C7N Mailer - Allow Redis cluster to have encryption in transit enabled

[mrjeffwagner]

Describe the feature

The C7N Mailer tool does not allow for the Redis cluster to have Encryption in Transit enabled, which causes an error with the mailer lambda where it hangs for 15 minutes due to connectivity to Redis failing.

cloud-custodian/tools/c7n_mailer/c7n_mailer/ldap_lookup.py

Line 189 in b1fd240

self.connection = redis.StrictRedis(host=redis_host, port=redis_port, db=db)

I have tested the redis library locally with the following command and I am able to successfully get a connection:

ssl = redis.StrictRedis(host=redis_host, port=redis_port, ssl=True)
ssl.ping()
True

Feature request would likely be to add another option to config.yaml that can accept True/False value for redis_encryption, then add that to Redis class init.

Extra information or context

No response

[ajkerrigan]

Thanks for the report @mrjeffwagner , this request makes sense 👍 . Supporting an optional ssl parameter in the mailer config would be one way to handle this. Another might be allowing url rather than the host / port combo, and feeding that to Redis.from_url(). That handles port, db and the optional redis/rediss tls distinction under the covers 🤔

[kapilt]

redis url sounds good

[sanjeev98kumar]

Will this be a good first issue to start with?I am looking for my first PR