Skip to content

Latest commit

 

History

History
190 lines (144 loc) · 16.5 KB

README.md

File metadata and controls

190 lines (144 loc) · 16.5 KB

Redis

squareops_avatar

SquareOps Technologies Your DevOps Partner for Accelerating cloud journey.


This module is a Terraform module that provides an easy and efficient way to deploy and manage an Amazon ElastiCache Redis cluster in AWS. It simplifies the process of setting up a Redis cluster with customizable configurations, allowing you to focus on your application development and performance optimization. Features
  1. Simple Configuration: The module offers a simple and intuitive configuration interface, allowing you to define your Redis cluster's properties, such as instance type, node count, subnet, security groups, and more.

  2. Scalability: Easily scale your Redis cluster up or down by modifying the number of cache nodes, enabling you to meet the changing demands of your application.

  3. High Availability: Enable multi-AZ deployment to achieve high availability and automatic failover in case of a node or zone failure. This ensures that your Redis cluster remains accessible and your data stays protected.

  4. Flexible Networking: Choose the VPC and subnets where you want to deploy your Redis cluster, providing you with control over network access and integration with other resources in your AWS environment.

  5. Encryption and Security: Enable encryption at rest with your own KMS key or use AWS-managed encryption. Control access to your Redis cluster using CIDR blocks and security groups, ensuring secure communication and data protection.

  6. Backup and Recovery: Configure automated daily snapshots and set the retention period for backups. You can also specify a final snapshot for a smooth and controlled cluster termination process.

  7. Logging and Monitoring: Easily configure logging destinations for slow logs and engine logs, allowing you to monitor the performance and troubleshoot any issues efficiently.

Uses Example

module "redis" {
  source          = "squareops/elasticache-redis/aws"  
  environment     = "production"
  name            = "redis"
  family          = "redis6.x"
  vpc_id                     = "vpc-06eb7eskaf"
  subnets                    = ["subnet-0bfa3eskaf","subnet-0140bskaf"]
  node_type                  = "cache.t3.small"
  kms_key_arn                = "arn:aws:kms:us-east-2:222222222222:key/kms_key_arn"
  num_cache_nodes            = 2
  engine_version             = "6.x"
  multi_az_enabled           = false
  availability_zones         = 2
  automatic_failover_enabled = true
  snapshot_retention_limit   = 7
  at_rest_encryption_enabled = true
  transit_encryption_enabled = false
  notification_topic_arn     = null
  allowed_security_groups    = [sg-0132a18skaf]
  snapshot_window            = "07:00-08:00"
  maintenance_window         = "sun:09:00-sun:10:00"
}

Refer examples for more details.

IAM Permissions

The required IAM permissions to create resources from this module can be found here

Important Note

  1. By default, the variable create_random_password is set to true. Therefore, even if the user provides a password, it will not be read. The create_random_password variable should be set to false and the password variable should have a non-null value to be read and used.

Security & Compliance

Security scanning is graciously provided by Prowler. Proowler is the leading fully hosted, cloud-native solution providing continuous cluster security and compliance.

Benchmark Description
Ensure that encryption is enabled for RDS instances Enabled for RDS created using this module.

Requirements

Name Version
terraform >= 1.0
aws >= 4.23
random >= 3.0.0

Providers

Name Version
aws >= 4.23
random >= 3.0.0

Modules

Name Source Version
security_group_redis terraform-aws-modules/security-group/aws 4.13.0

Resources

Name Type
aws_elasticache_parameter_group.default resource
aws_elasticache_replication_group.redis resource
aws_elasticache_subnet_group.elasticache resource
aws_secretsmanager_secret.secret_redis resource
aws_security_group_rule.cidr_ingress resource
aws_security_group_rule.default_ingress resource
random_password.password resource
aws_availability_zones.available data source

Inputs

Name Description Type Default Required
allowed_cidr_blocks A list of CIDR blocks which are allowed to access the database list(any) [] no
allowed_security_groups A list of Security Group ID's to allow access to list(any) [] no
at_rest_encryption_enabled (Optional) Whether to enable encryption at rest bool true no
automatic_failover_enabled Enable automatic failover bool true no
availability_zones The no. of AZs string 2 no
engine_log_destination The destination for engine logs(eg. Cloudwatch log-group name or kinesis firehose stream name) string null no
engine_log_destination_type The type of destination for engine logs(eg . cloudwatch-logs or kinesis-firehose) string "" no
engine_log_format the format for logs eg. json/text string "json" no
engine_version The redis engine version string "" no
environment The name of environment string "" no
family Redis family string "redis4.0" no
final_snapshot_identifier The name of your final node group (shard) snapshot. ElastiCache creates the snapshot from the primary node in the cluster. If omitted, no final snapshot will be made. string null no
kms_key_arn The ARN of the key that you wish to use if encrypting at rest. If not supplied, uses service managed encryption. Can be specified only if at_rest_encryption_enabled = true string "" no
maintenance_window Specifies the weekly time range for when maintenance on the cache cluster is performed. The format is ddd:hh24:mi-ddd:hh24:mi (24H Clock UTC). The minimum maintenance window is a 60 minute period string "fri:08:00-fri:09:00" no
multi_az_enabled Enable multi az bool false no
name The name of the redis cluster string "" no
node_type The instance size of the redis cluster string "cache.t3.micro" no
notification_topic_arn (Optional) ARN of an SNS topic to send ElastiCache notifications string null no
num_cache_nodes The number of cache nodes number 1 no
parameter_group_description Parameter group string null no
port The redis port number 6379 no
recovery_window_aws_secret Number of days that AWS Secrets Manager waits before it can delete the secret. This value can be 0 to force deletion without recovery or range from 7 to 30 days. number 0 no
slow_log_destination The destination for slow logs(eg. Cloudwatch log-group name or kinesis firehose stream name.) string null no
slow_log_destination_type The type of destination for slow logs(eg . cloudwatch-logs or kinesis-firehose) string "" no
slow_log_format the format for logs eg. json/text string "json" no
snapshot_arns (Optional) A single-element string list containing an Amazon Resource Name (ARN) of a Redis RDB snapshot file stored in Amazon S3. Example: arn:aws:s3:::my_bucket/snapshot1.rdb . This will be used to add data to a fresh new instance. list(string) [] no
snapshot_retention_limit The number of days for which ElastiCache will retain automatic cache cluster snapshots before deleting them. For example, if you set SnapshotRetentionLimit to 5, then a snapshot that was taken today will be retained for 5 days before being deleted. If the value of SnapshotRetentionLimit is set to zero (0), backups are turned off. Please note that setting a snapshot_retention_limit is not supported on cache.t1.micro or cache.t2.* cache nodes number 7 no
snapshot_window The daily time range (in UTC) during which ElastiCache will begin taking a daily snapshot of your cache cluster. The minimum maintenance window is a 60 minute period. Example: 05:00-09:00 string "03:00-05:00" no
subnets The subnets where the redis cluster is deployed list(string) [] no
transit_encryption_enabled (Optional) Whether to enable encryption in transit bool true no
vpc_id The vpc where we will put the redis cluster string "" no

Outputs

Name Description
auth_token_password Elasticache-redis auth token password(this password may be old, because Terraform doesn't track it after initial creation)
elastic_cache_redis_cluster_id ID of the elasticache-redis cluster
elastic_cache_redis_endpoint Elasticache-redis cluster primary endpoint address
elastic_cache_redis_port Port number of Redis
elastic_cache_redis_primary_endpoint_address Primary endpoint address of redis
elastic_cache_redis_security_group The security group ID of the cluster
elastic_cache_redis_subnet_group_name Subnet group name of the elasticache_redis cluster

Contribute & Issue Report

To report an issue with a project:

  1. Check the repository's issue tracker on GitHub
  2. Search to check if the issue has already been reported
  3. If you can't find an answer to your question in the documentation or issue tracker, you can ask a question by creating a new issue. Make sure to provide enough context and details.

License

Apache License, Version 2.0, January 2004 (https://www.apache.org/licenses/LICENSE-2.0)

Support Us

To support our GitHub project by liking it, you can follow these steps:

  1. Visit the repository: Navigate to the GitHub repository

  2. Click the "Star" button: On the repository page, you'll see a "Star" button in the upper right corner. Clicking on it will star the repository, indicating your support for the project.

  3. Optionally, you can also leave a comment on the repository or open an issue to give feedback or suggest changes.

Staring a repository on GitHub is a simple way to show your support and appreciation for the project. It also helps to increase the visibility of the project and make it more discoverable to others.

Who we are

We believe that the key to success in the digital age is the ability to deliver value quickly and reliably. That’s why we offer a comprehensive range of DevOps & Cloud services designed to help your organization optimize its systems & Processes for speed and agility.

  1. We are an AWS Advanced consulting partner which reflects our deep expertise in AWS Cloud and helping 100+ clients over the last 5 years.
  2. Expertise in Kubernetes and overall container solution helps companies expedite their journey by 10X.
  3. Infrastructure Automation is a key component to the success of our Clients and our Expertise helps deliver the same in the shortest time.
  4. DevSecOps as a service to implement security within the overall DevOps process and helping companies deploy securely and at speed.
  5. Platform engineering which supports scalable,Cost efficient infrastructure that supports rapid development, testing, and deployment.
  6. 24*7 SRE service to help you Monitor the state of your infrastructure and eradicate any issue within the SLA.

We provide support on all of our projects, no matter how small or large they may be.

To find more information about our company, visit squareops.com, follow us on Linkedin, or fill out a job application. If you have any questions or would like assistance with your cloud strategy and implementation, please don't hesitate to contact us.