aws-cloudformation-elasticache
69
总安装量
69
周安装量
#3193
全站排名
安装命令
npx skills add https://github.com/giuseppe-trisciuoglio/developer-kit --skill aws-cloudformation-elasticache
Agent 安装分布
claude-code
52
cursor
47
replit
45
opencode
42
codex
41
Skill 文档
AWS CloudFormation ElastiCache
Overview
Create production-ready Amazon ElastiCache infrastructure using AWS CloudFormation templates. This skill covers Redis clusters, Memcached clusters, replication groups, parameter groups, subnet groups, security groups, template structure best practices, parameter patterns, and cross-stack references for modular, reusable infrastructure as code.
When to Use
Use this skill when:
- Creating new ElastiCache Redis clusters (standalone or clustered)
- Setting up Redis Replication Groups for high availability
- Creating Memcached clusters for distributed caching
- Configuring ElastiCache Parameter Groups
- Setting up ElastiCache Subnet Groups for VPC deployment
- Implementing template Parameters with AWS-specific types
- Creating Outputs for cross-stack references
- Organizing templates with Mappings and Conditions
- Designing reusable, modular CloudFormation templates for caching infrastructure
Quick Start
Basic Redis Cluster
AWSTemplateFormatVersion: 2010-09-09
Description: Simple Redis ElastiCache cluster with basic configuration
Parameters:
CacheNodeType:
Type: String
Default: cache.t3.micro
Description: Cache node instance type
NumCacheNodes:
Type: Number
Default: 1
Description: Number of cache nodes
Resources:
CacheSubnetGroup:
Type: AWS::ElastiCache::SubnetGroup
Properties:
Description: Subnet group for ElastiCache
SubnetIds:
- !Ref PrivateSubnet1
- !Ref PrivateSubnet2
CacheCluster:
Type: AWS::ElastiCache::Cluster
Properties:
CacheNodeType: !Ref CacheNodeType
NumCacheNodes: !Ref NumCacheNodes
Engine: redis
CacheSubnetGroupName: !Ref CacheSubnetGroup
VpcSecurityGroupIds:
- !Ref CacheSecurityGroup
Outputs:
RedisEndpoint:
Description: Redis cluster endpoint address
Value: !GetAtt CacheCluster.RedisEndpoint.Address
RedisPort:
Description: Redis cluster port
Value: !GetAtt CacheCluster.RedisEndpoint.Port
Redis Replication Group
AWSTemplateFormatVersion: 2010-09-09
Description: Redis Replication Group with primary and read replicas
Parameters:
CacheNodeType:
Type: String
Default: cache.t3.micro
Description: Cache node instance type
Resources:
CacheSubnetGroup:
Type: AWS::ElastiCache::SubnetGroup
Properties:
Description: Subnet group for Redis replication
SubnetIds:
- !Ref PrivateSubnet1
- !Ref PrivateSubnet2
ReplicationGroup:
Type: AWS::ElastiCache::ReplicationGroup
Properties:
ReplicationGroupDescription: Primary and replicas for HA
Engine: redis
CacheNodeType: !Ref CacheNodeType
NumNodeGroups: 1
ReplicasPerNodeGroup: 1
AutomaticFailoverEnabled: true
MultiAZEnabled: true
CacheSubnetGroupName: !Ref CacheSubnetGroup
VpcSecurityGroupIds:
- !Ref CacheSecurityGroup
Outputs:
PrimaryEndpoint:
Description: Primary endpoint for write operations
Value: !GetAtt ReplicationGroup.PrimaryEndPoint.Address
ReaderEndpoint:
Description: Reader endpoint for read operations
Value: !GetAtt ReplicationGroup.ReaderEndPoint.Address
Template Structure
Template Sections Overview
AWS CloudFormation templates are JSON or YAML files with specific sections. Each section serves a purpose in defining your infrastructure.
AWSTemplateFormatVersion: 2010-09-09 # Required - template version
Description: Optional description string # Optional description
# Section order matters for readability but CloudFormation accepts any order
Mappings: {} # Static configuration tables
Metadata: {} # Additional information about resources
Parameters: {} # Input values for customization
Rules: {} # Parameter validation rules
Conditions: {} # Conditional resource creation
Transform: {} # Macro processing (e.g., AWS::Serverless)
Resources: {} # AWS resources to create (REQUIRED)
Outputs: {} # Return values after stack creation
Format Version
The AWSTemplateFormatVersion identifies the template version. Current version is 2010-09-09.
AWSTemplateFormatVersion: 2010-09-09
Description: ElastiCache Redis Cluster Template
Description
Add a description to document the template’s purpose. Must appear after the format version.
AWSTemplateFormatVersion: 2010-09-09
Description: >
This template creates an ElastiCache Redis cluster with:
- Multi-AZ deployment for high availability
- Automatic failover enabled
- Encrypted at-rest and in-transit
- Parameter group for custom configuration
Metadata
Use Metadata for additional information about resources or parameters, including AWS::CloudFormation::Interface for parameter grouping.
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
- Label:
default: Cache Configuration
Parameters:
- CacheNodeType
- NumCacheNodes
- Engine
- Label:
default: Network
Parameters:
- CacheSubnetGroupName
- VpcSecurityGroupIds
ParameterLabels:
CacheNodeType:
default: Cache Node Instance Type
NumCacheNodes:
default: Number of Cache Nodes
Resources Section
The Resources section is the only required section. It defines AWS resources to provision.
Resources:
# Cache Subnet Group (required for VPC deployment)
CacheSubnetGroup:
Type: AWS::ElastiCache::SubnetGroup
Properties:
Description: Subnet group for ElastiCache deployment
SubnetIds:
- !Ref PrivateSubnet1
- !Ref PrivateSubnet2
# Cache Parameter Group
CacheParameterGroup:
Type: AWS::ElastiCache::ParameterGroup
Properties:
Description: Custom parameter group for Redis
Family: redis7.x
Parameters:
maxmemory-policy: allkeys-lru
timeout: 300
# Cache Cluster
CacheCluster:
Type: AWS::ElastiCache::Cluster
Properties:
CacheNodeType: cache.t3.micro
NumCacheNodes: 1
Engine: redis
CacheSubnetGroupName: !Ref CacheSubnetGroup
CacheParameterGroupName: !Ref CacheParameterGroup
Parameters
Parameter Types
Use AWS-specific parameter types for validation and easier selection in the console.
Parameters:
CacheNodeType:
Type: String
Description: ElastiCache node instance type
Default: cache.t3.micro
CacheSubnetGroup:
Type: AWS::ElastiCache::SubnetGroup::Name
Description: Existing cache subnet group
VpcSecurityGroupId:
Type: AWS::EC2::SecurityGroup::Id
Description: Security group for cache cluster
AWS::ElastiCache::CacheCluster::CacheNodeType Values
Common ElastiCache node types:
Parameters:
CacheNodeType:
Type: String
Default: cache.t3.micro
AllowedValues:
- cache.t3.micro
- cache.t3.small
- cache.t3.medium
- cache.t3.large
- cache.m5.large
- cache.m5.xlarge
- cache.m5.2xlarge
- cache.m5.4xlarge
- cache.r5.large
- cache.r5.xlarge
- cache.r5.2xlarge
- cache.r5.4xlarge
- cache.r6g.large
- cache.r6g.xlarge
- cache.r6g.2xlarge
Parameter Constraints
Add constraints to validate parameter values.
Parameters:
CacheClusterId:
Type: String
Description: Cache cluster identifier
Default: myrediscluster
AllowedPattern: "[a-zA-Z][a-zA-Z0-9]*"
ConstraintDescription: Must begin with a letter; contain only alphanumeric characters
MinLength: 1
MaxLength: 50
NumCacheNodes:
Type: Number
Description: Number of cache nodes
Default: 1
MinValue: 1
MaxValue: 10
CachePort:
Type: Number
Description: Cache port number
Default: 6379
MinValue: 1024
MaxValue: 65535
Engine and Version Parameters
Parameters:
Engine:
Type: String
Description: Cache engine
Default: redis
AllowedValues:
- redis
- memcached
EngineVersion:
Type: String
Description: Cache engine version
Default: 7.0
EngineVersionMajor:
Type: String
Description: Cache engine major version
Default: "7.0"
AllowedValues:
- "6.x"
- "7.0"
SSM Parameter Types
Reference Systems Manager parameters for dynamic values.
Parameters:
LatestRedisVersion:
Type: AWS::SSM::Parameter::Value<String>
Description: Latest Redis version from SSM
Default: /elasticache/redis/latest/version
LatestMemcachedVersion:
Type: AWS::SSM::Parameter::Value<String>
Description: Latest Memcached version from SSM
Default: /elasticache/memcached/latest/version
Mappings
Use Mappings for static configuration data based on regions or instance types.
Mappings:
CacheNodeConfig:
cache.t3.micro:
CPU: 2
MemoryMiB: 555
NetworkGbits: 5
cache.t3.medium:
CPU: 2
MemoryMiB: 3218
NetworkGbits: 10
cache.m5.large:
CPU: 2
MemoryMiB: 6910
NetworkGbits: 10
cache.r5.large:
CPU: 2
MemoryMiB: 13866
NetworkGbits: 10
RegionMap:
us-east-1:
RedisPort: 6379
MemcachedPort: 11211
us-west-2:
RedisPort: 6379
MemcachedPort: 11211
eu-west-1:
RedisPort: 6379
MemcachedPort: 11211
Resources:
CacheCluster:
Type: AWS::ElastiCache::Cluster
Properties:
CacheNodeType: !Ref CacheNodeType
NumCacheNodes: 1
Engine: redis
CachePort: !FindInMap [RegionMap, !Ref AWS::Region, RedisPort]
Conditions
Use Conditions to conditionally create resources based on parameters.
Parameters:
EnableMultiAZ:
Type: String
Default: false
AllowedValues:
- true
- false
EnableEncryption:
Type: String
Default: true
AllowedValues:
- true
- false
Environment:
Type: String
Default: development
AllowedValues:
- development
- staging
- production
Conditions:
IsMultiAZ: !Equals [!Ref EnableMultiAZ, true]
IsEncrypted: !Equals [!Ref EnableEncryption, true]
IsProduction: !Equals [!Ref Environment, production]
Resources:
CacheCluster:
Type: AWS::ElastiCache::Cluster
Properties:
CacheNodeType: !Ref CacheNodeType
NumCacheNodes: !If [IsMultiAZ, 2, 1]
Engine: redis
AutomaticFailoverEnabled: !If [IsMultiAZ, true, false]
CacheSubnetGroupName: !Ref CacheSubnetGroup
VpcSecurityGroupIds:
- !Ref CacheSecurityGroup
Condition Functions
Conditions:
IsDev: !Equals [!Ref Environment, development]
IsStaging: !Equals [!Ref Environment, staging]
IsProduction: !Equals [!Ref Environment, production]
Resources:
CacheCluster:
Type: AWS::ElastiCache::Cluster
Properties:
# Production gets larger instances
CacheNodeType: !If [IsProduction, cache.r5.large, cache.t3.micro]
# Production gets multi-AZ
NumCacheNodes: !If [IsProduction, 3, 1]
AutomaticFailoverEnabled: !If [IsProduction, true, false]
Transform
Use Transform for macros like AWS::Serverless for SAM templates.
AWSTemplateFormatVersion: 2010-09-09
Transform: AWS::Serverless-2016-10-31
Description: Serverless ElastiCache application template
Globals:
Function:
Timeout: 30
Runtime: python3.11
Resources:
CacheFunction:
Type: AWS::Serverless::Function
Properties:
Handler: app.handler
CodeUri: function/
Policies:
- ElastiCacheFullAccessPolicy:
CacheClusterId: !Ref CacheCluster
Environment:
Variables:
CACHE_ENDPOINT: !GetAtt CacheCluster.RedisEndpoint.Address
CACHE_PORT: !GetAtt CacheCluster.RedisEndpoint.Port
Outputs and Cross-Stack References
Basic Outputs
Outputs:
CacheClusterId:
Description: Cache Cluster ID
Value: !Ref CacheCluster
CacheClusterEndpoint:
Description: Cache cluster endpoint address
Value: !GetAtt CacheCluster.RedisEndpoint.Address
CacheClusterPort:
Description: Cache cluster port
Value: !GetAtt CacheCluster.RedisEndpoint.Port
CacheClusterArn:
Description: Cache Cluster ARN
Value: !GetAtt CacheCluster.Arn
CacheNodeType:
Description: Cache Node Type
Value: !Ref CacheNodeType
Exporting Values for Cross-Stack References
Export values so other stacks can import them.
Outputs:
CacheClusterId:
Description: Cache Cluster ID for other stacks
Value: !Ref CacheCluster
Export:
Name: !Sub ${AWS::StackName}-CacheClusterId
CacheClusterEndpoint:
Description: Cache cluster endpoint for application stacks
Value: !GetAtt CacheCluster.RedisEndpoint.Address
Export:
Name: !Sub ${AWS::StackName}-CacheEndpoint
CacheClusterPort:
Description: Cache cluster port for application stacks
Value: !GetAtt CacheCluster.RedisEndpoint.Port
Export:
Name: !Sub ${AWS::StackName}-CachePort
ConnectionString:
Description: Full connection string for applications
Value: !Sub redis://${CacheClusterEndpoint}:${CacheClusterPort}/0
Export:
Name: !Sub ${AWS::StackName}-CacheConnectionString
Importing Values in Another Stack
Parameters:
CacheClusterId:
Type: AWS::ElastiCache::Cluster::Id
Description: Cache cluster ID from cache stack
CacheEndpoint:
Type: String
Description: Cache cluster endpoint address
Resources:
ApplicationConfig:
Type: AWS::SSM::Parameter
Properties:
Name: /app/cache/endpoint
Value: !Ref CacheEndpoint
Type: String
Cross-Stack Reference Pattern
Create a dedicated cache stack that exports values:
# cache-stack.yaml
AWSTemplateFormatVersion: 2010-09-09
Description: Cache infrastructure stack
Parameters:
EnvironmentName:
Type: String
Default: production
Resources:
CacheSubnetGroup:
Type: AWS::ElastiCache::SubnetGroup
Properties:
Description: !Sub Subnet group for ${EnvironmentName}
SubnetIds:
- !Ref PrivateSubnet1
- !Ref PrivateSubnet2
CacheParameterGroup:
Type: AWS::ElastiCache::ParameterGroup
Properties:
Description: Redis parameter group
Family: redis7.x
Parameters:
maxmemory-policy: allkeys-lru
CacheSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Cache security group
VpcId: !Ref VPCId
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 6379
ToPort: 6379
SourceSecurityGroupId: !Ref AppSecurityGroup
ReplicationGroup:
Type: AWS::ElastiCache::ReplicationGroup
Properties:
ReplicationGroupDescription: Redis replication for ${EnvironmentName}
Engine: redis
CacheNodeType: cache.r5.large
NumNodeGroups: 1
ReplicasPerNodeGroup: 1
AutomaticFailoverEnabled: true
MultiAZEnabled: true
CacheSubnetGroupName: !Ref CacheSubnetGroup
CacheParameterGroupName: !Ref CacheParameterGroup
VpcSecurityGroupIds:
- !Ref CacheSecurityGroup
Outputs:
CacheClusterId:
Value: !Ref ReplicationGroup
Export:
Name: !Sub ${EnvironmentName}-CacheClusterId
CacheEndpoint:
Value: !GetAtt ReplicationGroup.PrimaryEndPoint.Address
Export:
Name: !Sub ${EnvironmentName}-CacheEndpoint
CachePort:
Value: !GetAtt ReplicationGroup.PrimaryEndPoint.Port
Export:
Name: !Sub ${EnvironmentName}-CachePort
CacheReaderEndpoint:
Value: !GetAtt ReplicationGroup.ReaderEndPoint.Address
Export:
Name: !Sub ${EnvironmentName}-CacheReaderEndpoint
Application stack imports these values:
# application-stack.yaml
AWSTemplateFormatVersion: 2010-09-09
Description: Application stack that imports from cache stack
Parameters:
CacheStackName:
Type: String
Description: Name of the cache stack
Default: cache-stack
Resources:
ApplicationConfig:
Type: AWS::SSM::Parameter
Properties:
Name: /app/cache/endpoint
Value: !ImportValue
Fn::Sub: ${CacheStackName}-CacheEndpoint
Type: String
LambdaFunction:
Type: AWS::Lambda::Function
Properties:
Runtime: python3.11
Handler: app.handler
Environment:
Variables:
CACHE_ENDPOINT: !ImportValue
Fn::Sub: ${CacheStackName}-CacheEndpoint
ElastiCache Components
Cache Subnet Group
Required for VPC deployment. Must include at least 2 subnets in different AZs.
Resources:
CacheSubnetGroup:
Type: AWS::ElastiCache::SubnetGroup
Properties:
Description: Subnet group for ElastiCache
SubnetIds:
- !Ref PrivateSubnet1
- !Ref PrivateSubnet2
- !Ref PrivateSubnet3
Tags:
- Key: Name
Value: !Sub ${AWS::StackName}-cache-subnet
Cache Parameter Group
Custom parameter groups for cache configuration.
Resources:
CacheParameterGroup:
Type: AWS::ElastiCache::ParameterGroup
Properties:
Description: Custom parameter group for Redis 7.x
Family: redis7.x
Parameters:
# Memory management
maxmemory-policy: allkeys-lru
maxmemory-samples: 5
# Connection settings
timeout: 300
tcp-keepalive: 300
# Slow log
slowlog-log-slower-than: 10000
slowlog-max-len: 128
Tags:
- Key: Name
Value: !Sub ${AWS::StackName}-cache-param
Redis Parameter Groups (Common Configurations)
# For caching with LRU eviction
CacheParameterGroup:
Type: AWS::ElastiCache::ParameterGroup
Properties:
Description: Redis LRU cache config
Family: redis7.x
Parameters:
maxmemory-policy: allkeys-lru
maxmemory-samples: 5
# For session storage
CacheParameterGroup:
Type: AWS::ElastiCache::ParameterGroup
Properties:
Description: Redis session store config
Family: redis7.x
Parameters:
maxmemory-policy: volatile-lru
timeout: 3600
tcp-keepalive: 60
# For Redis Cluster
CacheParameterGroup:
Type: AWS::ElastiCache::ParameterGroup
Properties:
Description: Redis Cluster config
Family: redis7.x
Parameters:
cluster-enabled: yes
timeout: 5000
Memcached Parameter Groups (Common Configurations)
Resources:
MemcachedParameterGroup:
Type: AWS::ElastiCache::ParameterGroup
Properties:
Description: Memcached parameter group
Family: memcached1.6
Parameters:
max_item_size: 10485760
request_max_size: 2097152
connection_idle_timeout: 600
Cache Cluster – Redis Standalone
Resources:
RedisCacheCluster:
Type: AWS::ElastiCache::Cluster
Properties:
CacheClusterIdentifier: redis-standalone
CacheNodeType: cache.t3.medium
NumCacheNodes: 1
Engine: redis
EngineVersion: "7.0"
CacheSubnetGroupName: !Ref CacheSubnetGroup
CacheParameterGroupName: !Ref CacheParameterGroup
VpcSecurityGroupIds:
- !Ref CacheSecurityGroup
AutoMinorVersionUpgrade: true
SnapshotRetentionLimit: 0
SnapshotWindow: 05:00-06:00
Cache Cluster – Memcached
Resources:
MemcachedCacheCluster:
Type: AWS::ElastiCache::Cluster
Properties:
CacheClusterIdentifier: memcached-cluster
CacheNodeType: cache.m5.large
NumCacheNodes: 3
Engine: memcached
EngineVersion: "1.6"
CacheSubnetGroupName: !Ref CacheSubnetGroup
CacheParameterGroupName: !Ref MemcachedParameterGroup
VpcSecurityGroupIds:
- !Ref CacheSecurityGroup
Replication Group – Redis with Automatic Failover
Resources:
RedisReplicationGroup:
Type: AWS::ElastiCache::ReplicationGroup
Properties:
ReplicationGroupIdentifier: redis-replication
ReplicationGroupDescription: Redis with automatic failover
Engine: redis
EngineVersion: "7.0"
CacheNodeType: cache.r5.large
NumNodeGroups: 1
ReplicasPerNodeGroup: 2
AutomaticFailoverEnabled: true
MultiAZEnabled: true
CacheSubnetGroupName: !Ref CacheSubnetGroup
CacheParameterGroupName: !Ref CacheParameterGroup
VpcSecurityGroupIds:
- !Ref CacheSecurityGroup
Replication Group – Redis Cluster Mode
Resources:
RedisClusterReplicationGroup:
Type: AWS::ElastiCache::ReplicationGroup
Properties:
ReplicationGroupIdentifier: redis-cluster
ReplicationGroupDescription: Redis Cluster with data partitioning
Engine: redis
EngineVersion: "7.0"
CacheNodeType: cache.r5.xlarge
NumNodeGroups: 3
ReplicasPerNodeGroup: 1
AutomaticFailoverEnabled: true
MultiAZEnabled: true
CacheSubnetGroupName: !Ref CacheSubnetGroup
CacheParameterGroupName: !Ref CacheParameterGroup
VpcSecurityGroupIds:
- !Ref CacheSecurityGroup
Cache Security Group
Resources:
CacheSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Security group for ElastiCache
VpcId: !Ref VPCId
GroupName: !Sub ${AWS::StackName}-cache-sg
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 6379
ToPort: 6379
SourceSecurityGroupId: !Ref AppSecurityGroup
Tags:
- Key: Name
Value: !Sub ${AWS::StackName}-cache-sg
Global Replication Group (Cross-Region)
Resources:
GlobalReplicationGroup:
Type: AWS::ElastiCache::GlobalReplicationGroup
Properties:
GlobalReplicationGroupIdSuffix: global
GlobalReplicationGroupDescription: Global Redis replication
Members:
- ReplicationGroupId: !Ref PrimaryReplicationGroup
ReplicationGroupRegion: !Ref AWS::Region
- ReplicationGroupId: !Ref SecondaryReplicationGroup
ReplicationGroupRegion: us-west-2
Security and Encryption
Encryption at Rest and In Transit
Resources:
CacheParameterGroup:
Type: AWS::ElastiCache::ParameterGroup
Properties:
Description: Redis with encryption
Family: redis7.x
Parameters:
# TLS configuration
tls-enabled: yes
CacheSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Encrypted cache security group
VpcId: !Ref VPCId
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 6379
ToPort: 6379
SourceSecurityGroupId: !Ref AppSecurityGroup
CacheCluster:
Type: AWS::ElastiCache::Cluster
Properties:
CacheNodeType: cache.r5.large
NumCacheNodes: 1
Engine: redis
CacheSubnetGroupName: !Ref CacheSubnetGroup
CacheParameterGroupName: !Ref CacheParameterGroup
VpcSecurityGroupIds:
- !Ref CacheSecurityGroup
# Encryption settings
AtRestEncryptionEnabled: true
TransitEncryptionEnabled: true
AuthToken: !Ref CacheAuthToken
Using Secrets Manager for Auth Token
Resources:
CacheAuthTokenSecret:
Type: AWS::SecretsManager::Secret
Properties:
Name: !Sub ${AWS::StackName}/elasticache/auth-token
Description: ElastiCache Redis authentication token
SecretString: !Sub '{"auth-token":"${CacheAuthToken}"}'
CacheCluster:
Type: AWS::ElastiCache::Cluster
Properties:
CacheNodeType: cache.r5.large
NumCacheNodes: 1
Engine: redis
CacheSubnetGroupName: !Ref CacheSubnetGroup
VpcSecurityGroupIds:
- !Ref CacheSecurityGroup
TransitEncryptionEnabled: true
AuthToken: !Ref CacheAuthToken
High Availability and Scaling
Multi-AZ with Automatic Failover
Resources:
RedisReplicationGroup:
Type: AWS::ElastiCache::ReplicationGroup
Properties:
ReplicationGroupDescription: Multi-AZ Redis with failover
Engine: redis
CacheNodeType: cache.r5.large
NumNodeGroups: 1
ReplicasPerNodeGroup: 2
AutomaticFailoverEnabled: true
MultiAZEnabled: true
CacheSubnetGroupName: !Ref CacheSubnetGroup
VpcSecurityGroupIds:
- !Ref CacheSecurityGroup
Memcached Horizontal Scaling
Parameters:
NumCacheNodes:
Type: Number
Default: 3
MinValue: 1
MaxValue: 20
Resources:
MemcachedCluster:
Type: AWS::ElastiCache::Cluster
Properties:
CacheClusterIdentifier: memcached-cluster
CacheNodeType: cache.m5.xlarge
NumCacheNodes: !Ref NumCacheNodes
Engine: memcached
CacheSubnetGroupName: !Ref CacheSubnetGroup
VpcSecurityGroupIds:
- !Ref CacheSecurityGroup
Redis Scaling – Read Replicas
Resources:
RedisReplicationGroup:
Type: AWS::ElastiCache::ReplicationGroup
Properties:
ReplicationGroupDescription: Redis with read replicas
Engine: redis
CacheNodeType: cache.r5.large
NumNodeGroups: 1
ReplicasPerNodeGroup: 3
AutomaticFailoverEnabled: true
MultiAZEnabled: true
CacheSubnetGroupName: !Ref CacheSubnetGroup
VpcSecurityGroupIds:
- !Ref CacheSecurityGroup
Best Practices
Use AWS-Specific Parameter Types
Always use AWS-specific parameter types for validation and easier selection.
Parameters:
CacheNodeType:
Type: AWS::ElastiCache::CacheCluster::CacheNodeType
Description: ElastiCache node type
CacheSubnetGroup:
Type: AWS::ElastiCache::SubnetGroup::Name
Description: Cache subnet group
VpcSecurityGroup:
Type: AWS::EC2::SecurityGroup::Id
Description: Security group for cache
Enable Encryption for Production
Resources:
CacheCluster:
Type: AWS::ElastiCache::Cluster
Properties:
# Encryption at rest
AtRestEncryptionEnabled: true
# Encryption in transit
TransitEncryptionEnabled: true
# Authentication
AuthToken: !Ref CacheAuthToken
Use Multi-AZ for Production
Conditions:
IsProduction: !Equals [!Ref Environment, production]
Resources:
RedisReplicationGroup:
Type: AWS::ElastiCache::ReplicationGroup
Properties:
AutomaticFailoverEnabled: !If [IsProduction, true, false]
MultiAZEnabled: !If [IsProduction, true, false]
ReplicasPerNodeGroup: !If [IsProduction, 2, 1]
Use Proper Naming Conventions
Resources:
CacheCluster:
Type: AWS::ElastiCache::Cluster
Properties:
Tags:
- Key: Name
Value: !Sub ${Environment}-${Application}-redis
- Key: Environment
Value: !Ref Environment
- Key: Application
Value: !Ref ApplicationName
- Key: ManagedBy
Value: CloudFormation
Separate Cache and Application Stacks
# cache-stack.yaml - Rarely changes
AWSTemplateFormatVersion: 2010-09-09
Description: Cache infrastructure (VPC, subnets, ElastiCache)
Resources:
CacheSubnetGroup: AWS::ElastiCache::SubnetGroup
CacheParameterGroup: AWS::ElastiCache::ParameterGroup
CacheSecurityGroup: AWS::EC2::SecurityGroup
CacheCluster: AWS::ElastiCache::Cluster
# application-stack.yaml - Changes frequently
AWSTemplateFormatVersion: 2010-09-09
Description: Application resources
Parameters:
CacheStackName:
Type: String
Resources:
ApplicationConfig: AWS::SSM::Parameter
Use Pseudo Parameters
Use pseudo parameters for region-agnostic templates.
Resources:
CacheCluster:
Type: AWS::ElastiCache::Cluster
Properties:
CacheClusterIdentifier: !Sub ${AWS::StackName}-${AWS::Region}
Tags:
- Key: Region
Value: !Ref AWS::Region
- Key: AccountId
Value: !Ref AWS::AccountId
Validate Before Deployment
# Validate template
aws cloudformation validate-template --template-body file://template.yaml
# Use cfn-lint for advanced validation
pip install cfn-lint
cfn-lint template.yaml
# Check for AWS-specific issues
cfn-lint template.yaml --region us-east-1
Stack Policies
Stack policies protect critical resources from unintended updates during stack operations.
{
"Statement": [
{
"Effect": "Allow",
"Action": "Update:*",
"Principal": "*",
"Resource": "*"
},
{
"Effect": "Deny",
"Action": [
"Update:Replace",
"Update:Delete"
],
"Principal": "*",
"Resource": "LogicalResourceId/CacheCluster"
},
{
"Effect": "Deny",
"Action": [
"Update:Replace",
"Update:Delete"
],
"Principal": "*",
"Resource": "LogicalResourceId/ReplicationGroup"
}
]
}
Drift Detection
Drift detection identifies when the actual infrastructure configuration differs from the CloudFormation template.
Detecting Drift
# Detect drift on entire stack
aws cloudformation detect-stack-drift \
--stack-name production-elasticache
# Detect drift on specific resources
aws cloudformation detect-stack-drift \
--stack-name production-elasticache \
--logical-resource-ids CacheCluster,CacheParameterGroup
# Get drift detection status
aws cloudformation describe-stack-drift-detection-status \
--stack-drift-detection-id <detection-id>
Drift Detection Response
{
"StackResourceDrifts": [
{
"LogicalResourceId": "CacheCluster",
"PhysicalResourceId": "production-cache-cluster",
"ResourceType": "AWS::ElastiCache::Cluster",
"StackId": "arn:aws:cloudformation:us-east-1:123456789:stack/production-elasticache/...",
"DriftStatus": "MODIFIED",
"PropertyDifferences": [
{
"PropertyPath": "NumCacheNodes",
"ExpectedValue": "3",
"ActualValue": "2"
}
]
}
]
}
Related Resources
- For advanced patterns: See EXAMPLES.md
- For reference: See REFERENCE.md
- AWS CloudFormation User Guide: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/
- ElastiCache Documentation: https://docs.aws.amazon.com/AmazonElastiCache/latest/redsug/
- Redis Documentation: https://redis.io/documentation
- Memcached Documentation: https://memcached.org/documentation