Skip to content

Latest commit

 

History

History
502 lines (415 loc) · 31.7 KB

README.md

File metadata and controls

502 lines (415 loc) · 31.7 KB

AWS ElastiCache Terraform module

Terraform module which creates AWS ElastiCache resources.

SWUbanner

Usage

See examples directory for working examples to reference:

Memcached Cluster

module "elasticache" {
  source = "terraform-aws-modules/elasticache/aws"

  cluster_id               = "example-memcached"
  create_cluster           = true
  create_replication_group = false

  engine          = "memcached"
  engine_version  = "1.6.17"
  node_type       = "cache.t4g.small"
  num_cache_nodes = 2
  az_mode         = "cross-az"

  maintenance_window = "sun:05:00-sun:09:00"
  apply_immediately  = true

  # Security group
  vpc_id = module.vpc.vpc_id
  security_group_rules = {
    ingress_vpc = {
      # Default type is `ingress`
      # Default port is based on the default engine port
      description = "VPC traffic"
      cidr_ipv4   = module.vpc.vpc_cidr_block
    }
  }

  # Subnet Group
  subnet_ids = module.vpc.private_subnets

  # Parameter Group
  create_parameter_group = true
  parameter_group_family = "memcached1.6"
  parameters = [
    {
      name  = "idle_timeout"
      value = 60
    }
  ]

  tags = {
    Terraform   = "true"
    Environment = "dev"
  }
}

Redis Cluster

module "elasticache" {
  source = "terraform-aws-modules/elasticache/aws"

  cluster_id               = "example-redis"
  create_cluster           = true
  create_replication_group = false

  engine_version = "7.1"
  node_type      = "cache.t4g.small"

  maintenance_window = "sun:05:00-sun:09:00"
  apply_immediately  = true

  # Security group
  vpc_id = module.vpc.vpc_id
  security_group_rules = {
    ingress_vpc = {
      # Default type is `ingress`
      # Default port is based on the default engine port
      description = "VPC traffic"
      cidr_ipv4   = module.vpc.vpc_cidr_block
    }
  }

  # Subnet Group
  subnet_ids = module.vpc.private_subnets

  # Parameter Group
  create_parameter_group = true
  parameter_group_family = "redis7"
  parameters = [
    {
      name  = "latency-tracking"
      value = "yes"
    }
  ]

  tags = {
    Terraform   = "true"
    Environment = "dev"
  }
}

Redis Cluster Mode

module "elasticache" {
  source = "terraform-aws-modules/elasticache/aws"

  replication_group_id = "example-redis-cluster"

  # Cluster mode
  cluster_mode_enabled       = true
  num_node_groups            = 2
  replicas_per_node_group    = 3
  automatic_failover_enabled = true
  multi_az_enabled           = true

  maintenance_window = "sun:05:00-sun:09:00"
  apply_immediately  = true

  # Security group
  vpc_id = module.vpc.vpc_id
  security_group_rules = {
    ingress_vpc = {
      # Default type is `ingress`
      # Default port is based on the default engine port
      description = "VPC traffic"
      cidr_ipv4   = module.vpc.vpc_cidr_block
    }
  }

  # Subnet Group
  subnet_ids = module.vpc.private_subnets

  # Parameter Group
  create_parameter_group = true
  parameter_group_family = "redis7"
  parameters = [
    {
      name  = "latency-tracking"
      value = "yes"
    }
  ]

  tags = {
    Terraform   = "true"
    Environment = "dev"
  }
}

Redis Global Replication Group

module "elasticache_primary" {
  source = "terraform-aws-modules/elasticache/aws"

  replication_group_id                    = "example-redis-global-replication-group"
  create_primary_global_replication_group = true

  engine_version = "7.1"
  node_type      = "cache.r7g.large"

  # Security group
  vpc_id = module.vpc.vpc_id
  security_group_rules = {
    ingress_vpc = {
      # Default type is `ingress`
      # Default port is based on the default engine port
      description = "VPC traffic"
      cidr_ipv4   = module.vpc.vpc_cidr_block
    }
  }

  # Subnet Group
  subnet_ids = module.vpc.private_subnets

  # Parameter Group
  create_parameter_group = true
  parameter_group_family = "redis7"

  tags = {
    Terraform   = "true"
    Environment = "dev"
  }
}

module "elasticache_secondary" {
  source = "terraform-aws-modules/elasticache/aws"

  providers = {
    aws = aws.other_region
  }

  replication_group_id        = "example-redis-global-replication-group"
  global_replication_group_id = module.elasticache_primary.global_replication_group_id

  # Security group
  vpc_id = module.vpc.vpc_id
  security_group_rules = {
    ingress_vpc = {
      # Default type is `ingress`
      # Default port is based on the default engine port
      description = "VPC traffic"
      cidr_ipv4   = module.vpc.vpc_cidr_block
    }
  }

  # Subnet Group
  subnet_ids = module.vpc.private_subnets

  tags = {
    Terraform   = "true"
    Environment = "dev"
  }
}

Redis Replication Group

module "elasticache" {
  source = "terraform-aws-modules/elasticache/aws"

  replication_group_id = "example-redis-replication-group"

  engine_version = "7.1"
  node_type      = "cache.t4g.small"

  transit_encryption_enabled = true
  auth_token                 = "PickSomethingMoreSecure123!"
  maintenance_window         = "sun:05:00-sun:09:00"
  apply_immediately          = true

  # Security group
  vpc_id = module.vpc.vpc_id
  security_group_rules = {
    ingress_vpc = {
      # Default type is `ingress`
      # Default port is based on the default engine port
      description = "VPC traffic"
      cidr_ipv4   = module.vpc.vpc_cidr_block
    }
  }

  # Subnet Group
  subnet_ids = module.vpc.private_subnets

  # Parameter Group
  create_parameter_group = true
  parameter_group_family = "redis7"
  parameters = [
    {
      name  = "latency-tracking"
      value = "yes"
    }
  ]

  tags = {
    Terraform   = "true"
    Environment = "dev"
  }
}

Serverless Cache

module "elasticache" {
  source = "terraform-aws-modules/elasticache/aws//modules/serverless-cache"

  engine     = "redis"
  cache_name = "example-serverless-cache"

  cache_usage_limits = {
    data_storage = {
      maximum = 2
    }
    ecpu_per_second = {
      maximum = 1000
    }
  }

  daily_snapshot_time  = "22:00"
  description          = "example-serverless-cache serverless cluster"
  kms_key_id           = aws_kms_key.this.arn
  major_engine_version = "7"
  security_group_ids   = [module.sg.security_group_id]

  snapshot_retention_limit = 7
  subnet_ids               = module.vpc.private_subnets

  user_group_id = module.cache_user_group.group_id
}

Valkey Replication Group

module "elasticache" {
  source = "terraform-aws-modules/elasticache/aws"

  replication_group_id = local.name

  engine         = "valkey"
  engine_version = "7.2"
  node_type      = "cache.t4g.small"

  transit_encryption_enabled = true
  auth_token                 = "PickSomethingMoreSecure123!"
  maintenance_window         = "sun:05:00-sun:09:00"
  apply_immediately          = true

  # Security Group
  vpc_id = module.vpc.vpc_id
  security_group_rules = {
    ingress_vpc = {
      # Default type is `ingress`
      # Default port is based on the default engine port
      description = "VPC traffic"
      cidr_ipv4   = module.vpc.vpc_cidr_block
    }
  }

  # Subnet Group
  subnet_group_name        = local.name
  subnet_group_description = "Valkey replication group subnet group"
  subnet_ids               = module.vpc.private_subnets

  # Parameter Group
  create_parameter_group      = true
  parameter_group_name        = local.name
  parameter_group_family      = "valkey7"
  parameter_group_description = "Valkey replication group parameter group"
  parameters = [
    {
      name  = "latency-tracking"
      value = "yes"
    }
  ]

  tags = local.tags
}

Examples

Examples codified under the examples are intended to give users references for how to use the module(s) as well as testing/validating changes to the source code of the module. If contributing to the project, please be sure to make any appropriate updates to the relevant examples to allow maintainers to test your changes and to keep the examples up to date for users. Thank you!

Requirements

Name Version
terraform >= 1.0
aws >= 5.73
random >= 3.0

Providers

Name Version
aws >= 5.73
random >= 3.0

Modules

No modules.

Resources

Name Type
aws_cloudwatch_log_group.this resource
aws_elasticache_cluster.this resource
aws_elasticache_global_replication_group.this resource
aws_elasticache_parameter_group.this resource
aws_elasticache_replication_group.global resource
aws_elasticache_replication_group.this resource
aws_elasticache_subnet_group.this resource
aws_security_group.this resource
aws_vpc_security_group_egress_rule.this resource
aws_vpc_security_group_ingress_rule.this resource
random_id.this resource

Inputs

Name Description Type Default Required
apply_immediately Whether any database modifications are applied immediately, or during the next maintenance window. Default is false bool null no
at_rest_encryption_enabled Whether to enable encryption at rest bool true no
auth_token The password used to access a password protected server. Can be specified only if transit_encryption_enabled = true string null no
auth_token_update_strategy Strategy to use when updating the auth_token. Valid values are SET, ROTATE, and DELETE. Defaults to ROTATE string null no
auto_minor_version_upgrade Specifies whether minor version engine upgrades will be applied automatically to the underlying Cache Cluster instances during the maintenance window. Only supported for engine type redis and valkey and if the engine version is 6 or higher. Defaults to true bool null no
automatic_failover_enabled Specifies whether a read-only replica will be automatically promoted to read/write primary if the existing primary fails. If true, Multi-AZ is enabled for this replication group. If false, Multi-AZ is disabled for this replication group. Must be enabled for Redis (cluster mode enabled) replication groups bool null no
availability_zone Availability Zone for the cache cluster. If you want to create cache nodes in multi-az, use preferred_availability_zones instead string null no
az_mode Whether the nodes in this Memcached node group are created in a single Availability Zone or created across multiple Availability Zones in the cluster's region. Valid values for this parameter are single-az or cross-az, default is single-az string null no
cluster_id Group identifier. ElastiCache converts this name to lowercase. Changing this value will re-create the resource string "" no
cluster_mode Specifies whether cluster mode is enabled or disabled. Valid values are enabled or disabled or compatible string null no
cluster_mode_enabled Whether to enable Redis [cluster mode https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/Replication.Redis-RedisCluster.html] bool false no
create Determines whether resources will be created (affects all resources) bool true no
create_cluster Determines whether an ElastiCache cluster will be created or not bool false no
create_parameter_group Determines whether the ElastiCache parameter group will be created or not bool false no
create_primary_global_replication_group Determines whether an primary ElastiCache global replication group will be created bool false no
create_replication_group Determines whether an ElastiCache replication group will be created or not bool true no
create_secondary_global_replication_group Determines whether an secondary ElastiCache global replication group will be created bool false no
create_security_group Determines if a security group is created bool true no
create_subnet_group Determines whether the Elasticache subnet group will be created or not bool true no
data_tiering_enabled Enables data tiering. Data tiering is only supported for replication groups using the r6gd node type. This parameter must be set to true when using r6gd nodes bool null no
description User-created description for the replication group string null no
engine Name of the cache engine to be used for this cache cluster. Valid values are memcached, redis, or valkey string "redis" no
engine_version Version number of the cache engine to be used. If not set, defaults to the latest version string null no
final_snapshot_identifier (Redis only) Name of your final cluster snapshot. If omitted, no final snapshot will be made string null no
global_replication_group_id The ID of the global replication group to which this replication group should belong string null no
ip_discovery The IP version to advertise in the discovery protocol. Valid values are ipv4 or ipv6 string null no
kms_key_arn The ARN of the key that you wish to use if encrypting at rest. If not supplied, uses service managed encryption. Can be specified only if at_rest_encryption_enabled = true string null no
log_delivery_configuration (Redis OSS or Valkey) Specifies the destination and format of Redis OSS/Valkey SLOWLOG or Redis OSS/Valkey Engine Log any
{
"slow-log": {
"destination_type": "cloudwatch-logs",
"log_format": "json"
}
}
no
maintenance_window Specifies the weekly time range for when maintenance on the cache cluster is performed. The format is ddd:hh24:mi-ddd:hh24:mi (24H Clock UTC) string null no
multi_az_enabled Specifies whether to enable Multi-AZ Support for the replication group. If true, automatic_failover_enabled must also be enabled. Defaults to false bool false no
network_type The IP versions for cache cluster connections. Valid values are ipv4, ipv6 or dual_stack string null no
node_type The instance class used. For Memcached, changing this value will re-create the resource string null no
notification_topic_arn ARN of an SNS topic to send ElastiCache notifications to string null no
num_cache_clusters Number of cache clusters (primary and replicas) this replication group will have. If Multi-AZ is enabled, the value of this parameter must be at least 2. Updates will occur before other modifications. Conflicts with num_node_groups. Defaults to 1 number null no
num_cache_nodes The initial number of cache nodes that the cache cluster will have. For Redis, this value must be 1. For Memcached, this value must be between 1 and 40. If this number is reduced on subsequent runs, the highest numbered nodes will be removed number 1 no
num_node_groups Number of node groups (shards) for this Redis replication group. Changing this number will trigger a resizing operation before other settings modifications number null no
outpost_mode Specify the outpost mode that will apply to the cache cluster creation. Valid values are single-outpost and cross-outpost, however AWS currently only supports single-outpost mode string null no
parameter_group_description The description of the ElastiCache parameter group. Defaults to Managed by Terraform string null no
parameter_group_family The family of the ElastiCache parameter group string "" no
parameter_group_name The name of the parameter group. If create_parameter_group is true, this is the name assigned to the parameter group created. Otherwise, this is the name of an existing parameter group string null no
parameters List of ElastiCache parameters to apply list(map(string)) [] no
port The port number on which each of the cache nodes will accept connections. For Memcached the default is 11211, and for Redis the default port is 6379 number null no
preferred_availability_zones List of the Availability Zones in which cache nodes are created list(string) [] no
preferred_cache_cluster_azs List of EC2 availability zones in which the replication group's cache clusters will be created. The order of the availability zones in the list is considered. The first item in the list will be the primary node. Ignored when updating list(string) [] no
preferred_outpost_arn (Required if outpost_mode is specified) The outpost ARN in which the cache cluster will be created string null no
replicas_per_node_group Number of replica nodes in each node group. Changing this number will trigger a resizing operation before other settings modifications. Valid values are 0 to 5 number null no
replication_group_id Replication group identifier. When create_replication_group is set to true, this is the ID assigned to the replication group created. When create_replication_group is set to false, this is the ID of an externally created replication group string null no
security_group_description Description of the security group created string null no
security_group_ids One or more VPC security groups associated with the cache cluster list(string) [] no
security_group_name Name to use on security group created string null no
security_group_names Names of one or more Amazon VPC security groups associated with this replication group list(string) [] no
security_group_rules Security group ingress and egress rules to add to the security group created any {} no
security_group_tags A map of additional tags to add to the security group created map(string) {} no
security_group_use_name_prefix Determines whether the security group name (security_group_name) is used as a prefix bool true no
snapshot_arns (Redis only) Single-element string list containing an Amazon Resource Name (ARN) of a Redis RDB snapshot file stored in Amazon S3 list(string) [] no
snapshot_name (Redis only) Name of a snapshot from which to restore data into the new node group. Changing snapshot_name forces a new resource string null no
snapshot_retention_limit (Redis only) Number of days for which ElastiCache will retain automatic cache cluster snapshots before deleting them number null no
snapshot_window (Redis only) Daily time range (in UTC) during which ElastiCache will begin taking a daily snapshot of your cache cluster. Example: 05:00-09:00 string null no
subnet_group_description Description for the Elasticache subnet group string null no
subnet_group_name The name of the subnet group. If create_subnet_group is true, this is the name assigned to the subnet group created. Otherwise, this is the name of an existing subnet group string null no
subnet_ids List of VPC Subnet IDs for the Elasticache subnet group list(string) [] no
tags A map of tags to add to all resources map(string) {} no
transit_encryption_enabled Enable encryption in-transit. Supported only with Memcached versions 1.6.12 and later, running in a VPC bool true no
transit_encryption_mode A setting that enables clients to migrate to in-transit encryption with no downtime. Valid values are preferred and required string null no
user_group_ids User Group ID to associate with the replication group. Only a maximum of one (1) user group ID is valid list(string) null no
vpc_id Identifier of the VPC where the security group will be created string null no

Outputs

Name Description
cloudwatch_log_group_arn Arn of cloudwatch log group created
cloudwatch_log_group_name Name of cloudwatch log group created
cloudwatch_log_groups Map of CloudWatch log groups created and their attributes
cluster_address (Memcached only) DNS name of the cache cluster without the port appended
cluster_arn The ARN of the ElastiCache Cluster
cluster_cache_nodes List of node objects including id, address, port and availability_zone
cluster_configuration_endpoint (Memcached only) Configuration endpoint to allow host discovery
cluster_engine_version_actual Because ElastiCache pulls the latest minor or patch for a version, this attribute returns the running version of the cache engine
global_replication_group_arn ARN of the created ElastiCache Global Replication Group
global_replication_group_engine_version_actual The full version number of the cache engine running on the members of this global replication group
global_replication_group_id ID of the ElastiCache Global Replication Group
global_replication_group_node_groups Set of node groups (shards) on the global replication group
parameter_group_arn The AWS ARN associated with the parameter group
parameter_group_id The ElastiCache parameter group name
replication_group_arn ARN of the created ElastiCache Replication Group
replication_group_configuration_endpoint_address Address of the replication group configuration endpoint when cluster mode is enabled
replication_group_engine_version_actual Because ElastiCache pulls the latest minor or patch for a version, this attribute returns the running version of the cache engine
replication_group_id ID of the ElastiCache Replication Group
replication_group_member_clusters Identifiers of all the nodes that are part of this replication group
replication_group_primary_endpoint_address Address of the endpoint for the primary node in the replication group, if the cluster mode is disabled
replication_group_reader_endpoint_address Address of the endpoint for the reader node in the replication group, if the cluster mode is disabled
security_group_arn Amazon Resource Name (ARN) of the security group
security_group_id ID of the security group
subnet_group_name The ElastiCache subnet group name

License

Apache-2.0 Licensed. See LICENSE.