Skip to content

Commit

Permalink
Merge pull request #57 from clouddrove/feature/random_pass
Browse files Browse the repository at this point in the history
Feature/random pass
  • Loading branch information
themaniskshah authored Sep 6, 2023
2 parents 2c960b8 + 6fec54b commit 07023d1
Show file tree
Hide file tree
Showing 7 changed files with 56 additions and 21 deletions.
File renamed without changes.
Original file line number Diff line number Diff line change
Expand Up @@ -37,21 +37,21 @@ module "subnets" {
ipv6_cidr_block = module.vpc.ipv6_cidr_block
}

####----------------------------------------------------------------------------------
## Amazon ElastiCache [REDIS-CLUSTER] is a fully managed in-memory data store and cache service by Amazon Web Services.
## The service improves the performance of web applications by retrieving information from managed in-memory caches,
## instead of relying entirely on slower disk-based databases.
####----------------------------------------------------------------------------------
###----------------------------------------------------------------------------------
# Amazon ElastiCache [REDIS-CLUSTER] is a fully managed in-memory data store and cache service by Amazon Web Services.
# The service improves the performance of web applications by retrieving information from managed in-memory caches,
# instead of relying entirely on slower disk-based databases.
###----------------------------------------------------------------------------------
module "redis-cluster" {
source = "./../../"

name = "redis-cluster"
environment = "test"
label_order = ["environment", "name"]

####----------------------------------------------------------------------------------
## Below A security group controls the traffic that is allowed to reach and leave the resources that it is associated with.
####----------------------------------------------------------------------------------
###----------------------------------------------------------------------------------
# Below A security group controls the traffic that is allowed to reach and leave the resources that it is associated with.
###----------------------------------------------------------------------------------
vpc_id = module.vpc.vpc_id
allowed_ip = [module.vpc.vpc_cidr_block]
allowed_ports = [6379]
Expand All @@ -71,9 +71,10 @@ module "redis-cluster" {
Application = "CloudDrove"
}

####----------------------------------------------------------------------------------
## will create ROUTE-53 for redis which will add the dns of the cluster.
####----------------------------------------------------------------------------------

###----------------------------------------------------------------------------------
# will create ROUTE-53 for redis which will add the dns of the cluster.
###----------------------------------------------------------------------------------
route53_record_enabled = false
ssm_parameter_endpoint_enabled = false
dns_record_name = "prod"
Expand Down
5 changes: 5 additions & 0 deletions _example/redis-cluster/outputs.tf
Original file line number Diff line number Diff line change
Expand Up @@ -22,3 +22,8 @@ output "redis_ssm_arn" {
value = module.redis-cluster.redis_ssm_name
description = "A map of the names and ARNs created"
}

output "auth_token" {
value = module.redis-cluster.auth_token
sensitive = true
}
File renamed without changes.
18 changes: 14 additions & 4 deletions main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -137,6 +137,16 @@ resource "aws_elasticache_subnet_group" "default" {
tags = module.labels.tags
}

##----------------------------------------------------------------------------------
## Below resource will create random passoword for the auth_token
##----------------------------------------------------------------------------------

resource "random_password" "auth_token" {
count = var.auth_token_enable && var.auth_token == null ? 1 : 0
length = var.length
special = var.special
}

##----------------------------------------------------------------------------------
## Below resource will create replication-group resource for redis-cluster and memcached.
##----------------------------------------------------------------------------------
Expand Down Expand Up @@ -165,7 +175,7 @@ resource "aws_elasticache_replication_group" "cluster" {
at_rest_encryption_enabled = var.at_rest_encryption_enabled
transit_encryption_enabled = var.transit_encryption_enabled
multi_az_enabled = var.multi_az_enabled
auth_token = var.auth_token
auth_token = var.auth_token_enable ? (var.auth_token == null ? random_password.auth_token[0].result : var.auth_token) : null
kms_key_id = var.kms_key_id == "" ? join("", aws_kms_key.default[*].arn) : var.kms_key_id
tags = module.labels.tags
num_cache_clusters = var.num_cache_clusters
Expand Down Expand Up @@ -223,15 +233,15 @@ resource "aws_route53_record" "elasticache" {
}

##----------------------------------------------------------------------------------
## Below resource will create ssm-parameter resource for redisand memcached with auth-token.
## Below resource will create ssm-parameter resource for redis and memcached with auth-token.
##----------------------------------------------------------------------------------
resource "aws_ssm_parameter" "secret" {
count = var.auth_token != null ? 1 : 0
count = var.auth_token_enable ? 1 : 0

name = format("/%s/%s/auth-token", var.environment, var.name)
description = var.ssm_parameter_description
type = var.ssm_parameter_type
value = var.auth_token
value = var.auth_token == null ? random_password.auth_token[0].result : var.auth_token
key_id = var.kms_key_id == "" ? join("", aws_kms_key.default[*].arn) : var.kms_key_id
}

Expand Down
6 changes: 6 additions & 0 deletions outputs.tf
Original file line number Diff line number Diff line change
Expand Up @@ -59,3 +59,9 @@ output "Memcached_ssm_name" {
value = join("", aws_ssm_parameter.memcached_secret-endpoint[*].name)
description = "A list of all of the parameter values"
}

output "auth_token" {
value = random_password.auth_token[0].result
sensitive = true
description = "Auth token generated value"
}
25 changes: 19 additions & 6 deletions variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -175,6 +175,12 @@ variable "transit_encryption_enabled" {
description = "Whether to enable encryption in transit."
}

variable "auth_token_enable" {
type = bool
default = true
description = "Flag to specify whether to create auth token (password) protected cluster. Can be specified only if transit_encryption_enabled = true."
}

variable "auth_token" {
type = string
default = null
Expand Down Expand Up @@ -324,12 +330,6 @@ variable "enable_security_group" {
description = "Enable default Security Group with only Egress traffic allowed."
}

variable "existing_sg_id" {
type = string
default = null
description = "Provide existing security group id for updating existing rule"
}

variable "egress_rule" {
type = bool
default = true
Expand Down Expand Up @@ -432,3 +432,16 @@ variable "ssm_parameter_type" {
default = "SecureString"
description = "Type of the parameter."
}

###------------------------------- random_password----------------------------

variable "length" {
type = number
default = 25
}

variable "special" {
type = bool
default = false

}

0 comments on commit 07023d1

Please sign in to comment.