From 94fc158c3042cd1921ace955912a6dcca3bffcca Mon Sep 17 00:00:00 2001 From: manoj-me Date: Wed, 18 Oct 2023 16:38:58 +0530 Subject: [PATCH 01/32] change version --- vpc/versions.tf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/vpc/versions.tf b/vpc/versions.tf index 241ac05..58d0cfc 100644 --- a/vpc/versions.tf +++ b/vpc/versions.tf @@ -1,9 +1,10 @@ terraform { - required_version = ">= 0.13" + required_version = "~> 0.13" required_providers { aws = { source = "hashicorp/aws" + version = "~> 4.60.0" } } } From 8a88f6aceae379794c20cda027ba9b5cd0b42824 Mon Sep 17 00:00:00 2001 From: manoj-me Date: Wed, 18 Oct 2023 17:45:28 +0530 Subject: [PATCH 02/32] change version --- vpc/versions.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vpc/versions.tf b/vpc/versions.tf index 58d0cfc..a4d71b0 100644 --- a/vpc/versions.tf +++ b/vpc/versions.tf @@ -1,6 +1,6 @@ terraform { - required_version = "~> 0.13" + required_version = ">= 1.6.1" required_providers { aws = { source = "hashicorp/aws" From 117173bcab33ebdf5ae05331c345a2f446337568 Mon Sep 17 00:00:00 2001 From: manoj-me Date: Wed, 18 Oct 2023 18:30:55 +0530 Subject: [PATCH 03/32] cahnge to old version --- vpc/versions.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vpc/versions.tf b/vpc/versions.tf index a4d71b0..bd35adb 100644 --- a/vpc/versions.tf +++ b/vpc/versions.tf @@ -1,6 +1,6 @@ terraform { - required_version = ">= 1.6.1" + required_version = ">= 0.13" required_providers { aws = { source = "hashicorp/aws" From 5914066dc58d314e44e818a529b34ddd5e8e9afc Mon Sep 17 00:00:00 2001 From: manoj-me Date: Fri, 20 Oct 2023 11:06:51 +0530 Subject: [PATCH 04/32] change the version --- vpc/versions.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vpc/versions.tf b/vpc/versions.tf index bd35adb..a4d71b0 100644 --- a/vpc/versions.tf +++ b/vpc/versions.tf @@ -1,6 +1,6 @@ terraform { - required_version = ">= 0.13" + required_version = ">= 1.6.1" required_providers { aws = { source = "hashicorp/aws" From 2480d09ecd1f271acbe2ce63be4423a1e15d4aee Mon Sep 17 00:00:00 2001 From: manoj-me Date: Fri, 20 Oct 2023 11:15:22 +0530 Subject: [PATCH 05/32] change version --- vpc/versions.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vpc/versions.tf b/vpc/versions.tf index a4d71b0..58d0cfc 100644 --- a/vpc/versions.tf +++ b/vpc/versions.tf @@ -1,6 +1,6 @@ terraform { - required_version = ">= 1.6.1" + required_version = "~> 0.13" required_providers { aws = { source = "hashicorp/aws" From d8d09c5a2e6767534376dc115651c5fabb8c39ef Mon Sep 17 00:00:00 2001 From: manoj-me Date: Mon, 23 Oct 2023 11:39:25 +0530 Subject: [PATCH 06/32] change aws version --- load_balancers/application/versions.tf | 2 +- subnet_resources/versions.tf | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/load_balancers/application/versions.tf b/load_balancers/application/versions.tf index 3803037..a8dd642 100644 --- a/load_balancers/application/versions.tf +++ b/load_balancers/application/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "~> 3.74.2" + version = "~> 4.60.0" } } } diff --git a/subnet_resources/versions.tf b/subnet_resources/versions.tf index 241ac05..bd35adb 100644 --- a/subnet_resources/versions.tf +++ b/subnet_resources/versions.tf @@ -4,6 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" + version = "~> 4.60.0" } } } From e2f448da78ad49dbba762e13085a538fec05da25 Mon Sep 17 00:00:00 2001 From: manoj-me Date: Tue, 24 Oct 2023 17:03:38 +0530 Subject: [PATCH 07/32] add jakarta regions --- load_balancers/application/variables.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/load_balancers/application/variables.tf b/load_balancers/application/variables.tf index 3fa8351..a76e808 100644 --- a/load_balancers/application/variables.tf +++ b/load_balancers/application/variables.tf @@ -9,6 +9,7 @@ variable "aws_lb_accounts" { us-west-2 = "797873946194" ca-central-1 = "985666609251" eu-central-1 = "054676820928" + ap-southeast-3 = "589379963580" eu-west-1 = "156460612806" eu-west-2 = "652711504416" eu-west-3 = "009996457667" From 244b299870a97a58869d4618585e0ba69f85b46b Mon Sep 17 00:00:00 2001 From: manoj-me Date: Tue, 24 Oct 2023 17:28:49 +0530 Subject: [PATCH 08/32] fix bucket ownership --- load_balancers/application/alb_logs.tf | 2 ++ 1 file changed, 2 insertions(+) diff --git a/load_balancers/application/alb_logs.tf b/load_balancers/application/alb_logs.tf index f955e94..c7c7c6d 100644 --- a/load_balancers/application/alb_logs.tf +++ b/load_balancers/application/alb_logs.tf @@ -3,6 +3,8 @@ resource "aws_s3_bucket" "logs" { bucket = local.logs_bucket_name acl = "log-delivery-write" force_destroy = true + control_object_ownership = true + object_ownership = "ObjectWriter" policy = < Date: Tue, 24 Oct 2023 17:52:04 +0530 Subject: [PATCH 09/32] change to latest bucket --- load_balancers/application/alb_logs.tf | 34 ++++++++------------------ load_balancers/application/data.tf | 16 ++++++++++++ 2 files changed, 26 insertions(+), 24 deletions(-) diff --git a/load_balancers/application/alb_logs.tf b/load_balancers/application/alb_logs.tf index c7c7c6d..ebf8fa6 100644 --- a/load_balancers/application/alb_logs.tf +++ b/load_balancers/application/alb_logs.tf @@ -1,31 +1,7 @@ resource "aws_s3_bucket" "logs" { count = var.lb_access_logs_enabled ? 1 : 0 bucket = local.logs_bucket_name - acl = "log-delivery-write" force_destroy = true - control_object_ownership = true - object_ownership = "ObjectWriter" - - policy = < Date: Tue, 24 Oct 2023 17:57:35 +0530 Subject: [PATCH 10/32] change to latest bucket --- load_balancers/application/alb_logs.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/load_balancers/application/alb_logs.tf b/load_balancers/application/alb_logs.tf index ebf8fa6..20330ce 100644 --- a/load_balancers/application/alb_logs.tf +++ b/load_balancers/application/alb_logs.tf @@ -27,12 +27,12 @@ resource "aws_s3_bucket" "logs" { } resource "aws_s3_bucket_acl" "lb-logs-acl" { - bucket = aws_s3_bucket.logs.id + bucket = aws_s3_bucket.logs[0].id acl = "private" } resource "aws_s3_bucket_policy" "allow-lb" { - bucket = aws_s3_bucket.logs.id + bucket = aws_s3_bucket.logs[0].id policy = data.aws_iam_policy_document.allow-lb.json } From 3300048140093d0546a2325396e6bc700e9baade Mon Sep 17 00:00:00 2001 From: manoj-me Date: Tue, 24 Oct 2023 17:58:41 +0530 Subject: [PATCH 11/32] change to latest bucket --- load_balancers/application/data.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/load_balancers/application/data.tf b/load_balancers/application/data.tf index 32f8767..08aa71b 100644 --- a/load_balancers/application/data.tf +++ b/load_balancers/application/data.tf @@ -13,7 +13,7 @@ data "aws_iam_policy_document" "allow-lb" { ] resources = [ - "${aws_s3_bucket.logs.arn}/*" + "${aws_s3_bucket.logs[0].arn}/*" ] } } \ No newline at end of file From a8680df5860099ae8aa23718290c5b73353b943c Mon Sep 17 00:00:00 2001 From: manoj-me Date: Tue, 24 Oct 2023 18:30:01 +0530 Subject: [PATCH 12/32] change to latest bucket --- load_balancers/application/alb_logs.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/load_balancers/application/alb_logs.tf b/load_balancers/application/alb_logs.tf index 20330ce..6d43cfe 100644 --- a/load_balancers/application/alb_logs.tf +++ b/load_balancers/application/alb_logs.tf @@ -2,6 +2,7 @@ resource "aws_s3_bucket" "logs" { count = var.lb_access_logs_enabled ? 1 : 0 bucket = local.logs_bucket_name force_destroy = true + acl = "private" lifecycle_rule { id = "cleanup" From 88fe0d3cdb20860f18079c3459f5697d0f18fc18 Mon Sep 17 00:00:00 2001 From: manoj-me Date: Tue, 24 Oct 2023 19:18:06 +0530 Subject: [PATCH 13/32] remove acl --- load_balancers/application/alb_logs.tf | 10 ---------- load_balancers/application/data.tf | 17 ----------------- 2 files changed, 27 deletions(-) diff --git a/load_balancers/application/alb_logs.tf b/load_balancers/application/alb_logs.tf index 6d43cfe..36080fc 100644 --- a/load_balancers/application/alb_logs.tf +++ b/load_balancers/application/alb_logs.tf @@ -27,13 +27,3 @@ resource "aws_s3_bucket" "logs" { ) } -resource "aws_s3_bucket_acl" "lb-logs-acl" { - bucket = aws_s3_bucket.logs[0].id - acl = "private" -} - -resource "aws_s3_bucket_policy" "allow-lb" { - bucket = aws_s3_bucket.logs[0].id - policy = data.aws_iam_policy_document.allow-lb.json -} - diff --git a/load_balancers/application/data.tf b/load_balancers/application/data.tf index 08aa71b..b4bfadc 100644 --- a/load_balancers/application/data.tf +++ b/load_balancers/application/data.tf @@ -1,19 +1,2 @@ data "aws_region" "current" { -} - -data "aws_iam_policy_document" "allow-lb" { - statement { - principals { - type = "AWS" - identifiers = ["${var.aws_lb_accounts[data.aws_region.current.name]}"] - } - - actions = [ - "s3:PutObject" - ] - - resources = [ - "${aws_s3_bucket.logs[0].arn}/*" - ] - } } \ No newline at end of file From 18d7b127f73415dc084777728fd3459db7cfed57 Mon Sep 17 00:00:00 2001 From: manoj-me Date: Tue, 24 Oct 2023 19:37:24 +0530 Subject: [PATCH 14/32] change policy --- load_balancers/application/alb_logs.tf | 51 ++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) diff --git a/load_balancers/application/alb_logs.tf b/load_balancers/application/alb_logs.tf index 36080fc..9c2c3f0 100644 --- a/load_balancers/application/alb_logs.tf +++ b/load_balancers/application/alb_logs.tf @@ -27,3 +27,54 @@ resource "aws_s3_bucket" "logs" { ) } +resource "aws_s3_bucket_policy" "alb_access_logs_bucket_policy" { + bucket = aws_s3_bucket.logs[0].id + + policy = jsonencode({ + "Version" : "2012-10-17", + "Statement" : [ + { + "Sid" : "AllowELBRootAccount", + "Effect" : "Allow", + "Action" : "s3:PutObject", + "Resource" : "arn:aws:s3:::${local.logs_bucket_name}/*", + "Principal" : { + "AWS" : "arn:aws:iam::${var.aws_lb_accounts[data.aws_region.current.name]}:root" + } + }, + { + "Sid" : "AWSLogDeliveryWrite", + "Effect" : "Allow", + "Action" : "s3:PutObject", + "Resource" : "arn:aws:s3:::${local.logs_bucket_name}/*", + "Condition" : { + "StringEquals" : { + "s3:x-amz-acl" : "bucket-owner-full-control" + } + }, + "Principal" : { + "Service" : "delivery.logs.amazonaws.com" + } + }, + { + "Sid" : "AWSLogDeliveryAclCheck", + "Effect" : "Allow", + "Action" : "s3:GetBucketAcl", + "Resource" : "arn:aws:s3:::${local.logs_bucket_name}", + "Principal" : { + "Service" : "delivery.logs.amazonaws.com" + } + }, + { + "Sid" : "AllowALBAccess", + "Effect" : "Allow", + "Action" : "s3:PutObject", + "Resource" : "arn:aws:s3:::${local.logs_bucket_name}/*", + "Principal" : { + "Service" : "elasticloadbalancing.amazonaws.com" + } + } + ] + }) +} + From 519d1dd836f510e5bbc8fb38ed93b418c9892ab9 Mon Sep 17 00:00:00 2001 From: manoj-me Date: Tue, 24 Oct 2023 20:37:03 +0530 Subject: [PATCH 15/32] add version to redis --- elasticache/redis/versions.tf | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 elasticache/redis/versions.tf diff --git a/elasticache/redis/versions.tf b/elasticache/redis/versions.tf new file mode 100644 index 0000000..58d0cfc --- /dev/null +++ b/elasticache/redis/versions.tf @@ -0,0 +1,10 @@ + +terraform { + required_version = "~> 0.13" + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 4.60.0" + } + } +} From af3b7c1b0d6ee80f90c471e419ce351fab06d87d Mon Sep 17 00:00:00 2001 From: Tanmay Maheshwari Date: Wed, 4 Jun 2025 12:17:28 +0530 Subject: [PATCH 16/32] [SRE-8756] added valkey --- elasticache/valkey/README.md | 54 ++++++++++ elasticache/valkey/dns.tf | 12 +++ elasticache/valkey/locals.tf | 14 +++ elasticache/valkey/main.tf | 56 ++++++++++ elasticache/valkey/outputs.tf | 19 ++++ elasticache/valkey/variables.tf | 183 ++++++++++++++++++++++++++++++++ elasticache/valkey/versions.tf | 10 ++ 7 files changed, 348 insertions(+) create mode 100644 elasticache/valkey/README.md create mode 100644 elasticache/valkey/dns.tf create mode 100644 elasticache/valkey/locals.tf create mode 100644 elasticache/valkey/main.tf create mode 100644 elasticache/valkey/outputs.tf create mode 100644 elasticache/valkey/variables.tf create mode 100644 elasticache/valkey/versions.tf diff --git a/elasticache/valkey/README.md b/elasticache/valkey/README.md new file mode 100644 index 0000000..81926c7 --- /dev/null +++ b/elasticache/valkey/README.md @@ -0,0 +1,54 @@ +## Requirements + +No requirements. + +## Providers + +| Name | Version | +|------|---------| +| aws | n/a | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| apply\_immediately | Specifies whether any modifications are applied immediately, or during the next maintenance window. Default is false. | `bool` | `false` | no | +| at\_rest\_encryption\_enabled | Whether to enable encryption at rest | `bool` | `true` | no | +| auth\_token | The password used to access a password protected server. Can be specified only if transit\_encryption\_enabled = true. If specified must contain from 16 to 128 alphanumeric characters or symbols | `string` | `""` | no | +| auto\_minor\_version\_upgrade | Specifies whether a minor engine upgrades will be applied automatically to the underlying Cache Cluster instances during the maintenance window | `bool` | `true` | no | +| automatic\_failover\_enabled | Specifies whether a read-only replica will be automatically promoted to read/write primary if the existing primary fails. | `bool` | `true` | no | +| availability\_zones | A list of EC2 availability zones in which the replication group's cache clusters will be created. The order of the availability zones in the list is not important | `list(string)` | n/a | yes | +| business\_name | Business Name | `string` | n/a | yes | +| cluster\_mode\_enabled | Enable creation of a native redis cluster. | `bool` | `false` | no | +| environment | environment to deploy into, should typically dev/staging/prod | `string` | n/a | yes | +| kms\_key\_id | The ARN of the key that you wish to use if encrypting at rest. If not supplied, uses service managed encryption. Can be specified only if at\_rest\_encryption\_enabled = true | `string` | `""` | no | +| notification\_topic\_arn | An Amazon Resource Name (ARN) of an SNS topic to send ElastiCache notifications to. Example: arn:aws:sns:us-east-1:012345678999:my\_sns\_topic | `string` | `""` | no | +| num\_node\_groups | Required when cluster\_mode\_enabled is set to true. Specify the number of node groups (shards) for this Redis replication group. Changing this number will trigger an online resizing operation before other settings modifications. | `number` | `0` | no | +| number\_cache\_clusters | Number of Redis cache clusters (nodes) to create | `number` | `0` | no | +| parameter | A list of Redis parameters to apply. Note that parameters may differ from one Redis family to another | 
list(object({
    name  = string
    value = string
  }))
| `[]` | no | +| redis\_maintenance\_window | Specifies the weekly time range for when maintenance on the cache cluster is performed. The format is ddd:hh24:mi-ddd:hh24:mi (24H Clock UTC). The minimum maintenance window is a 60 minute period | `string` | `"fri:08:00-fri:09:00"` | no | +| redis\_node\_type | Instance type to use for creating the Redis cache clusters | `string` | n/a | yes | +| redis\_port | n/a | `number` | `6379` | no | +| redis\_snapshot\_retention\_limit | The number of days for which ElastiCache will retain automatic cache cluster snapshots before deleting them. For example, if you set SnapshotRetentionLimit to 5, then a snapshot that was taken today will be retained for 5 days before being deleted. If the value of SnapshotRetentionLimit is set to zero (0), backups are turned off. Please note that setting a snapshot\_retention\_limit is not supported on cache.t1.micro or cache.t2.\* cache nodes | `number` | `0` | no | +| redis\_snapshot\_window | The daily time range (in UTC) during which ElastiCache will begin taking a daily snapshot of your cache cluster. The minimum snapshot window is a 60 minute period | `string` | `"06:30-07:30"` | no | +| redis\_version | Redis version to use, defaults to 5.0.6 | `string` | `"5.0.6"` | no | +| replicas\_per\_node\_group | Required when `cluster_mode_enabled` is set to true. Specify the number of replica nodes in each node group. Valid values are 0 to 5. Changing this number will force a new resource. | `number` | `0` | no | +| security\_group\_ids | A list of cache security group ids to associate with this replication group | `list(string)` | n/a | yes | +| service\_name | Service name | `string` | n/a | yes | +| snapshot\_arns | A single-element string list containing an Amazon Resource Name (ARN) of a Redis RDB snapshot file stored in Amazon S3. Example: arn:aws:s3:::my\_bucket/snapshot1.rdb | `list(string)` | `[]` | no | +| snapshot\_name | The name of a snapshot from which to restore data into the new node group. Changing the snapshot\_name forces a new resource | `string` | `""` | no | +| subnets | List of VPC Subnet IDs for the cache subnet group | `list(string)` | n/a | yes | +| subservice\_name | Sub Service name | `string` | n/a | yes | +| tags | Tags for redis nodes | `map(string)` | `{}` | no | +| transit\_encryption\_enabled | Whether to enable encryption in transit. Requires 3.2.6 or >=4.0 redis\_version | `bool` | `false` | no | +| vpc\_id | VPC ID | `string` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| endpoint | n/a | +| id | n/a | +| parameter\_group | n/a | +| redis\_subnet\_group\_name | n/a | + diff --git a/elasticache/valkey/dns.tf b/elasticache/valkey/dns.tf new file mode 100644 index 0000000..4379b4e --- /dev/null +++ b/elasticache/valkey/dns.tf @@ -0,0 +1,12 @@ +data "aws_route53_zone" "valkey_dns_hosted_zone" { + name = var.zone_name + vpc_id = var.vpc_id +} + +resource "aws_route53_record" "valkey_dns" { + zone_id = data.aws_route53_zone.valkey_dns_hosted_zone.id + name = var.valkey_dns + type = "CNAME" + ttl = "300" + records = var.cluster_mode_enabled ? [join("", aws_elasticache_replication_group.valkey.*.configuration_endpoint_address)] : [join("", aws_elasticache_replication_group.valkey.*.primary_endpoint_address)] +} diff --git a/elasticache/valkey/locals.tf b/elasticache/valkey/locals.tf new file mode 100644 index 0000000..ebc90e7 --- /dev/null +++ b/elasticache/valkey/locals.tf @@ -0,0 +1,14 @@ +locals { + _resource_identifier = "${var.business_name}-${var.service_name}-${var.subservice_name}" + resource_identifier = lower(local._resource_identifier) + + default_tags = { + ManagedBy = "terraform" + Environment = lower(var.environment) + Business = lower(var.business_name) + Service = lower(var.service_name) + SubService = lower(var.subservice_name) + Name = lower(local.resource_identifier) + } +} + diff --git a/elasticache/valkey/main.tf b/elasticache/valkey/main.tf new file mode 100644 index 0000000..b96aed6 --- /dev/null +++ b/elasticache/valkey/main.tf @@ -0,0 +1,56 @@ +resource "aws_elasticache_replication_group" "valkey" { + replication_group_id = format("%.30s", "${local.resource_identifier}") + replication_group_description = "Terraform-managed ElastiCache replication group for ${local.resource_identifier}" + number_cache_clusters = var.cluster_mode_enabled ? null : var.number_cache_clusters + node_type = var.valkey_node_type + automatic_failover_enabled = var.automatic_failover_enabled && var.cluster_mode_enabled ? true : false + auto_minor_version_upgrade = var.auto_minor_version_upgrade + availability_zones = var.availability_zones + engine = "valkey" + at_rest_encryption_enabled = var.at_rest_encryption_enabled + kms_key_id = var.kms_key_id + transit_encryption_enabled = var.transit_encryption_enabled + auth_token = var.transit_encryption_enabled ? var.auth_token : null + engine_version = var.valkey_version + port = var.valkey_port + parameter_group_name = aws_elasticache_parameter_group.valkey_parameter_group.id + subnet_group_name = aws_elasticache_subnet_group.valkey_subnet_group.id + security_group_ids = var.security_group_ids + snapshot_arns = var.snapshot_arns + snapshot_name = var.snapshot_name + apply_immediately = var.apply_immediately + maintenance_window = var.valkey_maintenance_window + notification_topic_arn = var.notification_topic_arn + snapshot_window = var.valkey_snapshot_window + snapshot_retention_limit = var.valkey_snapshot_retention_limit + tags = local.default_tags + + dynamic "cluster_mode" { + for_each = var.cluster_mode_enabled ? [1] : [] + content { + replicas_per_node_group = var.replicas_per_node_group + num_node_groups = var.num_node_groups + } + } + +} + +resource "aws_elasticache_parameter_group" "valkey_parameter_group" { + name = local.resource_identifier + description = "Terraform-managed ElastiCache parameter group for ${local.resource_identifier}" + # Strip the patch version from valkey_version var + family = "valkey${replace(var.valkey_version, "/\\.[\\d]+$/", "")}" + + dynamic "parameter" { + for_each = var.cluster_mode_enabled ? concat([{ name = "cluster-enabled", value = "yes" }], var.parameter) : var.parameter + content { + name = parameter.value.name + value = parameter.value.value + } + } +} + +resource "aws_elasticache_subnet_group" "valkey_subnet_group" { + name = local.resource_identifier + subnet_ids = var.subnets +} diff --git a/elasticache/valkey/outputs.tf b/elasticache/valkey/outputs.tf new file mode 100644 index 0000000..1d012e9 --- /dev/null +++ b/elasticache/valkey/outputs.tf @@ -0,0 +1,19 @@ +output "parameter_group" { + value = aws_elasticache_parameter_group.valkey_parameter_group.id +} + +output "valkey_subnet_group_name" { + value = aws_elasticache_subnet_group.valkey_subnet_group.name +} + +output "id" { + value = aws_elasticache_replication_group.valkey.id +} + +output "endpoint" { + value = aws_elasticache_replication_group.valkey.primary_endpoint_address +} + +output "dns_endpoint" { + value = aws_route53_record.valkey_dns.fqdn +} diff --git a/elasticache/valkey/variables.tf b/elasticache/valkey/variables.tf new file mode 100644 index 0000000..8e940bd --- /dev/null +++ b/elasticache/valkey/variables.tf @@ -0,0 +1,183 @@ +variable "apply_immediately" { + description = "Specifies whether any modifications are applied immediately, or during the next maintenance window. Default is false." + type = bool + default = false +} + +variable "environment" { + description = "environment to deploy into, should typically dev/staging/prod" + type = string +} + +variable "number_cache_clusters" { + description = "Number of Redis cache clusters (nodes) to create" + type = number + default = 0 +} + +variable "automatic_failover_enabled" { + default = true + type = bool + description = "Specifies whether a read-only replica will be automatically promoted to read/write primary if the existing primary fails." +} + +variable "valkey_node_type" { + description = "Instance type to use for creating the Redis cache clusters" + type = string +} + +variable "valkey_port" { + type = number + default = 6379 +} + +variable "subnets" { + type = list(string) + description = "List of VPC Subnet IDs for the cache subnet group" +} + +variable "valkey_version" { + description = "Redis version to use, defaults to 5.0.6" + type = string + default = "5.0.6" +} + +variable "vpc_id" { + description = "VPC ID" + type = string +} + +variable "valkey_maintenance_window" { + description = "Specifies the weekly time range for when maintenance on the cache cluster is performed. The format is ddd:hh24:mi-ddd:hh24:mi (24H Clock UTC). The minimum maintenance window is a 60 minute period" + type = string + default = "fri:08:00-fri:09:00" +} + +variable "valkey_snapshot_window" { + description = "The daily time range (in UTC) during which ElastiCache will begin taking a daily snapshot of your cache cluster. The minimum snapshot window is a 60 minute period" + type = string + default = "06:30-07:30" +} + +variable "valkey_snapshot_retention_limit" { + description = "The number of days for which ElastiCache will retain automatic cache cluster snapshots before deleting them. For example, if you set SnapshotRetentionLimit to 5, then a snapshot that was taken today will be retained for 5 days before being deleted. If the value of SnapshotRetentionLimit is set to zero (0), backups are turned off. Please note that setting a snapshot_retention_limit is not supported on cache.t1.micro or cache.t2.* cache nodes" + type = number + default = 0 +} + +variable "tags" { + description = "Tags for valkey nodes" + type = map(string) + default = {} +} + +variable "auto_minor_version_upgrade" { + description = "Specifies whether a minor engine upgrades will be applied automatically to the underlying Cache Cluster instances during the maintenance window" + type = bool + default = true +} + +variable "availability_zones" { + description = "A list of EC2 availability zones in which the replication group's cache clusters will be created. The order of the availability zones in the list is not important" + type = list(string) +} + +variable "at_rest_encryption_enabled" { + description = "Whether to enable encryption at rest" + type = bool + default = true +} + +variable "kms_key_id" { + description = "The ARN of the key that you wish to use if encrypting at rest. If not supplied, uses service managed encryption. Can be specified only if at_rest_encryption_enabled = true" + type = string + default = "" +} + +variable "transit_encryption_enabled" { + description = "Whether to enable encryption in transit. Requires 3.2.6 or >=4.0 valkey_version" + type = bool + default = false +} + +variable "auth_token" { + description = "The password used to access a password protected server. Can be specified only if transit_encryption_enabled = true. If specified must contain from 16 to 128 alphanumeric characters or symbols" + type = string + default = "" +} + +variable "security_group_ids" { + description = "A list of cache security group ids to associate with this replication group" + type = list(string) +} + +variable "snapshot_arns" { + description = "A single-element string list containing an Amazon Resource Name (ARN) of a Redis RDB snapshot file stored in Amazon S3. Example: arn:aws:s3:::my_bucket/snapshot1.rdb" + type = list(string) + default = [] +} + +variable "snapshot_name" { + description = " The name of a snapshot from which to restore data into the new node group. Changing the snapshot_name forces a new resource" + type = string + default = "" +} + +variable "notification_topic_arn" { + description = "An Amazon Resource Name (ARN) of an SNS topic to send ElastiCache notifications to. Example: arn:aws:sns:us-east-1:012345678999:my_sns_topic" + type = string + default = "" +} + +variable "business_name" { + type = string + description = "Business Name" +} + +variable "service_name" { + type = string + description = "Service name" +} + +variable "subservice_name" { + type = string + description = "Sub Service name" +} + +variable "cluster_mode_enabled" { + type = bool + description = "Enable creation of a native valkey cluster." + default = false +} + +variable "num_node_groups" { + type = number + description = "Required when cluster_mode_enabled is set to true. Specify the number of node groups (shards) for this Redis replication group. Changing this number will trigger an online resizing operation before other settings modifications." + default = 0 +} + +variable "replicas_per_node_group" { + type = number + description = "Required when `cluster_mode_enabled` is set to true. Specify the number of replica nodes in each node group. Valid values are 0 to 5. Changing this number will force a new resource." + default = 0 +} + +variable "parameter" { + type = list(object({ + name = string + value = string + })) + default = [] + description = "A list of Redis parameters to apply. Note that parameters may differ from one Redis family to another" +} + +variable "valkey_dns" { + description = "valkey dns name" + type = string +} + +variable "zone_name" { + description = "valkey dns name" + default = "moeinternal.com" + type = string +} diff --git a/elasticache/valkey/versions.tf b/elasticache/valkey/versions.tf new file mode 100644 index 0000000..58d0cfc --- /dev/null +++ b/elasticache/valkey/versions.tf @@ -0,0 +1,10 @@ + +terraform { + required_version = "~> 0.13" + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 4.60.0" + } + } +} From 422c1dff387ad2bfc8e4c5955f8e2ab7e2c9d6d5 Mon Sep 17 00:00:00 2001 From: Tanmay Maheshwari Date: Wed, 4 Jun 2025 12:39:42 +0530 Subject: [PATCH 17/32] [SRE-8756] added valkey --- elasticache/valkey/versions.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/elasticache/valkey/versions.tf b/elasticache/valkey/versions.tf index 58d0cfc..69b11c0 100644 --- a/elasticache/valkey/versions.tf +++ b/elasticache/valkey/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "~> 4.60.0" + version = "~> 5.99.1" } } } From 1615a323792aef775feebef53535cdfab42f3e8a Mon Sep 17 00:00:00 2001 From: Tanmay Maheshwari Date: Wed, 4 Jun 2025 12:55:48 +0530 Subject: [PATCH 18/32] [SRE-8756] valkey main tf fixes --- elasticache/valkey/main.tf | 15 ++++----------- 1 file changed, 4 insertions(+), 11 deletions(-) diff --git a/elasticache/valkey/main.tf b/elasticache/valkey/main.tf index b96aed6..7b7fa0d 100644 --- a/elasticache/valkey/main.tf +++ b/elasticache/valkey/main.tf @@ -1,11 +1,11 @@ resource "aws_elasticache_replication_group" "valkey" { replication_group_id = format("%.30s", "${local.resource_identifier}") - replication_group_description = "Terraform-managed ElastiCache replication group for ${local.resource_identifier}" - number_cache_clusters = var.cluster_mode_enabled ? null : var.number_cache_clusters + num_cache_clusters = var.cluster_mode_enabled ? null : var.number_cache_clusters node_type = var.valkey_node_type automatic_failover_enabled = var.automatic_failover_enabled && var.cluster_mode_enabled ? true : false auto_minor_version_upgrade = var.auto_minor_version_upgrade - availability_zones = var.availability_zones + preferred_cache_cluster_azs = var.availability_zones + description = "Terraform-managed ElastiCache replication group for ${local.resource_identifier}" engine = "valkey" at_rest_encryption_enabled = var.at_rest_encryption_enabled kms_key_id = var.kms_key_id @@ -24,14 +24,7 @@ resource "aws_elasticache_replication_group" "valkey" { snapshot_window = var.valkey_snapshot_window snapshot_retention_limit = var.valkey_snapshot_retention_limit tags = local.default_tags - - dynamic "cluster_mode" { - for_each = var.cluster_mode_enabled ? [1] : [] - content { - replicas_per_node_group = var.replicas_per_node_group - num_node_groups = var.num_node_groups - } - } + cluster_mode_enabled = var.cluster_mode_enabled } From db8710fae63b432c1cb8939f6e57aa578ec88638 Mon Sep 17 00:00:00 2001 From: Tanmay Maheshwari Date: Wed, 4 Jun 2025 13:10:12 +0530 Subject: [PATCH 19/32] [SRE-8756] fix --- elasticache/valkey/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/elasticache/valkey/main.tf b/elasticache/valkey/main.tf index 7b7fa0d..a5040c5 100644 --- a/elasticache/valkey/main.tf +++ b/elasticache/valkey/main.tf @@ -24,7 +24,7 @@ resource "aws_elasticache_replication_group" "valkey" { snapshot_window = var.valkey_snapshot_window snapshot_retention_limit = var.valkey_snapshot_retention_limit tags = local.default_tags - cluster_mode_enabled = var.cluster_mode_enabled + cluster_mode = var.cluster_mode_enabled } From c3960e14ae379068f38c2973f262503fa9cfd7b0 Mon Sep 17 00:00:00 2001 From: Tanmay Maheshwari Date: Wed, 4 Jun 2025 13:20:42 +0530 Subject: [PATCH 20/32] [SRE-8756] added cluster_mode var --- elasticache/valkey/main.tf | 2 +- elasticache/valkey/variables.tf | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/elasticache/valkey/main.tf b/elasticache/valkey/main.tf index a5040c5..84a9703 100644 --- a/elasticache/valkey/main.tf +++ b/elasticache/valkey/main.tf @@ -24,7 +24,7 @@ resource "aws_elasticache_replication_group" "valkey" { snapshot_window = var.valkey_snapshot_window snapshot_retention_limit = var.valkey_snapshot_retention_limit tags = local.default_tags - cluster_mode = var.cluster_mode_enabled + cluster_mode = var.cluster_mode } diff --git a/elasticache/valkey/variables.tf b/elasticache/valkey/variables.tf index 8e940bd..3fa8939 100644 --- a/elasticache/valkey/variables.tf +++ b/elasticache/valkey/variables.tf @@ -150,6 +150,12 @@ variable "cluster_mode_enabled" { default = false } +variable "cluster_mode" { + type = string + description = "Enable creation of a native valkey cluster." + default = "disabled" +} + variable "num_node_groups" { type = number description = "Required when cluster_mode_enabled is set to true. Specify the number of node groups (shards) for this Redis replication group. Changing this number will trigger an online resizing operation before other settings modifications." From 97b44e259588e667fa7f28647ee1acf62126541d Mon Sep 17 00:00:00 2001 From: manoj-me <82220636+manoj-me@users.noreply.github.com> Date: Wed, 2 Jul 2025 13:57:19 +0530 Subject: [PATCH 21/32] Update main.tf --- elasticache/redis/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/elasticache/redis/main.tf b/elasticache/redis/main.tf index 3c18291..6b41035 100644 --- a/elasticache/redis/main.tf +++ b/elasticache/redis/main.tf @@ -5,7 +5,7 @@ resource "aws_elasticache_replication_group" "redis" { node_type = var.redis_node_type automatic_failover_enabled = var.automatic_failover_enabled && var.cluster_mode_enabled ? true : false auto_minor_version_upgrade = var.auto_minor_version_upgrade - availability_zones = var.availability_zones + availability_zones = var.availability_zones ? null : var.availability_zones engine = "redis" at_rest_encryption_enabled = var.at_rest_encryption_enabled kms_key_id = var.kms_key_id From 0e1a392ebe8495ef1ce21b26fcd9496f969d051f Mon Sep 17 00:00:00 2001 From: manoj-me <82220636+manoj-me@users.noreply.github.com> Date: Wed, 2 Jul 2025 13:59:22 +0530 Subject: [PATCH 22/32] Update main.tf --- elasticache/redis/main.tf | 1 - 1 file changed, 1 deletion(-) diff --git a/elasticache/redis/main.tf b/elasticache/redis/main.tf index 6b41035..1d899c6 100644 --- a/elasticache/redis/main.tf +++ b/elasticache/redis/main.tf @@ -5,7 +5,6 @@ resource "aws_elasticache_replication_group" "redis" { node_type = var.redis_node_type automatic_failover_enabled = var.automatic_failover_enabled && var.cluster_mode_enabled ? true : false auto_minor_version_upgrade = var.auto_minor_version_upgrade - availability_zones = var.availability_zones ? null : var.availability_zones engine = "redis" at_rest_encryption_enabled = var.at_rest_encryption_enabled kms_key_id = var.kms_key_id From 8f355463461de68f864cadf184878fb0eec0b777 Mon Sep 17 00:00:00 2001 From: manoj-me <82220636+manoj-me@users.noreply.github.com> Date: Wed, 2 Jul 2025 14:00:37 +0530 Subject: [PATCH 23/32] Update variables.tf --- elasticache/redis/variables.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/elasticache/redis/variables.tf b/elasticache/redis/variables.tf index ea9ab1f..c73447a 100644 --- a/elasticache/redis/variables.tf +++ b/elasticache/redis/variables.tf @@ -80,6 +80,7 @@ variable "auto_minor_version_upgrade" { variable "availability_zones" { description = "A list of EC2 availability zones in which the replication group's cache clusters will be created. The order of the availability zones in the list is not important" type = list(string) + default = ["us-east-2a"] } variable "at_rest_encryption_enabled" { From 1df18f564513c57e9d8d7cfba1f9d228447f524a Mon Sep 17 00:00:00 2001 From: manoj-me <82220636+manoj-me@users.noreply.github.com> Date: Wed, 2 Jul 2025 14:56:40 +0530 Subject: [PATCH 24/32] Update main.tf --- elasticache/redis/main.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/elasticache/redis/main.tf b/elasticache/redis/main.tf index 1d899c6..3c18291 100644 --- a/elasticache/redis/main.tf +++ b/elasticache/redis/main.tf @@ -5,6 +5,7 @@ resource "aws_elasticache_replication_group" "redis" { node_type = var.redis_node_type automatic_failover_enabled = var.automatic_failover_enabled && var.cluster_mode_enabled ? true : false auto_minor_version_upgrade = var.auto_minor_version_upgrade + availability_zones = var.availability_zones engine = "redis" at_rest_encryption_enabled = var.at_rest_encryption_enabled kms_key_id = var.kms_key_id From 14ccfeaa835cd13aec51794c2a0931344361ab06 Mon Sep 17 00:00:00 2001 From: manoj-me <82220636+manoj-me@users.noreply.github.com> Date: Wed, 2 Jul 2025 14:57:15 +0530 Subject: [PATCH 25/32] Update variables.tf --- elasticache/redis/variables.tf | 1 - 1 file changed, 1 deletion(-) diff --git a/elasticache/redis/variables.tf b/elasticache/redis/variables.tf index c73447a..ea9ab1f 100644 --- a/elasticache/redis/variables.tf +++ b/elasticache/redis/variables.tf @@ -80,7 +80,6 @@ variable "auto_minor_version_upgrade" { variable "availability_zones" { description = "A list of EC2 availability zones in which the replication group's cache clusters will be created. The order of the availability zones in the list is not important" type = list(string) - default = ["us-east-2a"] } variable "at_rest_encryption_enabled" { From 5ab52b8a502c60293312416697371dd8eedad0ee Mon Sep 17 00:00:00 2001 From: arnold1796 <91123089+arnold1796@users.noreply.github.com> Date: Thu, 17 Jul 2025 13:46:51 +0530 Subject: [PATCH 26/32] Update main.tf --- elasticache/redis/main.tf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/elasticache/redis/main.tf b/elasticache/redis/main.tf index 3c18291..51a180a 100644 --- a/elasticache/redis/main.tf +++ b/elasticache/redis/main.tf @@ -39,7 +39,8 @@ resource "aws_elasticache_parameter_group" "redis_parameter_group" { name = local.resource_identifier description = "Terraform-managed ElastiCache parameter group for ${local.resource_identifier}" # Strip the patch version from redis_version var - family = "redis${replace(var.redis_version, "/\\.[\\d]+$/", "")}" + #family = "redis${replace(var.redis_version, "/\\.[\\d]+$/", "")}" + family = var.redis_version == "6.2" ? "redis6.x" : "redis${replace(var.redis_version, "/\\.[\\d]+$/", "")}" dynamic "parameter" { for_each = var.cluster_mode_enabled ? concat([{ name = "cluster-enabled", value = "yes" }], var.parameter) : var.parameter From f831e234ab46b2c7e7224b8ca16096f07be447e0 Mon Sep 17 00:00:00 2001 From: tanmayatmoe <164492203+tanmayatmoe@users.noreply.github.com> Date: Tue, 22 Jul 2025 12:28:24 +0530 Subject: [PATCH 27/32] Update main.tf --- elasticache/redis/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/elasticache/redis/main.tf b/elasticache/redis/main.tf index 51a180a..85f32e5 100644 --- a/elasticache/redis/main.tf +++ b/elasticache/redis/main.tf @@ -5,7 +5,7 @@ resource "aws_elasticache_replication_group" "redis" { node_type = var.redis_node_type automatic_failover_enabled = var.automatic_failover_enabled && var.cluster_mode_enabled ? true : false auto_minor_version_upgrade = var.auto_minor_version_upgrade - availability_zones = var.availability_zones + availability_zones = var.availability_zones ? null : var.availability_zones engine = "redis" at_rest_encryption_enabled = var.at_rest_encryption_enabled kms_key_id = var.kms_key_id From c5dc98ba5c238bf263fb14ad2413b61fe56e5625 Mon Sep 17 00:00:00 2001 From: tanmayatmoe <164492203+tanmayatmoe@users.noreply.github.com> Date: Tue, 22 Jul 2025 12:38:01 +0530 Subject: [PATCH 28/32] Update variables.tf --- elasticache/redis/variables.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/elasticache/redis/variables.tf b/elasticache/redis/variables.tf index ea9ab1f..c73447a 100644 --- a/elasticache/redis/variables.tf +++ b/elasticache/redis/variables.tf @@ -80,6 +80,7 @@ variable "auto_minor_version_upgrade" { variable "availability_zones" { description = "A list of EC2 availability zones in which the replication group's cache clusters will be created. The order of the availability zones in the list is not important" type = list(string) + default = ["us-east-2a"] } variable "at_rest_encryption_enabled" { From 5a356c70122305623a3d65402b36cde954e7f7a9 Mon Sep 17 00:00:00 2001 From: atish-andhare <126860247+atish-andhare@users.noreply.github.com> Date: Tue, 22 Jul 2025 12:45:25 +0530 Subject: [PATCH 29/32] Update variables.tf --- elasticache/redis/variables.tf | 1 - 1 file changed, 1 deletion(-) diff --git a/elasticache/redis/variables.tf b/elasticache/redis/variables.tf index c73447a..ea9ab1f 100644 --- a/elasticache/redis/variables.tf +++ b/elasticache/redis/variables.tf @@ -80,7 +80,6 @@ variable "auto_minor_version_upgrade" { variable "availability_zones" { description = "A list of EC2 availability zones in which the replication group's cache clusters will be created. The order of the availability zones in the list is not important" type = list(string) - default = ["us-east-2a"] } variable "at_rest_encryption_enabled" { From 156e059f89262a9b89b819b120396b6489d9997b Mon Sep 17 00:00:00 2001 From: manoj-me <82220636+manoj-me@users.noreply.github.com> Date: Tue, 22 Jul 2025 14:06:06 +0530 Subject: [PATCH 30/32] Update variables.tf --- elasticache/redis/variables.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/elasticache/redis/variables.tf b/elasticache/redis/variables.tf index ea9ab1f..c73447a 100644 --- a/elasticache/redis/variables.tf +++ b/elasticache/redis/variables.tf @@ -80,6 +80,7 @@ variable "auto_minor_version_upgrade" { variable "availability_zones" { description = "A list of EC2 availability zones in which the replication group's cache clusters will be created. The order of the availability zones in the list is not important" type = list(string) + default = ["us-east-2a"] } variable "at_rest_encryption_enabled" { From c15c60fa4688dd98f24a10940fe3d06775db61ff Mon Sep 17 00:00:00 2001 From: manoj-me <82220636+manoj-me@users.noreply.github.com> Date: Tue, 22 Jul 2025 14:11:15 +0530 Subject: [PATCH 31/32] Update main.tf --- elasticache/redis/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/elasticache/redis/main.tf b/elasticache/redis/main.tf index 85f32e5..723d7cb 100644 --- a/elasticache/redis/main.tf +++ b/elasticache/redis/main.tf @@ -5,7 +5,7 @@ resource "aws_elasticache_replication_group" "redis" { node_type = var.redis_node_type automatic_failover_enabled = var.automatic_failover_enabled && var.cluster_mode_enabled ? true : false auto_minor_version_upgrade = var.auto_minor_version_upgrade - availability_zones = var.availability_zones ? null : var.availability_zones + availability_zones = try(length(var.availability_zones) > 0 ? var.availability_zones : null, null) engine = "redis" at_rest_encryption_enabled = var.at_rest_encryption_enabled kms_key_id = var.kms_key_id From 1178af788125148f39e20d9c168f9c7921023d7d Mon Sep 17 00:00:00 2001 From: manoj-me <82220636+manoj-me@users.noreply.github.com> Date: Tue, 22 Jul 2025 14:44:42 +0530 Subject: [PATCH 32/32] Update variables.tf --- elasticache/redis/variables.tf | 1 - 1 file changed, 1 deletion(-) diff --git a/elasticache/redis/variables.tf b/elasticache/redis/variables.tf index c73447a..ea9ab1f 100644 --- a/elasticache/redis/variables.tf +++ b/elasticache/redis/variables.tf @@ -80,7 +80,6 @@ variable "auto_minor_version_upgrade" { variable "availability_zones" { description = "A list of EC2 availability zones in which the replication group's cache clusters will be created. The order of the availability zones in the list is not important" type = list(string) - default = ["us-east-2a"] } variable "at_rest_encryption_enabled" {