├── VERSION ├── .github ├── CODEOWNERS ├── labeler.yaml ├── dependabot.yml ├── workflows │ ├── github.repo.yaml │ ├── yaml.integration.yaml │ ├── welcome.yaml │ ├── github.pr.yaml │ └── terraform.integration.yaml ├── auto-assign.yaml └── labels.yaml ├── examples ├── elasticache-redis-full │ ├── outputs.tf │ ├── versions.tf │ └── main.tf ├── elasticache-redis-muti-az │ ├── outputs.tf │ ├── versions.tf │ └── main.tf ├── elasticache-redis-single │ ├── outputs.tf │ ├── versions.tf │ └── main.tf └── elasticache-redis-with-users │ ├── outputs.tf │ ├── versions.tf │ └── main.tf ├── modules ├── elasticache-redis-cluster │ ├── versions.tf │ ├── resource-group.tf │ ├── security-group.tf │ ├── main.tf │ ├── outputs.tf │ ├── variables.tf │ └── README.md ├── elasticache-redis-user │ ├── versions.tf │ ├── resource-group.tf │ ├── main.tf │ ├── outputs.tf │ ├── variables.tf │ └── README.md └── elasticache-redis-user-group │ ├── versions.tf │ ├── resource-group.tf │ ├── outputs.tf │ ├── main.tf │ ├── variables.tf │ └── README.md ├── .editorconfig ├── .pre-commit-config.yaml ├── .yamllint.yaml ├── .gitignore ├── .tflint.hcl ├── README.md └── LICENSE /VERSION: -------------------------------------------------------------------------------- 1 | 0.1.4 2 | -------------------------------------------------------------------------------- /.github/CODEOWNERS: -------------------------------------------------------------------------------- 1 | * @posquit0 2 | -------------------------------------------------------------------------------- /examples/elasticache-redis-full/outputs.tf: -------------------------------------------------------------------------------- 1 | output "cluster" { 2 | value = module.cluster 3 | } 4 | -------------------------------------------------------------------------------- /examples/elasticache-redis-muti-az/outputs.tf: -------------------------------------------------------------------------------- 1 | output "cluster" { 2 | value = module.cluster 3 | } 4 | -------------------------------------------------------------------------------- /examples/elasticache-redis-single/outputs.tf: -------------------------------------------------------------------------------- 1 | output "cluster" { 2 | value = module.cluster 3 | } 4 | -------------------------------------------------------------------------------- /.github/labeler.yaml: -------------------------------------------------------------------------------- 1 | # Modules 2 | ":floppy_disk: elasticache-redis-cluster": 3 | - changed-files: 4 | - any-glob-to-any-file: 5 | - modules/elasticache-redis-cluster/**/* 6 | -------------------------------------------------------------------------------- /examples/elasticache-redis-full/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = "~> 1.5" 3 | 4 | required_providers { 5 | aws = { 6 | source = "hashicorp/aws" 7 | version = "~> 5.0" 8 | } 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /examples/elasticache-redis-single/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = "~> 1.5" 3 | 4 | required_providers { 5 | aws = { 6 | source = "hashicorp/aws" 7 | version = "~> 5.0" 8 | } 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /modules/elasticache-redis-cluster/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.5" 3 | 4 | required_providers { 5 | aws = { 6 | source = "hashicorp/aws" 7 | version = ">= 5.0" 8 | } 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /modules/elasticache-redis-user/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.5" 3 | 4 | required_providers { 5 | aws = { 6 | source = "hashicorp/aws" 7 | version = ">= 5.0" 8 | } 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /examples/elasticache-redis-muti-az/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = "~> 1.5" 3 | 4 | required_providers { 5 | aws = { 6 | source = "hashicorp/aws" 7 | version = "~> 5.0" 8 | } 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /examples/elasticache-redis-with-users/outputs.tf: -------------------------------------------------------------------------------- 1 | output "cluster" { 2 | value = module.cluster 3 | } 4 | 5 | output "user_group" { 6 | value = module.user_group 7 | } 8 | 9 | output "users" { 10 | value = module.user 11 | } 12 | -------------------------------------------------------------------------------- /examples/elasticache-redis-with-users/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = "~> 1.5" 3 | 4 | required_providers { 5 | aws = { 6 | source = "hashicorp/aws" 7 | version = "~> 5.0" 8 | } 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /modules/elasticache-redis-user-group/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.5" 3 | 4 | required_providers { 5 | aws = { 6 | source = "hashicorp/aws" 7 | version = ">= 5.0" 8 | } 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /.github/dependabot.yml: -------------------------------------------------------------------------------- 1 | version: 2 2 | 3 | updates: 4 | - package-ecosystem: github-actions 5 | directory: / 6 | schedule: 7 | interval: daily 8 | 9 | - package-ecosystem: terraform 10 | directories: 11 | - /modules/* 12 | schedule: 13 | interval: weekly 14 | -------------------------------------------------------------------------------- /.editorconfig: -------------------------------------------------------------------------------- 1 | # Top-most EditorConfig file 2 | root = true 3 | 4 | [*] 5 | charset = utf-8 6 | end_of_line = lf 7 | indent_style = space 8 | indent_size = 2 9 | trim_trailing_whitespace = true 10 | insert_final_newline = true 11 | max_line_length = 150 12 | 13 | [*.{tf,tfvars}] 14 | indent_size = 2 15 | indent_style = space 16 | 17 | [*.md] 18 | max_line_length = 0 19 | 20 | [COMMIT_EDITMSG] 21 | max_line_length = 0 22 | -------------------------------------------------------------------------------- /examples/elasticache-redis-single/main.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = "us-east-1" 3 | } 4 | 5 | 6 | ################################################### 7 | # ElastiCache Redis Cluster 8 | ################################################### 9 | 10 | module "cluster" { 11 | source = "../../modules/elasticache-redis-cluster" 12 | # source = "tedilabs/db/aws//modules/elasticache-redis-cluster" 13 | # version = "~> 0.2.0" 14 | 15 | name = "example-redis-single" 16 | description = "Managed by Terraform." 17 | 18 | redis_version = "6.2" 19 | node_instance_type = "cache.t4g.micro" 20 | node_size = 1 21 | 22 | tags = { 23 | "project" = "terraform-aws-db-examples" 24 | } 25 | } 26 | -------------------------------------------------------------------------------- /.github/workflows/github.repo.yaml: -------------------------------------------------------------------------------- 1 | name: GitHub - Repository 2 | 3 | 4 | on: 5 | push: 6 | branches: 7 | - main 8 | paths: 9 | - .github/labels.yaml 10 | - .github/workflows/github.repo.yaml 11 | 12 | pull_request: 13 | paths: 14 | - .github/labels.yaml 15 | - .github/workflows/github.repo.yaml 16 | 17 | workflow_dispatch: {} 18 | 19 | 20 | jobs: 21 | sync-labels: 22 | name: Sync Labels 23 | uses: tedilabs/github-actions/.github/workflows/github.repo.sync-labels.yaml@main 24 | 25 | permissions: 26 | contents: read 27 | issues: write 28 | 29 | with: 30 | config_file: .github/labels.yaml 31 | secrets: 32 | token: ${{ secrets.GITHUB_TOKEN }} 33 | -------------------------------------------------------------------------------- /.github/workflows/yaml.integration.yaml: -------------------------------------------------------------------------------- 1 | name: Integration - YAML 2 | 3 | 4 | on: 5 | push: 6 | branches: 7 | - main 8 | paths: 9 | - "**.yaml" 10 | - "**.yml" 11 | 12 | pull_request: 13 | paths: 14 | - "**.yaml" 15 | - "**.yml" 16 | 17 | workflow_dispatch: {} 18 | 19 | 20 | concurrency: 21 | group: integration-yaml-${{ github.ref }} 22 | cancel-in-progress: true 23 | 24 | 25 | jobs: 26 | lint: 27 | name: Lint (yamllint) 28 | uses: tedilabs/github-actions/.github/workflows/yaml.yamllint.yaml@main 29 | 30 | with: 31 | yamllint_version: latest 32 | yamllint_config_file: .yamllint.yaml 33 | yamllint_target_dir: ./ 34 | secrets: 35 | token: ${{ secrets.GITHUB_TOKEN }} 36 | -------------------------------------------------------------------------------- /examples/elasticache-redis-muti-az/main.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = "us-east-1" 3 | } 4 | 5 | 6 | ################################################### 7 | # ElastiCache Redis Cluster 8 | ################################################### 9 | 10 | module "cluster" { 11 | source = "../../modules/elasticache-redis-cluster" 12 | # source = "tedilabs/db/aws//modules/elasticache-redis-cluster" 13 | # version = "~> 0.2.0" 14 | 15 | name = "example-redis-multi-az" 16 | description = "Managed by Terraform." 17 | 18 | redis_version = "6.2" 19 | node_instance_type = "cache.t4g.micro" 20 | node_size = 2 21 | 22 | multi_az_enabled = true 23 | auto_failover_enabled = true 24 | 25 | tags = { 26 | "project" = "terraform-aws-db-examples" 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /modules/elasticache-redis-cluster/resource-group.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | resource_group_name = (var.resource_group.name != "" 3 | ? var.resource_group.name 4 | : join(".", [ 5 | local.metadata.package, 6 | local.metadata.module, 7 | replace(local.metadata.name, "/[^a-zA-Z0-9_\\.-]/", "-"), 8 | ]) 9 | ) 10 | } 11 | 12 | 13 | module "resource_group" { 14 | source = "tedilabs/misc/aws//modules/resource-group" 15 | version = "~> 0.12.0" 16 | 17 | count = (var.resource_group.enabled && var.module_tags_enabled) ? 1 : 0 18 | 19 | name = local.resource_group_name 20 | description = var.resource_group.description 21 | 22 | query = { 23 | resource_tags = local.module_tags 24 | } 25 | 26 | module_tags_enabled = false 27 | tags = merge( 28 | local.module_tags, 29 | var.tags, 30 | ) 31 | } 32 | -------------------------------------------------------------------------------- /modules/elasticache-redis-user/resource-group.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | resource_group_name = (var.resource_group.name != "" 3 | ? var.resource_group.name 4 | : join(".", [ 5 | local.metadata.package, 6 | local.metadata.module, 7 | replace(local.metadata.name, "/[^a-zA-Z0-9_\\.-]/", "-"), 8 | ]) 9 | ) 10 | } 11 | 12 | 13 | module "resource_group" { 14 | source = "tedilabs/misc/aws//modules/resource-group" 15 | version = "~> 0.12.0" 16 | 17 | count = (var.resource_group.enabled && var.module_tags_enabled) ? 1 : 0 18 | 19 | name = local.resource_group_name 20 | description = var.resource_group.description 21 | 22 | query = { 23 | resource_tags = local.module_tags 24 | } 25 | 26 | module_tags_enabled = false 27 | tags = merge( 28 | local.module_tags, 29 | var.tags, 30 | ) 31 | } 32 | -------------------------------------------------------------------------------- /modules/elasticache-redis-user-group/resource-group.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | resource_group_name = (var.resource_group.name != "" 3 | ? var.resource_group.name 4 | : join(".", [ 5 | local.metadata.package, 6 | local.metadata.module, 7 | replace(local.metadata.name, "/[^a-zA-Z0-9_\\.-]/", "-"), 8 | ]) 9 | ) 10 | } 11 | 12 | 13 | module "resource_group" { 14 | source = "tedilabs/misc/aws//modules/resource-group" 15 | version = "~> 0.12.0" 16 | 17 | count = (var.resource_group.enabled && var.module_tags_enabled) ? 1 : 0 18 | 19 | name = local.resource_group_name 20 | description = var.resource_group.description 21 | 22 | query = { 23 | resource_tags = local.module_tags 24 | } 25 | 26 | module_tags_enabled = false 27 | tags = merge( 28 | local.module_tags, 29 | var.tags, 30 | ) 31 | } 32 | -------------------------------------------------------------------------------- /.github/workflows/welcome.yaml: -------------------------------------------------------------------------------- 1 | name: Welcome for First Issue or Pull Request 2 | 3 | on: 4 | pull_request_target: 5 | types: 6 | - opened 7 | issues: 8 | types: 9 | - opened 10 | 11 | jobs: 12 | welcome: 13 | runs-on: ubuntu-latest 14 | 15 | steps: 16 | - name: Welcome for First Issue or Pull Request 17 | uses: actions/first-interaction@v1 18 | with: 19 | repo-token: ${{ secrets.GITHUB_TOKEN }} 20 | issue-message: | 21 | ### :wave: Welcome! Looks like this is your first issue. 22 | 23 | Hey, thanks for your contribution! Please give us a bit of time to review it. 😄 24 | 25 | **Be sure to follow the issue template!** 26 | pr-message: | 27 | ### :wave: Welcome! Looks like this is your first pull request. 28 | 29 | Hey, thanks for your contribution! Please give us a bit of time to review it. 😄 30 | 31 | **Please check out our contributing guidelines.** 32 | -------------------------------------------------------------------------------- /.github/auto-assign.yaml: -------------------------------------------------------------------------------- 1 | runOnDraft: false 2 | # A list of keywords to be skipped the process that add reviewers if pull requests include it 3 | skipKeywords: 4 | - wip 5 | 6 | # Set to true to add reviewers to pull requests 7 | addReviewers: true 8 | # A number of reviewers added to the pull request 9 | # Set 0 to add all the reviewers (default: 0) 10 | numberOfReviewers: 1 11 | useReviewGroups: true 12 | reviewGroups: 13 | owners: 14 | - posquit0 15 | maintainers: 16 | - posquit0 17 | 18 | # true: Add assignees to pull requests 19 | # 'author': Set the PR creator as the assignee. 20 | addAssignees: 'author' 21 | # A number of assignees to add to the pull request 22 | # Set to 0 to add all of the assignees. 23 | # Uses numberOfReviewers if unset. 24 | # numberOfAssignees: 2 25 | useAssigneeGroups: false 26 | # assigneeGroups: 27 | # groupA: 28 | # - assigneeA 29 | # - assigneeB 30 | # - assigneeC 31 | # groupB: 32 | # - assigneeD 33 | # - assigneeE 34 | # - assigneeF 35 | -------------------------------------------------------------------------------- /modules/elasticache-redis-cluster/security-group.tf: -------------------------------------------------------------------------------- 1 | ################################################### 2 | # Security Group 3 | ################################################### 4 | 5 | module "security_group" { 6 | source = "tedilabs/network/aws//modules/security-group" 7 | version = "~> 0.26.0" 8 | 9 | count = var.default_security_group.enabled ? 1 : 0 10 | 11 | name = coalesce(var.default_security_group.name, local.metadata.name) 12 | description = var.default_security_group.description 13 | vpc_id = var.vpc_id 14 | 15 | ingress_rules = [ 16 | for i, rule in var.default_security_group.ingress_rules : 17 | merge(rule, { 18 | id = try(rule.id, "redis-${i}") 19 | protocol = "tcp" 20 | from_port = var.port 21 | to_port = var.port 22 | }) 23 | ] 24 | 25 | resource_group_enabled = false 26 | module_tags_enabled = false 27 | 28 | tags = merge( 29 | local.module_tags, 30 | var.tags, 31 | ) 32 | } 33 | -------------------------------------------------------------------------------- /.github/workflows/github.pr.yaml: -------------------------------------------------------------------------------- 1 | name: GitHub - Pull Request 2 | 3 | 4 | on: 5 | pull_request_target: {} 6 | 7 | 8 | jobs: 9 | auto-assign: 10 | name: Auto Assign 11 | uses: tedilabs/github-actions/.github/workflows/github.pr.auto-assign.yaml@main 12 | if: ${{ github.event_name == 'pull_request_target' }} 13 | 14 | permissions: 15 | contents: read 16 | pull-requests: write 17 | 18 | with: 19 | config_file: .github/auto-assign.yaml 20 | secrets: 21 | token: ${{ secrets.GITHUB_TOKEN }} 22 | 23 | auto-label: 24 | name: Auto Label 25 | uses: tedilabs/github-actions/.github/workflows/github.pr.auto-label.yaml@main 26 | if: ${{ github.event_name == 'pull_request_target' }} 27 | 28 | permissions: 29 | contents: read 30 | issues: write 31 | pull-requests: write 32 | 33 | with: 34 | labeler_config_file: .github/labeler.yaml 35 | labeler_dot_included: true 36 | labeler_sync_labels: true 37 | pr_size_xs_label: 'size/XS' 38 | pr_size_s_label: 'size/S' 39 | pr_size_m_label: 'size/M' 40 | pr_size_l_label: 'size/L' 41 | pr_size_xl_label: 'size/XL' 42 | secrets: 43 | token: ${{ secrets.GITHUB_TOKEN }} 44 | -------------------------------------------------------------------------------- /modules/elasticache-redis-user/main.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | metadata = { 3 | package = "terraform-aws-db" 4 | version = trimspace(file("${path.module}/../../VERSION")) 5 | module = basename(path.module) 6 | name = var.id 7 | } 8 | module_tags = var.module_tags_enabled ? { 9 | "module.terraform.io/package" = local.metadata.package 10 | "module.terraform.io/version" = local.metadata.version 11 | "module.terraform.io/name" = local.metadata.module 12 | "module.terraform.io/full-name" = "${local.metadata.package}/${local.metadata.module}" 13 | "module.terraform.io/instance" = local.metadata.name 14 | } : {} 15 | } 16 | 17 | 18 | ################################################### 19 | # User of ElastiCache for Redis 20 | ################################################### 21 | 22 | resource "aws_elasticache_user" "this" { 23 | engine = "REDIS" 24 | user_id = var.id 25 | user_name = var.name 26 | 27 | access_string = var.access_string 28 | no_password_required = !var.password_required 29 | passwords = var.passwords 30 | 31 | tags = merge( 32 | { 33 | "Name" = local.metadata.name 34 | }, 35 | local.module_tags, 36 | var.tags, 37 | ) 38 | } 39 | -------------------------------------------------------------------------------- /modules/elasticache-redis-user/outputs.tf: -------------------------------------------------------------------------------- 1 | output "id" { 2 | description = "The ID of the ElastiCache user." 3 | value = aws_elasticache_user.this.user_id 4 | } 5 | 6 | output "arn" { 7 | description = "The ARN of the ElastiCache user." 8 | value = aws_elasticache_user.this.arn 9 | } 10 | 11 | output "name" { 12 | description = "The name of the ElastiCache user." 13 | value = aws_elasticache_user.this.user_name 14 | } 15 | 16 | output "access_string" { 17 | description = "Access permissions string used for this user." 18 | value = aws_elasticache_user.this.access_string 19 | } 20 | 21 | output "password_required" { 22 | description = "Whether a password is required for this user." 23 | value = !aws_elasticache_user.this.no_password_required 24 | } 25 | 26 | output "resource_group" { 27 | description = "The resource group created to manage resources in this module." 28 | value = merge( 29 | { 30 | enabled = var.resource_group.enabled && var.module_tags_enabled 31 | }, 32 | (var.resource_group.enabled && var.module_tags_enabled 33 | ? { 34 | arn = module.resource_group[0].arn 35 | name = module.resource_group[0].name 36 | } 37 | : {} 38 | ) 39 | ) 40 | } 41 | -------------------------------------------------------------------------------- /modules/elasticache-redis-user-group/outputs.tf: -------------------------------------------------------------------------------- 1 | output "id" { 2 | description = "The ID of the ElastiCache user group." 3 | value = aws_elasticache_user_group.this.id 4 | } 5 | 6 | output "arn" { 7 | description = "The ARN of the ElastiCache user group." 8 | value = aws_elasticache_user_group.this.arn 9 | } 10 | 11 | output "name" { 12 | description = "The name of the ElastiCache user group." 13 | value = aws_elasticache_user_group.this.user_group_id 14 | } 15 | 16 | output "default_user" { 17 | description = "The ID of default user." 18 | value = var.default_user 19 | } 20 | 21 | output "users" { 22 | description = "The list of user IDs that belong to the user group." 23 | value = values(aws_elasticache_user_group_association.this)[*].user_id 24 | } 25 | 26 | output "resource_group" { 27 | description = "The resource group created to manage resources in this module." 28 | value = merge( 29 | { 30 | enabled = var.resource_group.enabled && var.module_tags_enabled 31 | }, 32 | (var.resource_group.enabled && var.module_tags_enabled 33 | ? { 34 | arn = module.resource_group[0].arn 35 | name = module.resource_group[0].name 36 | } 37 | : {} 38 | ) 39 | ) 40 | } 41 | -------------------------------------------------------------------------------- /.pre-commit-config.yaml: -------------------------------------------------------------------------------- 1 | default_install_hook_types: 2 | - pre-commit 3 | - commit-msg 4 | 5 | repos: 6 | - repo: https://github.com/antonbabenko/pre-commit-terraform 7 | rev: v1.104.0 8 | hooks: 9 | - id: terraform_fmt 10 | name: (terraform) Format .tf files with `terraform fmt` 11 | args: 12 | - --args=-diff 13 | - id: terraform_validate 14 | name: (terraform) Check with `terraform validate` 15 | args: 16 | - --hook-config=--retry-once-with-cleanup=true 17 | - --tf-init-args=-upgrade 18 | - id: terraform_tflint 19 | name: (terraform) Check with `tflint` 20 | args: 21 | - --args=--config=__GIT_WORKING_DIR__/.tflint.hcl 22 | files: ^modules/ 23 | - id: terraform_docs 24 | name: (terraform) Generate docs with `terraform-docs` 25 | args: ["--args=--sort-by required"] 26 | 27 | - repo: https://github.com/pre-commit/pre-commit-hooks 28 | rev: v6.0.0 29 | hooks: 30 | - id: trailing-whitespace 31 | 32 | - repo: https://github.com/adrienverge/yamllint 33 | rev: v1.37.1 34 | hooks: 35 | - id: yamllint 36 | name: (yaml) Check with `yamllint` 37 | 38 | - repo: https://github.com/compilerla/conventional-pre-commit 39 | rev: v4.3.0 40 | hooks: 41 | - id: conventional-pre-commit 42 | name: (commit-message) Check conventional commit 43 | stages: [commit-msg] 44 | args: [] 45 | -------------------------------------------------------------------------------- /.github/labels.yaml: -------------------------------------------------------------------------------- 1 | # Warning 2 | - color: "ee0701" 3 | description: "Categorize bug reports." 4 | name: ":warning: bug" 5 | - color: "ee0701" 6 | description: "Categorize vulnerability reports." 7 | name: ":warning: vulnerability" 8 | 9 | # Highlight 10 | - color: "0e8a16" 11 | description: "Good for newcomers." 12 | name: ":fire: good first issue" 13 | - color: "0e8a16" 14 | description: "Extra attention is needed." 15 | name: ":fire: help wanted" 16 | 17 | # Cancel 18 | - color: "b60205" 19 | description: "This issue or pull request already exists." 20 | name: ":pray: duplicate" 21 | - color: "b60205" 22 | description: "This will not be worked on." 23 | name: ":pray: wontfix" 24 | 25 | # Size 26 | - color: "cfd3d7" 27 | description: "Extra Small size issue or PR." 28 | name: "size/XS" 29 | - color: "cfd3d7" 30 | description: "Small size issue or PR." 31 | name: "size/S" 32 | - color: "cfd3d7" 33 | description: "Medium size issue or PR." 34 | name: "size/M" 35 | - color: "cfd3d7" 36 | description: "Large size issue or PR." 37 | name: "size/L" 38 | - color: "cfd3d7" 39 | description: "Extra Large size issue or PR." 40 | name: "size/XL" 41 | 42 | # Modules 43 | - color: "fbca04" 44 | description: "This issue or pull request is related to elasticache-redis-cluster module." 45 | name: ":floppy_disk: elasticache-redis-cluster" 46 | -------------------------------------------------------------------------------- /.yamllint.yaml: -------------------------------------------------------------------------------- 1 | yaml-files: 2 | - '*.yaml' 3 | - '*.yml' 4 | 5 | rules: 6 | braces: 7 | min-spaces-inside: 0 8 | max-spaces-inside: 1 9 | min-spaces-inside-empty: 0 10 | max-spaces-inside-empty: 0 11 | brackets: 12 | min-spaces-inside: 0 13 | max-spaces-inside: 1 14 | min-spaces-inside-empty: 0 15 | max-spaces-inside-empty: 0 16 | colons: 17 | max-spaces-before: 0 18 | max-spaces-after: 1 19 | commas: 20 | max-spaces-before: 0 21 | comments: 22 | level: warning 23 | require-starting-space: true 24 | min-spaces-from-content: 1 25 | comments-indentation: disable 26 | document-end: disable 27 | document-start: disable 28 | empty-lines: 29 | level: warning 30 | max: 2 31 | max-start: 0 32 | max-end: 1 33 | empty-values: 34 | forbid-in-block-mappings: true 35 | forbid-in-flow-mappings: true 36 | hyphens: 37 | max-spaces-after: 1 38 | indentation: 39 | spaces: consistent 40 | indent-sequences: false 41 | key-duplicates: enable 42 | key-ordering: disable 43 | line-length: disable 44 | new-line-at-end-of-file: enable 45 | # Use UNIX new line characters `\n` instead of DOS new line characters `\r\n` 46 | new-lines: 47 | type: unix 48 | octal-values: disable 49 | quoted-strings: 50 | quote-type: any 51 | required: false 52 | trailing-spaces: enable 53 | truthy: disable 54 | -------------------------------------------------------------------------------- /modules/elasticache-redis-user-group/main.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | metadata = { 3 | package = "terraform-aws-db" 4 | version = trimspace(file("${path.module}/../../VERSION")) 5 | module = basename(path.module) 6 | name = var.name 7 | } 8 | module_tags = var.module_tags_enabled ? { 9 | "module.terraform.io/package" = local.metadata.package 10 | "module.terraform.io/version" = local.metadata.version 11 | "module.terraform.io/name" = local.metadata.module 12 | "module.terraform.io/full-name" = "${local.metadata.package}/${local.metadata.module}" 13 | "module.terraform.io/instance" = local.metadata.name 14 | } : {} 15 | } 16 | 17 | 18 | ################################################### 19 | # User Group of ElastiCache for Redis 20 | ################################################### 21 | 22 | resource "aws_elasticache_user_group" "this" { 23 | engine = "REDIS" 24 | user_group_id = var.name 25 | user_ids = [var.default_user] 26 | 27 | tags = merge( 28 | { 29 | "Name" = local.metadata.name 30 | }, 31 | local.module_tags, 32 | var.tags, 33 | ) 34 | 35 | lifecycle { 36 | ignore_changes = [user_ids] 37 | } 38 | } 39 | 40 | resource "aws_elasticache_user_group_association" "this" { 41 | for_each = var.users 42 | 43 | user_group_id = aws_elasticache_user_group.this.user_group_id 44 | user_id = each.value 45 | } 46 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | ### OSX ### 2 | # General 3 | .DS_Store 4 | .AppleDouble 5 | .LSOverride 6 | 7 | # Icon must end with two \r 8 | Icon 9 | 10 | # Thumbnails 11 | ._* 12 | 13 | # Files that might appear in the root of a volume 14 | .DocumentRevisions-V100 15 | .fseventsd 16 | .Spotlight-V100 17 | .TemporaryItems 18 | .Trashes 19 | .VolumeIcon.icns 20 | .com.apple.timemachine.donotpresent 21 | 22 | # Directories potentially created on remote AFP share 23 | .AppleDB 24 | .AppleDesktop 25 | Network Trash Folder 26 | Temporary Items 27 | .apdisk 28 | 29 | 30 | ### Terraform ### 31 | # Lock file 32 | .terraform.lock.hcl 33 | 34 | # Local .terraform directories 35 | **/.terraform/* 36 | 37 | # .tfstate files 38 | *.tfstate 39 | *.tfstate.* 40 | 41 | # Crash log files 42 | crash.log 43 | 44 | # Ignore any .tfvars files that are generated automatically for each Terraform run. Most 45 | # .tfvars files are managed as part of configuration and so should be included in 46 | # version control. 47 | # 48 | # example.tfvars 49 | 50 | # Ignore override files as they are usually used to override resources locally and so 51 | # are not checked in 52 | override.tf 53 | override.tf.json 54 | *_override.tf 55 | *_override.tf.json 56 | 57 | # Include override files you do wish to add to version control using negated pattern 58 | # !example_override.tf 59 | 60 | # Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan 61 | # example: *tfplan* 62 | 63 | 64 | ### Vim ### 65 | # Swap 66 | [._]*.s[a-v][a-z] 67 | !*.svg # comment out if you don't need vector files 68 | [._]*.sw[a-p] 69 | [._]s[a-rt-v][a-z] 70 | [._]ss[a-gi-z] 71 | [._]sw[a-p] 72 | 73 | # Session 74 | Session.vim 75 | Sessionx.vim 76 | 77 | # Temporary 78 | .netrwhist 79 | *~ 80 | # Auto-generated tag files 81 | tags 82 | # Persistent undo 83 | [._]*.un~ 84 | -------------------------------------------------------------------------------- /modules/elasticache-redis-user-group/variables.tf: -------------------------------------------------------------------------------- 1 | variable "name" { 2 | description = "(Required) The name of the ElastiCache user group. It can have up to 40 characters, and must begin with a letter. It should not end with a hyphen or contain two consecutive hyphens. Valid characters: A-Z, a-z, 0-9, and - (hyphen)." 3 | type = string 4 | nullable = false 5 | } 6 | 7 | variable "default_user" { 8 | description = "(Optional) The ID of default user. The user group needs to contain a user with the user name default." 9 | type = string 10 | nullable = false 11 | } 12 | 13 | variable "users" { 14 | description = "(Optional) The list of user IDs that belong to the user group." 15 | type = set(string) 16 | default = [] 17 | nullable = false 18 | } 19 | 20 | variable "tags" { 21 | description = "(Optional) A map of tags to add to all resources." 22 | type = map(string) 23 | default = {} 24 | nullable = false 25 | } 26 | 27 | variable "module_tags_enabled" { 28 | description = "(Optional) Whether to create AWS Resource Tags for the module informations." 29 | type = bool 30 | default = true 31 | nullable = false 32 | } 33 | 34 | 35 | ################################################### 36 | # Resource Group 37 | ################################################### 38 | 39 | 40 | 41 | 42 | variable "resource_group" { 43 | description = < user 85 | } 86 | 87 | id = each.key 88 | name = each.value.name 89 | 90 | access_string = try(each.value.access_string, null) 91 | password_required = try(each.value.password_required, true) 92 | passwords = try(each.value.passwords, []) 93 | 94 | tags = { 95 | "project" = "terraform-aws-db-examples" 96 | } 97 | } 98 | -------------------------------------------------------------------------------- /modules/elasticache-redis-user/variables.tf: -------------------------------------------------------------------------------- 1 | variable "id" { 2 | description = "(Required) The ID of the ElastiCache user." 3 | type = string 4 | nullable = false 5 | } 6 | 7 | variable "name" { 8 | description = "(Required) The username of the ElastiCache user. It can have up to 40 characters, and must begin with a letter. It should not end with a hyphen or contain two consecutive hyphens. Valid characters: A-Z, a-z, 0-9, and - (hyphen)." 9 | type = string 10 | nullable = false 11 | } 12 | 13 | # INFO: https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/Clusters.RBAC.html#Access-string 14 | variable "access_string" { 15 | description = "(Optional) Access permissions string used for this user. Defaults to `off -@all`." 16 | type = string 17 | default = "off -@all" 18 | nullable = false 19 | } 20 | 21 | variable "password_required" { 22 | description = "(Optional) Whether a password is required for this user. Defaults to `false`." 23 | type = bool 24 | default = false 25 | nullable = false 26 | } 27 | 28 | variable "passwords" { 29 | description = "(Optional) A set of passwords used for this user. You can create up to two passwords for each user." 30 | type = set(string) 31 | default = [] 32 | nullable = false 33 | } 34 | 35 | variable "tags" { 36 | description = "(Optional) A map of tags to add to all resources." 37 | type = map(string) 38 | default = {} 39 | nullable = false 40 | } 41 | 42 | variable "module_tags_enabled" { 43 | description = "(Optional) Whether to create AWS Resource Tags for the module informations." 44 | type = bool 45 | default = true 46 | nullable = false 47 | } 48 | 49 | 50 | ################################################### 51 | # Resource Group 52 | ################################################### 53 | 54 | 55 | 56 | 57 | variable "resource_group" { 58 | description = < 9 | ## Requirements 10 | 11 | | Name | Version | 12 | |------|---------| 13 | | [terraform](#requirement\_terraform) | >= 1.3 | 14 | | [aws](#requirement\_aws) | >= 4.30 | 15 | 16 | ## Providers 17 | 18 | | Name | Version | 19 | |------|---------| 20 | | [aws](#provider\_aws) | 4.34.0 | 21 | 22 | ## Modules 23 | 24 | | Name | Source | Version | 25 | |------|--------|---------| 26 | | [resource\_group](#module\_resource\_group) | tedilabs/misc/aws//modules/resource-group | ~> 0.10.0 | 27 | 28 | ## Resources 29 | 30 | | Name | Type | 31 | |------|------| 32 | | [aws_elasticache_user_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticache_user_group) | resource | 33 | | [aws_elasticache_user_group_association.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticache_user_group_association) | resource | 34 | 35 | ## Inputs 36 | 37 | | Name | Description | Type | Default | Required | 38 | |------|-------------|------|---------|:--------:| 39 | | [default\_user](#input\_default\_user) | (Optional) The ID of default user. The user group needs to contain a user with the user name default. | `string` | n/a | yes | 40 | | [name](#input\_name) | (Required) The name of the ElastiCache user group. It can have up to 40 characters, and must begin with a letter. It should not end with a hyphen or contain two consecutive hyphens. Valid characters: A-Z, a-z, 0-9, and - (hyphen). | `string` | n/a | yes | 41 | | [module\_tags\_enabled](#input\_module\_tags\_enabled) | (Optional) Whether to create AWS Resource Tags for the module informations. | `bool` | `true` | no | 42 | | [resource\_group\_description](#input\_resource\_group\_description) | (Optional) The description of Resource Group. | `string` | `"Managed by Terraform."` | no | 43 | | [resource\_group\_enabled](#input\_resource\_group\_enabled) | (Optional) Whether to create Resource Group to find and group AWS resources which are created by this module. | `bool` | `true` | no | 44 | | [resource\_group\_name](#input\_resource\_group\_name) | (Optional) The name of Resource Group. A Resource Group name can have a maximum of 127 characters, including letters, numbers, hyphens, dots, and underscores. The name cannot start with `AWS` or `aws`. | `string` | `""` | no | 45 | | [tags](#input\_tags) | (Optional) A map of tags to add to all resources. | `map(string)` | `{}` | no | 46 | | [users](#input\_users) | (Optional) The list of user IDs that belong to the user group. | `set(string)` | `[]` | no | 47 | 48 | ## Outputs 49 | 50 | | Name | Description | 51 | |------|-------------| 52 | | [arn](#output\_arn) | The ARN of the ElastiCache user group. | 53 | | [default\_user](#output\_default\_user) | The ID of default user. | 54 | | [id](#output\_id) | The ID of the ElastiCache user group. | 55 | | [name](#output\_name) | The name of the ElastiCache user group. | 56 | | [users](#output\_users) | The list of user IDs that belong to the user group. | 57 | 58 | -------------------------------------------------------------------------------- /.github/workflows/terraform.integration.yaml: -------------------------------------------------------------------------------- 1 | name: Integration (Terraform) 2 | 3 | on: 4 | push: 5 | branches: 6 | - main 7 | pull_request: {} 8 | 9 | concurrency: 10 | group: terraform-integration-${{ github.ref }} 11 | cancel-in-progress: true 12 | 13 | jobs: 14 | changed: 15 | name: Filter Changed Files and Directories 16 | runs-on: ubuntu-latest 17 | 18 | outputs: 19 | changed: ${{ steps.set-outputs.outputs.changed }} 20 | modified: ${{ steps.set-outputs.outputs.modified }} 21 | changed_files: ${{ steps.set-outputs.outputs.changed_files }} 22 | modified_files: ${{ steps.set-outputs.outputs.modified_files }} 23 | changed_directories: ${{ steps.set-outputs.outputs.changed_directories }} 24 | modified_directories: ${{ steps.set-outputs.outputs.modified_directories }} 25 | 26 | steps: 27 | - name: Checkout 28 | uses: actions/checkout@v4 29 | with: 30 | fetch-depth: 0 31 | 32 | - name: Get Changed Files 33 | id: changed-files 34 | uses: tj-actions/changed-files@v42 35 | with: 36 | files: | 37 | modules/** 38 | examples/** 39 | json: true 40 | 41 | - name: Get Changed Directories 42 | id: changed-directories 43 | uses: tj-actions/changed-files@v42 44 | with: 45 | files: | 46 | modules/** 47 | examples/** 48 | dir_names: "true" 49 | dir_names_max_depth: 2 50 | json: true 51 | 52 | - name: Set outputs 53 | id: set-outputs 54 | run: | 55 | echo "changed=${{ steps.changed-directories.outputs.any_changed }}" >> $GITHUB_OUTPUT 56 | echo "modified=${{ steps.changed-directories.outputs.any_modified }}" >> $GITHUB_OUTPUT 57 | 58 | echo "changed_files=${{ steps.changed-files.outputs.all_changed_files }}" >> $GITHUB_OUTPUT 59 | echo "modified_files=${{ steps.changed-files.outputs.all_modified_files }}" >> $GITHUB_OUTPUT 60 | 61 | echo "changed_directories=${{ steps.changed-directories.outputs.all_changed_files }}" >> $GITHUB_OUTPUT 62 | echo "modified_directories=${{ steps.changed-directories.outputs.all_modified_files }}" >> $GITHUB_OUTPUT 63 | 64 | 65 | terraform: 66 | name: Lint (terraform) 67 | needs: 68 | - changed 69 | if: ${{ needs.changed.outputs.modified == 'true' }} 70 | uses: tedilabs/.github/.github/workflows/terraform.terraform.yaml@main 71 | 72 | strategy: 73 | matrix: 74 | path: ${{ fromJson(needs.changed.outputs.modified_directories) }} 75 | 76 | with: 77 | terraform_target_dir: ${{ matrix.path }} 78 | terraform_version: latest 79 | terraform_host: app.terraform.io 80 | secrets: 81 | gh_token: ${{ secrets.GITHUB_TOKEN }} 82 | token: ${{ secrets.GITHUB_TOKEN }} 83 | terraform_token: ${{ secrets.TERRAFORM_TOKEN }} 84 | 85 | 86 | tflint: 87 | name: Lint (tflint) 88 | needs: 89 | - changed 90 | if: ${{ needs.changed.outputs.modified == 'true' }} 91 | uses: tedilabs/.github/.github/workflows/terraform.tflint.yaml@main 92 | 93 | strategy: 94 | matrix: 95 | path: ${{ fromJson(needs.changed.outputs.modified_directories) }} 96 | 97 | with: 98 | tflint_version: latest 99 | tflint_config_file: .tflint.hcl 100 | tflint_target_dir: ${{ matrix.path }} 101 | tflint_recursive_enabled: false 102 | tflint_terraform_init_enabled: true 103 | terraform_version: latest 104 | terraform_host: app.terraform.io 105 | secrets: 106 | gh_token: ${{ secrets.GITHUB_TOKEN }} 107 | token: ${{ secrets.GITHUB_TOKEN }} 108 | terraform_token: ${{ secrets.TERRAFORM_TOKEN }} 109 | -------------------------------------------------------------------------------- /modules/elasticache-redis-user/README.md: -------------------------------------------------------------------------------- 1 | # elasticache-redis-user 2 | 3 | This module creates following resources. 4 | 5 | - `aws_elasticache_user` 6 | 7 | 8 | ## Requirements 9 | 10 | | Name | Version | 11 | |------|---------| 12 | | [terraform](#requirement\_terraform) | >= 1.3 | 13 | | [aws](#requirement\_aws) | >= 4.30 | 14 | 15 | ## Providers 16 | 17 | | Name | Version | 18 | |------|---------| 19 | | [aws](#provider\_aws) | 4.34.0 | 20 | 21 | ## Modules 22 | 23 | | Name | Source | Version | 24 | |------|--------|---------| 25 | | [resource\_group](#module\_resource\_group) | tedilabs/misc/aws//modules/resource-group | ~> 0.10.0 | 26 | 27 | ## Resources 28 | 29 | | Name | Type | 30 | |------|------| 31 | | [aws_elasticache_user.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticache_user) | resource | 32 | 33 | ## Inputs 34 | 35 | | Name | Description | Type | Default | Required | 36 | |------|-------------|------|---------|:--------:| 37 | | [id](#input\_id) | (Required) The ID of the ElastiCache user. | `string` | n/a | yes | 38 | | [name](#input\_name) | (Required) The username of the ElastiCache user. It can have up to 40 characters, and must begin with a letter. It should not end with a hyphen or contain two consecutive hyphens. Valid characters: A-Z, a-z, 0-9, and - (hyphen). | `string` | n/a | yes | 39 | | [access\_string](#input\_access\_string) | (Optional) Access permissions string used for this user. Defaults to `off -@all`. | `string` | `"off -@all"` | no | 40 | | [module\_tags\_enabled](#input\_module\_tags\_enabled) | (Optional) Whether to create AWS Resource Tags for the module informations. | `bool` | `true` | no | 41 | | [password\_required](#input\_password\_required) | (Optional) Whether a password is required for this user. Defaults to `false`. | `bool` | `false` | no | 42 | | [passwords](#input\_passwords) | (Optional) A set of passwords used for this user. You can create up to two passwords for each user. | `set(string)` | `[]` | no | 43 | | [resource\_group\_description](#input\_resource\_group\_description) | (Optional) The description of Resource Group. | `string` | `"Managed by Terraform."` | no | 44 | | [resource\_group\_enabled](#input\_resource\_group\_enabled) | (Optional) Whether to create Resource Group to find and group AWS resources which are created by this module. | `bool` | `true` | no | 45 | | [resource\_group\_name](#input\_resource\_group\_name) | (Optional) The name of Resource Group. A Resource Group name can have a maximum of 127 characters, including letters, numbers, hyphens, dots, and underscores. The name cannot start with `AWS` or `aws`. | `string` | `""` | no | 46 | | [tags](#input\_tags) | (Optional) A map of tags to add to all resources. | `map(string)` | `{}` | no | 47 | 48 | ## Outputs 49 | 50 | | Name | Description | 51 | |------|-------------| 52 | | [access\_string](#output\_access\_string) | Access permissions string used for this user. | 53 | | [arn](#output\_arn) | The ARN of the ElastiCache user. | 54 | | [id](#output\_id) | The ID of the ElastiCache user. | 55 | | [name](#output\_name) | The name of the ElastiCache user. | 56 | | [password\_required](#output\_password\_required) | Whether a password is required for this user. | 57 | 58 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # terraform-aws-db 2 | 3 | ![GitHub release (latest SemVer)](https://img.shields.io/github/v/release/tedilabs/terraform-aws-db?color=blue&sort=semver&style=flat-square) 4 | ![GitHub](https://img.shields.io/github/license/tedilabs/terraform-aws-db?color=blue&style=flat-square) 5 | [![pre-commit](https://img.shields.io/badge/pre--commit-enabled-brightgreen?logo=pre-commit&logoColor=white&style=flat-square)](https://github.com/pre-commit/pre-commit) 6 | 7 | Terraform module which creates db related resources on AWS. 8 | 9 | - [elasticache-redis-cluster](./modules/elasticache-redis-cluster) 10 | - [elasticache-redis-user](./modules/elasticache-redis-user) 11 | - [elasticache-redis-user-group](./modules/elasticache-redis-user-group) 12 | 13 | 14 | ## Target AWS Services 15 | 16 | Terraform Modules from [this package](https://github.com/tedilabs/terraform-aws-db) were written to manage the following AWS Services with Terraform. 17 | 18 | - **AWS RDS (Relational Database Service)** 19 | - (comming sooon!) 20 | - **AWS ElastiCache** 21 | - Redis Cluster 22 | - Redis User RBAC 23 | 24 | 25 | ## Usage 26 | 27 | ### ElastiCache Redis 28 | 29 | ```tf 30 | module "cluster" { 31 | source = "tedilabs/db/aws//modules/elasticache-redis-cluster" 32 | version = "~> 0.2.0" 33 | 34 | name = "example-redis-full" 35 | description = "Managed by Terraform." 36 | 37 | redis_version = "6.2" 38 | node_instance_type = "cache.t4g.micro" 39 | # node_size = 1 40 | sharding = { 41 | enabled = true 42 | shard_size = 3 43 | replicas = 2 44 | } 45 | 46 | 47 | ## Network 48 | port = 6379 49 | vpc_id = null 50 | subnet_group = null 51 | preferred_availability_zones = [] 52 | 53 | default_security_group = { 54 | eanbled = true 55 | name = "example-redis-full-default-sg" 56 | description = "Managed by Terraform." 57 | 58 | ingress_rules = [ 59 | { 60 | cidr_blocks = ["0.0.0.0/0"] 61 | } 62 | ] 63 | } 64 | security_groups = [] 65 | 66 | 67 | ## Parameters 68 | parameter_group = { 69 | enabled = true 70 | name = "example-redis-full-parameter-group" 71 | description = "Managed by Terraform." 72 | parameters = { 73 | "lazyfree-lazy-eviction" = "yes" 74 | "lazyfree-lazy-expire" = "yes" 75 | "lazyfree-lazy-server-del" = "yes" 76 | "rename-commands" = "KEYS BLOCKED" 77 | } 78 | } 79 | custom_parameter_group = null 80 | 81 | 82 | ## Auth 83 | password = sensitive("helloworld!#!!1234") 84 | user_groups = [] 85 | 86 | 87 | ## Encryption 88 | encryption_at_rest = { 89 | enabled = true 90 | kms_key = null 91 | } 92 | encryption_in_transit = { 93 | enabled = true 94 | } 95 | 96 | 97 | ## Backup 98 | backup_enabled = true 99 | backup_window = "16:00-17:00" 100 | backup_retention = 1 101 | backup_final_snapshot_name = "example-redis-full-final" 102 | 103 | 104 | ## Source 105 | source_backup_name = null 106 | source_rdb_s3_arns = null 107 | 108 | 109 | ## Maintenance 110 | maintenance_window = "fri:18:00-fri:20:00" 111 | auto_upgrade_minor_version_enabled = true 112 | notification_sns_topic = null 113 | 114 | 115 | ## Logging 116 | logging_slow_log = { 117 | enabled = false 118 | format = "JSON" 119 | 120 | destination_type = "CLOUDWATCH_LOGS" 121 | destination = null 122 | } 123 | logging_engine_log = { 124 | enabled = false 125 | format = "JSON" 126 | 127 | destination_type = "CLOUDWATCH_LOGS" 128 | destination = null 129 | } 130 | 131 | 132 | ## Attributes 133 | multi_az_enabled = true 134 | auto_failover_enabled = true 135 | apply_immediately = true 136 | 137 | timeouts = { 138 | create = "60m" 139 | update = "40m" 140 | delete = "40m" 141 | } 142 | 143 | tags = { 144 | "project" = "terraform-aws-db-examples" 145 | } 146 | } 147 | ``` 148 | 149 | 150 | ## Examples 151 | 152 | ### ElastiCache Redis 153 | 154 | - [Singie Redis Instance](./examples/elasticache-redis-single) 155 | - [Multi-AZs Redis Cluster (Sharding Disabled)](./examples/elasticache-redis-multi-az) 156 | - [Full Redis Cluster (Sharding Enabled)](./examples/elasticache-redis-full) 157 | - [Redis Cluster with RBAC(Role Based Access Control)](./examples/elasticache-redis-with-users) 158 | 159 | 160 | ## Self Promotion 161 | 162 | Like this project? Follow the repository on [GitHub](https://github.com/tedilabs/terraform-aws-db). And if you're feeling especially charitable, follow **[posquit0](https://github.com/posquit0)** on GitHub. 163 | 164 | 165 | ## License 166 | 167 | Provided under the terms of the [Apache License](LICENSE). 168 | 169 | Copyright © 2022-2025, [Byungjin Park](https://www.posquit0.com). -------------------------------------------------------------------------------- /modules/elasticache-redis-cluster/main.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | metadata = { 3 | package = "terraform-aws-db" 4 | version = trimspace(file("${path.module}/../../VERSION")) 5 | module = basename(path.module) 6 | name = var.name 7 | } 8 | module_tags = var.module_tags_enabled ? { 9 | "module.terraform.io/package" = local.metadata.package 10 | "module.terraform.io/version" = local.metadata.version 11 | "module.terraform.io/name" = local.metadata.module 12 | "module.terraform.io/full-name" = "${local.metadata.package}/${local.metadata.module}" 13 | "module.terraform.io/instance" = local.metadata.name 14 | } : {} 15 | } 16 | 17 | locals { 18 | is_data_tiering_type = replace(var.node_instance_type, "/^cache\\.[a-z0-9]?d\\..*$/", "1") == "1" ? true : false 19 | } 20 | 21 | 22 | ################################################### 23 | # Parameter Group of ElastiCache Cluster for Redis 24 | ################################################### 25 | 26 | locals { 27 | supported_families = [ 28 | { name = "redis2.8", prefix = "2.8" }, 29 | { name = "redis3.2", prefix = "3.2" }, 30 | { name = "redis4.0", prefix = "4.0" }, 31 | { name = "redis5.0", prefix = "5.0" }, 32 | { name = "redis6.x", prefix = "6." }, 33 | { name = "redis7", prefix = "7." }, 34 | ] 35 | family = [ 36 | for f in local.supported_families : 37 | f.name 38 | if startswith(var.redis_version, f.prefix) 39 | ][0] 40 | 41 | parameters = merge( 42 | { 43 | "cluster-enabled" = var.sharding.enabled ? "yes" : "no" 44 | }, 45 | var.parameter_group.parameters 46 | ) 47 | 48 | logging_destination_types = { 49 | "CLOUDWATCH_LOGS" = "cloudwatch-logs" 50 | "KINESIS_FIREHOSE" = "kinesis-firehose" 51 | } 52 | 53 | parameger_group_default_name = "${var.name}-${replace(local.family, ".", "-")}" 54 | } 55 | 56 | resource "aws_elasticache_parameter_group" "this" { 57 | count = var.parameter_group.enabled ? 1 : 0 58 | 59 | name = coalesce(var.parameter_group.name, local.parameger_group_default_name) 60 | description = coalesce(var.parameter_group.description, "Customized Parameter Group for ${var.name} redis cluster. (v${var.redis_version})") 61 | family = local.family 62 | 63 | dynamic "parameter" { 64 | for_each = local.parameters 65 | 66 | content { 67 | name = parameter.key 68 | value = parameter.value 69 | } 70 | } 71 | 72 | tags = merge( 73 | { 74 | "Name" = local.metadata.name 75 | }, 76 | local.module_tags, 77 | var.tags, 78 | ) 79 | 80 | lifecycle { 81 | create_before_destroy = true 82 | } 83 | } 84 | 85 | 86 | ################################################### 87 | # ElastiCache Cluster for Redis 88 | ################################################### 89 | 90 | # Only need for secondary replicas 91 | # - `global_replication_group_id` 92 | resource "aws_elasticache_replication_group" "this" { 93 | replication_group_id = var.name 94 | description = var.description 95 | 96 | engine = "redis" 97 | engine_version = var.redis_version 98 | node_type = var.node_instance_type 99 | num_cache_clusters = !var.sharding.enabled ? var.node_size : null 100 | num_node_groups = var.sharding.enabled ? var.sharding.shard_size : null 101 | replicas_per_node_group = var.sharding.enabled ? var.sharding.replicas : null 102 | 103 | 104 | ## Network 105 | port = var.port 106 | subnet_group_name = var.subnet_group 107 | preferred_cache_cluster_azs = var.preferred_availability_zones 108 | security_group_ids = (var.default_security_group.enabled 109 | ? concat(module.security_group[*].id, var.security_groups) 110 | : var.security_groups 111 | ) 112 | 113 | 114 | ## Parameters 115 | parameter_group_name = (var.parameter_group.enabled 116 | ? aws_elasticache_parameter_group.this[0].name 117 | : var.custom_parameter_group 118 | ) 119 | 120 | 121 | ## Auth 122 | auth_token = length(var.password) > 0 ? var.password : null 123 | user_group_ids = length(var.user_groups) > 0 ? var.user_groups : null 124 | 125 | 126 | ## Encryption 127 | at_rest_encryption_enabled = var.encryption_at_rest.enabled 128 | kms_key_id = var.encryption_at_rest.kms_key 129 | transit_encryption_enabled = var.encryption_in_transit.enabled 130 | 131 | 132 | ## Backup 133 | snapshot_window = var.backup_window 134 | snapshot_retention_limit = var.backup_enabled ? var.backup_retention : 0 135 | final_snapshot_identifier = var.backup_final_snapshot_name 136 | 137 | 138 | ## Source 139 | snapshot_arns = var.source_rdb_s3_arns 140 | snapshot_name = var.source_backup_name 141 | 142 | 143 | ## Maintenance 144 | maintenance_window = var.maintenance_window 145 | auto_minor_version_upgrade = var.auto_upgrade_minor_version_enabled 146 | notification_topic_arn = var.notification_sns_topic 147 | 148 | 149 | ## Logging 150 | dynamic "log_delivery_configuration" { 151 | for_each = var.logging_slow_log.enabled ? [var.logging_slow_log] : [] 152 | iterator = logging 153 | 154 | content { 155 | log_type = "slow-log" 156 | log_format = lower(logging.value.format) 157 | destination_type = local.logging_destination_types[logging.value.destination_type] 158 | destination = logging.value.destination 159 | } 160 | } 161 | dynamic "log_delivery_configuration" { 162 | for_each = var.logging_engine_log.enabled ? [var.logging_engine_log] : [] 163 | iterator = logging 164 | 165 | content { 166 | log_type = "engine-log" 167 | log_format = lower(logging.value.format) 168 | destination_type = local.logging_destination_types[logging.value.destination_type] 169 | destination = logging.value.destination 170 | } 171 | } 172 | 173 | 174 | ## Attributes 175 | multi_az_enabled = var.multi_az_enabled 176 | automatic_failover_enabled = var.auto_failover_enabled 177 | data_tiering_enabled = local.is_data_tiering_type 178 | 179 | apply_immediately = var.apply_immediately 180 | 181 | timeouts { 182 | create = var.timeouts.create 183 | update = var.timeouts.update 184 | delete = var.timeouts.delete 185 | } 186 | 187 | tags = merge( 188 | { 189 | "Name" = local.metadata.name 190 | }, 191 | local.module_tags, 192 | var.tags, 193 | ) 194 | 195 | lifecycle { 196 | precondition { 197 | condition = anytrue([ 198 | !var.multi_az_enabled, 199 | var.multi_az_enabled && var.auto_failover_enabled, 200 | ]) 201 | error_message = "If Muti-AZ Support is enabled, `auto_failover_enabled` must also be enabled." 202 | } 203 | precondition { 204 | condition = (length(var.password) > 0 205 | ? var.encryption_in_transit.enabled 206 | : true 207 | ) 208 | error_message = "Password can be specified only if in-transit encryption is enabled." 209 | } 210 | } 211 | } 212 | -------------------------------------------------------------------------------- /modules/elasticache-redis-cluster/outputs.tf: -------------------------------------------------------------------------------- 1 | output "id" { 2 | description = "The ID of the ElastiCache Redis cluster." 3 | value = aws_elasticache_replication_group.this.id 4 | } 5 | 6 | output "arn" { 7 | description = "The ARN of the ElastiCache Redis cluster." 8 | value = aws_elasticache_replication_group.this.arn 9 | } 10 | 11 | output "name" { 12 | description = "The name of the ElastiCache Redis cluster." 13 | value = var.name 14 | } 15 | 16 | output "description" { 17 | description = "The description of the ElastiCache Redis cluster." 18 | value = aws_elasticache_replication_group.this.description 19 | } 20 | 21 | output "redis_version" { 22 | description = "The version number of Redis used for the ElastiCache Redis cluster. The actual engine version used is returned in `redis_version_actual`." 23 | value = aws_elasticache_replication_group.this.engine_version 24 | } 25 | 26 | output "redis_version_actual" { 27 | description = "The actual version number of Redis used for the ElastiCache Redis cluster. Because ElastiCache pulls the latest minor or patch for a version, this attribute returns the running version of the cache engine." 28 | value = aws_elasticache_replication_group.this.engine_version_actual 29 | } 30 | 31 | output "node_instance_type" { 32 | description = "The instance type used for the ElastiCache Redis cluster." 33 | value = aws_elasticache_replication_group.this.node_type 34 | } 35 | 36 | output "node_size" { 37 | description = "The number of cache nodes (primary and replicas) for this ElastiCache Redis cluster will have." 38 | value = aws_elasticache_replication_group.this.num_cache_clusters 39 | } 40 | 41 | output "nodes" { 42 | description = "The list of all nodes are part of the ElastiCache Redis cluster." 43 | value = aws_elasticache_replication_group.this.member_clusters 44 | } 45 | 46 | output "sharding" { 47 | description = "The configuration for sharding of the ElastiCache Redis cluster." 48 | value = { 49 | enabled = aws_elasticache_replication_group.this.cluster_enabled 50 | shard_size = aws_elasticache_replication_group.this.num_node_groups 51 | replicas = aws_elasticache_replication_group.this.replicas_per_node_group 52 | } 53 | } 54 | 55 | output "network" { 56 | description = <= 1 37 | ]) 38 | error_message = "`node_size` should be greater than `0`." 39 | } 40 | } 41 | 42 | variable "sharding" { 43 | description = <= 1, 60 | var.sharding.shard_size <= 500, 61 | ]) 62 | error_message = "The number of shards should be between `1` and `500`." 63 | } 64 | 65 | validation { 66 | condition = alltrue([ 67 | var.sharding.replicas >= 0, 68 | var.sharding.replicas <= 5, 69 | ]) 70 | error_message = "The number of replicas for each shard should be between `0` and `5`." 71 | } 72 | } 73 | 74 | variable "port" { 75 | description = "(Optional) The port number on which each of the cache nodes will accept connections. The default port is `6379`." 76 | type = number 77 | default = 6379 78 | nullable = false 79 | 80 | validation { 81 | condition = alltrue([ 82 | var.port >= 1, 83 | var.port <= 65535 84 | ]) 85 | error_message = "Valid values range for `port` from 1 through 65535." 86 | } 87 | } 88 | 89 | variable "vpc_id" { 90 | description = "(Optional) The ID of the associated VPC. You must provide the `vpc_id` when `default_security_group.enabled` is `true`. It will used to provision the default security group." 91 | type = string 92 | default = null 93 | } 94 | 95 | variable "subnet_group" { 96 | description = "(Optional) The name of the cache subnet group to be used for the ElastiCache Redis cluster. If not provided, configured to use `default` subnet group in the default VPC." 97 | type = string 98 | default = null 99 | } 100 | 101 | variable "preferred_availability_zones" { 102 | description = "(Optional) A list of AZs(Availability Zones) in which the ElastiCache Redis cluster nodes will be created. The order of the availability zones in the list is considered. The first item in the list will be the primary node. Ignored when updating." 103 | type = list(string) 104 | default = [] 105 | } 106 | 107 | variable "default_security_group" { 108 | description = <= 16 && length(var.password) <= 128 169 | ]) 170 | error_message = "`password` must contain from 16 to 128 alphanumeric characters or symbols (excluding @, \", and /)." 171 | } 172 | } 173 | 174 | variable "user_groups" { 175 | description = "(Optional) A set of User Group IDs to associate with the ElastiCache Redis cluster. Only a maximum of one user group ID is valid. The AWS specification allows for multiple IDs, but AWS only allows a maximum size of one." 176 | type = set(string) 177 | default = [] 178 | nullable = false 179 | } 180 | 181 | variable "encryption_at_rest" { 182 | description = <= 1, 230 | var.backup_retention <= 35, 231 | ]) 232 | error_message = "The value of `backup_retention` must be between 1 and 35." 233 | } 234 | } 235 | 236 | variable "backup_final_snapshot_name" { 237 | description = "(Optional) The name of your final node group (shard) snapshot. ElastiCache creates the snapshot from the primary node in the cluster. If omitted, no final snapshot will be made." 238 | type = string 239 | default = null 240 | } 241 | 242 | variable "source_backup_name" { 243 | description = "(Optional) The name of a snapshot from which to restore data into the new node group. Changing the `source_backup_name` forces a new resource." 244 | type = string 245 | default = null 246 | } 247 | 248 | variable "source_rdb_s3_arns" { 249 | description = "(Optional) A list of ARNs that identify Redis RDB snapshot files stored in Amazon S3. The object names cannot contain any commas." 250 | type = list(string) 251 | default = [] 252 | nullable = false 253 | } 254 | 255 | variable "maintenance_window" { 256 | description = "(Optional) The weekly time range for when maintenance on the ElastiCache Redis cluster is performed. The format is `ddd:hh24:mi-ddd:hh24:mi` (24H Clock UTC). The minimum maintenance window is a 60 minute period. Example: `sun:05:00-sun:09:00`. Defaults to `fri:18:00-fri:20:00`." 257 | type = string 258 | default = "fri:18:00-fri:20:00" 259 | nullable = false 260 | } 261 | 262 | variable "auto_upgrade_minor_version_enabled" { 263 | description = "(Optional) Whether automatically schedule cluster upgrade to the latest minor version, once it becomes available. Cluster upgrade will only be scheduled during the maintenance window. Defaults to `true`. Only supported if the redis version is 6 or higher." 264 | type = bool 265 | default = true 266 | nullable = false 267 | } 268 | 269 | variable "notification_sns_topic" { 270 | description = "(Optional) The ARN of an SNS topic to send ElastiCache notifications to." 271 | type = string 272 | default = null 273 | } 274 | 275 | variable "logging_slow_log" { 276 | description = < 11 | ## Requirements 12 | 13 | | Name | Version | 14 | |------|---------| 15 | | [terraform](#requirement\_terraform) | >= 1.3 | 16 | | [aws](#requirement\_aws) | >= 4.36 | 17 | 18 | ## Providers 19 | 20 | | Name | Version | 21 | |------|---------| 22 | | [aws](#provider\_aws) | 4.34.0 | 23 | 24 | ## Modules 25 | 26 | | Name | Source | Version | 27 | |------|--------|---------| 28 | | [resource\_group](#module\_resource\_group) | tedilabs/misc/aws//modules/resource-group | ~> 0.10.0 | 29 | | [security\_group](#module\_security\_group) | tedilabs/network/aws//modules/security-group | ~> 0.26.0 | 30 | 31 | ## Resources 32 | 33 | | Name | Type | 34 | |------|------| 35 | | [aws_elasticache_parameter_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticache_parameter_group) | resource | 36 | | [aws_elasticache_replication_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticache_replication_group) | resource | 37 | 38 | ## Inputs 39 | 40 | | Name | Description | Type | Default | Required | 41 | |------|-------------|------|---------|:--------:| 42 | | [name](#input\_name) | (Required) The name of the ElastiCache Redis cluster. This parameter is stored as a lowercase string. | `string` | n/a | yes | 43 | | [node\_instance\_type](#input\_node\_instance\_type) | (Required) The instance type to be deployed for the ElastiCache Redis cluster. | `string` | n/a | yes | 44 | | [apply\_immediately](#input\_apply\_immediately) | (Optional) Whether any modifications are applied immediately, or during the next maintenance window. Default to `false`. | `bool` | `false` | no | 45 | | [auto\_failover\_enabled](#input\_auto\_failover\_enabled) | (Optional) Whether a read-only replica will be automatically promoted to read/write primary if the existing primary fails. If enabled, `node_size` must be greater than 1. Must be enabled for Redis (cluster mode enabled) cluster. Defaults to `false`. ElastiCache Auto Failover provides enhanced high availability through automatic failover to a read replica in case of a primary node failover. | `bool` | `false` | no | 46 | | [auto\_upgrade\_minor\_version\_enabled](#input\_auto\_upgrade\_minor\_version\_enabled) | (Optional) Whether automatically schedule cluster upgrade to the latest minor version, once it becomes available. Cluster upgrade will only be scheduled during the maintenance window. Defaults to `true`. Only supported if the redis version is 6 or higher. | `bool` | `true` | no | 47 | | [backup\_enabled](#input\_backup\_enabled) | (Optional) Whether to automatically create a daily backup of a set of replicas. Defaults to `false`. | `bool` | `false` | no | 48 | | [backup\_final\_snapshot\_name](#input\_backup\_final\_snapshot\_name) | (Optional) The name of your final node group (shard) snapshot. ElastiCache creates the snapshot from the primary node in the cluster. If omitted, no final snapshot will be made. | `string` | `null` | no | 49 | | [backup\_retention](#input\_backup\_retention) | (Optional) The number of days for which automated backups are retained before they are automatically deleted. Valid value is between `1` and `35`. Defaults to 1. | `number` | `1` | no | 50 | | [backup\_window](#input\_backup\_window) | (Optional) The daily time range (in UTC) during which ElastiCache will begin taking a daily snapshot of the ElastiCache Redis cluster. The minimum snapshot window is a 60 minute period. Example: 05:00-09:00. Defaults to `16:00-17:00`. | `string` | `"16:00-17:00"` | no | 51 | | [custom\_parameter\_group](#input\_custom\_parameter\_group) | (Optional) The name of the parameter group to associate with the ElastiCache Redis cluster. If this argument is omitted, the default cache parameter group for the specified engine is used. To enable `cluster mode` (sharding), use a parameter group that has the parameter `cluster-enabled` set to `true`. | `string` | `null` | no | 52 | | [default\_security\_group](#input\_default\_security\_group) | (Optional) The configuration of the default security group for the ElastiCache Redis cluster. `default_security_group` block as defined below.
(Optional) `enabled` - Whether to use the default security group. Defaults to `true`.
(Optional) `name` - The name of the default security group. If not provided, the cluster name is used for the name of security group.
(Optional) `description` - The description of the default security group.
(Optional) `ingress_rules` - A list of ingress rules in a security group. You don't need to specify `protocol`, `from_port`, `to_port`. Just specify source information. Defauls to `[{ cidr_blocks = "0.0.0.0/0" }]`. | 
object({
    enabled     = optional(bool, true)
    name        = optional(string, null)
    description = optional(string, "Managed by Terraform.")
    ingress_rules = optional(any, [{
      cidr_blocks = ["0.0.0.0/0"]
    }])
  })
| `{}` | no | 53 | | [description](#input\_description) | (Optional) The description of the ElastiCache Redis cluster. | `string` | `"Managed by Terraform."` | no | 54 | | [encryption\_at\_rest](#input\_encryption\_at\_rest) | The configuration for at-rest encryption of the ElastiCache Redis cluster.
(Optional) `enabled` - Whether to enable at-rest encryption. Defaults to `false`.
(Optional) `kms_key` - The ARN of the key to use for at-rest encryption. If not supplied, uses service managed encryption key. Can be specified only if `encryption_at_rest.enabled` is `true`. | 
object({
    enabled = optional(bool, false)
    kms_key = optional(string, null)
  })
| `{}` | no | 55 | | [encryption\_in\_transit](#input\_encryption\_in\_transit) | The configuration for in-transit encryption of the ElastiCache Redis cluster.
(Optional) `enabled` - Whether to enable in-transit encryption. Defaults to `false`. | 
object({
    enabled = optional(bool, false)
  })
| `{}` | no | 56 | | [logging\_engine\_log](#input\_logging\_engine\_log) | The configuration for streaming Redis Engine Log of the ElastiCache Redis cluster.
(Optional) `enabled` - Whether to enable streaming Redis Engine Log. Defaults to `false`.
(Optional) `format` - The format of Redis Engine Log. Valid values are `JSON` or `TEXT`. Defaults to `JSON`.
(Optional) `destination_type` - The destination type for streaming Redis Engine Log. For CloudWatch Logs use `CLOUDWATCH_LOGS` or for Kinesis Data Firehose use `KINESIS_FIREHOSE`. Defaults to `CLOUDWATCH_LOGS`.
(Optional) `destination` - The name of either the CloudWatch Logs LogGroup or Kinesis Data Firehose resource. | 
object({
    enabled          = optional(bool, false)
    format           = optional(string, "JSON")
    destination_type = optional(string, "CLOUDWATCH_LOGS")
    destination      = optional(string, null)
  })
| `{}` | no | 57 | | [logging\_slow\_log](#input\_logging\_slow\_log) | The configuration for streaming Redis Slow Log of the ElastiCache Redis cluster.
(Optional) `enabled` - Whether to enable streaming Redis Slow Log. Defaults to `false`.
(Optional) `format` - The format of Redis Slow Log. Valid values are `JSON` or `TEXT`. Defaults to `JSON`.
(Optional) `destination_type` - The destination type for streaming Redis Slow Log. For CloudWatch Logs use `CLOUDWATCH_LOGS` or for Kinesis Data Firehose use `KINESIS_FIREHOSE`. Defaults to `CLOUDWATCH_LOGS`.
(Optional) `destination` - The name of either the CloudWatch Logs LogGroup or Kinesis Data Firehose resource. | 
object({
    enabled          = optional(bool, false)
    format           = optional(string, "JSON")
    destination_type = optional(string, "CLOUDWATCH_LOGS")
    destination      = optional(string, null)
  })
| `{}` | no | 58 | | [maintenance\_window](#input\_maintenance\_window) | (Optional) The weekly time range for when maintenance on the ElastiCache Redis cluster is performed. The format is `ddd:hh24:mi-ddd:hh24:mi` (24H Clock UTC). The minimum maintenance window is a 60 minute period. Example: `sun:05:00-sun:09:00`. Defaults to `fri:18:00-fri:20:00`. | `string` | `"fri:18:00-fri:20:00"` | no | 59 | | [module\_tags\_enabled](#input\_module\_tags\_enabled) | (Optional) Whether to create AWS Resource Tags for the module informations. | `bool` | `true` | no | 60 | | [multi\_az\_enabled](#input\_multi\_az\_enabled) | (Optional) Whether to enable Multi-AZ Support for the ElastiCache Redis cluster. If true, `auto_failover_enabled` must also be enabled. Defaults to `false`. | `bool` | `false` | no | 61 | | [node\_size](#input\_node\_size) | (Optional) The number of cache nodes (primary and replicas) for this ElastiCache Redis cluster will have. If Multi-AZ is enabled, this value must be at least 2. Updates will occur before other modifications. Defaults to `1`. | `number` | `1` | no | 62 | | [notification\_sns\_topic](#input\_notification\_sns\_topic) | (Optional) The ARN of an SNS topic to send ElastiCache notifications to. | `string` | `null` | no | 63 | | [parameter\_group](#input\_parameter\_group) | The configuration for parameter group of the ElastiCache Redis cluster.
(Optional) `enabled` - Whether to enable managed parameter group by this module.
(Optional) `name` - The name of the managed parameter group. If not provided, the name is configured with the cluster name.
(Optional) `description` - The description of the managed parameter group.
(Optional) `parameters` - The key/value set for Redis parameters of ElastiCache Redis cluster. Each key is the name of the redis parameter. Each value is the value of the redis parameter. | 
object({
    enabled     = optional(bool, true)
    name        = optional(string, "")
    description = optional(string, "")
    parameters  = optional(map(string), {})
  })
| `{}` | no | 64 | | [password](#input\_password) | (Optional) Password used to access a password protected ElastiCache Redis cluster. Can be specified only if `encryption_in_transit.enabled` is `true`. | `string` | `""` | no | 65 | | [port](#input\_port) | (Optional) The port number on which each of the cache nodes will accept connections. The default port is `6379`. | `number` | `6379` | no | 66 | | [preferred\_availability\_zones](#input\_preferred\_availability\_zones) | (Optional) A list of AZs(Availability Zones) in which the ElastiCache Redis cluster nodes will be created. The order of the availability zones in the list is considered. The first item in the list will be the primary node. Ignored when updating. | `list(string)` | `[]` | no | 67 | | [redis\_version](#input\_redis\_version) | (Optional) The version number of Redis to be used for each nodes in the ElastiCache Redis cluster. If the version is 6 or higher, the major and minor version can be set, e.g., 6.2, or the minor version can be unspecified which will use the latest version at creation time, e.g., 6.x. Otherwise, specify the full version desired, e.g., 5.0.6. The actual engine version used is returned in the attribute `redis_version_actual`. | `string` | `"7.0"` | no | 68 | | [resource\_group\_description](#input\_resource\_group\_description) | (Optional) The description of Resource Group. | `string` | `"Managed by Terraform."` | no | 69 | | [resource\_group\_enabled](#input\_resource\_group\_enabled) | (Optional) Whether to create Resource Group to find and group AWS resources which are created by this module. | `bool` | `true` | no | 70 | | [resource\_group\_name](#input\_resource\_group\_name) | (Optional) The name of Resource Group. A Resource Group name can have a maximum of 127 characters, including letters, numbers, hyphens, dots, and underscores. The name cannot start with `AWS` or `aws`. | `string` | `""` | no | 71 | | [security\_groups](#input\_security\_groups) | (Optional) A list of security group IDs to assign to the instance. | `list(string)` | `[]` | no | 72 | | [sharding](#input\_sharding) | The configuration for sharding of the ElastiCache Redis cluster.
(Optional) `enabled` - Whether to enable sharding (cluster mode). It enables replication across multiple shards for enhanced scalability and availability. Defaults to `false`.
(Optional) `shard_size` - The number of shards in this cluster. Valid value is from `1` to `500`. Defaults to `3`.
(Optional) `replicas` - The number of replicas for each shard. Valid value is from `0` to `5`. Defaults to `2`. | 
object({
    enabled    = optional(bool, false)
    shard_size = optional(number, 3)
    replicas   = optional(number, 2)
  })
| `{}` | no | 73 | | [source\_backup\_name](#input\_source\_backup\_name) | (Optional) The name of a snapshot from which to restore data into the new node group. Changing the `source_backup_name` forces a new resource. | `string` | `null` | no | 74 | | [source\_rdb\_s3\_arns](#input\_source\_rdb\_s3\_arns) | (Optional) A list of ARNs that identify Redis RDB snapshot files stored in Amazon S3. The object names cannot contain any commas. | `list(string)` | `[]` | no | 75 | | [subnet\_group](#input\_subnet\_group) | (Optional) The name of the cache subnet group to be used for the ElastiCache Redis cluster. If not provided, configured to use `default` subnet group in the default VPC. | `string` | `null` | no | 76 | | [tags](#input\_tags) | (Optional) A map of tags to add to all resources. | `map(string)` | `{}` | no | 77 | | [timeouts](#input\_timeouts) | (Optional) How long to wait for the instance to be created/updated/deleted. | 
object({
    create = optional(string, "60m")
    update = optional(string, "40m")
    delete = optional(string, "40m")
  })
| `{}` | no | 78 | | [user\_groups](#input\_user\_groups) | (Optional) A set of User Group IDs to associate with the ElastiCache Redis cluster. Only a maximum of one user group ID is valid. The AWS specification allows for multiple IDs, but AWS only allows a maximum size of one. | `set(string)` | `[]` | no | 79 | | [vpc\_id](#input\_vpc\_id) | (Optional) The ID of the associated VPC. You must provide the `vpc_id` when `default_security_group.enabled` is `true`. It will used to provision the default security group. | `string` | `null` | no | 80 | 81 | ## Outputs 82 | 83 | | Name | Description | 84 | |------|-------------| 85 | | [arn](#output\_arn) | The ARN of the ElastiCache Redis cluster. | 86 | | [attributes](#output\_attributes) | A set of attributes that applied to the ElastiCache Redis cluster. | 87 | | [auth](#output\_auth) | The configuration for auth of the ElastiCache Redis cluster.
`user_groups` - A set of User Group IDs to associate with the ElastiCache Redis cluster. | 88 | | [backup](#output\_backup) | The configuration for backup of the ElastiCache Redis cluster.
`enabled` - Whether to automatically create a daily backup of a set of replicas.
`window` - The daily time range (in UTC) during which ElastiCache will begin taking a daily snapshot of the ElastiCache Redis cluster.
`retention` - The number of days for which automated backups are retained before they are automatically deleted. | 89 | | [description](#output\_description) | The description of the ElastiCache Redis cluster. | 90 | | [encryption](#output\_encryption) | The configuration for encryption of the ElastiCache Redis cluster.
`at_rest` - The configuration for at-rest encryption.
`in_transit` - The configuration for in-transit encryption. | 91 | | [endpoints](#output\_endpoints) | The connection endpoints to the ElastiCache Redis cluster.
`primary` - Address of the endpoint for the primary node in the cluster, if the cluster mode is disabled.
`reader` - Address of the endpoint for the reader node in the cluster, if the cluster mode is disabled.
`configuration` - Address of the replication group configuration endpoint when cluster mode is enabled. | 92 | | [id](#output\_id) | The ID of the ElastiCache Redis cluster. | 93 | | [logging](#output\_logging) | The configuration for logging of the ElastiCache Redis cluster.
`slow_log` - The configuration for streaming Redis Slow Log.
`engine_log` - The configuration for streaming Redis Engine Log. | 94 | | [maintenance](#output\_maintenance) | The configuration for maintenance of the ElastiCache Redis cluster.
`window` - The weekly time range for when maintenance on the ElastiCache Redis cluster is performed.
`auto_upgrade_minor_version_enabled` - Whether automatically schedule cluster upgrade to the latest minor version, once it becomes available.
`notification_sns_arn` - The ARN of an SNS topic to send ElastiCache notifications to. | 95 | | [name](#output\_name) | The name of the ElastiCache Redis cluster. | 96 | | [network](#output\_network) | The configuration for network of the ElastiCache Redis cluster.
`port` - The port number on each cache nodes to accept connections.
`subnet_group` - The name of the cache subnet group used for.
`preferred_availability_zones` - The list of AZs(Availability Zones) in which the ElastiCache Redis cluster nodes will be created. | 97 | | [node\_instance\_type](#output\_node\_instance\_type) | The instance type used for the ElastiCache Redis cluster. | 98 | | [node\_size](#output\_node\_size) | The number of cache nodes (primary and replicas) for this ElastiCache Redis cluster will have. | 99 | | [nodes](#output\_nodes) | The list of all nodes are part of the ElastiCache Redis cluster. | 100 | | [parameter\_group](#output\_parameter\_group) | The name of the parameter group associated with the ElastiCache Redis cluster. | 101 | | [redis\_version](#output\_redis\_version) | The version number of Redis used for the ElastiCache Redis cluster. The actual engine version used is returned in `redis_version_actual`. | 102 | | [redis\_version\_actual](#output\_redis\_version\_actual) | The actual version number of Redis used for the ElastiCache Redis cluster. Because ElastiCache pulls the latest minor or patch for a version, this attribute returns the running version of the cache engine. | 103 | | [sharding](#output\_sharding) | The configuration for sharding of the ElastiCache Redis cluster. | 104 | | [source](#output\_source) | The configuration for source backup of the ElastiCache Redis cluster to restore from.
`backup_name` - The name of a snapshot from which to restore data into the new node group.
`rdb_s3_arns` - The list of ARNs that identify Redis RDB snapshot files stored in Amazon S3. | 105 | 106 | --------------------------------------------------------------------------------