Terraform module to provision an ElastiCache Redis Cluster
Fixing this problem when var.transit_encryption_enabled
is false
the transit_encryption_mode
value should be null.
I was blindsided with my use case of encrypting everything and I should have covered the default use case.
Allow configuring transit_encryption_mode
.
This was added in AWS Provider v5.47.0 as part of https://github.com/hashicorp/terraform-provider-aws/pull/30403
This is needed if you want to migrate to in-transit encryption with no downtime.
Allow configuring auth_token_update_strategy
provider setting.
This has been added to AWS Provider on v5.27.0 in this PR https://github.com/hashicorp/terraform-provider-aws/pull/16203
Give user the flexibility to change the update strategy when setting/changing the auth_token
.
Closes #55
.github/workflows/release.yaml
) to have permission to comment on PR.github/workflows
) to use shared workflows from .github
repo.github/workflows
) to add issue: write
permission needed by ReviewDog tflint
action.github/workflows/settings.yaml
)cldouposse/.github
repository.github/settings.yaml
)This is an auto-generated PR that updates the README.md and docs
To have most recent changes of README.md and doc from origin templates
make readme
to rebuild README.md
from README.yaml
.github
repoThis PR contains the following updates:
Package | Type | Update | Change |
---|---|---|---|
cloudposse/vpc/aws (source) | module | minor | 2.1.1 -> 2.2.0 |
This PR contains the following updates:
Package | Type | Update | Change |
---|---|---|---|
cloudposse/cloudwatch-logs/aws (source) | module | patch | 0.6.5 -> 0.6.8 |
v0.6.8
This is just a continuation of the fix https://github.com/cloudposse/terraform-aws-cloudwatch-logs/pull/38. Prod environment tested. That's how it works correctly.
v0.6.7
Fix mistake in policy
The policy is created simply by ARN without the ":" construct, which is necessary to create the correct policy for the role. Without this ":" construct, the policy is created, but it does not work correctly. This error was discovered when I tried to create a cloudwatch group in the cloudtrail module. I got the response "Error: Error updating CloudTrail: InvalidCloudWatchLogsLogGroupArnException: Access denied. Verify in IAM that the role has adequate permissions." After studying the code, I realized that I need to add the construction ":*" in a couple of lines. My solution looks like this, I need to replace the lines in file :
This line: join("", aws_cloudwatch_log_group.default..arn), replaced by "${join("", aws_cloudwatch_log_group.default..arn)}:*" You need to do this in both identical lines.
Perhaps you can suggest a better solution, I'm new to terraforming.
https://github.com/cloudposse/terraform-aws-cloudwatch-logs/issues/37 https://github.com/cloudposse/terraform-aws-cloudwatch-logs/blob/master/iam.tf#L55
v0.6.6
This PR contains the following updates:
Package | Type | Update | Change |
---|---|---|---|
cloudposse/iam-role/aws (source) | module | patch | 0.16.1 -> 0.16.2 |
This PR contains the following updates:
Package | Type | Update | Change |
---|---|---|---|
cloudposse/vpc/aws (source) | module | patch | 2.1.0 -> 2.1.1 |
v2.1.1
This PR adds support for Network Address Usage Metrics on the VPC. AWS documentation : https://docs.aws.amazon.com/vpc/latest/userguide/network-address-usage.html Terraform documentation : https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc#enable_network_address_usage_metrics
Network Address Usage metrics can help monitor the growth of a VPC and would be useful for any user. Enable this after creating a VPC does not trigger recreation of the VPC.
closes #​115
Rebuild github dir from the template
This PR contains the following updates:
Package | Type | Update | Change |
---|---|---|---|
cloudposse/route53-cluster-hostname/aws (source) | module | minor | 0.12.2 -> 0.13.0 |
v0.13.0
v0.12.3
This PR contains the following updates:
Package | Type | Update | Change |
---|---|---|---|
cloudposse/dynamic-subnets/aws (source) | module | minor | 2.3.0 -> 2.4.1 |
v2.4.1
v2.4.0
With this release, EIPs allocated for NAT ingress are allocated in the default domain. This most likely does not affect you, but for accounts created before 2013-12-04 (almost 10 years ago as of this writing), the default domain could be EC2-Classic rather than the current VPC. Previously this module forced the EIPs to be in the VPC domain, but the breaking changes between AWS Provider v4 and v5 make that difficult.
If you find yourself in the rare situation where the EIPs allocated by this module are in EC2-Classic but you want them in VPC, then create the EIPs outside of this module and supply them to this module via nat_elastic_ips
.
This release includes an example (examples/nacls/
) showing how to create custom NACLs in conjunction with this module. Note that by default, this module creates wide-open NACLs, and subnets can only have one NACL associated with them. If you try to add a NACL to a subnet without disabling the default NACLs, you may get a possibly confusing error like:
│ Error: creating EC2 Network ACL: creating EC2 Network ACL (acl-0376c5f12dd9d784d) Association: InvalidAssociationID.NotFound: The association ID 'aclassoc-0818d5a9e3876a2bb' does not exist
See https://github.com/hashicorp/terraform-provider-aws/issues/31888
null
as meaning "default")aws_eip
vpc = true
random_password
and feed that into an auth_token
and rotate it gracefully.Ignore security_group_names
for aws_elasticache_replication_group
resource.
There is a bug in the terraform aws provider: https://github.com/hashicorp/terraform-provider-aws/issues/32835
When importing an aws_elasticache_replication_group
resource the attribute security_group_names
is imported as null
.
The security_group_names
attribute is not used by this module.
https://github.com/cloudposse/terraform-aws-security-group/releases https://sweetops.slack.com/archives/CB6GHNLG0/p1701898649784559
create_parameter_group
and parameter_group_name
This module doesn't currently support major version upgrades of Redis (eg, 6.x to. 7.x) because:
I have decided to add "redis cluster family" as a suffix. AWS follows a similar convention for default parameter groups, using names such as:
default.redis6.x
default.redis7
Since using .
is not possible, I have opted to use -
instead.
To prevent any breaking changes, I have introduced a new variable called parameter_group_name. By setting this variable to the current parameter group name, you can prevent any terraform configuration drift.
We can also reuse existing parameter groups.
If we want to use the default parameter group created by AWS (default.redis7
)
create_parameter_group = false
engine = "redis7"
If we want to use any other existing parameter group:
create_parameter_group = false
parameter_group_name = "existing-parameter-group-name"
Resolves https://github.com/cloudposse/terraform-aws-elasticache-redis/issues/178
I see that other people tried to solve this problem before (see references), but the pull requests were not merged yet: