From 7af8bb077b450162696457d9ecb346300d0e0c99 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Fri, 22 May 2020 12:40:19 +0200 Subject: [PATCH 01/24] Added terraform011 note in README --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 9d286ab..91dd60d 100644 --- a/README.md +++ b/README.md @@ -11,7 +11,7 @@ This module Terraform 0.12. Pin module version to `~> v2.0`. Submit pull-requests to `master` branch. -Terraform 0.11. Pin module version to `~> v1.0`. +Terraform 0.11. Pin module version to `~> v1.0`. Submit pull-requests to `terraform011` branch. ## Usage From e88714ef10950dc101b9715f9e6ba55aaa3e4812 Mon Sep 17 00:00:00 2001 From: Pat McGee Date: Fri, 22 May 2020 14:17:13 -0400 Subject: [PATCH 02/24] fix: conditionally update random_id (#38) --- main.tf | 3 +++ 1 file changed, 3 insertions(+) diff --git a/main.tf b/main.tf index 2d01aad..329153a 100644 --- a/main.tf +++ b/main.tf @@ -4,6 +4,9 @@ data "aws_vpc" "vpc" { resource "random_id" "salt" { byte_length = 8 + keepers = { + redis_version = var.redis_version + } } resource "aws_elasticache_replication_group" "redis" { From 2f43d575de356bf20c9e846d972693ae78bfc919 Mon Sep 17 00:00:00 2001 From: Anton Trifonov <38254755+rinrailin@users.noreply.github.com> Date: Fri, 22 May 2020 21:18:23 +0300 Subject: [PATCH 03/24] fix: Use lookup() for VPC name getting (#40) --- cloudwatch.tf | 4 ++-- main.tf | 14 +++++++++----- security_groups.tf | 6 +++--- 3 files changed, 14 insertions(+), 10 deletions(-) diff --git a/cloudwatch.tf b/cloudwatch.tf index 75bbea9..3cedca1 100644 --- a/cloudwatch.tf +++ b/cloudwatch.tf @@ -6,7 +6,7 @@ resource "aws_cloudwatch_metric_alarm" "cache_cpu" { count = "${var.redis_clusters}" - alarm_name = "alarm-${var.name}-${data.aws_vpc.vpc.tags["Name"]}-CacheCluster00${count.index + 1}CPUUtilization" + alarm_name = "alarm-${var.name}-${local.vpc_name}-CacheCluster00${count.index + 1}CPUUtilization" alarm_description = "Redis cluster CPU utilization" comparison_operator = "GreaterThanThreshold" evaluation_periods = "1" @@ -27,7 +27,7 @@ resource "aws_cloudwatch_metric_alarm" "cache_cpu" { resource "aws_cloudwatch_metric_alarm" "cache_memory" { count = "${var.redis_clusters}" - alarm_name = "alarm-${var.name}-${data.aws_vpc.vpc.tags["Name"]}-CacheCluster00${count.index + 1}FreeableMemory" + alarm_name = "alarm-${var.name}-${local.vpc_name}-CacheCluster00${count.index + 1}FreeableMemory" alarm_description = "Redis cluster freeable memory" comparison_operator = "LessThanThreshold" evaluation_periods = "1" diff --git a/main.tf b/main.tf index 329153a..037027c 100644 --- a/main.tf +++ b/main.tf @@ -2,6 +2,10 @@ data "aws_vpc" "vpc" { id = var.vpc_id } +locals { + vpc_name = lookup(data.aws_vpc.vpc.tags, "Name", var.vpc_id) +} + resource "random_id" "salt" { byte_length = 8 keepers = { @@ -11,7 +15,7 @@ resource "random_id" "salt" { resource "aws_elasticache_replication_group" "redis" { replication_group_id = format("%.20s", "${var.name}-${var.env}") - replication_group_description = "Terraform-managed ElastiCache replication group for ${var.name}-${var.env}-${data.aws_vpc.vpc.tags["Name"]}" + replication_group_description = "Terraform-managed ElastiCache replication group for ${var.name}-${var.env}-${local.vpc_name}" number_cache_clusters = var.redis_clusters node_type = var.redis_node_type automatic_failover_enabled = var.redis_failover @@ -24,13 +28,13 @@ resource "aws_elasticache_replication_group" "redis" { maintenance_window = var.redis_maintenance_window snapshot_window = var.redis_snapshot_window snapshot_retention_limit = var.redis_snapshot_retention_limit - tags = merge(map("Name", format("tf-elasticache-%s-%s", var.name, lookup(data.aws_vpc.vpc.tags, "Name", ""))), var.tags) + tags = merge(map("Name", format("tf-elasticache-%s-%s", var.name, local.vpc_name)), var.tags) } resource "aws_elasticache_parameter_group" "redis_parameter_group" { - name = replace(format("%.255s", lower(replace("tf-redis-${var.name}-${var.env}-${data.aws_vpc.vpc.tags["Name"]}-${random_id.salt.hex}", "_", "-"))), "/\\s/", "-") + name = replace(format("%.255s", lower(replace("tf-redis-${var.name}-${var.env}-${local.vpc_name}-${random_id.salt.hex}", "_", "-"))), "/\\s/", "-") - description = "Terraform-managed ElastiCache parameter group for ${var.name}-${var.env}-${data.aws_vpc.vpc.tags["Name"]}" + description = "Terraform-managed ElastiCache parameter group for ${var.name}-${var.env}-${local.vpc_name}" # Strip the patch version from redis_version var family = "redis${replace(var.redis_version, "/\\.[\\d]+$/", "")}" @@ -48,6 +52,6 @@ resource "aws_elasticache_parameter_group" "redis_parameter_group" { } resource "aws_elasticache_subnet_group" "redis_subnet_group" { - name = replace(format("%.255s", lower(replace("tf-redis-${var.name}-${var.env}-${data.aws_vpc.vpc.tags["Name"]}", "_", "-"))), "/\\s/", "-") + name = replace(format("%.255s", lower(replace("tf-redis-${var.name}-${var.env}-${local.vpc_name}", "_", "-"))), "/\\s/", "-") subnet_ids = var.subnets } diff --git a/security_groups.tf b/security_groups.tf index 6a941f7..1b225b4 100644 --- a/security_groups.tf +++ b/security_groups.tf @@ -1,10 +1,10 @@ resource "aws_security_group" "redis_security_group" { - name = format("%.255s", "tf-sg-ec-${var.name}-${var.env}-${data.aws_vpc.vpc.tags["Name"]}") - description = "Terraform-managed ElastiCache security group for ${var.name}-${var.env}-${data.aws_vpc.vpc.tags["Name"]}" + name = format("%.255s", "tf-sg-ec-${var.name}-${var.env}-${local.vpc_name}") + description = "Terraform-managed ElastiCache security group for ${var.name}-${var.env}-${local.vpc_name}" vpc_id = data.aws_vpc.vpc.id tags = { - Name = "tf-sg-ec-${var.name}-${var.env}-${data.aws_vpc.vpc.tags["Name"]}" + Name = "tf-sg-ec-${var.name}-${var.env}-${local.vpc_name}" } } From 13fbc70a7aa4f610a46a1c13f9680674330a4169 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Fri, 22 May 2020 20:19:50 +0200 Subject: [PATCH 04/24] docs: Updated README --- .pre-commit-config.yaml | 4 +-- README.md | 62 +++++++++++++++++++++++------------------ 2 files changed, 37 insertions(+), 29 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 9729b21..e1b851b 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,10 +1,10 @@ repos: - repo: git://github.com/antonbabenko/pre-commit-terraform - rev: v1.21.0 + rev: v1.30.0 hooks: - id: terraform_fmt - id: terraform_docs - repo: git://github.com/pre-commit/pre-commit-hooks - rev: v2.4.0 + rev: v3.1.0 hooks: - id: check-merge-conflict diff --git a/README.md b/README.md index 91dd60d..6de3555 100644 --- a/README.md +++ b/README.md @@ -41,41 +41,49 @@ module "redis" { ``` +## Requirements + +No requirements. + +## Providers + +| Name | Version | +|------|---------| +| aws | n/a | +| random | n/a | + ## Inputs | Name | Description | Type | Default | Required | -|------|-------------|:----:|:-----:|:-----:| -| alarm\_actions | | list | n/a | yes | -| alarm\_cpu\_threshold | These vars would be used by cloudwatch.tf and should be uncommented if we decide to use them. | string | `"75"` | no | -| alarm\_memory\_threshold | | string | `"10000000"` | no | -| allowed\_cidr | A list of Security Group ID's to allow access to. | list(string) | `[ "127.0.0.1/32" ]` | no | -| allowed\_security\_groups | A list of Security Group ID's to allow access to. | list(string) | `[]` | no | -| apply\_immediately | Specifies whether any modifications are applied immediately, or during the next maintenance window. Default is false. | bool | `"false"` | no | -| env | env to deploy into, should typically dev/staging/prod | string | n/a | yes | -| name | Name for the Redis replication group i.e. UserObject | string | n/a | yes | -| redis\_clusters | Number of Redis cache clusters (nodes) to create | string | n/a | yes | -| redis\_failover | | bool | `"false"` | no | -| redis\_maintenance\_window | Specifies the weekly time range for when maintenance on the cache cluster is performed. The format is ddd:hh24:mi-ddd:hh24:mi (24H Clock UTC). The minimum maintenance window is a 60 minute period | string | `"fri:08:00-fri:09:00"` | no | -| redis\_node\_type | Instance type to use for creating the Redis cache clusters | string | `"cache.m3.medium"` | no | -| redis\_parameters | additional parameters modifyed in parameter group | list(map(any)) | `[]` | no | -| redis\_port | | number | `"6379"` | no | -| redis\_snapshot\_retention\_limit | The number of days for which ElastiCache will retain automatic cache cluster snapshots before deleting them. For example, if you set SnapshotRetentionLimit to 5, then a snapshot that was taken today will be retained for 5 days before being deleted. If the value of SnapshotRetentionLimit is set to zero (0), backups are turned off. Please note that setting a snapshot_retention_limit is not supported on cache.t1.micro or cache.t2.* cache nodes | number | `"0"` | no | -| redis\_snapshot\_window | The daily time range (in UTC) during which ElastiCache will begin taking a daily snapshot of your cache cluster. The minimum snapshot window is a 60 minute period | string | `"06:30-07:30"` | no | -| redis\_version | Redis version to use, defaults to 3.2.10 | string | `"3.2.10"` | no | -| subnets | List of VPC Subnet IDs for the cache subnet group | list(string) | n/a | yes | -| tags | Tags for redis nodes | map(string) | `{}` | no | -| vpc\_id | VPC ID | string | n/a | yes | +|------|-------------|------|---------|:--------:| +| allowed\_cidr | A list of Security Group ID's to allow access to. | `list(string)` |
[
"127.0.0.1/32"
]
| no | +| allowed\_security\_groups | A list of Security Group ID's to allow access to. | `list(string)` | `[]` | no | +| apply\_immediately | Specifies whether any modifications are applied immediately, or during the next maintenance window. Default is false. | `bool` | `false` | no | +| env | env to deploy into, should typically dev/staging/prod | `string` | n/a | yes | +| name | Name for the Redis replication group i.e. UserObject | `string` | n/a | yes | +| redis\_clusters | Number of Redis cache clusters (nodes) to create | `string` | n/a | yes | +| redis\_failover | n/a | `bool` | `false` | no | +| redis\_maintenance\_window | Specifies the weekly time range for when maintenance on the cache cluster is performed. The format is ddd:hh24:mi-ddd:hh24:mi (24H Clock UTC). The minimum maintenance window is a 60 minute period | `string` | `"fri:08:00-fri:09:00"` | no | +| redis\_node\_type | Instance type to use for creating the Redis cache clusters | `string` | `"cache.m3.medium"` | no | +| redis\_parameters | additional parameters modifyed in parameter group | `list(map(any))` | `[]` | no | +| redis\_port | n/a | `number` | `6379` | no | +| redis\_snapshot\_retention\_limit | The number of days for which ElastiCache will retain automatic cache cluster snapshots before deleting them. For example, if you set SnapshotRetentionLimit to 5, then a snapshot that was taken today will be retained for 5 days before being deleted. If the value of SnapshotRetentionLimit is set to zero (0), backups are turned off. Please note that setting a snapshot\_retention\_limit is not supported on cache.t1.micro or cache.t2.\* cache nodes | `number` | `0` | no | +| redis\_snapshot\_window | The daily time range (in UTC) during which ElastiCache will begin taking a daily snapshot of your cache cluster. The minimum snapshot window is a 60 minute period | `string` | `"06:30-07:30"` | no | +| redis\_version | Redis version to use, defaults to 3.2.10 | `string` | `"3.2.10"` | no | +| subnets | List of VPC Subnet IDs for the cache subnet group | `list(string)` | n/a | yes | +| tags | Tags for redis nodes | `map(string)` | `{}` | no | +| vpc\_id | VPC ID | `string` | n/a | yes | ## Outputs | Name | Description | |------|-------------| -| endpoint | | -| id | | -| parameter\_group | | -| port | | -| redis\_security\_group\_id | | -| redis\_subnet\_group\_name | | +| endpoint | n/a | +| id | n/a | +| parameter\_group | n/a | +| port | n/a | +| redis\_security\_group\_id | n/a | +| redis\_subnet\_group\_name | n/a | From b3ec28ebc06683c10de2f9300249513a2ee481a7 Mon Sep 17 00:00:00 2001 From: Anton Trifonov <38254755+rinrailin@users.noreply.github.com> Date: Sat, 23 May 2020 11:53:15 +0300 Subject: [PATCH 05/24] feat: Add new arguments support (#43) --- README.md | 10 +++++++++ main.tf | 11 ++++++++++ variables.tf | 60 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 81 insertions(+) diff --git a/README.md b/README.md index 6de3555..191a771 100644 --- a/README.md +++ b/README.md @@ -59,8 +59,14 @@ No requirements. | allowed\_cidr | A list of Security Group ID's to allow access to. | `list(string)` |
[
"127.0.0.1/32"
]
| no | | allowed\_security\_groups | A list of Security Group ID's to allow access to. | `list(string)` | `[]` | no | | apply\_immediately | Specifies whether any modifications are applied immediately, or during the next maintenance window. Default is false. | `bool` | `false` | no | +| at\_rest\_encryption\_enabled | Whether to enable encryption at rest | `bool` | `false` | no | +| auth\_token | The password used to access a password protected server. Can be specified only if transit_encryption_enabled = true. If specified must contain from 16 to 128 alphanumeric characters or symbols | `string` | `null` | no | +| auto\_minor\_version\_upgrade | Specifies whether a minor engine upgrades will be applied automatically to the underlying Cache Cluster instances during the maintenance window | `bool` | `true` | no | +| availability\_zones | A list of EC2 availability zones in which the replication group's cache clusters will be created. The order of the availability zones in the list is not important | `list(string)` | `` | no | | env | env to deploy into, should typically dev/staging/prod | `string` | n/a | yes | +| kms\_key\_id | The ARN of the key that you wish to use if encrypting at rest. If not supplied, uses service managed encryption. Can be specified only if at_rest_encryption_enabled = true | `string` | `""` | no | | name | Name for the Redis replication group i.e. UserObject | `string` | n/a | yes | +| notification\_topic\_arn | An Amazon Resource Name (ARN) of an SNS topic to send ElastiCache notifications to. Example: arn:aws:sns:us-east-1:012345678999:my_sns_topic | `string` | `""` | no | | redis\_clusters | Number of Redis cache clusters (nodes) to create | `string` | n/a | yes | | redis\_failover | n/a | `bool` | `false` | no | | redis\_maintenance\_window | Specifies the weekly time range for when maintenance on the cache cluster is performed. The format is ddd:hh24:mi-ddd:hh24:mi (24H Clock UTC). The minimum maintenance window is a 60 minute period | `string` | `"fri:08:00-fri:09:00"` | no | @@ -70,8 +76,12 @@ No requirements. | redis\_snapshot\_retention\_limit | The number of days for which ElastiCache will retain automatic cache cluster snapshots before deleting them. For example, if you set SnapshotRetentionLimit to 5, then a snapshot that was taken today will be retained for 5 days before being deleted. If the value of SnapshotRetentionLimit is set to zero (0), backups are turned off. Please note that setting a snapshot\_retention\_limit is not supported on cache.t1.micro or cache.t2.\* cache nodes | `number` | `0` | no | | redis\_snapshot\_window | The daily time range (in UTC) during which ElastiCache will begin taking a daily snapshot of your cache cluster. The minimum snapshot window is a 60 minute period | `string` | `"06:30-07:30"` | no | | redis\_version | Redis version to use, defaults to 3.2.10 | `string` | `"3.2.10"` | no | +| security\_group\_names | A list of cache security group names to associate with this replication group | `list(string)` | `[]` | no | +| snapshot\_arns | A single-element string list containing an Amazon Resource Name (ARN) of a Redis RDB snapshot file stored in Amazon S3. Example: arn:aws:s3:::my_bucket/snapshot1.rdb | `list(string)` | `[]` | no | +| snapshot\_name | The name of a snapshot from which to restore data into the new node group. Changing the snapshot_name forces a new resource | `string` | `""` | no | | subnets | List of VPC Subnet IDs for the cache subnet group | `list(string)` | n/a | yes | | tags | Tags for redis nodes | `map(string)` | `{}` | no | +| transit\_encryption\_enabled | Whether to enable encryption in transit. Requires 3.2.6 or >=4.0 redis_version | bool | `false` | no | | vpc\_id | VPC ID | `string` | n/a | yes | ## Outputs diff --git a/main.tf b/main.tf index 037027c..6b635d1 100644 --- a/main.tf +++ b/main.tf @@ -19,13 +19,24 @@ resource "aws_elasticache_replication_group" "redis" { number_cache_clusters = var.redis_clusters node_type = var.redis_node_type automatic_failover_enabled = var.redis_failover + auto_minor_version_upgrade = var.auto_minor_version_upgrade + availability_zones = var.availability_zones + engine = "redis" + at_rest_encryption_enabled = var.at_rest_encryption_enabled + kms_key_id = var.kms_key_id + transit_encryption_enabled = var.transit_encryption_enabled + auth_token = var.transit_encryption_enabled ? var.auth_token : null engine_version = var.redis_version port = var.redis_port parameter_group_name = aws_elasticache_parameter_group.redis_parameter_group.id subnet_group_name = aws_elasticache_subnet_group.redis_subnet_group.id + security_group_names = var.security_group_names security_group_ids = [aws_security_group.redis_security_group.id] + snapshot_arns = var.snapshot_arns + snapshot_name = var.snapshot_name apply_immediately = var.apply_immediately maintenance_window = var.redis_maintenance_window + notification_topic_arn = var.notification_topic_arn snapshot_window = var.redis_snapshot_window snapshot_retention_limit = var.redis_snapshot_retention_limit tags = merge(map("Name", format("tf-elasticache-%s-%s", var.name, local.vpc_name)), var.tags) diff --git a/variables.tf b/variables.tf index 98633d4..f5b8a8c 100644 --- a/variables.tf +++ b/variables.tf @@ -109,3 +109,63 @@ variable "tags" { type = map(string) default = {} } + +variable "auto_minor_version_upgrade" { + description = "Specifies whether a minor engine upgrades will be applied automatically to the underlying Cache Cluster instances during the maintenance window" + type = bool + default = true +} + +variable "availability_zones" { + description = "A list of EC2 availability zones in which the replication group's cache clusters will be created. The order of the availability zones in the list is not important" + type = list(string) + default = [] +} + +variable "at_rest_encryption_enabled" { + description = "Whether to enable encryption at rest" + type = bool + default = false +} + +variable "kms_key_id" { + description = "The ARN of the key that you wish to use if encrypting at rest. If not supplied, uses service managed encryption. Can be specified only if at_rest_encryption_enabled = true" + type = string + default = "" +} + +variable "transit_encryption_enabled" { + description = "Whether to enable encryption in transit. Requires 3.2.6 or >=4.0 redis_version" + type = bool + default = false +} + +variable "auth_token" { + description = "The password used to access a password protected server. Can be specified only if transit_encryption_enabled = true. If specified must contain from 16 to 128 alphanumeric characters or symbols" + type = string + default = null +} + +variable "security_group_names" { + description = "A list of cache security group names to associate with this replication group" + type = list(string) + default = [] +} + +variable "snapshot_arns" { + description = "A single-element string list containing an Amazon Resource Name (ARN) of a Redis RDB snapshot file stored in Amazon S3. Example: arn:aws:s3:::my_bucket/snapshot1.rdb" + type = list(string) + default = [] +} + +variable "snapshot_name" { + description = " The name of a snapshot from which to restore data into the new node group. Changing the snapshot_name forces a new resource" + type = string + default = "" +} + +variable "notification_topic_arn" { + description = "An Amazon Resource Name (ARN) of an SNS topic to send ElastiCache notifications to. Example: arn:aws:sns:us-east-1:012345678999:my_sns_topic" + type = string + default = "" +} From 9a58d76527fece9414368df47a5cd567c43534cf Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Sat, 23 May 2020 10:53:36 +0200 Subject: [PATCH 06/24] docs: Fixed README --- README.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 191a771..d54c321 100644 --- a/README.md +++ b/README.md @@ -60,13 +60,13 @@ No requirements. | allowed\_security\_groups | A list of Security Group ID's to allow access to. | `list(string)` | `[]` | no | | apply\_immediately | Specifies whether any modifications are applied immediately, or during the next maintenance window. Default is false. | `bool` | `false` | no | | at\_rest\_encryption\_enabled | Whether to enable encryption at rest | `bool` | `false` | no | -| auth\_token | The password used to access a password protected server. Can be specified only if transit_encryption_enabled = true. If specified must contain from 16 to 128 alphanumeric characters or symbols | `string` | `null` | no | +| auth\_token | The password used to access a password protected server. Can be specified only if transit\_encryption\_enabled = true. If specified must contain from 16 to 128 alphanumeric characters or symbols | `string` | `null` | no | | auto\_minor\_version\_upgrade | Specifies whether a minor engine upgrades will be applied automatically to the underlying Cache Cluster instances during the maintenance window | `bool` | `true` | no | -| availability\_zones | A list of EC2 availability zones in which the replication group's cache clusters will be created. The order of the availability zones in the list is not important | `list(string)` | `` | no | +| availability\_zones | A list of EC2 availability zones in which the replication group's cache clusters will be created. The order of the availability zones in the list is not important | `list(string)` | `[]` | no | | env | env to deploy into, should typically dev/staging/prod | `string` | n/a | yes | -| kms\_key\_id | The ARN of the key that you wish to use if encrypting at rest. If not supplied, uses service managed encryption. Can be specified only if at_rest_encryption_enabled = true | `string` | `""` | no | +| kms\_key\_id | The ARN of the key that you wish to use if encrypting at rest. If not supplied, uses service managed encryption. Can be specified only if at\_rest\_encryption\_enabled = true | `string` | `""` | no | | name | Name for the Redis replication group i.e. UserObject | `string` | n/a | yes | -| notification\_topic\_arn | An Amazon Resource Name (ARN) of an SNS topic to send ElastiCache notifications to. Example: arn:aws:sns:us-east-1:012345678999:my_sns_topic | `string` | `""` | no | +| notification\_topic\_arn | An Amazon Resource Name (ARN) of an SNS topic to send ElastiCache notifications to. Example: arn:aws:sns:us-east-1:012345678999:my\_sns\_topic | `string` | `""` | no | | redis\_clusters | Number of Redis cache clusters (nodes) to create | `string` | n/a | yes | | redis\_failover | n/a | `bool` | `false` | no | | redis\_maintenance\_window | Specifies the weekly time range for when maintenance on the cache cluster is performed. The format is ddd:hh24:mi-ddd:hh24:mi (24H Clock UTC). The minimum maintenance window is a 60 minute period | `string` | `"fri:08:00-fri:09:00"` | no | @@ -77,11 +77,11 @@ No requirements. | redis\_snapshot\_window | The daily time range (in UTC) during which ElastiCache will begin taking a daily snapshot of your cache cluster. The minimum snapshot window is a 60 minute period | `string` | `"06:30-07:30"` | no | | redis\_version | Redis version to use, defaults to 3.2.10 | `string` | `"3.2.10"` | no | | security\_group\_names | A list of cache security group names to associate with this replication group | `list(string)` | `[]` | no | -| snapshot\_arns | A single-element string list containing an Amazon Resource Name (ARN) of a Redis RDB snapshot file stored in Amazon S3. Example: arn:aws:s3:::my_bucket/snapshot1.rdb | `list(string)` | `[]` | no | -| snapshot\_name | The name of a snapshot from which to restore data into the new node group. Changing the snapshot_name forces a new resource | `string` | `""` | no | +| snapshot\_arns | A single-element string list containing an Amazon Resource Name (ARN) of a Redis RDB snapshot file stored in Amazon S3. Example: arn:aws:s3:::my\_bucket/snapshot1.rdb | `list(string)` | `[]` | no | +| snapshot\_name | The name of a snapshot from which to restore data into the new node group. Changing the snapshot\_name forces a new resource | `string` | `""` | no | | subnets | List of VPC Subnet IDs for the cache subnet group | `list(string)` | n/a | yes | | tags | Tags for redis nodes | `map(string)` | `{}` | no | -| transit\_encryption\_enabled | Whether to enable encryption in transit. Requires 3.2.6 or >=4.0 redis_version | bool | `false` | no | +| transit\_encryption\_enabled | Whether to enable encryption in transit. Requires 3.2.6 or >=4.0 redis\_version | `bool` | `false` | no | | vpc\_id | VPC ID | `string` | n/a | yes | ## Outputs From cf261f55628c20c6ef40038860ae68119bc8c9cb Mon Sep 17 00:00:00 2001 From: Luca Prete Date: Mon, 20 Jul 2020 12:05:01 +0200 Subject: [PATCH 07/24] Fix source instructions in readme (#45) * Fix source instructions in readme * Fix CIDR note in README --- README.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index d54c321..da3d158 100644 --- a/README.md +++ b/README.md @@ -17,8 +17,7 @@ Terraform 0.11. Pin module version to `~> v1.0`. Submit pull-requests to `terraf ```hcl module "redis" { - source = "github.com/terraform-community-modules/tf_aws_elasticache_redis.git" - version = "~> 2.0" + source = "github.com/terraform-community-modules/tf_aws_elasticache_redis.git?ref=v2.2.0" env = "dev" name = "thtest" @@ -56,7 +55,7 @@ No requirements. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| allowed\_cidr | A list of Security Group ID's to allow access to. | `list(string)` |
[
"127.0.0.1/32"
]
| no | +| allowed\_cidr | A list CIDRs to allow access to. | `list(string)` |
[
"127.0.0.1/32"
]
| no | | allowed\_security\_groups | A list of Security Group ID's to allow access to. | `list(string)` | `[]` | no | | apply\_immediately | Specifies whether any modifications are applied immediately, or during the next maintenance window. Default is false. | `bool` | `false` | no | | at\_rest\_encryption\_enabled | Whether to enable encryption at rest | `bool` | `false` | no | From 9752fe51f0529d1c80fc0744df20f4a1cd640a42 Mon Sep 17 00:00:00 2001 From: Stretch Date: Tue, 11 May 2021 21:07:42 +0100 Subject: [PATCH 08/24] Terraform 0.15.* updates (#50) --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index 6b635d1..b5d04ed 100644 --- a/main.tf +++ b/main.tf @@ -39,7 +39,7 @@ resource "aws_elasticache_replication_group" "redis" { notification_topic_arn = var.notification_topic_arn snapshot_window = var.redis_snapshot_window snapshot_retention_limit = var.redis_snapshot_retention_limit - tags = merge(map("Name", format("tf-elasticache-%s-%s", var.name, local.vpc_name)), var.tags) + tags = merge(tomap({"Name" = format("tf-elasticache-%s-%s", var.name, local.vpc_name)}), var.tags) } resource "aws_elasticache_parameter_group" "redis_parameter_group" { From fbe0f7d6b4bb7610a8d924b10dd13d9ea6e31e36 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=B6mer=20=C3=B6ner?= Date: Mon, 7 Jun 2021 19:32:37 +0300 Subject: [PATCH 09/24] multiaz enable add (#48) --- main.tf | 1 + variables.tf | 5 +++++ 2 files changed, 6 insertions(+) diff --git a/main.tf b/main.tf index b5d04ed..449f8b4 100644 --- a/main.tf +++ b/main.tf @@ -21,6 +21,7 @@ resource "aws_elasticache_replication_group" "redis" { automatic_failover_enabled = var.redis_failover auto_minor_version_upgrade = var.auto_minor_version_upgrade availability_zones = var.availability_zones + multi_az_enabled = var.multi_az_enabled engine = "redis" at_rest_encryption_enabled = var.at_rest_encryption_enabled kms_key_id = var.kms_key_id diff --git a/variables.tf b/variables.tf index f5b8a8c..182360e 100644 --- a/variables.tf +++ b/variables.tf @@ -52,6 +52,11 @@ variable "redis_failover" { default = false } +variable "multi_az_enabled" { + type = bool + default = false +} + variable "redis_node_type" { description = "Instance type to use for creating the Redis cache clusters" type = string From 6f3d16095fb3da5a237ccb090b380b8f7caa1810 Mon Sep 17 00:00:00 2001 From: sharath-sequoia <52989442+sharath-sequoia@users.noreply.github.com> Date: Mon, 15 Aug 2022 23:40:51 +0530 Subject: [PATCH 10/24] fix: Make aws_elasticache_parameter_group to use redis6.x as value for family when version is 6 and above (#54) --- main.tf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/main.tf b/main.tf index 449f8b4..1bcd823 100644 --- a/main.tf +++ b/main.tf @@ -4,6 +4,7 @@ data "aws_vpc" "vpc" { locals { vpc_name = lookup(data.aws_vpc.vpc.tags, "Name", var.vpc_id) + parameter_group_family = substr(var.redis_version, 0,1) < 6 ? "redis${replace(var.redis_version, "/\\.[\\d]+$/", "")}": "redis${replace(var.redis_version, "/\\.[\\d]+$/", "")}.x" } resource "random_id" "salt" { @@ -49,7 +50,7 @@ resource "aws_elasticache_parameter_group" "redis_parameter_group" { description = "Terraform-managed ElastiCache parameter group for ${var.name}-${var.env}-${local.vpc_name}" # Strip the patch version from redis_version var - family = "redis${replace(var.redis_version, "/\\.[\\d]+$/", "")}" + family = local.parameter_group_family dynamic "parameter" { for_each = var.redis_parameters content { From 87373b2861903bdfd21ef78bb5b5b68579a6cf73 Mon Sep 17 00:00:00 2001 From: Vicente Dominguez Date: Tue, 21 Jan 2020 12:52:49 +0100 Subject: [PATCH 11/24] fix issue #34 --- main.tf | 3 +++ 1 file changed, 3 insertions(+) diff --git a/main.tf b/main.tf index 1bcd823..207b760 100644 --- a/main.tf +++ b/main.tf @@ -8,6 +8,9 @@ locals { } resource "random_id" "salt" { + keepers = { + redis_version = "${var.redis_version}" + } byte_length = 8 keepers = { redis_version = var.redis_version From ba54b5f948779a7341c5c658459c0e9fdf2c103d Mon Sep 17 00:00:00 2001 From: Alejandro Colomina Date: Wed, 10 Mar 2021 12:12:19 +0100 Subject: [PATCH 12/24] Adds support for multi_az clustering --- .gitignore | 1 + variables.tf | 7 +++++++ versions.tf | 11 +++++++++++ 3 files changed, 19 insertions(+) create mode 100644 versions.tf diff --git a/.gitignore b/.gitignore index 7868d16..c84de37 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ # Compiled files *.tfstate *.tfstate.backup +.terraform diff --git a/variables.tf b/variables.tf index 182360e..f927853 100644 --- a/variables.tf +++ b/variables.tf @@ -47,7 +47,14 @@ variable "redis_clusters" { type = string } +variable "multi_az_enabled" { + description = "Specifies whether to enable Multi-AZ Support for the replication group" + type = bool + default = false +} + variable "redis_failover" { + description = "Specifies whether a read-only replica will be automatically promoted to read/write primary if the existing primary fails" type = bool default = false } diff --git a/versions.tf b/versions.tf new file mode 100644 index 0000000..41b0022 --- /dev/null +++ b/versions.tf @@ -0,0 +1,11 @@ +terraform { + required_version = ">= 0.12" +} + +provider "aws" { + version = "~> 3.31" +} + +provider "random" { + version = "~> 3.1" +} From a316374f74936e6080ef2a37a0f4f1cceb177b17 Mon Sep 17 00:00:00 2001 From: Alejandro Colomina Date: Wed, 10 Mar 2021 17:19:01 +0100 Subject: [PATCH 13/24] Adds support for replicating from another Redis instance --- security_groups.tf | 10 ++++++++++ variables.tf | 5 +++-- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/security_groups.tf b/security_groups.tf index 1b225b4..db8d2db 100644 --- a/security_groups.tf +++ b/security_groups.tf @@ -26,3 +26,13 @@ resource "aws_security_group_rule" "redis_networks_ingress" { cidr_blocks = var.allowed_cidr security_group_id = aws_security_group.redis_security_group.id } + +resource "aws_security_group_rule" "redis_replication_egress" { + count = var.is_migration_cluster ? 1 : 0 + type = "egress" + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + security_group_id = aws_security_group.redis_security_group.id +} diff --git a/variables.tf b/variables.tf index f927853..e76561e 100644 --- a/variables.tf +++ b/variables.tf @@ -59,8 +59,9 @@ variable "redis_failover" { default = false } -variable "multi_az_enabled" { - type = bool +variable "is_migration_cluster" { + description = "Specifies whether this is a cluster for replicating other EC2 redis. Useful for migrations." + type = bool default = false } From ecf49b9e7715d67a04367ac710a957bb98e88441 Mon Sep 17 00:00:00 2001 From: Jose Luis Salas Date: Mon, 28 Nov 2022 11:16:08 +0100 Subject: [PATCH 14/24] [PLATOP-2685] Use AWS provider v4 --- versions.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions.tf b/versions.tf index 41b0022..8f89837 100644 --- a/versions.tf +++ b/versions.tf @@ -3,7 +3,7 @@ terraform { } provider "aws" { - version = "~> 3.31" + version = "~> 4.12" } provider "random" { From 0f351418a1d1362095f9ed576372d48f758c162e Mon Sep 17 00:00:00 2001 From: "rafa.saez@flywire.com" Date: Wed, 4 Oct 2023 12:33:21 +0200 Subject: [PATCH 15/24] Remove duplicated argument keepers --- main.tf | 3 --- 1 file changed, 3 deletions(-) diff --git a/main.tf b/main.tf index 207b760..9a11b08 100644 --- a/main.tf +++ b/main.tf @@ -12,9 +12,6 @@ resource "random_id" "salt" { redis_version = "${var.redis_version}" } byte_length = 8 - keepers = { - redis_version = var.redis_version - } } resource "aws_elasticache_replication_group" "redis" { From 2e96e5ef88c38e29f482846ac343b559e9c26035 Mon Sep 17 00:00:00 2001 From: "rafa.saez@flywire.com" Date: Wed, 4 Oct 2023 12:36:36 +0200 Subject: [PATCH 16/24] Josele Fix for versions in parameter group family --- main.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/main.tf b/main.tf index 9a11b08..4e3cac3 100644 --- a/main.tf +++ b/main.tf @@ -4,8 +4,8 @@ data "aws_vpc" "vpc" { locals { vpc_name = lookup(data.aws_vpc.vpc.tags, "Name", var.vpc_id) - parameter_group_family = substr(var.redis_version, 0,1) < 6 ? "redis${replace(var.redis_version, "/\\.[\\d]+$/", "")}": "redis${replace(var.redis_version, "/\\.[\\d]+$/", "")}.x" -} +major_redis_version = parseint(substr(var.redis_version, 0,1),10) + parameter_group_family = local.major_redis_version < 6 ? "redis${replace(var.redis_version, "/\\.[\\d]+$/", "")}" : local.major_redis_version == 6 ? "redis${replace(var.redis_version, "/\\.[\\d|x]+$/", "")}.x" : "redis${local.major_redis_version}"} resource "random_id" "salt" { keepers = { From 63962e04185a97cf664fde9fcfa88e3eabf0d24d Mon Sep 17 00:00:00 2001 From: "rafa.saez@flywire.com" Date: Wed, 4 Oct 2023 12:37:37 +0200 Subject: [PATCH 17/24] indentation --- main.tf | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/main.tf b/main.tf index 4e3cac3..844d2ee 100644 --- a/main.tf +++ b/main.tf @@ -4,8 +4,9 @@ data "aws_vpc" "vpc" { locals { vpc_name = lookup(data.aws_vpc.vpc.tags, "Name", var.vpc_id) -major_redis_version = parseint(substr(var.redis_version, 0,1),10) - parameter_group_family = local.major_redis_version < 6 ? "redis${replace(var.redis_version, "/\\.[\\d]+$/", "")}" : local.major_redis_version == 6 ? "redis${replace(var.redis_version, "/\\.[\\d|x]+$/", "")}.x" : "redis${local.major_redis_version}"} + major_redis_version = parseint(substr(var.redis_version, 0,1),10) + parameter_group_family = local.major_redis_version < 6 ? "redis${replace(var.redis_version, "/\\.[\\d]+$/", "")}" : local.major_redis_version == 6 ? "redis${replace(var.redis_version, "/\\.[\\d|x]+$/", "")}.x" : "redis${local.major_redis_version}" + } resource "random_id" "salt" { keepers = { From 092f7d623da778ab4a132add57f6c046a7c5fd13 Mon Sep 17 00:00:00 2001 From: "rafa.saez@flywire.com" Date: Thu, 5 Oct 2023 12:06:04 +0200 Subject: [PATCH 18/24] Update providers definition --- versions.tf | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/versions.tf b/versions.tf index 8f89837..6cefc3f 100644 --- a/versions.tf +++ b/versions.tf @@ -1,11 +1,13 @@ terraform { required_version = ">= 0.12" -} - -provider "aws" { - version = "~> 4.12" -} - -provider "random" { - version = "~> 3.1" -} + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 4.12" + } + random = { + source = "hashicorp/random" + version = "~> 3.1" + } + } +} \ No newline at end of file From 538f45b330b04b614506c10d1327e655518c4550 Mon Sep 17 00:00:00 2001 From: "rafa.saez@flywire.com" Date: Thu, 5 Oct 2023 12:06:45 +0200 Subject: [PATCH 19/24] Update parameter naming --- main.tf | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/main.tf b/main.tf index 844d2ee..716722e 100644 --- a/main.tf +++ b/main.tf @@ -5,7 +5,7 @@ data "aws_vpc" "vpc" { locals { vpc_name = lookup(data.aws_vpc.vpc.tags, "Name", var.vpc_id) major_redis_version = parseint(substr(var.redis_version, 0,1),10) - parameter_group_family = local.major_redis_version < 6 ? "redis${replace(var.redis_version, "/\\.[\\d]+$/", "")}" : local.major_redis_version == 6 ? "redis${replace(var.redis_version, "/\\.[\\d|x]+$/", "")}.x" : "redis${local.major_redis_version}" + parameter_group_family = local.major_redis_version < 6 ? "redis${replace(var.redis_version, "/\\.[\\d]+$/", "")}" : local.major_redis_version == 6 ? "redis${replace(var.redis_version, "/\\.[\\d|x]+$/", "")}.x" : "redis${local.major_redis_version}" } resource "random_id" "salt" { @@ -17,12 +17,12 @@ resource "random_id" "salt" { resource "aws_elasticache_replication_group" "redis" { replication_group_id = format("%.20s", "${var.name}-${var.env}") - replication_group_description = "Terraform-managed ElastiCache replication group for ${var.name}-${var.env}-${local.vpc_name}" - number_cache_clusters = var.redis_clusters + description = "Terraform-managed ElastiCache replication group for ${var.name}-${var.env}-${local.vpc_name}" + num_cache_clusters = var.redis_clusters node_type = var.redis_node_type automatic_failover_enabled = var.redis_failover auto_minor_version_upgrade = var.auto_minor_version_upgrade - availability_zones = var.availability_zones + preferred_cache_cluster_azs = var.availability_zones multi_az_enabled = var.multi_az_enabled engine = "redis" at_rest_encryption_enabled = var.at_rest_encryption_enabled From 3f38950a7d1a0f07fc5e7397528adc97db162bc2 Mon Sep 17 00:00:00 2001 From: "rafa.saez@flywire.com" Date: Thu, 5 Oct 2023 12:07:59 +0200 Subject: [PATCH 20/24] Update gitignore --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index c84de37..4e7a3c8 100644 --- a/.gitignore +++ b/.gitignore @@ -2,3 +2,4 @@ *.tfstate *.tfstate.backup .terraform +.terraform.lock.hcl From f4502c095685cd55143fe735c6bb08df58bdf94f Mon Sep 17 00:00:00 2001 From: "rafa.saez@flywire.com" Date: Thu, 5 Oct 2023 14:20:53 +0200 Subject: [PATCH 21/24] Update Readme --- README.md | 106 ++++++++++++++++++++++++++++++++---------------------- 1 file changed, 64 insertions(+), 42 deletions(-) diff --git a/README.md b/README.md index da3d158..b016372 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ A terraform module providing a Redis ElastiCache cluster in AWS. -This module +This module is forked from [tf_aws_elasticache_redis Communitiy module](https://github.com/terraform-community-modules/tf_aws_elasticache_redis) and performs the following tasks: - Creates Redis ElastiCache clusters - Creates, manages, and exports a security group @@ -17,7 +17,7 @@ Terraform 0.11. Pin module version to `~> v1.0`. Submit pull-requests to `terraf ```hcl module "redis" { - source = "github.com/terraform-community-modules/tf_aws_elasticache_redis.git?ref=v2.2.0" + source = "github.com/flywirecorp/tf_aws_elasticache_redis.git?ref=v2.2.0" env = "dev" name = "thtest" @@ -38,68 +38,90 @@ module "redis" { }] } ``` - - ## Requirements -No requirements. +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 0.12 | +| [aws](#requirement\_aws) | ~> 4.12 | +| [random](#requirement\_random) | ~> 3.1 | ## Providers | Name | Version | |------|---------| -| aws | n/a | -| random | n/a | +| [aws](#provider\_aws) | ~> 4.12 | +| [random](#provider\_random) | ~> 3.1 | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [aws_elasticache_parameter_group.redis_parameter_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticache_parameter_group) | resource | +| [aws_elasticache_replication_group.redis](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticache_replication_group) | resource | +| [aws_elasticache_subnet_group.redis_subnet_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticache_subnet_group) | resource | +| [aws_security_group.redis_security_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource | +| [aws_security_group_rule.redis_ingress](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource | +| [aws_security_group_rule.redis_networks_ingress](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource | +| [aws_security_group_rule.redis_replication_egress](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource | +| [random_id.salt](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/id) | resource | +| [aws_vpc.vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| allowed\_cidr | A list CIDRs to allow access to. | `list(string)` |
[
"127.0.0.1/32"
]
| no | -| allowed\_security\_groups | A list of Security Group ID's to allow access to. | `list(string)` | `[]` | no | -| apply\_immediately | Specifies whether any modifications are applied immediately, or during the next maintenance window. Default is false. | `bool` | `false` | no | -| at\_rest\_encryption\_enabled | Whether to enable encryption at rest | `bool` | `false` | no | -| auth\_token | The password used to access a password protected server. Can be specified only if transit\_encryption\_enabled = true. If specified must contain from 16 to 128 alphanumeric characters or symbols | `string` | `null` | no | -| auto\_minor\_version\_upgrade | Specifies whether a minor engine upgrades will be applied automatically to the underlying Cache Cluster instances during the maintenance window | `bool` | `true` | no | -| availability\_zones | A list of EC2 availability zones in which the replication group's cache clusters will be created. The order of the availability zones in the list is not important | `list(string)` | `[]` | no | -| env | env to deploy into, should typically dev/staging/prod | `string` | n/a | yes | -| kms\_key\_id | The ARN of the key that you wish to use if encrypting at rest. If not supplied, uses service managed encryption. Can be specified only if at\_rest\_encryption\_enabled = true | `string` | `""` | no | -| name | Name for the Redis replication group i.e. UserObject | `string` | n/a | yes | -| notification\_topic\_arn | An Amazon Resource Name (ARN) of an SNS topic to send ElastiCache notifications to. Example: arn:aws:sns:us-east-1:012345678999:my\_sns\_topic | `string` | `""` | no | -| redis\_clusters | Number of Redis cache clusters (nodes) to create | `string` | n/a | yes | -| redis\_failover | n/a | `bool` | `false` | no | -| redis\_maintenance\_window | Specifies the weekly time range for when maintenance on the cache cluster is performed. The format is ddd:hh24:mi-ddd:hh24:mi (24H Clock UTC). The minimum maintenance window is a 60 minute period | `string` | `"fri:08:00-fri:09:00"` | no | -| redis\_node\_type | Instance type to use for creating the Redis cache clusters | `string` | `"cache.m3.medium"` | no | -| redis\_parameters | additional parameters modifyed in parameter group | `list(map(any))` | `[]` | no | -| redis\_port | n/a | `number` | `6379` | no | -| redis\_snapshot\_retention\_limit | The number of days for which ElastiCache will retain automatic cache cluster snapshots before deleting them. For example, if you set SnapshotRetentionLimit to 5, then a snapshot that was taken today will be retained for 5 days before being deleted. If the value of SnapshotRetentionLimit is set to zero (0), backups are turned off. Please note that setting a snapshot\_retention\_limit is not supported on cache.t1.micro or cache.t2.\* cache nodes | `number` | `0` | no | -| redis\_snapshot\_window | The daily time range (in UTC) during which ElastiCache will begin taking a daily snapshot of your cache cluster. The minimum snapshot window is a 60 minute period | `string` | `"06:30-07:30"` | no | -| redis\_version | Redis version to use, defaults to 3.2.10 | `string` | `"3.2.10"` | no | -| security\_group\_names | A list of cache security group names to associate with this replication group | `list(string)` | `[]` | no | -| snapshot\_arns | A single-element string list containing an Amazon Resource Name (ARN) of a Redis RDB snapshot file stored in Amazon S3. Example: arn:aws:s3:::my\_bucket/snapshot1.rdb | `list(string)` | `[]` | no | -| snapshot\_name | The name of a snapshot from which to restore data into the new node group. Changing the snapshot\_name forces a new resource | `string` | `""` | no | -| subnets | List of VPC Subnet IDs for the cache subnet group | `list(string)` | n/a | yes | -| tags | Tags for redis nodes | `map(string)` | `{}` | no | -| transit\_encryption\_enabled | Whether to enable encryption in transit. Requires 3.2.6 or >=4.0 redis\_version | `bool` | `false` | no | -| vpc\_id | VPC ID | `string` | n/a | yes | +| [env](#input\_env) | env to deploy into, should typically dev/staging/prod | `string` | n/a | yes | +| [name](#input\_name) | Name for the Redis replication group i.e. UserObject | `string` | n/a | yes | +| [redis\_clusters](#input\_redis\_clusters) | Number of Redis cache clusters (nodes) to create | `string` | n/a | yes | +| [subnets](#input\_subnets) | List of VPC Subnet IDs for the cache subnet group | `list(string)` | n/a | yes | +| [vpc\_id](#input\_vpc\_id) | VPC ID | `string` | n/a | yes | +| [allowed\_cidr](#input\_allowed\_cidr) | A list of Security Group ID's to allow access to. | `list(string)` |
[
"127.0.0.1/32"
]
| no | +| [allowed\_security\_groups](#input\_allowed\_security\_groups) | A list of Security Group ID's to allow access to. | `list(string)` | `[]` | no | +| [apply\_immediately](#input\_apply\_immediately) | Specifies whether any modifications are applied immediately, or during the next maintenance window. Default is false. | `bool` | `false` | no | +| [at\_rest\_encryption\_enabled](#input\_at\_rest\_encryption\_enabled) | Whether to enable encryption at rest | `bool` | `false` | no | +| [auth\_token](#input\_auth\_token) | The password used to access a password protected server. Can be specified only if transit\_encryption\_enabled = true. If specified must contain from 16 to 128 alphanumeric characters or symbols | `string` | `null` | no | +| [auto\_minor\_version\_upgrade](#input\_auto\_minor\_version\_upgrade) | Specifies whether a minor engine upgrades will be applied automatically to the underlying Cache Cluster instances during the maintenance window | `bool` | `true` | no | +| [availability\_zones](#input\_availability\_zones) | A list of EC2 availability zones in which the replication group's cache clusters will be created. The order of the availability zones in the list is not important | `list(string)` | `[]` | no | +| [is\_migration\_cluster](#input\_is\_migration\_cluster) | Specifies whether this is a cluster for replicating other EC2 redis. Useful for migrations. | `bool` | `false` | no | +| [kms\_key\_id](#input\_kms\_key\_id) | The ARN of the key that you wish to use if encrypting at rest. If not supplied, uses service managed encryption. Can be specified only if at\_rest\_encryption\_enabled = true | `string` | `""` | no | +| [multi\_az\_enabled](#input\_multi\_az\_enabled) | Specifies whether to enable Multi-AZ Support for the replication group | `bool` | `false` | no | +| [notification\_topic\_arn](#input\_notification\_topic\_arn) | An Amazon Resource Name (ARN) of an SNS topic to send ElastiCache notifications to. Example: arn:aws:sns:us-east-1:012345678999:my\_sns\_topic | `string` | `""` | no | +| [redis\_failover](#input\_redis\_failover) | Specifies whether a read-only replica will be automatically promoted to read/write primary if the existing primary fails | `bool` | `false` | no | +| [redis\_maintenance\_window](#input\_redis\_maintenance\_window) | Specifies the weekly time range for when maintenance on the cache cluster is performed. The format is ddd:hh24:mi-ddd:hh24:mi (24H Clock UTC). The minimum maintenance window is a 60 minute period | `string` | `"fri:08:00-fri:09:00"` | no | +| [redis\_node\_type](#input\_redis\_node\_type) | Instance type to use for creating the Redis cache clusters | `string` | `"cache.m3.medium"` | no | +| [redis\_parameters](#input\_redis\_parameters) | additional parameters modifyed in parameter group | `list(map(any))` | `[]` | no | +| [redis\_port](#input\_redis\_port) | n/a | `number` | `6379` | no | +| [redis\_snapshot\_retention\_limit](#input\_redis\_snapshot\_retention\_limit) | The number of days for which ElastiCache will retain automatic cache cluster snapshots before deleting them. For example, if you set SnapshotRetentionLimit to 5, then a snapshot that was taken today will be retained for 5 days before being deleted. If the value of SnapshotRetentionLimit is set to zero (0), backups are turned off. Please note that setting a snapshot\_retention\_limit is not supported on cache.t1.micro or cache.t2.* cache nodes | `number` | `0` | no | +| [redis\_snapshot\_window](#input\_redis\_snapshot\_window) | The daily time range (in UTC) during which ElastiCache will begin taking a daily snapshot of your cache cluster. The minimum snapshot window is a 60 minute period | `string` | `"06:30-07:30"` | no | +| [redis\_version](#input\_redis\_version) | Redis version to use, defaults to 3.2.10 | `string` | `"3.2.10"` | no | +| [security\_group\_names](#input\_security\_group\_names) | A list of cache security group names to associate with this replication group | `list(string)` | `[]` | no | +| [snapshot\_arns](#input\_snapshot\_arns) | A single-element string list containing an Amazon Resource Name (ARN) of a Redis RDB snapshot file stored in Amazon S3. Example: arn:aws:s3:::my\_bucket/snapshot1.rdb | `list(string)` | `[]` | no | +| [snapshot\_name](#input\_snapshot\_name) | The name of a snapshot from which to restore data into the new node group. Changing the snapshot\_name forces a new resource | `string` | `""` | no | +| [tags](#input\_tags) | Tags for redis nodes | `map(string)` | `{}` | no | +| [transit\_encryption\_enabled](#input\_transit\_encryption\_enabled) | Whether to enable encryption in transit. Requires 3.2.6 or >=4.0 redis\_version | `bool` | `false` | no | ## Outputs | Name | Description | |------|-------------| -| endpoint | n/a | -| id | n/a | -| parameter\_group | n/a | -| port | n/a | -| redis\_security\_group\_id | n/a | -| redis\_subnet\_group\_name | n/a | - - +| [endpoint](#output\_endpoint) | n/a | +| [id](#output\_id) | n/a | +| [parameter\_group](#output\_parameter\_group) | n/a | +| [port](#output\_port) | n/a | +| [redis\_security\_group\_id](#output\_redis\_security\_group\_id) | n/a | +| [redis\_subnet\_group\_name](#output\_redis\_subnet\_group\_name) | n/a | ## Authors Created by [Tim Hartmann](https://github.com/tfhartmann). Maintained by [Anton Babenko](https://github.com/antonbabenko) and [these awesome contributors](https://github.com/terraform-community-modules/tf_aws_elasticache_redis/graphs/contributors). +This fork is possible thanks to [these contributors](https://github.com/flywirecorp/tf_aws_elasticache_redis/graphs/contributors) + ## License [MIT License](LICENSE) From 5799982b33dcd2c2ff59ebae27207c5b919a88dc Mon Sep 17 00:00:00 2001 From: "rafa.saez@flywire.com" Date: Thu, 5 Oct 2023 15:11:17 +0200 Subject: [PATCH 22/24] Add pre-commit hook tags --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index b016372..78c105e 100644 --- a/README.md +++ b/README.md @@ -38,6 +38,8 @@ module "redis" { }] } ``` + + ## Requirements | Name | Version | @@ -116,6 +118,8 @@ No modules. | [redis\_security\_group\_id](#output\_redis\_security\_group\_id) | n/a | | [redis\_subnet\_group\_name](#output\_redis\_subnet\_group\_name) | n/a | + + ## Authors Created by [Tim Hartmann](https://github.com/tfhartmann). Maintained by [Anton Babenko](https://github.com/antonbabenko) and [these awesome contributors](https://github.com/terraform-community-modules/tf_aws_elasticache_redis/graphs/contributors). From 17e7b76c148720a95cda0bdf9db965055248f9ae Mon Sep 17 00:00:00 2001 From: "rafa.saez@flywire.com" Date: Thu, 5 Oct 2023 15:34:45 +0200 Subject: [PATCH 23/24] Add outputs descriptions --- README.md | 12 ++++++------ outputs.tf | 7 +++++++ 2 files changed, 13 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 78c105e..ae1bfae 100644 --- a/README.md +++ b/README.md @@ -111,12 +111,12 @@ No modules. | Name | Description | |------|-------------| -| [endpoint](#output\_endpoint) | n/a | -| [id](#output\_id) | n/a | -| [parameter\_group](#output\_parameter\_group) | n/a | -| [port](#output\_port) | n/a | -| [redis\_security\_group\_id](#output\_redis\_security\_group\_id) | n/a | -| [redis\_subnet\_group\_name](#output\_redis\_subnet\_group\_name) | n/a | +| [endpoint](#output\_endpoint) | Redis endpoint address | +| [id](#output\_id) | ID of the Redis replication group | +| [parameter\_group](#output\_parameter\_group) | ID of the Parameter Group to control the runtime properties of Redis nodes and clusters | +| [port](#output\_port) | Redis port (default is 6379) | +| [redis\_security\_group\_id](#output\_redis\_security\_group\_id) | ID of the managed Security Group generated for Redis | +| [redis\_subnet\_group\_name](#output\_redis\_subnet\_group\_name) | Name of the Redis subnet | diff --git a/outputs.tf b/outputs.tf index a4507c9..8114b91 100644 --- a/outputs.tf +++ b/outputs.tf @@ -1,23 +1,30 @@ output "redis_security_group_id" { value = aws_security_group.redis_security_group.id + description = "ID of the managed Security Group generated for Redis" } output "parameter_group" { value = aws_elasticache_parameter_group.redis_parameter_group.id + description = "ID of the Parameter Group to control the runtime properties of Redis nodes and clusters" } output "redis_subnet_group_name" { value = aws_elasticache_subnet_group.redis_subnet_group.name + description = "Name of the Redis subnet" + } output "id" { value = aws_elasticache_replication_group.redis.id + description = "ID of the Redis replication group" } output "port" { value = var.redis_port + description = "Redis port (default is 6379)" } output "endpoint" { value = aws_elasticache_replication_group.redis.primary_endpoint_address + description = "Redis endpoint address" } From a0020e9c184e47596989f57d91eddeeb811cf449 Mon Sep 17 00:00:00 2001 From: "rafa.saez@flywire.com" Date: Thu, 5 Oct 2023 16:45:10 +0200 Subject: [PATCH 24/24] apply terraform fmt --- main.tf | 60 ++++++++++++++++++++++++++-------------------------- outputs.tf | 12 +++++------ variables.tf | 12 +++++------ versions.tf | 4 ++-- 4 files changed, 44 insertions(+), 44 deletions(-) diff --git a/main.tf b/main.tf index 716722e..00bea21 100644 --- a/main.tf +++ b/main.tf @@ -3,10 +3,10 @@ data "aws_vpc" "vpc" { } locals { - vpc_name = lookup(data.aws_vpc.vpc.tags, "Name", var.vpc_id) - major_redis_version = parseint(substr(var.redis_version, 0,1),10) + vpc_name = lookup(data.aws_vpc.vpc.tags, "Name", var.vpc_id) + major_redis_version = parseint(substr(var.redis_version, 0, 1), 10) parameter_group_family = local.major_redis_version < 6 ? "redis${replace(var.redis_version, "/\\.[\\d]+$/", "")}" : local.major_redis_version == 6 ? "redis${replace(var.redis_version, "/\\.[\\d|x]+$/", "")}.x" : "redis${local.major_redis_version}" - } +} resource "random_id" "salt" { keepers = { @@ -16,33 +16,33 @@ resource "random_id" "salt" { } resource "aws_elasticache_replication_group" "redis" { - replication_group_id = format("%.20s", "${var.name}-${var.env}") - description = "Terraform-managed ElastiCache replication group for ${var.name}-${var.env}-${local.vpc_name}" - num_cache_clusters = var.redis_clusters - node_type = var.redis_node_type - automatic_failover_enabled = var.redis_failover - auto_minor_version_upgrade = var.auto_minor_version_upgrade - preferred_cache_cluster_azs = var.availability_zones - multi_az_enabled = var.multi_az_enabled - engine = "redis" - at_rest_encryption_enabled = var.at_rest_encryption_enabled - kms_key_id = var.kms_key_id - transit_encryption_enabled = var.transit_encryption_enabled - auth_token = var.transit_encryption_enabled ? var.auth_token : null - engine_version = var.redis_version - port = var.redis_port - parameter_group_name = aws_elasticache_parameter_group.redis_parameter_group.id - subnet_group_name = aws_elasticache_subnet_group.redis_subnet_group.id - security_group_names = var.security_group_names - security_group_ids = [aws_security_group.redis_security_group.id] - snapshot_arns = var.snapshot_arns - snapshot_name = var.snapshot_name - apply_immediately = var.apply_immediately - maintenance_window = var.redis_maintenance_window - notification_topic_arn = var.notification_topic_arn - snapshot_window = var.redis_snapshot_window - snapshot_retention_limit = var.redis_snapshot_retention_limit - tags = merge(tomap({"Name" = format("tf-elasticache-%s-%s", var.name, local.vpc_name)}), var.tags) + replication_group_id = format("%.20s", "${var.name}-${var.env}") + description = "Terraform-managed ElastiCache replication group for ${var.name}-${var.env}-${local.vpc_name}" + num_cache_clusters = var.redis_clusters + node_type = var.redis_node_type + automatic_failover_enabled = var.redis_failover + auto_minor_version_upgrade = var.auto_minor_version_upgrade + preferred_cache_cluster_azs = var.availability_zones + multi_az_enabled = var.multi_az_enabled + engine = "redis" + at_rest_encryption_enabled = var.at_rest_encryption_enabled + kms_key_id = var.kms_key_id + transit_encryption_enabled = var.transit_encryption_enabled + auth_token = var.transit_encryption_enabled ? var.auth_token : null + engine_version = var.redis_version + port = var.redis_port + parameter_group_name = aws_elasticache_parameter_group.redis_parameter_group.id + subnet_group_name = aws_elasticache_subnet_group.redis_subnet_group.id + security_group_names = var.security_group_names + security_group_ids = [aws_security_group.redis_security_group.id] + snapshot_arns = var.snapshot_arns + snapshot_name = var.snapshot_name + apply_immediately = var.apply_immediately + maintenance_window = var.redis_maintenance_window + notification_topic_arn = var.notification_topic_arn + snapshot_window = var.redis_snapshot_window + snapshot_retention_limit = var.redis_snapshot_retention_limit + tags = merge(tomap({ "Name" = format("tf-elasticache-%s-%s", var.name, local.vpc_name) }), var.tags) } resource "aws_elasticache_parameter_group" "redis_parameter_group" { diff --git a/outputs.tf b/outputs.tf index 8114b91..ffa3a73 100644 --- a/outputs.tf +++ b/outputs.tf @@ -1,30 +1,30 @@ output "redis_security_group_id" { - value = aws_security_group.redis_security_group.id + value = aws_security_group.redis_security_group.id description = "ID of the managed Security Group generated for Redis" } output "parameter_group" { - value = aws_elasticache_parameter_group.redis_parameter_group.id + value = aws_elasticache_parameter_group.redis_parameter_group.id description = "ID of the Parameter Group to control the runtime properties of Redis nodes and clusters" } output "redis_subnet_group_name" { - value = aws_elasticache_subnet_group.redis_subnet_group.name + value = aws_elasticache_subnet_group.redis_subnet_group.name description = "Name of the Redis subnet" } output "id" { - value = aws_elasticache_replication_group.redis.id + value = aws_elasticache_replication_group.redis.id description = "ID of the Redis replication group" } output "port" { - value = var.redis_port + value = var.redis_port description = "Redis port (default is 6379)" } output "endpoint" { - value = aws_elasticache_replication_group.redis.primary_endpoint_address + value = aws_elasticache_replication_group.redis.primary_endpoint_address description = "Redis endpoint address" } diff --git a/variables.tf b/variables.tf index e76561e..5e53b33 100644 --- a/variables.tf +++ b/variables.tf @@ -49,20 +49,20 @@ variable "redis_clusters" { variable "multi_az_enabled" { description = "Specifies whether to enable Multi-AZ Support for the replication group" - type = bool - default = false + type = bool + default = false } variable "redis_failover" { description = "Specifies whether a read-only replica will be automatically promoted to read/write primary if the existing primary fails" - type = bool - default = false + type = bool + default = false } variable "is_migration_cluster" { description = "Specifies whether this is a cluster for replicating other EC2 redis. Useful for migrations." - type = bool - default = false + type = bool + default = false } variable "redis_node_type" { diff --git a/versions.tf b/versions.tf index 6cefc3f..ea31388 100644 --- a/versions.tf +++ b/versions.tf @@ -2,11 +2,11 @@ terraform { required_version = ">= 0.12" required_providers { aws = { - source = "hashicorp/aws" + source = "hashicorp/aws" version = "~> 4.12" } random = { - source = "hashicorp/random" + source = "hashicorp/random" version = "~> 3.1" } }