From 4b1e70f3f1262b0ee96d2207bc5c34e4557a41ce Mon Sep 17 00:00:00 2001
From: Hazmei Abdul Rahman <hazmei@sph.com.sg>
Date: Mon, 18 Dec 2023 15:58:26 +0800
Subject: [PATCH 01/19] Rough update for elasticache serverless
---
main.tf | 34 +++++++++++++++++++++++++++++++++-
outputs.tf | 2 +-
variables.tf | 6 ++++++
3 files changed, 40 insertions(+), 2 deletions(-)
diff --git a/main.tf b/main.tf
index ee0470f..c6e8a14 100644
--- a/main.tf
+++ b/main.tf
@@ -38,7 +38,7 @@ resource "aws_elasticache_subnet_group" "this" {
}
resource "aws_elasticache_replication_group" "this" {
- count = var.enabled ? 1 : 0
+ count = var.enabled && !var.use_serverless ? 1 : 0
replication_group_id = var.replication_group_id == "" ? local.cluster_id : var.replication_group_id
description = "Redis Cluster Rep"
@@ -73,3 +73,35 @@ resource "aws_elasticache_replication_group" "this" {
tags = var.tags
}
+
+resource "aws_elasticache_serverless" "this" {
+ count = var.enabled && var.use_serverless ? 1 : 0
+
+ serverless_cache_name = var.name
+ description = "NULL"
+
+ engine = "redis"
+ major_engine_version = var.engine_version
+
+ cache_usage_limits {
+ data_storage {
+ maximum = 10
+ unit = "GB"
+ }
+ ecpu_per_second {
+ maximum = 5
+ }
+ }
+
+ daily_snapshot_time = "09:00"
+ kms_key_id = var.kms_key_id
+
+ security_group_ids = var.security_groups
+ subnet_ids = var.subnets
+
+ snapshot_arns = []
+ snapshot_retention_limit = 14
+ user_group_id = "NULL"
+
+ tags = var.tags
+}
diff --git a/outputs.tf b/outputs.tf
index 616ea99..8fc463e 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -1,6 +1,6 @@
output "endpoint" {
description = "Redis primary or configuration endpoint, whichever is appropriate for the given cluster mode"
- value = try(aws_elasticache_replication_group.this[0].primary_endpoint_address, null)
+ value = var.use_serverless ? try(aws_elasticache_serverless.this[0].address, null) : try(aws_elasticache_replication_group.this[0].primary_endpoint_address, null)
}
output "reader_endpoint_address" {
diff --git a/variables.tf b/variables.tf
index 5ed27f9..7a89196 100644
--- a/variables.tf
+++ b/variables.tf
@@ -189,3 +189,9 @@ variable "replicas_per_node_group" {
type = number
default = 1
}
+
+variable "use_serverless" {
+ description = "Use serverless ElastiCache service"
+ type = bool
+ default = false
+}
From b39ac1095b5110c73b80408b8d3f2fa1f1dcbb5f Mon Sep 17 00:00:00 2001
From: Hazmei Abdul Rahman <hazmei@sph.com.sg>
Date: Tue, 19 Dec 2023 09:06:41 +0800
Subject: [PATCH 02/19] Use awscc elasticache serverless resource
---
main.tf | 39 +++++++++++++++++++++------------------
outputs.tf | 2 +-
variables.tf | 41 +++++++++++++++++++++++++++++++++++++++++
versions.tf | 4 ++++
4 files changed, 67 insertions(+), 19 deletions(-)
diff --git a/main.tf b/main.tf
index c6e8a14..f6c5540 100644
--- a/main.tf
+++ b/main.tf
@@ -74,34 +74,37 @@ resource "aws_elasticache_replication_group" "this" {
tags = var.tags
}
-resource "aws_elasticache_serverless" "this" {
+resource "awscc_elasticache_serverless_cache" "this" {
count = var.enabled && var.use_serverless ? 1 : 0
serverless_cache_name = var.name
- description = "NULL"
+ description = "${var.name} ElastiCache Redis Serverless"
+ engine = "redis"
+ major_engine_version = var.engine_version
- engine = "redis"
- major_engine_version = var.engine_version
-
- cache_usage_limits {
- data_storage {
- maximum = 10
+ cache_usage_limits = {
+ data_storage = {
+ maximum = var.max_data_storage
unit = "GB"
}
- ecpu_per_second {
- maximum = 5
+ ecpu_per_second = {
+ maximum = var.max_ecpu_per_second
}
}
- daily_snapshot_time = "09:00"
+ final_snapshot_name = "${var.name}-elasticache-serverless-final-snapshot"
kms_key_id = var.kms_key_id
+ security_group_ids = var.security_groups
+ subnet_ids = var.subnets
- security_group_ids = var.security_groups
- subnet_ids = var.subnets
-
- snapshot_arns = []
- snapshot_retention_limit = 14
- user_group_id = "NULL"
+ daily_snapshot_time = var.daily_snapshot_time
+ snapshot_arns_to_restore = var.snapshot_arns_to_restore
+ snapshot_retention_limit = var.snapshot_retention_limit
- tags = var.tags
+ tags = toset([
+ for key, value in var.tags : {
+ key = key
+ value = value
+ }
+ ])
}
diff --git a/outputs.tf b/outputs.tf
index 8fc463e..e7a85c1 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -1,6 +1,6 @@
output "endpoint" {
description = "Redis primary or configuration endpoint, whichever is appropriate for the given cluster mode"
- value = var.use_serverless ? try(aws_elasticache_serverless.this[0].address, null) : try(aws_elasticache_replication_group.this[0].primary_endpoint_address, null)
+ value = var.use_serverless ? try(awscc_elasticache_serverless_cache.this[0].endpoint.address, null) : try(aws_elasticache_replication_group.this[0].primary_endpoint_address, null)
}
output "reader_endpoint_address" {
diff --git a/variables.tf b/variables.tf
index 7a89196..1469993 100644
--- a/variables.tf
+++ b/variables.tf
@@ -190,8 +190,49 @@ variable "replicas_per_node_group" {
default = 1
}
+# ElastiCache Serverless
variable "use_serverless" {
description = "Use serverless ElastiCache service"
type = bool
default = false
}
+
+variable "max_data_storage" {
+ type = number
+ description = "The maximun cached data capacity of the Serverless Cache"
+ default = 10
+
+ validation {
+ condition = var.max_data_storage >= 1 && var.max_data_storage <= 5000
+ error_message = "The max_data_storage in GB value must be between 1 and 5,000."
+ }
+}
+
+variable "max_ecpu_per_second" {
+ type = number
+ description = "The maximum ECPU per second of the Serverless Cache"
+ default = 1000
+
+ validation {
+ condition = var.max_ecpu_per_second >= 1000 && var.max_ecpu_per_second <= 15000000
+ error_message = "The max_ecpu_per_second value must be between 1,000 and 15,000,000."
+ }
+}
+
+variable "daily_snapshot_time" {
+ type = string
+ description = "The daily time range (in UTC) during which the service takes automatic snapshot of the Serverless Cache"
+ default = "09:00"
+}
+
+variable "snapshot_arns_to_restore" {
+ type = list(string)
+ description = "The ARN's of snapshot to restore Serverless Cache"
+ default = []
+}
+
+variable "user_group_id" {
+ type = string
+ description = "The ID of the user group"
+ default = ""
+}
diff --git a/versions.tf b/versions.tf
index b491252..a51902c 100644
--- a/versions.tf
+++ b/versions.tf
@@ -5,5 +5,9 @@ terraform {
source = "hashicorp/aws"
version = ">= 4.0"
}
+ awscc = {
+ source = "hashicorp/awscc"
+ version = ">= 0.67.0"
+ }
}
}
From 97756849cfc1089d54fea533a6ce32b2c58e7408 Mon Sep 17 00:00:00 2001
From: Hazmei Abdul Rahman <hazmei@sph.com.sg>
Date: Tue, 19 Dec 2023 10:07:55 +0800
Subject: [PATCH 03/19] Suppress alarms for serverless test
---
alarms.tf | 4 ++--
variables.tf | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/alarms.tf b/alarms.tf
index 208a589..355dbff 100644
--- a/alarms.tf
+++ b/alarms.tf
@@ -1,5 +1,5 @@
resource "aws_cloudwatch_metric_alarm" "cache_cpu" {
- count = var.enabled ? local.num_nodes : 0
+ count = var.enabled && !var.use_serverless ? local.num_nodes : 0
alarm_name = "${tolist(aws_elasticache_replication_group.this[0].member_clusters)[count.index]}-cpu-utilization"
alarm_description = "Redis cluster CPU utilization"
@@ -30,7 +30,7 @@ resource "aws_cloudwatch_metric_alarm" "cache_cpu" {
}
resource "aws_cloudwatch_metric_alarm" "cache_memory" {
- count = var.enabled ? local.num_nodes : 0
+ count = var.enabled && !var.use_serverless ? local.num_nodes : 0
alarm_name = "${tolist(aws_elasticache_replication_group.this[0].member_clusters)[count.index]}-freeable-memory"
alarm_description = "Redis cluster freeable memory"
diff --git a/variables.tf b/variables.tf
index 1469993..a749621 100644
--- a/variables.tf
+++ b/variables.tf
@@ -155,7 +155,7 @@ variable "preferred_cache_cluster_azs" {
}
variable "parameter_group_name" {
- description = "Excisting Parameter Group name"
+ description = "Existing Parameter Group name"
type = string
default = ""
}
From a6a60464c90f17f864302eccc4c4139eee80cdda Mon Sep 17 00:00:00 2001
From: Hazmei Abdul Rahman <hazmei@sph.com.sg>
Date: Tue, 19 Dec 2023 11:59:35 +0800
Subject: [PATCH 04/19] Add metric alarm for elasticache serverless ecpu and
throttled cmds
---
alarms.tf | 60 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
main.tf | 2 +-
2 files changed, 61 insertions(+), 1 deletion(-)
diff --git a/alarms.tf b/alarms.tf
index 355dbff..f22b6ed 100644
--- a/alarms.tf
+++ b/alarms.tf
@@ -59,3 +59,63 @@ resource "aws_cloudwatch_metric_alarm" "cache_memory" {
aws_elasticache_replication_group.this
]
}
+
+# ElastiCache Serverless
+resource "aws_cloudwatch_metric_alarm" "cache_ecpu" {
+ count = var.enabled && var.use_serverless ? 1 : 0
+
+ alarm_name = "${awscc_elasticache_serverless_cache.this[0].serverless_cache_name}-cpu-utilization"
+ alarm_description = "Redis serverless ECPU utilization"
+
+ comparison_operator = "GreaterThanThreshold"
+ evaluation_periods = 1
+
+ metric_name = "ElastiCacheProcessingUnits"
+ namespace = "AWS/ElastiCache"
+
+ period = 300
+ statistic = "Average"
+
+ tags = var.tags
+
+ threshold = ceil(var.max_ecpu_per_second * var.alarm_cpu_threshold_percent / 100)
+
+ dimensions = {
+ CacheClusterId = awscc_elasticache_serverless_cache.this[0].serverless_cache_name
+ }
+
+ alarm_actions = var.alarm_actions
+ ok_actions = var.ok_actions
+
+ depends_on = [
+ awscc_elasticache_serverless_cache.this
+ ]
+}
+
+resource "aws_cloudwatch_metric_alarm" "cache_throttled_commands" {
+ count = var.enabled && var.use_serverless ? 1 : 0
+
+ alarm_name = "${awscc_elasticache_serverless_cache.this[0].serverless_cache_name}-throttled-commands"
+ alarm_description = "Redis serverless throttled commands"
+
+ comparison_operator = "GreaterThanThreshold"
+ evaluation_periods = 1
+
+ metric_name = "ThrottledCmds"
+ namespace = "AWS/ElastiCache"
+
+ period = 60
+ statistic = "Average"
+
+ threshold = 0
+
+ tags = var.tags
+ dimensions = {}
+
+ alarm_actions = var.alarm_actions
+ ok_actions = var.ok_actions
+
+ depends_on = [
+ awscc_elasticache_serverless_cache.this
+ ]
+}
diff --git a/main.tf b/main.tf
index f6c5540..1a7ee6e 100644
--- a/main.tf
+++ b/main.tf
@@ -15,7 +15,7 @@ locals {
}
resource "aws_elasticache_parameter_group" "this" {
- count = var.enabled && var.parameter_group_name == "" || var.parameter_group_name == null ? 1 : 0
+ count = var.enabled && var.parameter_group_name == "" && !var.use_serverless || var.parameter_group_name == null ? 1 : 0
name = var.name
family = var.elasticache_parameter_group_family
From dccfa8a5e92d15c11ce29f587b14e587fc201c1c Mon Sep 17 00:00:00 2001
From: Hazmei Abdul Rahman <hazmei@sph.com.sg>
Date: Thu, 21 Dec 2023 16:32:52 +0800
Subject: [PATCH 05/19] Add user_group_id attribute
---
main.tf | 2 ++
1 file changed, 2 insertions(+)
diff --git a/main.tf b/main.tf
index 1a7ee6e..4f7484b 100644
--- a/main.tf
+++ b/main.tf
@@ -92,6 +92,8 @@ resource "awscc_elasticache_serverless_cache" "this" {
}
}
+ user_group_id = var.user_group_id
+
final_snapshot_name = "${var.name}-elasticache-serverless-final-snapshot"
kms_key_id = var.kms_key_id
security_group_ids = var.security_groups
From 43072ea9657961611d7cb7e1c0d136dd952e2127 Mon Sep 17 00:00:00 2001
From: Hazmei Abdul Rahman <hazmei@sph.com.sg>
Date: Thu, 21 Dec 2023 18:19:20 +0800
Subject: [PATCH 06/19] Ensure serverless arn is correct
---
outputs.tf | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/outputs.tf b/outputs.tf
index e7a85c1..c89621b 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -15,7 +15,7 @@ output "member_clusters" {
output "arn" {
description = "Elasticache Replication Group ARN"
- value = try(aws_elasticache_replication_group.this[0].arn, null)
+ value = var.use_serverless ? try(awscc_elasticache_serverless_cache.this[0].arn, null) : try(aws_elasticache_replication_group.this[0].arn, null)
}
output "cluster_enabled" {
From bf5faf11110eeec22755f4a087e2e9432914f9b8 Mon Sep 17 00:00:00 2001
From: Hazmei Abdul Rahman <hazmei@sph.com.sg>
Date: Fri, 22 Dec 2023 11:21:54 +0800
Subject: [PATCH 07/19] Update alarms for elasticache serverless
---
alarms.tf | 41 +++++++++++++++++++++++++++++++++++++----
main.tf | 2 +-
variables.tf | 8 ++++----
3 files changed, 42 insertions(+), 9 deletions(-)
diff --git a/alarms.tf b/alarms.tf
index f22b6ed..1ee2ea6 100644
--- a/alarms.tf
+++ b/alarms.tf
@@ -61,10 +61,10 @@ resource "aws_cloudwatch_metric_alarm" "cache_memory" {
}
# ElastiCache Serverless
-resource "aws_cloudwatch_metric_alarm" "cache_ecpu" {
+resource "aws_cloudwatch_metric_alarm" "cache_serverless_ecpu" {
count = var.enabled && var.use_serverless ? 1 : 0
- alarm_name = "${awscc_elasticache_serverless_cache.this[0].serverless_cache_name}-cpu-utilization"
+ alarm_name = "${awscc_elasticache_serverless_cache.this[0].serverless_cache_name}-ecpu-utilization"
alarm_description = "Redis serverless ECPU utilization"
comparison_operator = "GreaterThanThreshold"
@@ -92,7 +92,38 @@ resource "aws_cloudwatch_metric_alarm" "cache_ecpu" {
]
}
-resource "aws_cloudwatch_metric_alarm" "cache_throttled_commands" {
+resource "aws_cloudwatch_metric_alarm" "cache_serverless_memory" {
+ count = var.enabled && var.use_serverless ? 1 : 0
+
+ alarm_name = "${awscc_elasticache_serverless_cache.this[0].serverless_cache_name}-max-memory"
+ alarm_description = "Redis serverless max memory"
+
+ comparison_operator = "GreaterThanThreshold"
+ evaluation_periods = 1
+
+ metric_name = "BytesUsedForCache"
+ namespace = "AWS/ElastiCache"
+
+ period = 60
+ statistic = "Average"
+
+ threshold = (var.max_data_storage * 1024 * 1024 * 1024) - var.alarm_memory_threshold_bytes
+
+ tags = var.tags
+
+ dimensions = {
+ CacheClusterId = awscc_elasticache_serverless_cache.this[0].serverless_cache_name
+ }
+
+ alarm_actions = var.alarm_actions
+ ok_actions = var.ok_actions
+
+ depends_on = [
+ aws_elasticache_replication_group.this
+ ]
+}
+
+resource "aws_cloudwatch_metric_alarm" "cache_serverless_throttled_commands" {
count = var.enabled && var.use_serverless ? 1 : 0
alarm_name = "${awscc_elasticache_serverless_cache.this[0].serverless_cache_name}-throttled-commands"
@@ -110,7 +141,9 @@ resource "aws_cloudwatch_metric_alarm" "cache_throttled_commands" {
threshold = 0
tags = var.tags
- dimensions = {}
+ dimensions = {
+ CacheClusterId = awscc_elasticache_serverless_cache.this[0].serverless_cache_name
+ }
alarm_actions = var.alarm_actions
ok_actions = var.ok_actions
diff --git a/main.tf b/main.tf
index 4f7484b..c40f7db 100644
--- a/main.tf
+++ b/main.tf
@@ -92,7 +92,7 @@ resource "awscc_elasticache_serverless_cache" "this" {
}
}
- user_group_id = var.user_group_id
+ user_group_id = var.serverless_user_group_id
final_snapshot_name = "${var.name}-elasticache-serverless-final-snapshot"
kms_key_id = var.kms_key_id
diff --git a/variables.tf b/variables.tf
index a749621..b512182 100644
--- a/variables.tf
+++ b/variables.tf
@@ -199,7 +199,7 @@ variable "use_serverless" {
variable "max_data_storage" {
type = number
- description = "The maximun cached data capacity of the Serverless Cache"
+ description = "The maximun cached data capacity of the Serverless Cache in GB"
default = 10
validation {
@@ -222,7 +222,7 @@ variable "max_ecpu_per_second" {
variable "daily_snapshot_time" {
type = string
description = "The daily time range (in UTC) during which the service takes automatic snapshot of the Serverless Cache"
- default = "09:00"
+ default = "18:00"
}
variable "snapshot_arns_to_restore" {
@@ -231,8 +231,8 @@ variable "snapshot_arns_to_restore" {
default = []
}
-variable "user_group_id" {
+variable "serverless_user_group_id" {
type = string
- description = "The ID of the user group"
+ description = "The ID of the user group for Serverless Cache"
default = ""
}
From aaa45420b68f02093fa32d4b23fab10b269d1cd6 Mon Sep 17 00:00:00 2001
From: Hazmei Abdul Rahman <hazmei@sph.com.sg>
Date: Fri, 22 Dec 2023 14:01:38 +0800
Subject: [PATCH 08/19] Update threshold for serverless memory alarm
---
alarms.tf | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/alarms.tf b/alarms.tf
index 1ee2ea6..613fa3a 100644
--- a/alarms.tf
+++ b/alarms.tf
@@ -107,7 +107,7 @@ resource "aws_cloudwatch_metric_alarm" "cache_serverless_memory" {
period = 60
statistic = "Average"
- threshold = (var.max_data_storage * 1024 * 1024 * 1024) - var.alarm_memory_threshold_bytes
+ threshold = (var.max_data_storage * 1000 * 1000 * 1000) - var.alarm_memory_threshold_bytes
tags = var.tags
From e46453f1bea1d967ecaf24ceb63116bdcdb04a56 Mon Sep 17 00:00:00 2001
From: Hazmei Abdul Rahman <hazmei@sph.com.sg>
Date: Fri, 22 Dec 2023 15:19:28 +0800
Subject: [PATCH 09/19] Update alarm for serverless data
---
alarms.tf | 10 +++++-----
variables.tf | 12 ++++++++++++
2 files changed, 17 insertions(+), 5 deletions(-)
diff --git a/alarms.tf b/alarms.tf
index 613fa3a..83abe01 100644
--- a/alarms.tf
+++ b/alarms.tf
@@ -78,7 +78,7 @@ resource "aws_cloudwatch_metric_alarm" "cache_serverless_ecpu" {
tags = var.tags
- threshold = ceil(var.max_ecpu_per_second * var.alarm_cpu_threshold_percent / 100)
+ threshold = ceil(var.max_ecpu_per_second * var.alarm_ecpu_threshold_percent / 100)
dimensions = {
CacheClusterId = awscc_elasticache_serverless_cache.this[0].serverless_cache_name
@@ -92,11 +92,11 @@ resource "aws_cloudwatch_metric_alarm" "cache_serverless_ecpu" {
]
}
-resource "aws_cloudwatch_metric_alarm" "cache_serverless_memory" {
+resource "aws_cloudwatch_metric_alarm" "cache_serverless_data" {
count = var.enabled && var.use_serverless ? 1 : 0
- alarm_name = "${awscc_elasticache_serverless_cache.this[0].serverless_cache_name}-max-memory"
- alarm_description = "Redis serverless max memory"
+ alarm_name = "${awscc_elasticache_serverless_cache.this[0].serverless_cache_name}-data-storage"
+ alarm_description = "Redis serverless data storage"
comparison_operator = "GreaterThanThreshold"
evaluation_periods = 1
@@ -107,7 +107,7 @@ resource "aws_cloudwatch_metric_alarm" "cache_serverless_memory" {
period = 60
statistic = "Average"
- threshold = (var.max_data_storage * 1000 * 1000 * 1000) - var.alarm_memory_threshold_bytes
+ threshold = ceil(var.max_data_storage * var.alarm_data_threshold_percent / 100)
tags = var.tags
diff --git a/variables.tf b/variables.tf
index b512182..cad97a0 100644
--- a/variables.tf
+++ b/variables.tf
@@ -64,12 +64,24 @@ variable "alarm_cpu_threshold_percent" {
default = 75
}
+variable "alarm_ecpu_threshold_percent" {
+ description = "ECPU threshold alarm level for elasticache serverless"
+ type = number
+ default = 75
+}
+
variable "alarm_memory_threshold_bytes" {
description = "Alarm memory threshold bytes"
type = number
default = 10000000 # 10MB
}
+variable "alarm_data_threshold_percent" {
+ description = "Data threshold alarm level for elasticache serverless"
+ type = number
+ default = 75
+}
+
variable "notification_topic_arn" {
description = "ARN of an SNS topic to send ElastiCache notifications"
type = string
From e1751387960dde4a0b5a5cd4367fb25de451ee36 Mon Sep 17 00:00:00 2001
From: Hazmei Abdul Rahman <hazmei@sph.com.sg>
Date: Fri, 22 Dec 2023 15:30:20 +0800
Subject: [PATCH 10/19] Update serverless data alarm
---
alarms.tf | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/alarms.tf b/alarms.tf
index 83abe01..2aeca01 100644
--- a/alarms.tf
+++ b/alarms.tf
@@ -140,7 +140,7 @@ resource "aws_cloudwatch_metric_alarm" "cache_serverless_throttled_commands" {
threshold = 0
- tags = var.tags
+ tags = var.tags
dimensions = {
CacheClusterId = awscc_elasticache_serverless_cache.this[0].serverless_cache_name
}
From 3d1daa90130453a1ab98fe0f3468cc1218787ba3 Mon Sep 17 00:00:00 2001
From: Hazmei Abdul Rahman <hazmei@sph.com.sg>
Date: Fri, 22 Dec 2023 15:33:24 +0800
Subject: [PATCH 11/19] Update README
---
README.md | 18 ++++++++++++++++--
1 file changed, 16 insertions(+), 2 deletions(-)
diff --git a/README.md b/README.md
index 7d8da2e..29d4395 100644
--- a/README.md
+++ b/README.md
@@ -5,12 +5,14 @@
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.0 |
+| <a name="requirement_awscc"></a> [awscc](#requirement\_awscc) | >= 0.67.0 |
## Providers
| Name | Version |
|------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.5.0 |
+| <a name="provider_awscc"></a> [awscc](#provider\_awscc) | 0.67.0 |
## Modules
@@ -22,9 +24,13 @@ No modules.
|------|------|
| [aws_cloudwatch_metric_alarm.cache_cpu](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_metric_alarm) | resource |
| [aws_cloudwatch_metric_alarm.cache_memory](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_metric_alarm) | resource |
+| [aws_cloudwatch_metric_alarm.cache_serverless_data](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_metric_alarm) | resource |
+| [aws_cloudwatch_metric_alarm.cache_serverless_ecpu](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_metric_alarm) | resource |
+| [aws_cloudwatch_metric_alarm.cache_serverless_throttled_commands](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_metric_alarm) | resource |
| [aws_elasticache_parameter_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticache_parameter_group) | resource |
| [aws_elasticache_replication_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticache_replication_group) | resource |
| [aws_elasticache_subnet_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticache_subnet_group) | resource |
+| [awscc_elasticache_serverless_cache.this](https://registry.terraform.io/providers/hashicorp/awscc/latest/docs/resources/elasticache_serverless_cache) | resource |
## Inputs
@@ -32,6 +38,8 @@ No modules.
|------|-------------|------|---------|:--------:|
| <a name="input_alarm_actions"></a> [alarm\_actions](#input\_alarm\_actions) | The list of actions to execute when this alarm transitions into an ALARM state from any other state. | `list(string)` | `[]` | no |
| <a name="input_alarm_cpu_threshold_percent"></a> [alarm\_cpu\_threshold\_percent](#input\_alarm\_cpu\_threshold\_percent) | CPU threshold alarm level | `number` | `75` | no |
+| <a name="input_alarm_data_threshold_percent"></a> [alarm\_data\_threshold\_percent](#input\_alarm\_data\_threshold\_percent) | Data threshold alarm level for elasticache serverless | `number` | `75` | no |
+| <a name="input_alarm_ecpu_threshold_percent"></a> [alarm\_ecpu\_threshold\_percent](#input\_alarm\_ecpu\_threshold\_percent) | ECPU threshold alarm level for elasticache serverless | `number` | `75` | no |
| <a name="input_alarm_memory_threshold_bytes"></a> [alarm\_memory\_threshold\_bytes](#input\_alarm\_memory\_threshold\_bytes) | Alarm memory threshold bytes | `number` | `10000000` | no |
| <a name="input_apply_immediately"></a> [apply\_immediately](#input\_apply\_immediately) | Specifies whether any database modifications are applied immediately, or during the next maintenance window | `bool` | `true` | no |
| <a name="input_auth_token"></a> [auth\_token](#input\_auth\_token) | Password used to access a password protected server. Can be specified only if `transit_encryption_enabled = true` | `string` | `null` | no |
@@ -39,17 +47,20 @@ No modules.
| <a name="input_cluster_mode_enabled"></a> [cluster\_mode\_enabled](#input\_cluster\_mode\_enabled) | Set to false to diable cluster module | `bool` | `false` | no |
| <a name="input_cluster_size"></a> [cluster\_size](#input\_cluster\_size) | Cluster size | `number` | `1` | no |
| <a name="input_create_elasticache_subnet_group"></a> [create\_elasticache\_subnet\_group](#input\_create\_elasticache\_subnet\_group) | Create Elasticache Subnet Group | `bool` | `true` | no |
+| <a name="input_daily_snapshot_time"></a> [daily\_snapshot\_time](#input\_daily\_snapshot\_time) | The daily time range (in UTC) during which the service takes automatic snapshot of the Serverless Cache | `string` | `"18:00"` | no |
| <a name="input_elasticache_parameter_group_family"></a> [elasticache\_parameter\_group\_family](#input\_elasticache\_parameter\_group\_family) | ElastiCache parameter group family | `string` | `"redis7"` | no |
| <a name="input_enabled"></a> [enabled](#input\_enabled) | Set to false to prevent the module from creating any resources | `bool` | `true` | no |
-| <a name="input_engine_version"></a> [engine\_version](#input\_engine\_version) | Redis engine version. https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/supported-engine-versions.html | `string` | `"redis7.0"` | no |
+| <a name="input_engine_version"></a> [engine\_version](#input\_engine\_version) | Redis engine version. https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/supported-engine-versions.html | `string` | `"7.0"` | no |
| <a name="input_instance_type"></a> [instance\_type](#input\_instance\_type) | Elastic cache instance type | `string` | `"cache.t2.micro"` | no |
| <a name="input_kms_key_id"></a> [kms\_key\_id](#input\_kms\_key\_id) | The ARN of the key that you wish to use if encrypting at rest. If not supplied, uses service managed encryption. Can be specified only if `at_rest_encryption_enabled = true` | `string` | `null` | no |
| <a name="input_maintenance_window"></a> [maintenance\_window](#input\_maintenance\_window) | Maintenance window | `string` | `"wed:03:00-wed:04:00"` | no |
+| <a name="input_max_data_storage"></a> [max\_data\_storage](#input\_max\_data\_storage) | The maximun cached data capacity of the Serverless Cache in GB | `number` | `10` | no |
+| <a name="input_max_ecpu_per_second"></a> [max\_ecpu\_per\_second](#input\_max\_ecpu\_per\_second) | The maximum ECPU per second of the Serverless Cache | `number` | `1000` | no |
| <a name="input_name"></a> [name](#input\_name) | Name of the application | `string` | `"value"` | no |
| <a name="input_notification_topic_arn"></a> [notification\_topic\_arn](#input\_notification\_topic\_arn) | ARN of an SNS topic to send ElastiCache notifications | `string` | `""` | no |
| <a name="input_num_node_groups"></a> [num\_node\_groups](#input\_num\_node\_groups) | Number of node groups (shards) for this Redis replication group. Changing this number will trigger an online resizing operation before other settings modifications. Required unless `global_replication_group_id` is set | `number` | `2` | no |
| <a name="input_ok_actions"></a> [ok\_actions](#input\_ok\_actions) | The list of actions to execute when this alarm transitions into an OK state from any other state. | `list(string)` | `[]` | no |
-| <a name="input_parameter_group_name"></a> [parameter\_group\_name](#input\_parameter\_group\_name) | Excisting Parameter Group name | `string` | `""` | no |
+| <a name="input_parameter_group_name"></a> [parameter\_group\_name](#input\_parameter\_group\_name) | Existing Parameter Group name | `string` | `""` | no |
| <a name="input_parameters"></a> [parameters](#input\_parameters) | A list of Redis parameters to apply. Note that parameters may differ from one Redis family to another | <pre>list(object({<br> name = string<br> value = string<br> }))</pre> | `[]` | no |
| <a name="input_port"></a> [port](#input\_port) | Redis port | `number` | `6379` | no |
| <a name="input_preferred_cache_cluster_azs"></a> [preferred\_cache\_cluster\_azs](#input\_preferred\_cache\_cluster\_azs) | List of EC2 availability zones in which the replication group's cache clusters will be created. The order of the availability zones in the list is considered. The first item in the list will be the primary node. Ignored when updating | `list(string)` | <pre>[<br> "ap-southeast-1a",<br> "ap-southeast-1b"<br>]</pre> | no |
@@ -57,10 +68,13 @@ No modules.
| <a name="input_replication_enabled"></a> [replication\_enabled](#input\_replication\_enabled) | Set to false to diable replication in redis cluster | `bool` | `false` | no |
| <a name="input_replication_group_id"></a> [replication\_group\_id](#input\_replication\_group\_id) | ElastiCache replication\_group\_id | `string` | `""` | no |
| <a name="input_security_groups"></a> [security\_groups](#input\_security\_groups) | List of Security Group IDs to place the cluster into | `list(string)` | `[]` | no |
+| <a name="input_serverless_user_group_id"></a> [serverless\_user\_group\_id](#input\_serverless\_user\_group\_id) | The ID of the user group for Serverless Cache | `string` | `""` | no |
+| <a name="input_snapshot_arns_to_restore"></a> [snapshot\_arns\_to\_restore](#input\_snapshot\_arns\_to\_restore) | The ARN's of snapshot to restore Serverless Cache | `list(string)` | `[]` | no |
| <a name="input_snapshot_retention_limit"></a> [snapshot\_retention\_limit](#input\_snapshot\_retention\_limit) | Number of days for which ElastiCache will retain automatic cache cluster snapshots before deleting them. For example, if you set SnapshotRetentionLimit to 5, then a snapshot that was taken today will be retained for 5 days before being deleted. If the value of snapshot\_retention\_limit is set to zero (0), backups are turned off. Please note that setting a snapshot\_retention\_limit is not supported on cache.t1.micro cache nodes | `number` | `5` | no |
| <a name="input_subnet_group_name"></a> [subnet\_group\_name](#input\_subnet\_group\_name) | Subnet group name for the ElastiCache instance | `string` | `""` | no |
| <a name="input_subnets"></a> [subnets](#input\_subnets) | AWS subnet ids | `list(string)` | `[]` | no |
| <a name="input_tags"></a> [tags](#input\_tags) | Additional tags (\_e.g.\_ map("BusinessUnit","ABC") | `map(string)` | `{}` | no |
+| <a name="input_use_serverless"></a> [use\_serverless](#input\_use\_serverless) | Use serverless ElastiCache service | `bool` | `false` | no |
## Outputs
From 35820c644db0379959fc53f63f4ae02bd5606c0c Mon Sep 17 00:00:00 2001
From: Hazmei Abdul Rahman <hazmei@sph.com.sg>
Date: Fri, 22 Dec 2023 16:04:37 +0800
Subject: [PATCH 12/19] Fix threshold for cache serverless data
---
alarms.tf | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/alarms.tf b/alarms.tf
index 2aeca01..d4bbde8 100644
--- a/alarms.tf
+++ b/alarms.tf
@@ -107,7 +107,7 @@ resource "aws_cloudwatch_metric_alarm" "cache_serverless_data" {
period = 60
statistic = "Average"
- threshold = ceil(var.max_data_storage * var.alarm_data_threshold_percent / 100)
+ threshold = ceil((var.max_data_storage * 1000 * 1000 * 1000) * var.alarm_data_threshold_percent / 100)
tags = var.tags
From 7705b835de9011d69ce60d33a297a1a98bc52da5 Mon Sep 17 00:00:00 2001
From: Hazmei Abdul Rahman <hazmei@sph.com.sg>
Date: Wed, 27 Dec 2023 10:11:55 +0800
Subject: [PATCH 13/19] Remove toset function
---
main.tf | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/main.tf b/main.tf
index c40f7db..5fb0885 100644
--- a/main.tf
+++ b/main.tf
@@ -103,10 +103,10 @@ resource "awscc_elasticache_serverless_cache" "this" {
snapshot_arns_to_restore = var.snapshot_arns_to_restore
snapshot_retention_limit = var.snapshot_retention_limit
- tags = toset([
+ tags = [
for key, value in var.tags : {
key = key
value = value
}
- ])
+ ]
}
From 42b6908f121ff89c29b57cda41ca8ffd0ed77edc Mon Sep 17 00:00:00 2001
From: Hazmei Abdul Rahman <hazmei@sph.com.sg>
Date: Wed, 27 Dec 2023 19:11:05 +0800
Subject: [PATCH 14/19] Add support for passing user_group_id to elasticache
replication group
---
main.tf | 4 +++-
variables.tf | 4 ++--
2 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/main.tf b/main.tf
index 5fb0885..97f3b3d 100644
--- a/main.tf
+++ b/main.tf
@@ -71,6 +71,8 @@ resource "aws_elasticache_replication_group" "this" {
num_node_groups = var.cluster_mode_enabled ? var.num_node_groups : null
replicas_per_node_group = var.cluster_mode_enabled ? var.replicas_per_node_group : null
+ user_group_ids = [var.user_group_id]
+
tags = var.tags
}
@@ -92,7 +94,7 @@ resource "awscc_elasticache_serverless_cache" "this" {
}
}
- user_group_id = var.serverless_user_group_id
+ user_group_id = var.user_group_id
final_snapshot_name = "${var.name}-elasticache-serverless-final-snapshot"
kms_key_id = var.kms_key_id
diff --git a/variables.tf b/variables.tf
index cad97a0..9aeeaf2 100644
--- a/variables.tf
+++ b/variables.tf
@@ -243,8 +243,8 @@ variable "snapshot_arns_to_restore" {
default = []
}
-variable "serverless_user_group_id" {
+variable "user_group_id" {
type = string
- description = "The ID of the user group for Serverless Cache"
+ description = "The ID of the user group Elasticache"
default = ""
}
From 4bbb55e4477fa346d738c8f6fa456caa5fee55c2 Mon Sep 17 00:00:00 2001
From: Uchinda Padmaperuma <89894943+uchinda-sph@users.noreply.github.com>
Date: Thu, 26 Dec 2024 11:08:42 +0800
Subject: [PATCH 15/19] feat: update the module to support automated backup
---
main.tf | 5 +++++
variables.tf | 18 ++++++++++++++++++
2 files changed, 23 insertions(+)
diff --git a/main.tf b/main.tf
index 97f3b3d..d3f580c 100644
--- a/main.tf
+++ b/main.tf
@@ -73,6 +73,11 @@ resource "aws_elasticache_replication_group" "this" {
user_group_ids = [var.user_group_id]
+ snapshot_retention_limit = var.instance_type != "cache.t1.micro" ? var.snapshot_retention_limit : 0
+ snapshot_window = var.snapshot_window
+ snapshot_arns = var.snapshot_arns
+ snapshot_name = var.snapshot_name
+
tags = var.tags
}
diff --git a/variables.tf b/variables.tf
index 9aeeaf2..3b3274a 100644
--- a/variables.tf
+++ b/variables.tf
@@ -248,3 +248,21 @@ variable "user_group_id" {
description = "The ID of the user group Elasticache"
default = ""
}
+
+variable "snapshot_window" {
+ type = string
+ description = "The daily time range (in UTC) during which ElastiCache begins taking a daily snapshot of the node group (shard) specified by SnapshottingClusterId"
+ default = "00:00-01:00"
+}
+
+variable "snapshot_arns" {
+ type = list(string)
+ description = "The ARN of the snapshot from which to restore data into the new node group (shard)"
+ default = []
+}
+
+variable "snapshot_name" {
+ type = string
+ description = "The name of the snapshot from which to restore data into the new node group (shard)"
+ default = ""
+}
From 892064914c530bc56d2d0af7f2855e1849090e2f Mon Sep 17 00:00:00 2001
From: Uchinda Padmaperuma <89894943+uchinda-sph@users.noreply.github.com>
Date: Thu, 26 Dec 2024 11:12:22 +0800
Subject: [PATCH 16/19] update the readme
---
README.md | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)
diff --git a/README.md b/README.md
index 29d4395..840b953 100644
--- a/README.md
+++ b/README.md
@@ -11,8 +11,8 @@
| Name | Version |
|------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.5.0 |
-| <a name="provider_awscc"></a> [awscc](#provider\_awscc) | 0.67.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.82.0 |
+| <a name="provider_awscc"></a> [awscc](#provider\_awscc) | 1.24.0 |
## Modules
@@ -61,20 +61,23 @@ No modules.
| <a name="input_num_node_groups"></a> [num\_node\_groups](#input\_num\_node\_groups) | Number of node groups (shards) for this Redis replication group. Changing this number will trigger an online resizing operation before other settings modifications. Required unless `global_replication_group_id` is set | `number` | `2` | no |
| <a name="input_ok_actions"></a> [ok\_actions](#input\_ok\_actions) | The list of actions to execute when this alarm transitions into an OK state from any other state. | `list(string)` | `[]` | no |
| <a name="input_parameter_group_name"></a> [parameter\_group\_name](#input\_parameter\_group\_name) | Existing Parameter Group name | `string` | `""` | no |
-| <a name="input_parameters"></a> [parameters](#input\_parameters) | A list of Redis parameters to apply. Note that parameters may differ from one Redis family to another | <pre>list(object({<br> name = string<br> value = string<br> }))</pre> | `[]` | no |
+| <a name="input_parameters"></a> [parameters](#input\_parameters) | A list of Redis parameters to apply. Note that parameters may differ from one Redis family to another | <pre>list(object({<br/> name = string<br/> value = string<br/> }))</pre> | `[]` | no |
| <a name="input_port"></a> [port](#input\_port) | Redis port | `number` | `6379` | no |
-| <a name="input_preferred_cache_cluster_azs"></a> [preferred\_cache\_cluster\_azs](#input\_preferred\_cache\_cluster\_azs) | List of EC2 availability zones in which the replication group's cache clusters will be created. The order of the availability zones in the list is considered. The first item in the list will be the primary node. Ignored when updating | `list(string)` | <pre>[<br> "ap-southeast-1a",<br> "ap-southeast-1b"<br>]</pre> | no |
+| <a name="input_preferred_cache_cluster_azs"></a> [preferred\_cache\_cluster\_azs](#input\_preferred\_cache\_cluster\_azs) | List of EC2 availability zones in which the replication group's cache clusters will be created. The order of the availability zones in the list is considered. The first item in the list will be the primary node. Ignored when updating | `list(string)` | <pre>[<br/> "ap-southeast-1a",<br/> "ap-southeast-1b"<br/>]</pre> | no |
| <a name="input_replicas_per_node_group"></a> [replicas\_per\_node\_group](#input\_replicas\_per\_node\_group) | Number of replica nodes in each node group. Valid values are 0 to 5. Changing this number will trigger an online resizing operation before other settings modifications. | `number` | `1` | no |
| <a name="input_replication_enabled"></a> [replication\_enabled](#input\_replication\_enabled) | Set to false to diable replication in redis cluster | `bool` | `false` | no |
| <a name="input_replication_group_id"></a> [replication\_group\_id](#input\_replication\_group\_id) | ElastiCache replication\_group\_id | `string` | `""` | no |
| <a name="input_security_groups"></a> [security\_groups](#input\_security\_groups) | List of Security Group IDs to place the cluster into | `list(string)` | `[]` | no |
-| <a name="input_serverless_user_group_id"></a> [serverless\_user\_group\_id](#input\_serverless\_user\_group\_id) | The ID of the user group for Serverless Cache | `string` | `""` | no |
+| <a name="input_snapshot_arns"></a> [snapshot\_arns](#input\_snapshot\_arns) | The ARN of the snapshot from which to restore data into the new node group (shard) | `list(string)` | `[]` | no |
| <a name="input_snapshot_arns_to_restore"></a> [snapshot\_arns\_to\_restore](#input\_snapshot\_arns\_to\_restore) | The ARN's of snapshot to restore Serverless Cache | `list(string)` | `[]` | no |
+| <a name="input_snapshot_name"></a> [snapshot\_name](#input\_snapshot\_name) | The name of the snapshot from which to restore data into the new node group (shard) | `string` | `""` | no |
| <a name="input_snapshot_retention_limit"></a> [snapshot\_retention\_limit](#input\_snapshot\_retention\_limit) | Number of days for which ElastiCache will retain automatic cache cluster snapshots before deleting them. For example, if you set SnapshotRetentionLimit to 5, then a snapshot that was taken today will be retained for 5 days before being deleted. If the value of snapshot\_retention\_limit is set to zero (0), backups are turned off. Please note that setting a snapshot\_retention\_limit is not supported on cache.t1.micro cache nodes | `number` | `5` | no |
+| <a name="input_snapshot_window"></a> [snapshot\_window](#input\_snapshot\_window) | The daily time range (in UTC) during which ElastiCache begins taking a daily snapshot of the node group (shard) specified by SnapshottingClusterId | `string` | `"00:00-01:00"` | no |
| <a name="input_subnet_group_name"></a> [subnet\_group\_name](#input\_subnet\_group\_name) | Subnet group name for the ElastiCache instance | `string` | `""` | no |
| <a name="input_subnets"></a> [subnets](#input\_subnets) | AWS subnet ids | `list(string)` | `[]` | no |
| <a name="input_tags"></a> [tags](#input\_tags) | Additional tags (\_e.g.\_ map("BusinessUnit","ABC") | `map(string)` | `{}` | no |
| <a name="input_use_serverless"></a> [use\_serverless](#input\_use\_serverless) | Use serverless ElastiCache service | `bool` | `false` | no |
+| <a name="input_user_group_id"></a> [user\_group\_id](#input\_user\_group\_id) | The ID of the user group Elasticache | `string` | `""` | no |
## Outputs
From 801b721ce0c704254e08d52b1b929a2b43ebbc54 Mon Sep 17 00:00:00 2001
From: navfarm <135189645+navfarm@users.noreply.github.com>
Date: Thu, 26 Dec 2024 11:27:34 +0800
Subject: [PATCH 17/19] Parameterizing the values of Encryption at rest and
trasit (#6)
Co-authored-by: Navfarm <navfarm.sph.com.sg>
Co-authored-by: Paul Yeoh <pyeoh@sph.com.sg>
---
README.md | 2 ++
main.tf | 8 ++++----
variables.tf | 12 ++++++++++++
3 files changed, 18 insertions(+), 4 deletions(-)
diff --git a/README.md b/README.md
index 29d4395..e6aef17 100644
--- a/README.md
+++ b/README.md
@@ -42,6 +42,7 @@ No modules.
| <a name="input_alarm_ecpu_threshold_percent"></a> [alarm\_ecpu\_threshold\_percent](#input\_alarm\_ecpu\_threshold\_percent) | ECPU threshold alarm level for elasticache serverless | `number` | `75` | no |
| <a name="input_alarm_memory_threshold_bytes"></a> [alarm\_memory\_threshold\_bytes](#input\_alarm\_memory\_threshold\_bytes) | Alarm memory threshold bytes | `number` | `10000000` | no |
| <a name="input_apply_immediately"></a> [apply\_immediately](#input\_apply\_immediately) | Specifies whether any database modifications are applied immediately, or during the next maintenance window | `bool` | `true` | no |
+| <a name="input_at_rest_encryption_enabled"></a> [at\_rest\_encryption\_enabled](#input\_at\_rest\_encryption\_enabled) | Specifies whether the encryption at rest is enabled | `bool` | `true` | no |
| <a name="input_auth_token"></a> [auth\_token](#input\_auth\_token) | Password used to access a password protected server. Can be specified only if `transit_encryption_enabled = true` | `string` | `null` | no |
| <a name="input_cluster_id"></a> [cluster\_id](#input\_cluster\_id) | Cluster ID | `string` | `null` | no |
| <a name="input_cluster_mode_enabled"></a> [cluster\_mode\_enabled](#input\_cluster\_mode\_enabled) | Set to false to diable cluster module | `bool` | `false` | no |
@@ -74,6 +75,7 @@ No modules.
| <a name="input_subnet_group_name"></a> [subnet\_group\_name](#input\_subnet\_group\_name) | Subnet group name for the ElastiCache instance | `string` | `""` | no |
| <a name="input_subnets"></a> [subnets](#input\_subnets) | AWS subnet ids | `list(string)` | `[]` | no |
| <a name="input_tags"></a> [tags](#input\_tags) | Additional tags (\_e.g.\_ map("BusinessUnit","ABC") | `map(string)` | `{}` | no |
+| <a name="input_transit_encryption_enabled"></a> [transit\_encryption\_enabled](#input\_transit\_encryption\_enabled) | Specifies whether the encryption at transit is enabled | `bool` | `true` | no |
| <a name="input_use_serverless"></a> [use\_serverless](#input\_use\_serverless) | Use serverless ElastiCache service | `bool` | `false` | no |
## Outputs
diff --git a/main.tf b/main.tf
index 97f3b3d..8a8594b 100644
--- a/main.tf
+++ b/main.tf
@@ -57,16 +57,16 @@ resource "aws_elasticache_replication_group" "this" {
security_group_ids = var.security_groups
multi_az_enabled = var.replication_enabled ? true : false
- at_rest_encryption_enabled = true
- transit_encryption_enabled = true
+ at_rest_encryption_enabled = var.at_rest_encryption_enabled
+ transit_encryption_enabled = var.transit_encryption_enabled
automatic_failover_enabled = var.replication_enabled ? true : false
notification_topic_arn = var.notification_topic_arn
apply_immediately = var.apply_immediately
- auth_token = var.auth_token
- kms_key_id = var.kms_key_id
+ auth_token = var.transit_encryption_enabled ? var.auth_token : null
+ kms_key_id = var.at_rest_encryption_enabled ? var.kms_key_id : null
num_node_groups = var.cluster_mode_enabled ? var.num_node_groups : null
replicas_per_node_group = var.cluster_mode_enabled ? var.replicas_per_node_group : null
diff --git a/variables.tf b/variables.tf
index 9aeeaf2..b78dafc 100644
--- a/variables.tf
+++ b/variables.tf
@@ -178,12 +178,24 @@ variable "snapshot_retention_limit" {
default = 5
}
+variable "transit_encryption_enabled" {
+ description = "Whether to enable encryption in transit"
+ type = string
+ default = true
+}
+
variable "auth_token" {
description = "Password used to access a password protected server. Can be specified only if `transit_encryption_enabled = true`"
type = string
default = null
}
+variable "at_rest_encryption_enabled" {
+ description = "Whether to enable encryption at rest"
+ type = string
+ default = true
+}
+
variable "kms_key_id" {
description = "The ARN of the key that you wish to use if encrypting at rest. If not supplied, uses service managed encryption. Can be specified only if `at_rest_encryption_enabled = true`"
type = string
From 4786690d5d65c2bb0b40517d2648e92c36b86e1b Mon Sep 17 00:00:00 2001
From: Uchinda Padmaperuma <89894943+uchinda-sph@users.noreply.github.com>
Date: Fri, 27 Dec 2024 10:19:45 +0800
Subject: [PATCH 18/19] Empty-Commit
From 6d303333e66aa23338e369494315de582501d5e1 Mon Sep 17 00:00:00 2001
From: Jeffrey Monte <jmonte@sph.com.sg>
Date: Tue, 21 Jan 2025 12:24:49 +0800
Subject: [PATCH 19/19] remove duplicate variable
---
variables.tf | 6 ------
1 file changed, 6 deletions(-)
diff --git a/variables.tf b/variables.tf
index 7f23345..790f8e2 100644
--- a/variables.tf
+++ b/variables.tf
@@ -185,12 +185,6 @@ variable "snapshot_retention_limit" {
default = 5
}
-variable "transit_encryption_enabled" {
- description = "Whether to enable encryption in transit"
- type = string
- default = true
-}
-
variable "auth_token" {
description = "Password used to access a password protected server. Can be specified only if `transit_encryption_enabled = true`"
type = string