Terraform module to provision an ElastiCache Redis Cluster
Fixing this problem when var.transit_encryption_enabled is false the transit_encryption_mode value should be null.
I was blindsided with my use case of encrypting everything and I should have covered the default use case.
Allow configuring transit_encryption_mode.
This was added in AWS Provider v5.47.0 as part of https://github.com/hashicorp/terraform-provider-aws/pull/30403
This is needed if you want to migrate to in-transit encryption with no downtime.
Allow configuring auth_token_update_strategy provider setting.
This has been added to AWS Provider on v5.27.0 in this PR https://github.com/hashicorp/terraform-provider-aws/pull/16203
Give user the flexibility to change the update strategy when setting/changing the auth_token.
Closes #55
.github/workflows/release.yaml) to have permission to comment on PR.github/workflows) to use shared workflows from .github repo.github/workflows) to add issue: write permission needed by ReviewDog tflint action.github/workflows/settings.yaml)cldouposse/.github repository.github/settings.yaml)This is an auto-generated PR that updates the README.md and docs
To have most recent changes of README.md and doc from origin templates
make readme to rebuild README.md from README.yaml
.github repoThis PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| cloudposse/vpc/aws (source) | module | minor | 2.1.1 -> 2.2.0 |
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| cloudposse/cloudwatch-logs/aws (source) | module | patch | 0.6.5 -> 0.6.8 |
v0.6.8This is just a continuation of the fix https://github.com/cloudposse/terraform-aws-cloudwatch-logs/pull/38. Prod environment tested. That's how it works correctly.
v0.6.7Fix mistake in policy
The policy is created simply by ARN without the ":" construct, which is necessary to create the correct policy for the role. Without this ":" construct, the policy is created, but it does not work correctly. This error was discovered when I tried to create a cloudwatch group in the cloudtrail module. I got the response "Error: Error updating CloudTrail: InvalidCloudWatchLogsLogGroupArnException: Access denied. Verify in IAM that the role has adequate permissions." After studying the code, I realized that I need to add the construction ":*" in a couple of lines. My solution looks like this, I need to replace the lines in file :
This line: join("", aws_cloudwatch_log_group.default..arn), replaced by "${join("", aws_cloudwatch_log_group.default..arn)}:*" You need to do this in both identical lines.
Perhaps you can suggest a better solution, I'm new to terraforming.
https://github.com/cloudposse/terraform-aws-cloudwatch-logs/issues/37 https://github.com/cloudposse/terraform-aws-cloudwatch-logs/blob/master/iam.tf#L55
v0.6.6This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| cloudposse/iam-role/aws (source) | module | patch | 0.16.1 -> 0.16.2 |
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| cloudposse/vpc/aws (source) | module | patch | 2.1.0 -> 2.1.1 |
v2.1.1This PR adds support for Network Address Usage Metrics on the VPC. AWS documentation : https://docs.aws.amazon.com/vpc/latest/userguide/network-address-usage.html Terraform documentation : https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc#enable_network_address_usage_metrics
Network Address Usage metrics can help monitor the growth of a VPC and would be useful for any user. Enable this after creating a VPC does not trigger recreation of the VPC.
closes #​115
Rebuild github dir from the template
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| cloudposse/route53-cluster-hostname/aws (source) | module | minor | 0.12.2 -> 0.13.0 |
v0.13.0v0.12.3This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| cloudposse/dynamic-subnets/aws (source) | module | minor | 2.3.0 -> 2.4.1 |
v2.4.1v2.4.0With this release, EIPs allocated for NAT ingress are allocated in the default domain. This most likely does not affect you, but for accounts created before 2013-12-04 (almost 10 years ago as of this writing), the default domain could be EC2-Classic rather than the current VPC. Previously this module forced the EIPs to be in the VPC domain, but the breaking changes between AWS Provider v4 and v5 make that difficult.
If you find yourself in the rare situation where the EIPs allocated by this module are in EC2-Classic but you want them in VPC, then create the EIPs outside of this module and supply them to this module via nat_elastic_ips.
This release includes an example (examples/nacls/) showing how to create custom NACLs in conjunction with this module. Note that by default, this module creates wide-open NACLs, and subnets can only have one NACL associated with them. If you try to add a NACL to a subnet without disabling the default NACLs, you may get a possibly confusing error like:
│ Error: creating EC2 Network ACL: creating EC2 Network ACL (acl-0376c5f12dd9d784d) Association: InvalidAssociationID.NotFound: The association ID 'aclassoc-0818d5a9e3876a2bb' does not exist
See https://github.com/hashicorp/terraform-provider-aws/issues/31888
null as meaning "default")aws_eip vpc = true
random_password and feed that into an auth_token and rotate it gracefully.Ignore security_group_names for aws_elasticache_replication_group resource.
There is a bug in the terraform aws provider: https://github.com/hashicorp/terraform-provider-aws/issues/32835
When importing an aws_elasticache_replication_group resource the attribute security_group_names is imported as null.
The security_group_names attribute is not used by this module.
https://github.com/cloudposse/terraform-aws-security-group/releases https://sweetops.slack.com/archives/CB6GHNLG0/p1701898649784559
create_parameter_group and parameter_group_name
This module doesn't currently support major version upgrades of Redis (eg, 6.x to. 7.x) because:
I have decided to add "redis cluster family" as a suffix. AWS follows a similar convention for default parameter groups, using names such as:
default.redis6.x
default.redis7
Since using . is not possible, I have opted to use - instead.
To prevent any breaking changes, I have introduced a new variable called parameter_group_name. By setting this variable to the current parameter group name, you can prevent any terraform configuration drift.
We can also reuse existing parameter groups.
If we want to use the default parameter group created by AWS (default.redis7)
create_parameter_group = false
engine = "redis7"
If we want to use any other existing parameter group:
create_parameter_group = false
parameter_group_name = "existing-parameter-group-name"
Resolves https://github.com/cloudposse/terraform-aws-elasticache-redis/issues/178
I see that other people tried to solve this problem before (see references), but the pull requests were not merged yet: