
Authenticate Go apps to Redis on AWS using IAM

Using IAM authentication for Redis on AWS

You can use this package to authenticate your Go apps to Amazon MemoryDB (and Amazon ElastiCache) for Redis using AWS IAM.

Here is an example:

package main

import (


func main() {

	serviceName := "memorydb" // or "elasticache"
	clusterName := "name of cluster"
	username := "iam user name"
	region := "aws region"
	clusterEndpoint := "cluster endpoint" // memorydb or elasticache endpoint

	generator, err := auth.New(serviceName, clusterName, username, region)
	if err != nil {
		log.Fatal("failed to initialise token generator", err)

	client := redis.NewClusterClient(
			Username: username,
			Addrs:    []string{clusterEndpoint},
			NewClient: func(opt *redis.Options) *redis.Client {

				return redis.NewClient(&redis.Options{
					Addr: opt.Addr,
					CredentialsProvider: func() (username string, password string) {

						token, err := generator.Generate()
						if err != nil {
							log.Fatal("failed to generate auth token", err)

						return opt.Username, token
					TLSConfig: &tls.Config{InsecureSkipVerify: true},

	err = client.Ping(context.Background()).Err()
	if err != nil {
		log.Fatal("failed to connect to memorydb -", err)

	fmt.Println("successfully connected to cluster", clusterEndpoint)

For a deep-dive, refer to this blog post.