Amazon ElastiCache service supports Redis and Memcached. If you want in an in-memory caching solution for your application, check out the AWS-Docs. In this repository I have the Terraform code to provision an Amazon ElastiCache for Redis cluster and all the supporting infrastructure components like Amazon VPC, subnets, security group, AWS KMS key, and AWS Secrets Manager secret.
The process of provisioning is automated using GitHub Actions. I also followed a few best practices while creating the Amazon ElastiCache service, like enabling multi-availability zone, multi-node, and encryption in transit and at rest.
I discussed the concept in detail in my notes at -create-an-amazon-elasticache-for-redis-cluster-using-terraform.
I used Bridgecrew Checkov to scan the Terraform code for security vulnerabilities. Here is a link if you are interested in adding code scanning capabilities to your GitHub Actions pipeline -automate-terraform-configuration-scan-with-checkov-and-github-actions.
I also used Infracost to generate a cost estimate of building the architecture. If you want to learn more about adding Infracost estimates to your repository, head over to this note -estimate AWS Cloud resource cost with Infracost, Terraform, and GitHub Actions.
Lastly, I also automated the process of provisioning the resources using GitHub Actions pipeline and I discussed that in detail at -CI-CD with Terraform and GitHub Actions to deploy to AWS.
For this code to function without errors, I created an OpenID connect identity provider in Amazon Identity and Access Management that has a trust relationship with this GitHub repository. You can read about it here to get a detailed explanation with steps.
I stored the ARN of the IAM Role as a GitHub secret which is referred in the terraform.yml file.
Since I used Infracost in this repository, I stored the INFRACOST_API_KEY as a repository secret. It is referenced in the terraform.yml GitHub actions workflow file.
As part of the Infracost integration, I also created a INFRACOST_API_KEY and stored that as a GitHub Actions secret. I also managed the cost estimate process using a GitHub Actions variable INFRACOST_SCAN_TYPE where the value is either hcl_code or tf_plan, depending on the type of scan desired.
| Name | Version |
|---|---|
| aws | 5.20.1 |
| random | 3.6.3 |
| Name | Version |
|---|---|
| aws | 5.20.1 |
| random | 3.6.3 |
| Name | Source | Version |
|---|---|---|
| vpc | github.com/kunduso/terraform-aws-vpc | v1.0.1 |
| Name | Type |
|---|---|
| aws_cloudwatch_log_group.engine_log | resource |
| aws_cloudwatch_log_group.slow_log | resource |
| aws_elasticache_replication_group.app4 | resource |
| aws_elasticache_subnet_group.elasticache_subnet | resource |
| aws_iam_policy.secret_manager_policy | resource |
| aws_iam_policy.ssm_parameter_policy | resource |
| aws_kms_alias.encryption_rest | resource |
| aws_kms_alias.encryption_secret | resource |
| aws_kms_key.encryption_rest | resource |
| aws_kms_key.encryption_secret | resource |
| aws_kms_key_policy.encryption_rest_policy | resource |
| aws_kms_key_policy.encryption_secret_policy | resource |
| aws_secretsmanager_secret.elasticache_auth | resource |
| aws_secretsmanager_secret_version.auth | resource |
| aws_security_group.elasticache | resource |
| aws_security_group_rule.elasticache_egress | resource |
| aws_security_group_rule.elasticache_ingress | resource |
| aws_ssm_parameter.elasticache_ep | resource |
| aws_ssm_parameter.elasticache_port | resource |
| random_password.auth | resource |
| aws_caller_identity.current | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| access_key | The access_key that belongs to the IAM user. | string |
"" |
no |
| name | The name of the application. | string |
"app-4" |
no |
| region | AWS Cloud infrastructure region. | string |
"us-east-2" |
no |
| secret_key | The secret_key that belongs to the IAM user. | string |
"" |
no |
| subnet_cidr_private | CIDR blocks for the private subnets. | list(any) |
[ |
no |
| subnet_cidr_public | CIDR blocks for the public subnets. | list(any) |
[ |
no |
| vpc_cidr | CIDR for the VPC. | string |
"10.20.32.0/25" |
no |
No outputs.
Ensure that the policy attached to the IAM role whose credentials are being used in this configuration has permission to create and manage all the resources that are included in this repository.
Review the code including the terraform.yml to understand the steps in the GitHub Actions pipeline. Also review the terraform code to understand all the concepts associated with creating an AWS VPC, subnets, internet gateway, route table, and route table association.
If you want to check the pipeline logs, click on the Build Badge (terrform-infra-provisioning) above the image in this ReadMe.
If you find any issues or have suggestions for improvement, feel free to open an issue or submit a pull request. Contributions are always welcome!
This code is released under the Unlincse License. See LICENSE.