diff --git a/aws-redis-replication-group/README.md b/aws-redis-replication-group/README.md
index 1a03a998..7f701d0a 100644
--- a/aws-redis-replication-group/README.md
+++ b/aws-redis-replication-group/README.md
@@ -6,48 +6,53 @@ a replication group with the given parameters.
## Requirements
-No requirements.
+| Name | Version |
+|------|---------|
+| [terraform](#requirement\_terraform) | >= 1.3 |
+| [aws](#requirement\_aws) | ~> 5.0 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | n/a |
+| [aws](#provider\_aws) | ~> 5.0 |
+| [random](#provider\_random) | n/a |
## Modules
| Name | Source | Version |
|------|--------|---------|
-| [sg](#module\_sg) | terraform-aws-modules/security-group/aws | 4.3.0 |
+| [sg](#module\_sg) | terraform-aws-modules/security-group/aws | 5.1.2 |
## Resources
| Name | Type |
|------|------|
+| [aws_elasticache_parameter_group.redis_parameter_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticache_parameter_group) | resource |
| [aws_elasticache_replication_group.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticache_replication_group) | resource |
| [aws_elasticache_subnet_group.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticache_subnet_group) | resource |
+| [random_password.redis_db](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [apply\_immediately](#input\_apply\_immediately) | Whether changes should be applied immediately or during the next maintenance window. | `bool` | `true` | no |
-| [at\_rest\_encryption\_enabled](#input\_at\_rest\_encryption\_enabled) | Whether to enable encryption at rest. Default: false. | `bool` | `false` | no |
-| [availability\_zones](#input\_availability\_zones) | Availability zone in which this instance should run. | `list(string)` | `null` | no |
-| [engine\_version](#input\_engine\_version) | The version of Redis to run. See [supported versions](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/supported-engine-versions.html) | `string` | `"5.0.5"` | no |
-| [env](#input\_env) | Env for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes |
+| [at\_rest\_encryption\_enabled](#input\_at\_rest\_encryption\_enabled) | Whether to enable encryption at rest. Default: true. | `bool` | `true` | no |
+| [description](#input\_description) | A user-created description for the replication group. | `string` | n/a | yes |
+| [engine\_version](#input\_engine\_version) | The version of Redis to run. See [supported versions](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/supported-engine-versions.html) | `string` | `"7.0"` | no |
| [ingress\_security\_group\_ids](#input\_ingress\_security\_group\_ids) | Source security groups which should be able to contact this instance. | `list(string)` | n/a | yes |
| [instance\_type](#input\_instance\_type) | The type of instance to run. See [supported node types](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/CacheNodes.SupportedTypes.html) | `string` | `"cache.m5.large"` | no |
-| [number\_cache\_clusters](#input\_number\_cache\_clusters) | Number of cache clusters. Default 1. | `number` | `1` | no |
-| [owner](#input\_owner) | Owner for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes |
+| [number\_cache\_clusters](#input\_number\_cache\_clusters) | Number of cache clusters. Default 2 because if Multi-AZ is enabled, the number of nodes needs to be exactly 2 to avoid sharding across different nodes. | `number` | `2` | no |
+| [parameter\_group\_family](#input\_parameter\_group\_family) | The cluster's parameter group family. Redis options [here](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/ParameterGroups.Redis.html) | `string` | `"redis7"` | no |
| [parameter\_group\_name](#input\_parameter\_group\_name) | Parameter group to use for this Redis cache. | `string` | `"default.redis5.0"` | no |
+| [parameters](#input\_parameters) | Redis database parameters in name-value pairs. Use the parameter group family to find parameters [here](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/ParameterGroups.Redis.html) | `list(map(any))` | `[]` | no |
| [port](#input\_port) | Port to host Redis on. | `number` | `6379` | no |
-| [project](#input\_project) | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes |
-| [replication\_group\_description](#input\_replication\_group\_description) | A user-created description for the replication group. | `string` | n/a | yes |
+| [preferred\_cache\_cluster\_azs](#input\_preferred\_cache\_cluster\_azs) | Availability zone in which this instance should run. | `list(string)` | `null` | no |
| [resource\_name](#input\_resource\_name) | If not set, name will be [var.project]-[var.env]-[var.name]. | `string` | `""` | no |
-| [service](#input\_service) | Service for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | `"redis"` | no |
| [subnets](#input\_subnets) | List of subnets to which this EC instance should be attached. They should probably be private. | `list(string)` | n/a | yes |
-| [transit\_encryption\_enabled](#input\_transit\_encryption\_enabled) | Whether to enable encryption in transit. Default: false. | `bool` | `false` | no |
+| [tags](#input\_tags) | Tags to apply | `object({ project : string, env : string, service : string, owner : string, managedBy : string })` | n/a | yes |
+| [transit\_encryption\_enabled](#input\_transit\_encryption\_enabled) | Whether to enable encryption in transit. Default: true. | `bool` | `true` | no |
| [vpc\_id](#input\_vpc\_id) | VPC where the cache will be deployed. | `string` | n/a | yes |
## Outputs
diff --git a/aws-redis-replication-group/main.tf b/aws-redis-replication-group/main.tf
index c533f4bf..232a93ab 100755
--- a/aws-redis-replication-group/main.tf
+++ b/aws-redis-replication-group/main.tf
@@ -1,23 +1,14 @@
locals {
- name = "${var.project}-${var.env}-${var.service}"
-
- tags = {
- managedBy = "terraform"
- Name = "${var.project}-${var.env}-${var.service}"
- project = var.project
- env = var.env
- service = var.service
- owner = var.owner
- }
+ name = "${var.tags.project}-${var.tags.env}-${var.tags.service}"
}
module "sg" {
source = "terraform-aws-modules/security-group/aws"
- version = "4.3.0"
- name = local.name
+ version = "5.1.2"
+ name = var.resource_name != "" ? var.resource_name : local.name
description = "Allow traffic to Redis."
vpc_id = var.vpc_id
- tags = local.tags
+ tags = var.tags
ingress_with_source_security_group_id = [
for sg in var.ingress_security_group_ids : {
@@ -37,20 +28,40 @@ resource "aws_elasticache_subnet_group" "default" {
subnet_ids = var.subnets
}
+resource "aws_elasticache_parameter_group" "redis_parameter_group" {
+ name = var.resource_name != "" ? var.resource_name : local.name
+ family = var.parameter_group_family
+
+ dynamic "parameter" {
+ for_each = var.parameters
+
+ content {
+ name = parameter.value.name
+ value = parameter.value.value
+ }
+ }
+}
+
+resource "random_password" "redis_db" {
+ length = 32
+ special = false
+}
+
resource "aws_elasticache_replication_group" "default" {
- replication_group_id = var.resource_name != "" ? var.resource_name : local.name
- replication_group_description = var.replication_group_description
- engine = "redis"
- engine_version = var.engine_version
- node_type = var.instance_type
- port = var.port
- number_cache_clusters = var.number_cache_clusters
- parameter_group_name = var.parameter_group_name
- subnet_group_name = aws_elasticache_subnet_group.default.name
- security_group_ids = [module.sg.security_group_id]
- apply_immediately = var.apply_immediately
- at_rest_encryption_enabled = var.at_rest_encryption_enabled
- transit_encryption_enabled = var.transit_encryption_enabled
- availability_zones = var.availability_zones
- tags = local.tags
+ replication_group_id = var.resource_name != "" ? var.resource_name : local.name
+ description = var.description
+ engine = "redis"
+ engine_version = var.engine_version
+ node_type = var.instance_type
+ port = var.port
+ num_cache_clusters = var.number_cache_clusters
+ parameter_group_name = aws_elasticache_parameter_group.redis_parameter_group.name
+ subnet_group_name = aws_elasticache_subnet_group.default.name
+ security_group_ids = [module.sg.security_group_id]
+ apply_immediately = var.apply_immediately
+ at_rest_encryption_enabled = var.at_rest_encryption_enabled
+ transit_encryption_enabled = var.transit_encryption_enabled
+ preferred_cache_cluster_azs = var.preferred_cache_cluster_azs
+ auth_token = random_password.redis_db.result
+ tags = var.tags
}
diff --git a/aws-redis-replication-group/module_test.go b/aws-redis-replication-group/module_test.go
index b75f6583..cf9f9677 100644
--- a/aws-redis-replication-group/module_test.go
+++ b/aws-redis-replication-group/module_test.go
@@ -33,19 +33,22 @@ func TestAWSRedisReplicationGroup(t *testing.T) {
return tftest.Options(tftest.DefaultRegion,
map[string]interface{}{
- "project": project,
- "env": env,
- "service": service,
- "owner": owner,
-
- "availability_zones": []string{az},
- "subnets": privateSubnets,
- "ingress_security_group_ids": []string{sg},
- "vpc_id": vpc,
-
- "replication_group_description": replication_group_description,
- "transit_encryption_enabled": transit_encryption_enabled,
- "at_rest_encryption_enabled": at_rest_encryption_enabled,
+ "tags": map[string]string{
+ "project": project,
+ "env": env,
+ "service": service,
+ "owner": owner,
+ "managedBy": "terraform",
+ },
+
+ "preferred_cache_cluster_azs": []string{az},
+ "subnets": privateSubnets,
+ "ingress_security_group_ids": []string{sg},
+ "vpc_id": vpc,
+
+ "description": replication_group_description,
+ "transit_encryption_enabled": transit_encryption_enabled,
+ "at_rest_encryption_enabled": at_rest_encryption_enabled,
},
)
},
diff --git a/aws-redis-replication-group/variables.tf b/aws-redis-replication-group/variables.tf
index 67869a88..ec435ad4 100755
--- a/aws-redis-replication-group/variables.tf
+++ b/aws-redis-replication-group/variables.tf
@@ -1,22 +1,7 @@
-variable "project" {
- type = string
- description = "Project for tagging and naming. See [doc](../README.md#consistent-tagging)"
-}
-
-variable "env" {
- type = string
- description = "Env for tagging and naming. See [doc](../README.md#consistent-tagging)."
-}
-
-variable "service" {
- type = string
- description = "Service for tagging and naming. See [doc](../README.md#consistent-tagging)"
- default = "redis"
-}
-variable "owner" {
- type = string
- description = "Owner for tagging and naming. See [doc](../README.md#consistent-tagging)."
+variable "tags" {
+ type = object({ project : string, env : string, service : string, owner : string, managedBy : string })
+ description = "Tags to apply"
}
variable "subnets" {
@@ -24,7 +9,7 @@ variable "subnets" {
description = "List of subnets to which this EC instance should be attached. They should probably be private."
}
-variable "availability_zones" {
+variable "preferred_cache_cluster_azs" {
type = list(string)
description = "Availability zone in which this instance should run."
default = null
@@ -56,7 +41,7 @@ variable "parameter_group_name" {
variable "engine_version" {
type = string
description = "The version of Redis to run. See [supported versions](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/supported-engine-versions.html)"
- default = "5.0.5"
+ default = "7.0"
}
variable "apply_immediately" {
@@ -80,23 +65,35 @@ variable "vpc_id" {
variable "number_cache_clusters" {
type = number
- description = "Number of cache clusters. Default 1."
- default = 1
+ description = "Number of cache clusters. Default 2 because if Multi-AZ is enabled, the number of nodes needs to be exactly 2 to avoid sharding across different nodes."
+ default = 2
}
variable "at_rest_encryption_enabled" {
type = bool
- description = "Whether to enable encryption at rest. Default: false."
- default = false
+ description = "Whether to enable encryption at rest. Default: true."
+ default = true
}
variable "transit_encryption_enabled" {
type = bool
- description = "Whether to enable encryption in transit. Default: false."
- default = false
+ description = "Whether to enable encryption in transit. Default: true."
+ default = true
}
-variable "replication_group_description" {
+variable "description" {
type = string
description = "A user-created description for the replication group."
}
+
+variable "parameter_group_family" {
+ type = string
+ description = "The cluster's parameter group family. Redis options [here](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/ParameterGroups.Redis.html)"
+ default = "redis7"
+}
+
+variable "parameters" {
+ type = list(map(any))
+ default = []
+ description = "Redis database parameters in name-value pairs. Use the parameter group family to find parameters [here](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/ParameterGroups.Redis.html)"
+}
diff --git a/aws-redis-replication-group/versions.tf b/aws-redis-replication-group/versions.tf
new file mode 100644
index 00000000..01fbc45b
--- /dev/null
+++ b/aws-redis-replication-group/versions.tf
@@ -0,0 +1,9 @@
+terraform {
+ required_version = ">= 1.3"
+ required_providers {
+ aws = {
+ source = "hashicorp/aws"
+ version = "~> 5.0"
+ }
+ }
+}
\ No newline at end of file