Merge pull request #22 from kunduso/create-amazon-elasticache

Multiple ElastiCache updates
kunduso · Nov 1, 2023 · 7faa634 · 7faa634
2 parents 77ac37d + 8a41641
commit 7faa634
Show file tree

Hide file tree

Showing 4 changed files with 30 additions and 7 deletions.
diff --git a/elasticache.tf b/elasticache.tf
@@ -1,5 +1,5 @@
 resource "aws_elasticache_subnet_group" "elasticache_subnet" {
-  name       = "cache-subnet"
+  name       = "app-4-cache-subnet"
   subnet_ids = [for subnet in aws_subnet.private : subnet.id]
 }
 resource "aws_kms_key" "encrytion_rest" {
@@ -15,7 +15,7 @@ resource "aws_kms_key" "encrytion_secret" {
   #checkov:skip=CKV2_AWS_64: Not including a KMS Key policy
 }
 resource "aws_secretsmanager_secret" "elasticache_auth" {
-  name                    = "elasticache_auth"
+  name                    = "app-4-elasticache-auth"
   recovery_window_in_days = 0
   kms_key_id              = aws_kms_key.encrytion_secret.id
   #checkov:skip=CKV2_AWS_57: Disabled Secrets Manager secrets automatic rotation

diff --git a/iam_role.tf b/iam_role.tf
@@ -1,9 +1,12 @@
+locals {
+  account_id = aws_vpc.this.owner_id
+}
 #Create a policy to read from the specific parameter store
 #https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy
 resource "aws_iam_policy" "ssm_parameter_policy" {
-  name        = "ssm_parameter_policy"
+  name        = "app-4-ssm-parameter-read-policy"
   path        = "/"
-  description = "Policy to read from SSM Parameter Store"
+  description = "Policy to read the ElastiCache endpoint and port number stored in the SSM Parameter Store."
   # Terraform's "jsonencode" function converts a
   # Terraform expression result to valid JSON syntax.
   policy = jsonencode({
@@ -19,4 +22,24 @@ resource "aws_iam_policy" "ssm_parameter_policy" {
       }
     ]
   })
+}
+#https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy
+resource "aws_iam_policy" "secret_manager_policy" {
+  name        = "app-4-secret-read-policy"
+  path        = "/"
+  description = "Policy to read the ElastiCache AUTH Token stored in AWS Secrets Manager secret."
+  # Terraform's "jsonencode" function converts a
+  # Terraform expression result to valid JSON syntax.
+  policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Effect = "Allow",
+        Action = [
+          "kms:Decrypt"
+        ]
+        Resource = [aws_kms_key.encrytion_rest.arn]
+      }
+    ]
+  })
 }
diff --git a/security_group.tf b/security_group.tf
@@ -2,7 +2,7 @@ resource "aws_default_security_group" "default" {
   vpc_id = aws_vpc.this.id
 }
 resource "aws_security_group" "elasticache" {
-  name        = "app-4-elasticache"
+  name        = "app-4-elasticache-sg"
   description = "Allow inbound to and outbound access from the Amazon ElastiCache cluster."
   ingress {
     from_port   = 6379

diff --git a/ssm_parameter.tf b/ssm_parameter.tf
@@ -1,12 +1,12 @@
 #https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ssm_parameter
 resource "aws_ssm_parameter" "elasticache_ep" {
-  name   = "/elasticache/${aws_elasticache_replication_group.app4.replication_group_id}/endpoint"
+  name   = "/elasticache/app-4/${aws_elasticache_replication_group.app4.replication_group_id}/endpoint"
   type   = "SecureString"
   key_id = aws_kms_key.encrytion_rest.id
   value  = aws_elasticache_replication_group.app4.configuration_endpoint_address
 }
 resource "aws_ssm_parameter" "elasticache_port" {
-  name   = "/elasticache/${aws_elasticache_replication_group.app4.replication_group_id}/port"
+  name   = "/elasticache/app-4/${aws_elasticache_replication_group.app4.replication_group_id}/port"
   type   = "SecureString"
   key_id = aws_kms_key.encrytion_rest.id
   value  = aws_elasticache_replication_group.app4.port