diff --git a/_example/memcached/main.tf b/_example/memcached/example.tf similarity index 100% rename from _example/memcached/main.tf rename to _example/memcached/example.tf diff --git a/_example/redis-cluster/main.tf b/_example/redis-cluster/example.tf similarity index 71% rename from _example/redis-cluster/main.tf rename to _example/redis-cluster/example.tf index c174e86..6fb8096 100644 --- a/_example/redis-cluster/main.tf +++ b/_example/redis-cluster/example.tf @@ -37,11 +37,11 @@ module "subnets" { ipv6_cidr_block = module.vpc.ipv6_cidr_block } -####---------------------------------------------------------------------------------- -## Amazon ElastiCache [REDIS-CLUSTER] is a fully managed in-memory data store and cache service by Amazon Web Services. -## The service improves the performance of web applications by retrieving information from managed in-memory caches, -## instead of relying entirely on slower disk-based databases. -####---------------------------------------------------------------------------------- +###---------------------------------------------------------------------------------- +# Amazon ElastiCache [REDIS-CLUSTER] is a fully managed in-memory data store and cache service by Amazon Web Services. +# The service improves the performance of web applications by retrieving information from managed in-memory caches, +# instead of relying entirely on slower disk-based databases. +###---------------------------------------------------------------------------------- module "redis-cluster" { source = "./../../" @@ -49,9 +49,9 @@ module "redis-cluster" { environment = "test" label_order = ["environment", "name"] - ####---------------------------------------------------------------------------------- - ## Below A security group controls the traffic that is allowed to reach and leave the resources that it is associated with. - ####---------------------------------------------------------------------------------- + ###---------------------------------------------------------------------------------- + # Below A security group controls the traffic that is allowed to reach and leave the resources that it is associated with. + ###---------------------------------------------------------------------------------- vpc_id = module.vpc.vpc_id allowed_ip = [module.vpc.vpc_cidr_block] allowed_ports = [6379] @@ -71,9 +71,10 @@ module "redis-cluster" { Application = "CloudDrove" } - ####---------------------------------------------------------------------------------- - ## will create ROUTE-53 for redis which will add the dns of the cluster. - ####---------------------------------------------------------------------------------- + + ###---------------------------------------------------------------------------------- + # will create ROUTE-53 for redis which will add the dns of the cluster. + ###---------------------------------------------------------------------------------- route53_record_enabled = false ssm_parameter_endpoint_enabled = false dns_record_name = "prod" diff --git a/_example/redis-cluster/outputs.tf b/_example/redis-cluster/outputs.tf index e50332d..878bdc3 100644 --- a/_example/redis-cluster/outputs.tf +++ b/_example/redis-cluster/outputs.tf @@ -22,3 +22,8 @@ output "redis_ssm_arn" { value = module.redis-cluster.redis_ssm_name description = "A map of the names and ARNs created" } + +output "auth_token" { + value = module.redis-cluster.auth_token + sensitive = true +} \ No newline at end of file diff --git a/_example/redis/main.tf b/_example/redis/example.tf similarity index 100% rename from _example/redis/main.tf rename to _example/redis/example.tf diff --git a/main.tf b/main.tf index fa04ec5..0a52ba8 100644 --- a/main.tf +++ b/main.tf @@ -137,6 +137,16 @@ resource "aws_elasticache_subnet_group" "default" { tags = module.labels.tags } +##---------------------------------------------------------------------------------- +## Below resource will create random passoword for the auth_token +##---------------------------------------------------------------------------------- + +resource "random_password" "auth_token" { + count = var.auth_token_enable && var.auth_token == null ? 1 : 0 + length = var.length + special = var.special +} + ##---------------------------------------------------------------------------------- ## Below resource will create replication-group resource for redis-cluster and memcached. ##---------------------------------------------------------------------------------- @@ -165,7 +175,7 @@ resource "aws_elasticache_replication_group" "cluster" { at_rest_encryption_enabled = var.at_rest_encryption_enabled transit_encryption_enabled = var.transit_encryption_enabled multi_az_enabled = var.multi_az_enabled - auth_token = var.auth_token + auth_token = var.auth_token_enable ? (var.auth_token == null ? random_password.auth_token[0].result : var.auth_token) : null kms_key_id = var.kms_key_id == "" ? join("", aws_kms_key.default[*].arn) : var.kms_key_id tags = module.labels.tags num_cache_clusters = var.num_cache_clusters @@ -223,15 +233,15 @@ resource "aws_route53_record" "elasticache" { } ##---------------------------------------------------------------------------------- -## Below resource will create ssm-parameter resource for redisand memcached with auth-token. +## Below resource will create ssm-parameter resource for redis and memcached with auth-token. ##---------------------------------------------------------------------------------- resource "aws_ssm_parameter" "secret" { - count = var.auth_token != null ? 1 : 0 + count = var.auth_token_enable ? 1 : 0 name = format("/%s/%s/auth-token", var.environment, var.name) description = var.ssm_parameter_description type = var.ssm_parameter_type - value = var.auth_token + value = var.auth_token == null ? random_password.auth_token[0].result : var.auth_token key_id = var.kms_key_id == "" ? join("", aws_kms_key.default[*].arn) : var.kms_key_id } diff --git a/outputs.tf b/outputs.tf index a8b4a59..1b77220 100644 --- a/outputs.tf +++ b/outputs.tf @@ -59,3 +59,9 @@ output "Memcached_ssm_name" { value = join("", aws_ssm_parameter.memcached_secret-endpoint[*].name) description = "A list of all of the parameter values" } + +output "auth_token" { + value = random_password.auth_token[0].result + sensitive = true + description = "Auth token generated value" +} \ No newline at end of file diff --git a/variables.tf b/variables.tf index cf553e3..6520013 100644 --- a/variables.tf +++ b/variables.tf @@ -175,6 +175,12 @@ variable "transit_encryption_enabled" { description = "Whether to enable encryption in transit." } +variable "auth_token_enable" { + type = bool + default = true + description = "Flag to specify whether to create auth token (password) protected cluster. Can be specified only if transit_encryption_enabled = true." +} + variable "auth_token" { type = string default = null @@ -324,12 +330,6 @@ variable "enable_security_group" { description = "Enable default Security Group with only Egress traffic allowed." } -variable "existing_sg_id" { - type = string - default = null - description = "Provide existing security group id for updating existing rule" -} - variable "egress_rule" { type = bool default = true @@ -432,3 +432,16 @@ variable "ssm_parameter_type" { default = "SecureString" description = "Type of the parameter." } + +###------------------------------- random_password---------------------------- + +variable "length" { + type = number + default = 25 +} + +variable "special" { + type = bool + default = false + +} \ No newline at end of file