What Is Amazon ElastiCache? Learn the Basics and Create a Cache Cluster
One way to improve application performance is to cache frequently accessed data in memory. Amazon ElastiCache is a managed in-memory caching service designed for exactly that purpose. It's widely used for reducing the number of database queries and for fast read/write access to session data. This article covers the core concepts of ElastiCache and walks you through creating and connecting to a cluster.
What Is Amazon ElastiCache
ElastiCache is a fully managed in-memory caching service provided by AWS. By keeping data in memory, it delivers dramatically faster read/write performance compared to disk-based databases. AWS handles operational tasks such as node provisioning, patching, backups, and monitoring, so you can focus on building your application.
Common use cases include caching database query results, session management, real-time leaderboards, and rate limiting. It's especially effective for read-heavy workloads and systems that require sub-millisecond latency.
What is Amazon ElastiCache? - Amazon ElastiCache
Set up, manage, and scale a distributed in-memory data store or cache environment in the cloud using...
docs.aws.amazon.comSupported Engines
ElastiCache supports two engines. Choose based on your use case and requirements.
| Engine | Overview |
|---|---|
| Valkey / Redis OSS | Supports rich data structures such as strings, lists, hashes, and sorted sets. Also supports replication, cluster mode, and persistence. |
| Memcached | A simple key-value store. Multi-threaded and easy to scale horizontally, making it ideal for pure caching. |
Valkey is the engine AWS recommends as the successor to Redis. It maintains high compatibility with Redis OSS while being developed by an open-source community. For new deployments, Valkey is the safe default.
Comparing node-based Valkey, Memcached, and Redis OSS clusters - Amazon ElastiCache
Select the better engine for your application's node-based cluster—Valkey, Memcached, or Redis OSS.
docs.aws.amazon.comKey Features
ElastiCache includes features to improve cache availability, durability, and performance.
| Feature | Overview | Main Benefit |
|---|---|---|
| Replication | Asynchronously copies changes from the primary node to replica nodes. Automatically fails over when the primary becomes unavailable. | Eliminates a single point of failure and distributes read traffic. |
| Cluster mode | Distributes data across multiple shards, each of which can have replicas. | Enables large-capacity, high-throughput cache configurations. |
| Automatic backups | Runs scheduled snapshots and stores them in S3. Supports point-in-time recovery. | Makes it easy to recover from failures or data loss. |
| Encryption in-transit / at-rest | Encrypts communication between clients and nodes using TLS. Can also encrypt data written to disk. | Helps meet security requirements. |
High availability using replication groups - Amazon ElastiCache
Create a replication group to enhance scalability and guard against data loss if your cluster is run...
docs.aws.amazon.comTry ElastiCache with the AWS CLI
Let's walk through creating a Valkey cache cluster and connecting to it using the AWS CLI. The basic steps are: create a subnet group and security group, then create the cluster. This guide assumes you already have a VPC and subnets set up.
Create a Subnet Group
ElastiCache clusters are placed inside a VPC, so start by creating a subnet group for the cache. Including subnets from two or more Availability Zones makes it easy to adopt a Multi-AZ configuration later.
❯ aws elasticache create-cache-subnet-group \
--cache-subnet-group-name exrecord-cache-subnet-group \
--cache-subnet-group-description "Subnet group for exrecord ElastiCache" \
--subnet-ids subnet-0a1b2c3d4e5f67890 subnet-0b1c2d3e4f5a67890
{
"CacheSubnetGroup": {
"CacheSubnetGroupName": "exrecord-cache-subnet-group",
"CacheSubnetGroupDescription": "Subnet group for exrecord ElastiCache",
"VpcId": "vpc-0a1b2c3d4e5f67890",
"Subnets": [
{
"SubnetIdentifier": "subnet-0b1c2d3e4f5a67890",
"SubnetAvailabilityZone": {
"Name": "us-east-1c"
},
"SupportedNetworkTypes": [
"ipv4"
]
},
{
"SubnetIdentifier": "subnet-0a1b2c3d4e5f67890",
"SubnetAvailabilityZone": {
"Name": "us-east-1a"
},
"SupportedNetworkTypes": [
"ipv4"
]
}
],
"ARN": "arn:aws:elasticache:us-east-1:123456789012:subnetgroup:exrecord-cache-subnet-group",
"SupportedNetworkTypes": [
"ipv4"
]
}
}
Create a Security Group
Create a security group to control access to the ElastiCache cluster. The default port for Valkey is 6379. In production, restrict access to the security group of specific EC2 instances.
❯ aws ec2 create-security-group \
--group-name exrecord-cache-sg \
--description "Security group for exrecord ElastiCache" \
--vpc-id vpc-0a1b2c3d4e5f67890
{
"GroupId": "sg-0a1b2c3d4e5f67890",
"SecurityGroupArn": "arn:aws:ec2:us-east-1:123456789012:security-group/sg-0a1b2c3d4e5f67890"
}
Add an inbound rule for Valkey (port 6379) to the security group.
❯ aws ec2 authorize-security-group-ingress \
--group-id sg-0a1b2c3d4e5f67890 \
--protocol tcp \
--port 6379 \
--cidr 172.31.0.0/16
{
"Return": true,
"SecurityGroupRules": [
{
"SecurityGroupRuleId": "sgr-0a1b2c3d4e5f67890",
"GroupId": "sg-0a1b2c3d4e5f67890",
"GroupOwnerId": "123456789012",
"IsEgress": false,
"IpProtocol": "tcp",
"FromPort": 6379,
"ToPort": 6379,
"CidrIpv4": "172.31.0.0/16",
"SecurityGroupRuleArn": "arn:aws:ec2:us-east-1:123456789012:security-group-rule/sgr-0a1b2c3d4e5f67890"
}
]
}
Create a Cache Cluster
Once the subnet group and security group are ready, create the cache cluster. For the Valkey engine, use the create-replication-group command instead of create-cache-cluster. Here we'll use Valkey 8.0 with a single cache.t3.micro instance.
--transit-encryption-enabled / --no-transit-encryption-enabled controls whether communication between clients and nodes is encrypted with TLS. You must explicitly specify one or the other when using Valkey.
| Option | Encryption | Recommended For |
|---|---|---|
--transit-encryption-enabled | Yes (TLS) | Production environments or when security requirements apply |
--no-transit-encryption-enabled | No | Development/testing environments or when latency is a priority |
❯ aws elasticache create-replication-group \
--replication-group-id exrecord-valkey \
--replication-group-description "exrecord valkey cluster" \
--cache-node-type cache.t3.micro \
--engine valkey \
--engine-version 8.0 \
--num-cache-clusters 1 \
--cache-subnet-group-name exrecord-cache-subnet-group \
--security-group-ids sg-0a1b2c3d4e5f67890 \
--no-transit-encryption-enabled
Output
{
"ReplicationGroup": {
"ReplicationGroupId": "exrecord-valkey",
"Description": "exrecord valkey cluster",
"GlobalReplicationGroupInfo": {},
"Status": "creating",
"PendingModifiedValues": {},
"MemberClusters": [
"exrecord-valkey-001"
],
"AutomaticFailover": "disabled",
"MultiAZ": "disabled",
"SnapshotRetentionLimit": 0,
"SnapshotWindow": "19:00-20:00",
"ClusterEnabled": false,
"CacheNodeType": "cache.t3.micro",
"TransitEncryptionEnabled": false,
"AtRestEncryptionEnabled": true,
"ARN": "arn:aws:elasticache:us-east-1:123456789012:replicationgroup:exrecord-valkey",
"LogDeliveryConfigurations": [],
"ReplicationGroupCreateTime": "2026-04-21T16:25:37.028000+00:00",
"DataTiering": "disabled",
"AutoMinorVersionUpgrade": true,
"NetworkType": "ipv4",
"IpDiscovery": "ipv4",
"ClusterMode": "disabled",
"Engine": "valkey"
}
}
Cluster creation takes a few minutes. Run the following command and wait until the status becomes available.
❯ aws elasticache describe-replication-groups \
--replication-group-id exrecord-valkey \
--query "ReplicationGroups[0].Status"
"available"
Check the Endpoint
Once the cluster is available, retrieve the endpoint used for connections. The endpoint is a DNS name automatically assigned when the cluster is created, and it's used as the connection target from your application or valkey-cli.
❯ aws elasticache describe-replication-groups \
--replication-group-id exrecord-valkey \
--query "ReplicationGroups[0].NodeGroups[0].PrimaryEndpoint"
{
"Address": "exrecord-valkey.xxxxxx.ng.0001.use1.cache.amazonaws.com",
"Port": 6379
}
Connect with valkey-cli
From an EC2 instance in the same VPC, connect using the endpoint you retrieved. The server needs to have valkey-cli installed.
[ec2-user@ip-172-31-xx-xx ~]$ valkey-cli -h exrecord-valkey.xxxxxx.ng.0001.use1.cache.amazonaws.com -p 6379
exrecord-valkey.xxxxxx.ng.0001.use1.cache.amazonaws.com:6379>
Once connected, try reading and writing data with SET and GET.
exrecord-valkey.xxxxxx.ng.0001.use1.cache.amazonaws.com:6379> SET mykey "hello"
OK
exrecord-valkey.xxxxxx.ng.0001.use1.cache.amazonaws.com:6379> GET mykey
"hello"
Delete the Cluster
Delete the cluster when you no longer need it. Omitting --final-snapshot-identifier deletes the cluster without creating a final snapshot.
❯ aws elasticache delete-replication-group \
--replication-group-id exrecord-valkey
{
"ReplicationGroup": {
"ReplicationGroupId": "exrecord-valkey",
"Description": "exrecord valkey cluster",
"GlobalReplicationGroupInfo": {},
"Status": "deleting",
"PendingModifiedValues": {},
"AutomaticFailover": "disabled",
"MultiAZ": "disabled",
"SnapshotRetentionLimit": 0,
"SnapshotWindow": "19:00-20:00",
"TransitEncryptionEnabled": false,
"AtRestEncryptionEnabled": true,
"ARN": "arn:aws:elasticache:us-east-1:123456789012:replicationgroup:exrecord-valkey",
"LogDeliveryConfigurations": [],
"ReplicationGroupCreateTime": "2026-04-21T16:25:37.028000+00:00",
"DataTiering": "disabled",
"AutoMinorVersionUpgrade": true,
"NetworkType": "ipv4",
"IpDiscovery": "ipv4",
"ClusterMode": "disabled",
"Engine": "valkey"
}
}
Summary
This article covered the core concepts of Amazon ElastiCache and how to create and connect to a cache cluster using the AWS CLI.
- ElastiCache is a fully managed in-memory caching service that keeps data in memory, delivering sub-millisecond latency
- It supports two engines — Valkey (the Redis successor) and Memcached — with Valkey recommended for new deployments
- Replication and cluster mode improve availability and throughput
- Place clusters inside a VPC and restrict access via security groups to maintain a secure configuration
- It's especially effective for read-heavy workloads like caching database query results and session management