cross-stack references
  • When you need repeatable production patterns (backups, monitoring, encryption)

Best practices

  • Use AWS::ElastiCache parameter types and AllowedValues to validate inputs in the console
  • Group network resources (subnet groups, security groups) and expose only necessary Outputs
  • Use Conditions and Mappings to support multiple environments and region-specific values
  • Define ParameterGroups for engine tuning and store sensitive values in SSM where appropriate
  • Enable automatic backups, CloudWatch metrics, and Multi-AZ/AutomaticFailover for production
  • Keep templates modular: export endpoints and IDs for cross-stack composition

Example use cases

  • Create a dev Redis cluster with a simple CacheSubnetGroup and one cache node
  • Deploy a production Redis ReplicationGroup with Multi-AZ, replicas, and automatic failover
  • Provision a Memcached cluster for horizontally scaled session caching
  • Define a custom Redis ParameterGroup with maxmemory-policy and timeout adjustments
  • Compose a cross-stack architecture where application stacks import the cache endpoint Output

FAQ

Can I deploy both Redis and Memcached with the same template?

Yes — use Parameters (Engine and EngineVersion) and Conditions to branch resource properties for Redis or Memcached in a single modular template.

How do I expose the cache endpoint to application stacks?

Add Outputs for Redis Primary/Reader endpoints or CacheCluster endpoints and export them. Other stacks can import these values using Fn::ImportValue or Export/Import mechanisms.