add redis configuration

marcincuber · marcincuber · commit c3a08a99db59 · 2019-12-19T17:23:22.000Z
diff --git a/Makefile b/Makefile
@@ -0,0 +1,59 @@
+ifneq (,)
+.error This Makefile requires GNU Make.
+endif
+
+.PHONY: gen _gen-main _gen-examples _update-tf-docs
+
+CURRENT_DIR     = $(dir $(abspath $(lastword $(MAKEFILE_LIST))))
+TF_EXAMPLES     = $(sort $(dir $(wildcard $(CURRENT_DIR)examples/*/)))
+TF_DOCS_VERSION = 0.6.0
+
+# Adjust your delimiter here or overwrite via make arguments
+DELIM_START = <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+DELIM_CLOSE = <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+
+gen: _update-tf-docs
+	@echo "################################################################################"
+	@echo "# Terraform-docs generate"
+	@echo "################################################################################"
+	@$(MAKE) --no-print-directory _gen-main
+	@$(MAKE) --no-print-directory _gen-examples
+
+_gen-main:
+	@echo "------------------------------------------------------------"
+	@echo "# Main module"
+	@echo "------------------------------------------------------------"
+	@if docker run --rm \
+		-v $(CURRENT_DIR):/data \
+		-e DELIM_START='$(DELIM_START)' \
+		-e DELIM_CLOSE='$(DELIM_CLOSE)' \
+		cytopia/terraform-docs:$(TF_DOCS_VERSION) \
+		terraform-docs-replace-012 --sort-inputs-by-required --with-aggregate-type-defaults md README.md; then \
+		echo "OK"; \
+	else \
+		echo "Failed"; \
+		exit 1; \
+	fi
+
+_gen-examples:
+	@$(foreach example,\
+		$(TF_EXAMPLES),\
+		DOCKER_PATH="examples/$(notdir $(patsubst %/,%,$(example)))"; \
+		echo "------------------------------------------------------------"; \
+		echo "# $${DOCKER_PATH}"; \
+		echo "------------------------------------------------------------"; \
+		if docker run --rm \
+			-v $(CURRENT_DIR):/data \
+			-e DELIM_START='$(DELIM_START)' \
+			-e DELIM_CLOSE='$(DELIM_CLOSE)' \
+			cytopia/terraform-docs:$(TF_DOCS_VERSION) \
+			terraform-docs-replace-012 --sort-inputs-by-required --with-aggregate-type-defaults md $${DOCKER_PATH}/README.md; then \
+			echo "OK"; \
+		else \
+			echo "Failed"; \
+			exit 1; \
+		fi; \
+	)
+
+_update-tf-docs:
+	docker pull cytopia/terraform-docs:$(TF_DOCS_VERSION)
diff --git a/README.md b/README.md
@@ -35,6 +35,54 @@ Module is to be used with Terraform > 0.12.
 
 Module managed by [Marcin Cuber](https://github.com/marcincuber) [linkedin](https://www.linkedin.com/in/marcincuber/).
 
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|:----:|:-----:|:-----:|
+| name\_prefix | The replication group identifier. This parameter is stored as a lowercase string. | string | n/a | yes |
+| node\_type | The compute and memory capacity of the nodes in the node group. | string | n/a | yes |
+| number\_cache\_clusters | The number of cache clusters (primary and replicas) this replication group will have. | string | n/a | yes |
+| subnet\_ids | List of VPC Subnet IDs for the cache subnet group. | list(string) | n/a | yes |
+| vpc\_id | VPC Id to associate with Redis ElastiCache. | string | n/a | yes |
+| apply\_immediately | Specifies whether any modifications are applied immediately, or during the next maintenance window. | string | `"false"` | no |
+| at\_rest\_encryption\_enabled | Whether to enable encryption at rest. | string | `"true"` | no |
+| auth\_token | The password used to access a password protected server. Can be specified only if `transit_encryption_enabled = true`. | string | `""` | no |
+| auto\_minor\_version\_upgrade |  | string | `"true"` | no |
+| automatic\_failover\_enabled | Specifies whether a read-only replica will be automatically promoted to read/write primary if the existing primary fails. | string | `"true"` | no |
+| description | The description of the all resources. | string | `"Managed by Terraform"` | no |
+| engine\_version | The version number of the cache engine to be used for the cache clusters in this replication group. | string | `"5.0.0"` | no |
+| family | The family of the ElastiCache parameter group. | string | `"redis5.0"` | no |
+| ingress\_cidr\_blocks | List of Ingress CIDR blocks. | list(string) | `[]` | no |
+| kms\_key\_id | The ARN of the key that you wish to use if encrypting at rest. If not supplied, uses service managed encryption. Can be specified only if `at_rest_encryption_enabled = true` | string | `""` | no |
+| maintenance\_window | Specifies the weekly time range for when maintenance on the cache cluster is performed. | string | `""` | no |
+| parameter | A list of Redis parameters to apply. Note that parameters may differ from one Redis family to another | object | `[]` | no |
+| port | The port number on which each of the cache nodes will accept connections. | string | `"6379"` | no |
+| snapshot\_retention\_limit | The number of days for which ElastiCache will retain automatic cache cluster snapshots before deleting them. | string | `"30"` | no |
+| snapshot\_window | The daily time range (in UTC) during which ElastiCache will begin taking a daily snapshot of your cache cluster. | string | `""` | no |
+| source\_security\_group\_ids | List of Security Groups. | list(string) | `[]` | no |
+| tags | A mapping of tags to assign to all resources. | map(string) | `{}` | no |
+| transit\_encryption\_enabled | Whether to enable encryption in transit. | string | `"true"` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| elasticache\_parameter\_group\_id | The ElastiCache parameter group name. |
+| elasticache\_replication\_group\_id | The ID of the ElastiCache Replication Group. |
+| elasticache\_replication\_group\_member\_clusters | The identifiers of all the nodes that are part of this replication group. |
+| elasticache\_replication\_group\_primary\_endpoint\_address | The address of the endpoint for the primary node in the replication group. |
+| security\_group\_arn | The ARN of the Redis ElastiCache security group. |
+| security\_group\_description | The description of the Redis ElastiCache security group. |
+| security\_group\_egress | The egress rules of the Redis ElastiCache security group. |
+| security\_group\_id | The ID of the Redis ElastiCache security group. |
+| security\_group\_ingress | The ingress rules of the Redis ElastiCache security group. |
+| security\_group\_name | The name of the Redis ElastiCache security group. |
+| security\_group\_owner\_id | The owner ID of the Redis ElastiCache security group. |
+| security\_group\_vpc\_id | The VPC ID of the Redis ElastiCache security group. |
+
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+
 ## License
 
-See LICENSE for full details.
+See LICENSE for full details.
diff --git a/examples/core/README.md b/examples/core/README.md
@@ -0,0 +1,56 @@
+## Example deployment flow
+
+```bash
+terraform init
+terraform validate
+terraform plan
+terraform apply --auto-approve
+```
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|:----:|:-----:|:-----:|
+| name\_prefix | The replication group identifier. This parameter is stored as a lowercase string. | string | n/a | yes |
+| node\_type | The compute and memory capacity of the nodes in the node group. | string | n/a | yes |
+| number\_cache\_clusters | The number of cache clusters (primary and replicas) this replication group will have. | string | n/a | yes |
+| subnet\_ids | List of VPC Subnet IDs for the cache subnet group. | list(string) | n/a | yes |
+| vpc\_id | VPC Id to associate with Redis ElastiCache. | string | n/a | yes |
+| apply\_immediately | Specifies whether any modifications are applied immediately, or during the next maintenance window. | string | `"false"` | no |
+| at\_rest\_encryption\_enabled | Whether to enable encryption at rest. | string | `"true"` | no |
+| auth\_token | The password used to access a password protected server. Can be specified only if `transit_encryption_enabled = true`. | string | `""` | no |
+| auto\_minor\_version\_upgrade |  | string | `"true"` | no |
+| automatic\_failover\_enabled | Specifies whether a read-only replica will be automatically promoted to read/write primary if the existing primary fails. | string | `"true"` | no |
+| description | The description of the all resources. | string | `"Managed by Terraform"` | no |
+| engine\_version | The version number of the cache engine to be used for the cache clusters in this replication group. | string | `"5.0.0"` | no |
+| family | The family of the ElastiCache parameter group. | string | `"redis5.0"` | no |
+| ingress\_cidr\_blocks | List of Ingress CIDR blocks. | list(string) | `[]` | no |
+| kms\_key\_id | The ARN of the key that you wish to use if encrypting at rest. If not supplied, uses service managed encryption. Can be specified only if `at_rest_encryption_enabled = true` | string | `""` | no |
+| maintenance\_window | Specifies the weekly time range for when maintenance on the cache cluster is performed. | string | `""` | no |
+| parameter | A list of Redis parameters to apply. Note that parameters may differ from one Redis family to another | object | `[]` | no |
+| port | The port number on which each of the cache nodes will accept connections. | string | `"6379"` | no |
+| snapshot\_retention\_limit | The number of days for which ElastiCache will retain automatic cache cluster snapshots before deleting them. | string | `"30"` | no |
+| snapshot\_window | The daily time range (in UTC) during which ElastiCache will begin taking a daily snapshot of your cache cluster. | string | `""` | no |
+| source\_security\_group\_ids | List of Security Groups. | list(string) | `[]` | no |
+| tags | A mapping of tags to assign to all resources. | map(string) | `{}` | no |
+| transit\_encryption\_enabled | Whether to enable encryption in transit. | string | `"true"` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| elasticache\_parameter\_group\_id | The ElastiCache parameter group name. |
+| elasticache\_replication\_group\_id | The ID of the ElastiCache Replication Group. |
+| elasticache\_replication\_group\_member\_clusters | The identifiers of all the nodes that are part of this replication group. |
+| elasticache\_replication\_group\_primary\_endpoint\_address | The address of the endpoint for the primary node in the replication group. |
+| security\_group\_arn | The ARN of the Redis ElastiCache security group. |
+| security\_group\_description | The description of the Redis ElastiCache security group. |
+| security\_group\_egress | The egress rules of the Redis ElastiCache security group. |
+| security\_group\_id | The ID of the Redis ElastiCache security group. |
+| security\_group\_ingress | The ingress rules of the Redis ElastiCache security group. |
+| security\_group\_name | The name of the Redis ElastiCache security group. |
+| security\_group\_owner\_id | The owner ID of the Redis ElastiCache security group. |
+| security\_group\_vpc\_id | The VPC ID of the Redis ElastiCache security group. |
+
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/examples/core/main.tf b/examples/core/main.tf
@@ -0,0 +1,68 @@
+provider "aws" {
+  region = "eu-west-1"
+}
+
+#####
+# VPC and subnets
+#####
+module "vpc" {
+  source  = "terraform-aws-modules/vpc/aws"
+  version = "2.21.0"
+
+  name = "simple-vpc"
+
+  cidr = "10.0.0.0/16"
+
+  azs             = ["eu-west-1a", "eu-west-1b", "eu-west-1c"]
+  private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
+  public_subnets  = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"]
+
+  enable_nat_gateway = false
+
+  tags = {
+    Environment = "test"
+  }
+}
+
+#####
+# Elasticache Redis
+#####
+module "redis" {
+  source = "../../"
+
+  name_prefix           = "core-example-redis"
+  number_cache_clusters = 2
+  node_type             = "cache.t3.small"
+
+  engine_version           = "5.0.6"
+  port                     = 6379
+  maintenance_window       = "mon:03:00-mon:04:00"
+  snapshot_window          = "04:00-06:00"
+  snapshot_retention_limit = 7
+
+  automatic_failover_enabled = true
+
+  at_rest_encryption_enabled = true
+  transit_encryption_enabled = true
+  auth_token                 = "1234567890asdfghjkl"
+
+  apply_immediately = true
+  family            = "redis5.0"
+  description       = "Test elasticache redis."
+
+  subnet_ids = module.vpc.private_subnets
+  vpc_id     = module.vpc.vpc_id
+
+  ingress_cidr_blocks = ["0.0.0.0/0"]
+
+  parameter = [
+    {
+      name  = "repl-backlog-size"
+      value = "16384"
+    }
+  ]
+
+  tags = {
+    Project = "Test"
+  }
+}
diff --git a/main.tf b/main.tf
@@ -0,0 +1,89 @@
+resource "aws_elasticache_replication_group" "redis" {
+  engine = "redis"
+
+  parameter_group_name = aws_elasticache_parameter_group.redis.name
+  subnet_group_name    = aws_elasticache_subnet_group.redis.name
+  security_group_ids   = [aws_security_group.redis.id]
+
+  replication_group_id  = var.name_prefix
+  number_cache_clusters = var.number_cache_clusters
+  node_type             = var.node_type
+
+  engine_version = var.engine_version
+  port           = var.port
+
+  maintenance_window         = var.maintenance_window
+  snapshot_window            = var.snapshot_window
+  snapshot_retention_limit   = var.snapshot_retention_limit
+  automatic_failover_enabled = var.automatic_failover_enabled
+  auto_minor_version_upgrade = var.auto_minor_version_upgrade
+
+  at_rest_encryption_enabled = var.at_rest_encryption_enabled
+  transit_encryption_enabled = var.transit_encryption_enabled
+  auth_token                 = var.auth_token != "" ? var.auth_token : null
+  kms_key_id                 = var.kms_key_id
+
+  apply_immediately = var.apply_immediately
+
+  replication_group_description = var.description
+
+  tags = merge(
+    {
+      "Name" = var.name_prefix
+    },
+    var.tags,
+  )
+}
+
+resource "aws_elasticache_parameter_group" "redis" {
+  name        = var.name_prefix
+  family      = var.family
+  description = var.description
+
+  dynamic "parameter" {
+    for_each = var.parameter
+    content {
+      name  = parameter.value.name
+      value = parameter.value.value
+    }
+  }
+}
+
+resource "aws_elasticache_subnet_group" "redis" {
+  name        = var.name_prefix
+  subnet_ids  = var.subnet_ids
+  description = var.description
+}
+
+resource "aws_security_group" "redis" {
+  name_prefix = "${var.name_prefix}-"
+  vpc_id      = var.vpc_id
+
+  tags = merge(
+    {
+      "Name" = "${var.name_prefix}"
+    },
+    var.tags
+  )
+}
+
+resource "aws_security_group_rule" "redis_ingress_cidr_blocks" {
+  count = length(var.ingress_cidr_blocks) != 0 ? 1 : 0
+
+  type              = "ingress"
+  from_port         = var.port
+  to_port           = var.port
+  protocol          = "tcp"
+  cidr_blocks       = var.ingress_cidr_blocks
+  security_group_id = aws_security_group.redis.id
+}
+
+resource "aws_security_group_rule" "redis_egress" {
+  type              = "egress"
+  from_port         = 0
+  to_port           = 0
+  protocol          = "-1"
+  cidr_blocks       = ["0.0.0.0/0"]
+  security_group_id = aws_security_group.redis.id
+}
+
diff --git a/outputs.tf b/outputs.tf
@@ -0,0 +1,60 @@
+output "elasticache_replication_group_id" {
+  value       = aws_elasticache_replication_group.redis.id
+  description = "The ID of the ElastiCache Replication Group."
+}
+
+output "elasticache_replication_group_primary_endpoint_address" {
+  value       = aws_elasticache_replication_group.redis.primary_endpoint_address
+  description = "The address of the endpoint for the primary node in the replication group."
+}
+
+output "elasticache_replication_group_member_clusters" {
+  value       = aws_elasticache_replication_group.redis.member_clusters
+  description = "The identifiers of all the nodes that are part of this replication group."
+}
+
+output "elasticache_parameter_group_id" {
+  value       = aws_elasticache_parameter_group.redis.id
+  description = "The ElastiCache parameter group name."
+}
+
+output "security_group_id" {
+  value       = aws_security_group.redis.id
+  description = "The ID of the Redis ElastiCache security group."
+}
+
+output "security_group_arn" {
+  value       = aws_security_group.redis.arn
+  description = "The ARN of the Redis ElastiCache security group."
+}
+
+output "security_group_vpc_id" {
+  value       = aws_security_group.redis.vpc_id
+  description = "The VPC ID of the Redis ElastiCache security group."
+}
+
+output "security_group_owner_id" {
+  value       = aws_security_group.redis.owner_id
+  description = "The owner ID of the Redis ElastiCache security group."
+}
+
+output "security_group_name" {
+  value       = aws_security_group.redis.name
+  description = "The name of the Redis ElastiCache security group."
+}
+
+output "security_group_description" {
+  value       = aws_security_group.redis.description
+  description = "The description of the Redis ElastiCache security group."
+}
+
+output "security_group_ingress" {
+  value       = aws_security_group.redis.ingress
+  description = "The ingress rules of the Redis ElastiCache security group."
+}
+
+output "security_group_egress" {
+  value       = aws_security_group.redis.egress
+  description = "The egress rules of the Redis ElastiCache security group."
+}
+
diff --git a/variables.tf b/variables.tf
