AWS Elasticache Redis Terraform module. Based on:
- CloudPosse Elasticache Redis cluster module: https://registry.terraform.io/modules/cloudposse/elasticache-redis/aws/latest
Use this module by adding a module configuration block, setting the source parameter to this repository, updating the local_module_name and module_version, then defining values for the environment variables in .tfvars files:
module "local_module_name" {
source = "git::git@gitlab.itgix.com:rnd/app-platform/iac-modules/aws-elasticache-redis"
version = "<latest_version>" # e.g "1.0.1"
aws_region = var.aws_region
environment = var.environment
product_name = var.product_name
vpc_id = var.vpc_id
subnet_ids = var.subnet_ids
cluster_size = var.redis_cluster_size
instance_type = var.redis_instance_type
automatic_failover_enabled = var.redis_automatic_failover_enabled
engine_version = var.redis_engine_version
family = var.redis_family
allowed_cidr_blocks = var.redis_allowed_cidr_blocks
allowed_security_group_ids = var.redis_allowed_security_group_ids
s3_log_bucket_name = aws_s3_bucket.engine_logs.id
redis_tenants = var.redis_tenants
}
NOTE:
| Name | Version |
|---|---|
| terraform | >= 1.1.9 |
| aws | >= 4.0 |
| Name | Version |
|---|---|
| aws | >= 4.0 |
| Name | Source | Version |
|---|---|---|
| redis | cloudposse/elasticache-redis/aws | 0.52.0 |
| Name | Type |
|---|---|
| aws_cloudwatch_log_group.redis | resource |
| aws_elasticache_user.default_user | resource |
| aws_elasticache_user.iam_tenants | resource |
| aws_elasticache_user_group.redis_tenants | resource |
| aws_elasticache_user_group_association.redis_associate_users_to_tenants_group | resource |
| aws_iam_policy.redis_authnz_policies | resource |
| aws_iam_policy.s3_firehose_policy | resource |
| aws_iam_role.firehose_role | resource |
| aws_iam_role_policy_attachment.attach_s3_policy_to_firehose_role | resource |
| aws_iam_role_policy_attachment.redis_attach_to_tenant | resource |
| aws_kinesis_firehose_delivery_stream.redis | resource |
| aws_kms_key.redis | resource |
| aws_security_group.redis_cluster_sg | resource |
| aws_caller_identity.current | data source |
| aws_iam_policy_document.firehose_s3_policy | data source |
| aws_iam_policy_document.redis_authnz_policy_documents | data source |
| aws_region.current | data source |
| aws_s3_bucket.engine_logs | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| additional_security_group_ids_to_associate | A list of IDs of additional security groups to associate with created Elasticache Redis resource. Must provide all the required access | list(string) |
[] |
no |
| allowed_cidr_blocks | List of CIDRs allowed by the security group | list(any) |
n/a | yes |
| allowed_security_group_ids | A list of IDs of Security Groups to allow access to the security group created by this module on Redis port. | list(string) |
[] |
no |
| at_rest_encryption_enabled | Enable encryption at rest | bool |
true |
no |
| attach_policy_to_tenant_roles | Attach needed authorization policy to tenant role. 'role_name' has to be provided in redis_tenants map | bool |
true |
no |
| automatic_failover_enabled | Automatic failover (Not available for T1/T2 instances) | bool |
true |
no |
| aws_elasticache_user_name | Username for the default user. Its mandatory to have at least one default user. Change this only if you already have the default user created by other means | string |
"default" |
no |
| aws_elasticache_user_permission | Permissions (access_string) for the default user | string |
"off -@all" |
no |
| aws_existing_default_user | Is there an existing default user | bool |
false |
no |
| aws_region | AWS region to deploy to | string |
n/a | yes |
| cloudwatch_log_group_retention_in_days | Specifies the number of days you want to retain log events in the log group | number |
0 |
no |
| cloudwatch_logs_enabled | Indicates whether you want to enable or disable streaming Redis logs to Cloudwatch Logs. If default 'opinionated' logging is in use, this parameter takes precedence over 'firehose_logs_enabled' in case is set to true and log will be shipped to CloudWatch Logs. |
bool |
true |
no |
| cluster_mode_enabled | Flag to enable/disable creation of a native redis cluster. automatic_failover_enabled must be set to true. Only 1 cluster_mode block is allowed | bool |
true |
no |
| cluster_mode_num_node_groups | Number of node groups (shards) for this Redis replication group. Changing this number will trigger an online resizing operation before other settings modifications | number |
1 |
no |
| cluster_mode_replicas_per_node_group | Number of replica nodes in each node group. Valid values are 0 to 5. Changing this number will force a new resource | number |
1 |
no |
| cluster_size | Number of nodes in cluster. Ignored when cluster_mode_enabled == true | number |
1 |
no |
| description | Elastic cache instance description | string |
"" |
no |
| elasticache_subnet_group_name | Subnet group name for the ElastiCache instance | string |
"" |
no |
| engine_version | Redis engine version | string |
"7.0" |
no |
| environment | Environment in which resources are deployed | string |
n/a | yes |
| family | Redis family | string |
"redis7" |
no |
| firehose_logs_enabled | Indicates whether you want to enable or disable streaming Redis logs to kinesis firehose. If default 'opinionated' logging is in use, parameter 'cloudwatch_logs_enabled' if set to true takes precedence and logs will be shipped to CloudWatch Logs. |
bool |
false |
no |
| instance_type | Elastic cache instance type | string |
"cache.t3.micro" |
no |
| log_delivery_configuration | The log_delivery_configuration block allows the streaming of Redis SLOWLOG or Redis Engine Log to CloudWatch Logs or Kinesis Data Firehose. Max of 2 blocks. Not specifying this variable is equivalent to use default 'Opinionated' Logging provided by this module. Specifying this variable will disable the default 'opinionated' logging provided by this module. CloudWatch Logs or Kinesis Data Firehose needed resources have to be provided by end user. |
list(map(any)) |
[] |
no |
| log_format | Format type for Redis logs in default 'opinionated' logging. One of 'text' or 'json' | string |
"text" |
no |
| multi_az_enabled | Multi AZ (Automatic Failover must also be enabled. If Cluster Mode is enabled, Multi AZ is on by default, and this setting is ignored) | bool |
true |
no |
| parameter | A list of Redis parameters to apply. Note that parameters may differ from one Redis family to another | list(object({ |
[] |
no |
| parameter_group_description | Managed by Terraform | string |
null |
no |
| port | Redis port | number |
6379 |
no |
| product_name | Bango platform instance (same as provided tag in default_tags) | string |
n/a | yes |
| redis_tenants | List of tenants and relevant specs for this Redis cluster | map(object({ |
{} |
no |
| s3_log_bucket_name | Name of the S3 bucket to deliver logs to in default 'opinionated' logging. Needed if s3_logs_enabled or firehose_logs_enabled are set to true |
string |
"" |
no |
| s3_logs_enabled | Indicates whether you want to stream Redis logs to S3 in default 'opinionated' logging. This is requiring 'firehose_logs_enabled' to be set to true as well. |
bool |
false |
no |
| s3_logs_prefix | Prefix to prepend to the S3 folder name logs are delivered to in default 'opinionated' logging | string |
"" |
no |
| subnet_ids | Subnet IDs to use for this Elasticache Redis deployment | list(string) |
[] |
no |
| transit_encryption_enabled | Set true to enable encryption in transit. Forced true if var.auth_token is set | bool |
true |
no |
| vpc_id | VPC to be used by Elasticache Redis cluster | string |
n/a | yes |
| Name | Description |
|---|---|
| redis_engine_version_actual | The running version of the cache engine |
| redis_host | Redis hostname |
| redis_member_clusters | Redis cluster members |
| redis_policy_documents_for_tenants | Policy documents for Redis tenants |
| redis_port | Redis port |
| redis_primary_endpoint_address | Redis primary or configuration endpoint, whichever is appropriate for the given cluster mode |
| redis_reader_endpoint_address | The address of the endpoint for the reader node in the replication group, if the cluster mode is disabled. |
| redis_replication_group_arn | Elasticache Redis replication Group ARN |
| redis_replication_group_cluster_name | Elasticache Redis cluster name |
| redis_security_group_id | The ID of the created security group |
| redis_security_group_name | The name of the created security group |