This Terraform module creates structured elasticache for aws resources with specific attributes.
- Use the module by referencing its source and providing the required variables.
Example:memcached
module "memcached" {
source = "git::https://github.com/opsstation/terraform-aws-elasticache.git?ref=v1.0.0"
name = "memcached"
environment = "test"
label_order = ["name", "environment"]
vpc_id = module.vpc.vpc_id
allowed_ip = [module.vpc.vpc_cidr_block]
allowed_ports = [11211]
cluster_enabled = true
memcached_ssm_parameter_endpoint_enabled = true
memcached_route53_record_enabled = false
engine = "memcached"
engine_version = "1.6.17"
parameter_group_name = ""
az_mode = "cross-az"
port = 11211
node_type = "cache.t2.micro"
num_cache_nodes = 2
subnet_ids = module.subnet.public_subnet_id
availability_zones = ["eu-west-1a", "eu-west-1b"]
extra_tags = {
Application = "opsstation"
}
route53_record_enabled = false
ssm_parameter_endpoint_enabled = false
dns_record_name = "prod"
route53_ttl = "300"
route53_type = "CNAME"
route53_zone_id = "SERFxxxx6XCsY9Lxxxxx"
}
Example:redis
module "redis" {
source = "git::https://github.com/opsstation/terraform-aws-elasticache.git?ref=v1.0.0"
name = "redis"
environment = "test"
label_order = ["name", "environment"]
vpc_id = module.vpc.vpc_id
allowed_ip = [module.vpc.vpc_cidr_block]
allowed_ports = [6379]
cluster_replication_enabled = true
engine = "redis"
engine_version = "7.0"
parameter_group_name = "default.redis7"
port = 6379
node_type = "cache.r6g.large"
subnet_ids = module.subnet.public_subnet_id
availability_zones = [""]
automatic_failover_enabled = false
multi_az_enabled = false
num_cache_clusters = 1
retention_in_days = 0
snapshot_retention_limit = 7
log_delivery_configuration = [
{
destination_type = "cloudwatch-logs"
log_format = "json"
log_type = "slow-log"
},
{
destination_type = "cloudwatch-logs"
log_format = "json"
log_type = "engine-log"
}
]
extra_tags = {
Application = "opsstation"
}
route53_record_enabled = false
ssm_parameter_endpoint_enabled = false
dns_record_name = "prod"
route53_ttl = "300"
route53_type = "CNAME"
route53_zone_id = "Z017xxxxDLxxx0GH04"
}
Example:redis-cluster
module "redis-cluster" {
source = "git::https://github.com/opsstation/terraform-aws-elasticache.git?ref=v1.0.0"
name = "redis-cluster"
environment = "test"
label_order = ["environment", "name"]
vpc_id = module.vpc.vpc_id
allowed_ip = [module.vpc.vpc_cidr_block]
allowed_ports = [6379]
cluster_replication_enabled = true
engine = "redis"
engine_version = "7.0"
parameter_group_name = "default.redis7.cluster.on"
port = 6379
node_type = "cache.t2.micro"
subnet_ids = module.subnet.public_subnet_id
availability_zones = ["eu-west-1a"]
num_cache_nodes = 1
snapshot_retention_limit = 7
automatic_failover_enabled = true
extra_tags = {
Application = "opsstation"
}
route53_record_enabled = false
ssm_parameter_endpoint_enabled = false
dns_record_name = "prod"
route53_ttl = "300"
route53_type = "CNAME"
route53_zone_id = "SERFxxxx6XCsY9Lxxxxx"
}
Please ensure you specify the correct 'source' path for the module.
name: Name (e.g.apporcluster).environment: Environment (e.g.prod,dev,staging)..label_order: Label order, e.g.name,application.enabled: Enable or disable of elasticache.managedby: ManagedBy, eg 'opsstation'.engine: The name of the cache engine to be used for the clusters in this replication group. e.g. redis.
- This module currently does not provide any outputs.
For detailed examples on how to use this module, please refer to the 'example' directory within this repository.
Your Name Replace '[License Name]' and '[Your Name]' with the appropriate license and your information. Feel free to expand this README with additional details or usage instructions as needed for your specific use case.
This project is licensed under the MIT License - see the LICENSE file for details.
| Name | Version |
|---|---|
| terraform | >= 1.7.3 |
| aws | >= 5.9.0 |
| random | >= 3.0, < 4.0 |
| Name | Version |
|---|---|
| aws | >= 5.9.0 |
| random | >= 3.0, < 4.0 |
| Name | Source | Version |
|---|---|---|
| labels | git::https://github.com/opsstation/terraform-aws-labels.git | v1.0.0 |
| Name | Type |
|---|---|
| aws_cloudwatch_log_group.default | resource |
| aws_elasticache_cluster.default | resource |
| aws_elasticache_replication_group.cluster | resource |
| aws_elasticache_subnet_group.default | resource |
| aws_kms_alias.default | resource |
| aws_kms_key.default | resource |
| aws_route53_record.elasticache | resource |
| aws_route53_record.memcached_route_53 | resource |
| aws_security_group.default | resource |
| aws_security_group_rule.egress | resource |
| aws_security_group_rule.egress_ipv6 | resource |
| aws_security_group_rule.ingress | resource |
| aws_ssm_parameter.memcached_secret-endpoint | resource |
| aws_ssm_parameter.secret | resource |
| aws_ssm_parameter.secret-endpoint | resource |
| random_password.auth_token | resource |
| aws_caller_identity.current | data source |
| aws_iam_policy_document.default | data source |
| aws_partition.current | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| alias | The display name of the alias. The name must start with the word alias followed by a forward slash. |
string |
"alias/redis" |
no |
| allowed_ip | List of allowed ip. | list(any) |
[] |
no |
| allowed_ports | List of allowed ingress ports | list(any) |
[] |
no |
| apply_immediately | Specifies whether any modifications are applied immediately, or during the next maintenance window. Default is false. | bool |
false |
no |
| at_rest_encryption_enabled | Enable encryption at rest. | bool |
true |
no |
| auth_token | The password used to access a password protected server. Can be specified only if transit_encryption_enabled = true. | string |
null |
no |
| auth_token_enable | Flag to specify whether to create auth token (password) protected cluster. Can be specified only if transit_encryption_enabled = true. | bool |
true |
no |
| auto_minor_version_upgrade | Specifies whether a minor engine upgrades will be applied automatically to the underlying Cache Cluster instances during the maintenance window. Defaults to true. | bool |
true |
no |
| automatic_failover_enabled | Specifies whether a read-only replica will be automatically promoted to read/write primary if the existing primary fails. If true, Multi-AZ is enabled for this replication group. If false, Multi-AZ is disabled for this replication group. Must be enabled for Redis (cluster mode enabled) replication groups. Defaults to false. | bool |
true |
no |
| availability_zones | A list of EC2 availability zones in which the replication group's cache clusters will be created. The order of the availability zones in the list is not important. | list(string) |
n/a | yes |
| az_mode | (Memcached only) Specifies whether the nodes in this Memcached node group are created in a single Availability Zone or created across multiple Availability Zones in the cluster's region. Valid values for this parameter are single-az or cross-az, default is single-az. If you want to choose cross-az, num_cache_nodes must be greater than 1. | string |
"single-az" |
no |
| cluster_enabled | (Memcache only) Enabled or disabled cluster. | bool |
false |
no |
| cluster_replication_enabled | (Redis only) Enabled or disabled replication_group for redis cluster. | bool |
false |
no |
| customer_master_key_spec | Specifies whether the key contains a symmetric key or an asymmetric key pair and the encryption algorithms or signing algorithms that the key supports. Valid values: SYMMETRIC_DEFAULT, RSA_2048, RSA_3072, RSA_4096, ECC_NIST_P256, ECC_NIST_P384, ECC_NIST_P521, or ECC_SECG_P256K1. Defaults to SYMMETRIC_DEFAULT. | string |
"SYMMETRIC_DEFAULT" |
no |
| deletion_window_in_days | Duration in days after which the key is deleted after destruction of the resource. | number |
7 |
no |
| dns_record_name | The name of the record. | string |
"" |
no |
| egress_rule | Enable to create egress rule | bool |
true |
no |
| enable | Enable or disable of elasticache | bool |
true |
no |
| enable_key_rotation | Specifies whether key rotation is enabled. | string |
true |
no |
| enable_security_group | Enable default Security Group with only Egress traffic allowed. | bool |
true |
no |
| engine | The name of the cache engine to be used for the clusters in this replication group. e.g. redis. | string |
"" |
no |
| engine_version | The version number of the cache engine to be used for the cache clusters in this replication group. | string |
"" |
no |
| environment | Environment (e.g. prod, dev, staging). |
string |
"" |
no |
| is_enabled | Specifies whether the key is enabled. | bool |
true |
no |
| is_external | enable to udated existing security Group | bool |
false |
no |
| key_usage | Specifies the intended use of the key. Defaults to ENCRYPT_DECRYPT, and only symmetric encryption and decryption are supported. | string |
"ENCRYPT_DECRYPT" |
no |
| kms_description | The description of the key as viewed in AWS console. | string |
"Parameter Store KMS master key" |
no |
| kms_key_enabled | Specifies whether the kms is enabled or disabled. | bool |
true |
no |
| kms_key_id | The ARN of the key that you wish to use if encrypting at rest. If not supplied, uses service managed encryption. Can be specified only if at_rest_encryption_enabled = true. | string |
"" |
no |
| kms_multi_region | Indicates whether the KMS key is a multi-Region (true) or regional (false) key. | bool |
false |
no |
| label_order | Label order, e.g. name,application. |
list(any) |
[] |
no |
| length | n/a | number |
25 |
no |
| log_delivery_configuration | The log_delivery_configuration block allows the streaming of Redis SLOWLOG or Redis Engine Log to CloudWatch Logs or Kinesis Data Firehose. Max of 2 blocks. | list(map(any)) |
[] |
no |
| maintenance_window | Maintenance window. | string |
"sun:05:00-sun:06:00" |
no |
| managedby | ManagedBy, eg 'opsstation'. | string |
"" |
no |
| memcached_route53_record_enabled | Whether to create Route53 record memcached set. | bool |
false |
no |
| memcached_ssm_parameter_endpoint_enabled | Name of the parameter. | bool |
false |
no |
| multi_az_enabled | Specifies whether to enable Multi-AZ Support for the replication group. If true, automatic_failover_enabled must also be enabled. Defaults to false. | bool |
false |
no |
| name | Name (e.g. app or cluster). |
string |
"" |
no |
| node_type | The compute and memory capacity of the nodes in the node group. | string |
"cache.t2.small" |
no |
| notification_topic_arn | An Amazon Resource Name (ARN) of an SNS topic to send ElastiCache notifications to. | string |
"" |
no |
| num_cache_clusters | (Required for Cluster Mode Disabled) The number of cache clusters (primary and replicas) this replication group will have. If Multi-AZ is enabled, the value of this parameter must be at least 2. Updates will occur before other modifications. | number |
1 |
no |
| num_cache_nodes | (Required unless replication_group_id is provided) The initial number of cache nodes that the cache cluster will have. For Redis, this value must be 1. For Memcache, this value must be between 1 and 20. If this number is reduced on subsequent runs, the highest numbered nodes will be removed. | number |
1 |
no |
| parameter_group_name | The name of the parameter group to associate with this replication group. If this argument is omitted, the default cache parameter group for the specified engine is used. | string |
"default.redis5.0" |
no |
| port | the port number on which each of the cache nodes will accept connections. | string |
"" |
no |
| protocol | The protocol. If not icmp, tcp, udp, or all use the. | string |
"tcp" |
no |
| replication_group_description | Name of either the CloudWatch Logs LogGroup or Kinesis Data Firehose resource. | string |
"User-created description for the replication group." |
no |
| repository | Terraform current module repo | string |
"https://github.com/opsstation/terraform-aws-elasticache" |
no |
| retention_in_days | Specifies the number of days you want to retain log events in the specified log group. | number |
0 |
no |
| route53_record_enabled | Whether to create Route53 record set. | bool |
false |
no |
| route53_ttl | (Required for non-alias records) The TTL of the record. | string |
"" |
no |
| route53_type | The record type. Valid values are A, AAAA, CAA, CNAME, MX, NAPTR, NS, PTR, SOA, SPF, SRV and TXT. | string |
"" |
no |
| route53_zone_id | Zone ID. | string |
n/a | yes |
| security_group_names | A list of cache security group names to associate with this replication group. | list(string) |
null |
no |
| sg_description | The security group description. | string |
"Instance default security group (only egress access is allowed)." |
no |
| sg_egress_description | Description of the egress and ingress rule | string |
"Description of the rule." |
no |
| sg_egress_ipv6_description | Description of the egress_ipv6 rule | string |
"Description of the rule." |
no |
| sg_ids | of the security group id. | list(any) |
[] |
no |
| sg_ingress_description | Description of the ingress rule | string |
"Description of the ingress rule use elasticache." |
no |
| snapshot_arns | A single-element string list containing an Amazon Resource Name (ARN) of a Redis RDB snapshot file stored in Amazon S3. | list(string) |
null |
no |
| snapshot_name | The name of a snapshot from which to restore data into the new node group. Changing the snapshot_name forces a new resource. | string |
"" |
no |
| snapshot_retention_limit | (Redis only) The number of days for which ElastiCache will retain automatic cache cluster snapshots before deleting them. For example, if you set SnapshotRetentionLimit to 5, then a snapshot that was taken today will be retained for 5 days before being deleted. If the value of SnapshotRetentionLimit is set to zero (0), backups are turned off. Please note that setting a snapshot_retention_limit is not supported on cache.t1.micro or cache.t2.* cache nodes. | string |
"0" |
no |
| snapshot_window | (Redis only) The daily time range (in UTC) during which ElastiCache will begin taking a daily snapshot of your cache cluster. The minimum snapshot window is a 60 minute period. | string |
null |
no |
| special | n/a | bool |
false |
no |
| ssm_parameter_description | SSM Parameters can be imported using. | string |
"Description of the parameter." |
no |
| ssm_parameter_endpoint_enabled | Name of the parameter. | bool |
false |
no |
| ssm_parameter_type | Type of the parameter. | string |
"SecureString" |
no |
| subnet_group_description | Description for the cache subnet group. Defaults to Managed by Terraform. |
string |
"The Description of the ElastiCache Subnet Group." |
no |
| subnet_ids | List of VPC Subnet IDs for the cache subnet group. | list(any) |
[] |
no |
| tags | Additional tags (e.g. map(BusinessUnit,XYZ). |
map(any) |
{} |
no |
| transit_encryption_enabled | Whether to enable encryption in transit. | bool |
true |
no |
| vpc_id | The ID of the VPC that the instance security group belongs to. | string |
"" |
no |
| Name | Description |
|---|---|
| Memcached_ssm_name | A list of all of the parameter values |
| auth_token | Auth token generated value |
| hostname | DNS hostname |
| id | Redis cluster id. |
| memcached_arn | Memcached arn |
| memcached_endpoint | Memcached endpoint address. |
| memcached_hostname | DNS hostname |
| port | Redis port. |
| redis_arn | Redis arn |
| redis_endpoint | Redis endpoint address. |
| redis_ssm_name | A list of all of the parameter values |
| sg_id | n/a |
| tags | A mapping of tags to assign to the resource. |