This repository has been archived by the owner on Mar 11, 2024. It is now read-only.
forked from tmknom/terraform-aws-elasticache-redis
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmain.tf
142 lines (121 loc) · 7.39 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
# Terraform module which creates Redis ElastiCache resources on AWS.
#
# https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/WhatIs.html
# https://www.terraform.io/docs/providers/aws/r/elasticache_replication_group.html
resource "aws_elasticache_replication_group" "default" {
engine = "redis"
parameter_group_name = aws_elasticache_parameter_group.default.name
subnet_group_name = var.subnet_group_name == null ? aws_elasticache_subnet_group.default[0].name : var.subnet_group_name
security_group_ids = [aws_security_group.default.id]
# The replication group identifier. This parameter is stored as a lowercase string.
#
# - Must contain from 1 to 20 alphanumeric characters or hyphens.
# - Must begin with a letter.
# - Cannot contain two consecutive hyphens.
# - Cannot end with a hyphen.
#
# https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/Clusters.Create.CON.Redis.html
replication_group_id = var.name
# The number of clusters this replication group initially has.
# If automatic_failover_enabled is true, the value of this parameter must be at least 2.
# The maximum permitted value for number_cache_clusters is 6 (1 primary plus 5 replicas).
# https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/Scaling.RedisReplGrps.html
num_cache_clusters = var.number_cache_clusters
# The compute and memory capacity of the nodes in the node group (shard).
# Generally speaking, the current generation types provide more memory and computational power at lower cost
# when compared to their equivalent previous generation counterparts.
# https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/CacheNodes.SupportedTypes.html
node_type = var.node_type
# The version number of the cache engine to be used for the clusters in this replication group.
# You can upgrade to a newer engine version, but you cannot downgrade to an earlier engine version.
# https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/supported-engine-versions.html
engine_version = var.engine_version
# The port number on which each member of the replication group accepts connections.
# Redis default port is 6379.
port = var.port
# Every cluster and replication group has a weekly maintenance window during which any system changes are applied.
# Specifies the weekly time range during which maintenance on the cluster is performed.
# It is specified as a range in the format ddd:hh24:mi-ddd:hh24:mi. (Example: "sun:23:00-mon:01:30")
# The minimum maintenance window is a 60 minute period.
# https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/maintenance-window.html
maintenance_window = var.maintenance_window
# A period during each day when ElastiCache will begin creating a backup.
# The minimum length for the backup window is 60 minutes.
# If you do not specify a backup window, ElastiCache will assign one automatically.
# https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/backups-automatic.html
snapshot_window = var.snapshot_window
# The number of days the backup will be retained in Amazon S3.
# The maximum backup retention limit is 35 days.
# If the backup retention limit is set to 0, automatic backups are disabled for the cluster.
# https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/backups-automatic.html
snapshot_retention_limit = var.snapshot_retention_limit
# You can enable Multi-AZ with Automatic Failover only on Redis (cluster mode disabled) clusters that have at least
# one available read replica. Clusters without read replicas do not provide high availability or fault tolerance.
# https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/AutoFailover.html
automatic_failover_enabled = var.automatic_failover_enabled
multi_az_enabled = var.multi_az_enabled
# Redis at-rest encryption is an optional feature to increase data security by encrypting on-disk data during sync
# and backup or snapshot operations. Because there is some processing needed to encrypt and decrypt the data,
# enabling at-rest encryption can have some performance impact during these operations.
# You should benchmark your data with and without at-rest encryption to determine the performance impact for your use cases.
# https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/at-rest-encryption.html
at_rest_encryption_enabled = var.at_rest_encryption_enabled
# ElastiCache in-transit encryption is an optional feature that allows you to increase the security of your data at
# its most vulnerable points—when it is in transit from one location to another. Because there is some processing
# needed to encrypt and decrypt the data at the endpoints, enabling in-transit encryption can have some performance impact.
# You should benchmark your data with and without in-transit encryption to determine the performance impact for your use cases.
# https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/in-transit-encryption.html
transit_encryption_enabled = var.transit_encryption_enabled
# The password used to access a password protected server. Can be specified only if transit_encryption_enabled = true
auth_token = var.auth_token == null ? null : var.auth_token
# If true, this parameter causes the modifications in this request and any pending modifications to be applied,
# asynchronously and as soon as possible, regardless of the maintenance_window setting for the replication group.
# apply_immediately applies only to modifications in node type, engine version, and changing the number of nodes in a cluster.
# Other modifications, such as changing the maintenance window, are applied immediately.
# https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/Clusters.Modify.html
apply_immediately = var.apply_immediately
# A user-created description for the replication group.
description = var.description
# A mapping of tags to assign to the resource.
tags = merge({ "Name" = var.name }, var.tags)
}
# https://www.terraform.io/docs/providers/aws/r/elasticache_parameter_group.html
resource "aws_elasticache_parameter_group" "default" {
name = var.name
family = var.family
description = var.description
tags = merge({ "Name" = var.name }, var.tags)
}
# https://www.terraform.io/docs/providers/aws/r/elasticache_subnet_group.html
resource "aws_elasticache_subnet_group" "default" {
count = var.subnet_group_name == null ? 1 : 0
name = var.name
subnet_ids = var.subnet_ids
description = var.description
}
# https://www.terraform.io/docs/providers/aws/r/security_group.html
resource "aws_security_group" "default" {
name = local.security_group_name
vpc_id = var.vpc_id
tags = merge({ "Name" = local.security_group_name }, var.tags)
}
locals {
security_group_name = "${var.name}-elasticache-redis"
}
# https://www.terraform.io/docs/providers/aws/r/security_group_rule.html
resource "aws_security_group_rule" "ingress" {
type = "ingress"
from_port = var.port
to_port = var.port
protocol = "tcp"
cidr_blocks = var.source_cidr_blocks
security_group_id = aws_security_group.default.id
}
resource "aws_security_group_rule" "egress" {
type = "egress"
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = var.destination_cidr_blocks == [] ? ["0.0.0.0/0"] : var.destination_cidr_blocks
security_group_id = aws_security_group.default.id
}