updated module structure, review and tested

siddharthbarhate · May 17, 2023 · d69b4f7 · d69b4f7
1 parent 202838a
commit d69b4f7
Show file tree

Hide file tree

Showing 6 changed files with 53 additions and 57 deletions.
diff --git a/LICENSE b/LICENSE
@@ -186,7 +186,7 @@
       same "printed page" as the copyright notice for easier
       identification within third-party archives.
 
-   Copyright 2023 SquareOps Technologies Pvt. Ltd. 
+   Copyright 2023 SquareOps Technologies Pvt. Ltd.
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.
@@ -198,4 +198,4 @@
    distributed under the License is distributed on an "AS IS" BASIS,
    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    See the License for the specific language governing permissions and
-   limitations under the License.
+   limitations under the License.
diff --git a/README.md b/README.md
@@ -15,27 +15,25 @@ Terraform Module to create Redis on AWS Cloud.
 
 module "redis" {
   source = "gitlab.com/sq-ia/aws/redis.git"  
-  environment = "production"
-  name        = "SKAF"
-  engine_version  = "6.x"
-  port            = 6379
+  environment     = "production"
+  name            = "SKAF"
+  family          = "redis6.x"
   node_type       = "cache.t3.small"
   num_cache_nodes = 2
-  family          = "redis6.x"
-  availability_zones         = [for n in range(0, 2) : data.aws_availability_zones.available.names[n]]
+  engine_version  = "6.x"
+  availability_zones         = 2
   automatic_failover_enabled = true
   snapshot_retention_limit   = 7
-  multi_az_enabled           = false
   at_rest_encryption_enabled = true
   transit_encryption_enabled = false
   notification_topic_arn     = null
-  vpc_id                     = "vpc-06e37f0786b7eskaf"
-  subnets                    = ["subnet-0bfc23c64ea3eskaf","subnet-0140024df275bskaf"]
-  allowed_cidr_blocks        = []
-  allowed_security_groups    = [sg-0132a41b5cd18skaf]
+  vpc_id                     = "vpc-06eb7eskaf"
+  subnets                    = ["subnet-0bfa3eskaf","subnet-0140bskaf"]
+  kms_key_arn                = "arn:aws:kms:us-east-2:222222222222:key/kms_key_arn"
+  multi_az_enabled           = false
+  allowed_security_groups    = [sg-0132a18skaf]
   maintenance_window         = "sun:09:00-sun:10:00"
   snapshot_window            = "07:00-08:00"
-  kms_key_arn = "arn:aws:kms:us-east-2:222222222222:key/kms_key_arn"
 }
 
 ```
@@ -85,6 +83,7 @@ Security scanning is graciously provided by Prowler. Proowler is the leading ful
 | [aws_security_group_rule.cidr_ingress](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
 | [aws_security_group_rule.default_ingress](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
 | [random_password.password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource |
+| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source |
 
 ## Inputs
 
@@ -93,16 +92,16 @@ Security scanning is graciously provided by Prowler. Proowler is the leading ful
 | <a name="input_allowed_cidr_blocks"></a> [allowed\_cidr\_blocks](#input\_allowed\_cidr\_blocks) | A list of CIDR blocks which are allowed to access the database | `list(any)` | `[]` | no |
 | <a name="input_allowed_security_groups"></a> [allowed\_security\_groups](#input\_allowed\_security\_groups) | A list of Security Group ID's to allow access to | `list(any)` | `[]` | no |
 | <a name="input_at_rest_encryption_enabled"></a> [at\_rest\_encryption\_enabled](#input\_at\_rest\_encryption\_enabled) | (Optional) Whether to enable encryption at rest | `bool` | `true` | no |
-| <a name="input_automatic_failover_enabled"></a> [automatic\_failover\_enabled](#input\_automatic\_failover\_enabled) | Enable automatic failover | `bool` | `false` | no |
-| <a name="input_availability_zones"></a> [availability\_zones](#input\_availability\_zones) | The list of AZs | `list(string)` | `[]` | no |
+| <a name="input_automatic_failover_enabled"></a> [automatic\_failover\_enabled](#input\_automatic\_failover\_enabled) | Enable automatic failover | `bool` | `true` | no |
+| <a name="input_availability_zones"></a> [availability\_zones](#input\_availability\_zones) | The list of AZs | `string` | `2` | no |
 | <a name="input_engine_log_destination"></a> [engine\_log\_destination](#input\_engine\_log\_destination) | The destination for engine logs(eg. Cloudwatch log-group name or kinesis firehose stream name) | `string` | `null` | no |
 | <a name="input_engine_log_destination_type"></a> [engine\_log\_destination\_type](#input\_engine\_log\_destination\_type) | The type of destination for engine logs(eg . cloudwatch-logs or kinesis-firehose) | `string` | `""` | no |
 | <a name="input_engine_log_format"></a> [engine\_log\_format](#input\_engine\_log\_format) | the format for logs eg. json/text | `string` | `"json"` | no |
 | <a name="input_engine_version"></a> [engine\_version](#input\_engine\_version) | The redis engine version | `string` | `""` | no |
 | <a name="input_environment"></a> [environment](#input\_environment) | The name of environment | `string` | `""` | no |
 | <a name="input_family"></a> [family](#input\_family) | Redis family | `string` | `"redis4.0"` | no |
 | <a name="input_final_snapshot_identifier"></a> [final\_snapshot\_identifier](#input\_final\_snapshot\_identifier) | The name of your final node group (shard) snapshot. ElastiCache creates the snapshot from the primary node in the cluster. If omitted, no final snapshot will be made. | `string` | `null` | no |
-| <a name="input_kms_key_id"></a> [kms\_key\_id](#input\_kms\_key\_id) | The ARN of the key that you wish to use if encrypting at rest. If not supplied, uses service managed encryption. Can be specified only if at\_rest\_encryption\_enabled = true | `string` | `""` | no |
+| <a name="input_kms_key_arn"></a> [kms\_key\_arn](#input\_kms\_key\_arn) | The ARN of the key that you wish to use if encrypting at rest. If not supplied, uses service managed encryption. Can be specified only if at\_rest\_encryption\_enabled = true | `string` | `""` | no |
 | <a name="input_maintenance_window"></a> [maintenance\_window](#input\_maintenance\_window) | Specifies the weekly time range for when maintenance on the cache cluster is performed. The format is ddd:hh24:mi-ddd:hh24:mi (24H Clock UTC). The minimum maintenance window is a 60 minute period | `string` | `"fri:08:00-fri:09:00"` | no |
 | <a name="input_multi_az_enabled"></a> [multi\_az\_enabled](#input\_multi\_az\_enabled) | Enable multi az | `bool` | `false` | no |
 | <a name="input_name"></a> [name](#input\_name) | The name of the redis cluster | `string` | `""` | no |
@@ -116,7 +115,7 @@ Security scanning is graciously provided by Prowler. Proowler is the leading ful
 | <a name="input_slow_log_destination_type"></a> [slow\_log\_destination\_type](#input\_slow\_log\_destination\_type) | The type of destination for slow logs(eg . cloudwatch-logs or kinesis-firehose) | `string` | `""` | no |
 | <a name="input_slow_log_format"></a> [slow\_log\_format](#input\_slow\_log\_format) | the format for logs eg. json/text | `string` | `"json"` | no |
 | <a name="input_snapshot_arns"></a> [snapshot\_arns](#input\_snapshot\_arns) | (Optional) A single-element string list containing an Amazon Resource Name (ARN) of a Redis RDB snapshot file stored in Amazon S3. Example: arn:aws:s3:::my\_bucket/snapshot1.rdb . This will be used to add data to a fresh new instance. | `list(string)` | `[]` | no |
-| <a name="input_snapshot_retention_limit"></a> [snapshot\_retention\_limit](#input\_snapshot\_retention\_limit) | The number of days for which ElastiCache will retain automatic cache cluster snapshots before deleting them. For example, if you set SnapshotRetentionLimit to 5, then a snapshot that was taken today will be retained for 5 days before being deleted. If the value of SnapshotRetentionLimit is set to zero (0), backups are turned off. Please note that setting a snapshot\_retention\_limit is not supported on cache.t1.micro or cache.t2.* cache nodes | `number` | `0` | no |
+| <a name="input_snapshot_retention_limit"></a> [snapshot\_retention\_limit](#input\_snapshot\_retention\_limit) | The number of days for which ElastiCache will retain automatic cache cluster snapshots before deleting them. For example, if you set SnapshotRetentionLimit to 5, then a snapshot that was taken today will be retained for 5 days before being deleted. If the value of SnapshotRetentionLimit is set to zero (0), backups are turned off. Please note that setting a snapshot\_retention\_limit is not supported on cache.t1.micro or cache.t2.* cache nodes | `number` | `7` | no |
 | <a name="input_snapshot_window"></a> [snapshot\_window](#input\_snapshot\_window) | The daily time range (in UTC) during which ElastiCache will begin taking a daily snapshot of your cache cluster. The minimum maintenance window is a 60 minute period. Example: 05:00-09:00 | `string` | `"03:00-05:00"` | no |
 | <a name="input_subnets"></a> [subnets](#input\_subnets) | The subnets where the redis cluster is deployed | `list(string)` | `[]` | no |
 | <a name="input_transit_encryption_enabled"></a> [transit\_encryption\_enabled](#input\_transit\_encryption\_enabled) | (Optional) Whether to enable encryption in transit | `bool` | `true` | no |
@@ -200,4 +199,3 @@ We believe that the key to success in the digital age is the ability to deliver
 We provide [support](https://squareops.com/contact-us/) on all of our projects, no matter how small or large they may be.
 
 You can find more information about our company on this [squareops.com](https://squareops.com/), follow us on [linkdin](https://www.linkedin.com/company/squareops-technologies-pvt-ltd/), or fill out a [job application](https://squareops.com/careers/). If you have any questions or would like assistance with your cloud strategy and implementation, please don't hesitate to [contact us](https://squareops.com/contact-us/).
-
diff --git a/examples/complete/README.md b/examples/complete/README.md
@@ -14,7 +14,7 @@ No providers.
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_redis"></a> [redis](#module\_redis) | ../../ | n/a |
+| <a name="module_redis"></a> [redis](#module\_redis) | git@github.com:sq-ia/terraform-aws-elasticache-redis.git | n/a |
 
 ## Resources
 
@@ -28,7 +28,9 @@ No inputs.
 
 | Name | Description |
 |------|-------------|
-| <a name="output_elastic-cache-redis-endpoint"></a> [elastic-cache-redis-endpoint](#output\_elastic-cache-redis-endpoint) | Elasticache-redis cluster primary endpoint address |
+| <a name="output_auth_token_password"></a> [auth\_token\_password](#output\_auth\_token\_password) | Elasticache-redis auth token password(this password may be old, because Terraform doesn't track it after initial creation) |
+| <a name="output_elastic_cache_redis_endpoint"></a> [elastic\_cache\_redis\_endpoint](#output\_elastic\_cache\_redis\_endpoint) | Elasticache-redis cluster primary endpoint address |
+| <a name="output_elastic_cache_redis_security_group"></a> [elastic\_cache\_redis\_security\_group](#output\_elastic\_cache\_redis\_security\_group) | The security group ID of the cluster |
 | <a name="output_id_of_redis_cluster"></a> [id\_of\_redis\_cluster](#output\_id\_of\_redis\_cluster) | ID of the elasticache-redis cluster |
 | <a name="output_port_no"></a> [port\_no](#output\_port\_no) | Port number of Redis |
 | <a name="output_primary_endpoint_address"></a> [primary\_endpoint\_address](#output\_primary\_endpoint\_address) | Primary endpoint address of redis |

diff --git a/examples/complete/main.tf b/examples/complete/main.tf
@@ -1,34 +1,30 @@
 locals {
-  name        = "skaf"
-  region      = "us-east-2"
-  environment = "production"
-  redis_engine_version = "6.x"
+  name                    = "skaf"
+  region                  = "us-east-1"
+  family                  = "redis6.x"
+  node_type               = "cache.t3.small"
+  vpc_id                  = "vpc-06f1a2f3a7"
+  subnet_ids              = ["subnet-0bb128ab", "subnet-0b54928666a"]
+  kms_key_arn             = "arn:aws:kms:us-east-1:2222222222:key/bcfdc1c5-1bbbdb467d90"
+  environment             = "prod"
+  redis_engine_version    = "6.0"
+  allowed_security_groups = ["sg-0e8dab08e40"]
 }
 
-data "aws_availability_zones" "available" {}
-
 module "redis" {
-  source = "../../"  
-  environment = local.environment
-  name        = local.name
-  engine_version  = local.redis_engine_version
-  port            = 6379
-  node_type       = "cache.t3.small"
-  num_cache_nodes = 2
-  family          = "redis6.x"
-  availability_zones         = [for n in range(0, 2) : data.aws_availability_zones.available.names[n]]
-  automatic_failover_enabled = true
-  snapshot_retention_limit   = 7
-  multi_az_enabled           = false
-  at_rest_encryption_enabled = true
-  transit_encryption_enabled = false
-  notification_topic_arn     = null
-  vpc_id                     = "vpc-06e37f0786b7efaab"
-  subnets                    = ["subnet-021320ad57f4ef6bb","subnet-04ec8cb5f9abd4941"]
-  allowed_cidr_blocks        = []
-  allowed_security_groups    = ["sg-028cc84f7ff452dfd"]
-  maintenance_window         = "sun:09:00-sun:10:00"
-  snapshot_window            = "07:00-08:00"
-  kms_key_arn = "arn:aws:kms:us-east-2:271251951598:key/7fa600be-9c08-4502-a67a-ed7e8bc332cb"
+  source                  = "git@github.com:sq-ia/terraform-aws-elasticache-redis.git"
+  environment             = local.environment
+  name                    = local.name
+  family                  = local.family
+  node_type               = local.node_type
+  engine_version          = local.redis_engine_version
+  num_cache_nodes         = 2
+  vpc_id                  = local.vpc_id
+  subnets                 = local.subnet_ids
+  kms_key_arn             = local.kms_key_arn
+  multi_az_enabled        = false
+  availability_zones      = 2
+  snapshot_window         = "07:00-08:00"
+  maintenance_window      = "sun:09:00-sun:10:00"
+  allowed_security_groups = local.allowed_security_groups
 }
-
diff --git a/main.tf b/main.tf
@@ -1,5 +1,3 @@
-
-
 locals {
   tags = {
     Environment = var.environment
@@ -8,6 +6,8 @@ locals {
   engine_log = var.engine_log_destination == null ? [] : [1]
 }
 
+data "aws_availability_zones" "available" {}
+
 resource "random_password" "password" {
   length  = 16
   special = false
@@ -40,7 +40,7 @@ resource "aws_elasticache_replication_group" "redis" {
   parameter_group_name       = join("", aws_elasticache_parameter_group.default.*.name) #var.parameter_group_name
   security_group_ids         = [module.security_group_redis.security_group_id]
   subnet_group_name          = aws_elasticache_subnet_group.elasticache.id
-  availability_zones         = var.availability_zones
+  availability_zones         = [for n in range(0, var.availability_zones) : data.aws_availability_zones.available.names[n]]
   automatic_failover_enabled = var.automatic_failover_enabled
   snapshot_window            = var.snapshot_window
   snapshot_retention_limit   = var.snapshot_retention_limit

diff --git a/variables.tf b/variables.tf
@@ -57,7 +57,7 @@ variable "port" {
 
 variable "automatic_failover_enabled" {
   description = "Enable automatic failover "
-  default     = false
+  default     = true
   type        = bool
 }
 
@@ -70,8 +70,8 @@ variable "multi_az_enabled" {
 
 variable "availability_zones" {
   description = "The list of AZs"
-  default     = []
-  type        = list(string)
+  default     = 2
+  type        = string
 }
 
 variable "snapshot_window" {
@@ -82,7 +82,7 @@ variable "snapshot_window" {
 
 variable "snapshot_retention_limit" {
   description = "The number of days for which ElastiCache will retain automatic cache cluster snapshots before deleting them. For example, if you set SnapshotRetentionLimit to 5, then a snapshot that was taken today will be retained for 5 days before being deleted. If the value of SnapshotRetentionLimit is set to zero (0), backups are turned off. Please note that setting a snapshot_retention_limit is not supported on cache.t1.micro or cache.t2.* cache nodes"
-  default     = 0
+  default     = 7
   type        = number
 }