Feat: Added the random password resource block to genrate the auth token

clouddrove · Sep 6, 2023 · 59b4d1b · 59b4d1b
1 parent 2c960b8
commit 59b4d1b
Show file tree

Hide file tree

Showing 5 changed files with 36 additions and 9 deletions.
diff --git a/_example/redis-cluster/main.tf b/_example/redis-cluster/main.tf
@@ -37,11 +37,11 @@ module "subnets" {
   ipv6_cidr_block    = module.vpc.ipv6_cidr_block
 }
 
-####----------------------------------------------------------------------------------
-## Amazon ElastiCache [REDIS-CLUSTER] is a fully managed in-memory data store and cache service by Amazon Web Services.
-## The service improves the performance of web applications by retrieving information from managed in-memory caches,
-## instead of relying entirely on slower disk-based databases.
-####----------------------------------------------------------------------------------
+###----------------------------------------------------------------------------------
+# Amazon ElastiCache [REDIS-CLUSTER] is a fully managed in-memory data store and cache service by Amazon Web Services.
+# The service improves the performance of web applications by retrieving information from managed in-memory caches,
+# instead of relying entirely on slower disk-based databases.
+###----------------------------------------------------------------------------------
 module "redis-cluster" {
   source = "./../../"
 

diff --git a/_example/redis-cluster/outputs.tf b/_example/redis-cluster/outputs.tf
@@ -22,3 +22,8 @@ output "redis_ssm_arn" {
   value       = module.redis-cluster.redis_ssm_name
   description = "A map of the names and ARNs created"
 }
+
+output "auth_token" {
+  value = module.redis-cluster.auth_token
+  sensitive = true
+}
diff --git a/main.tf b/main.tf
@@ -137,6 +137,16 @@ resource "aws_elasticache_subnet_group" "default" {
   tags = module.labels.tags
 }
 
+##----------------------------------------------------------------------------------
+## Below resource will create random passoword for the auth_token
+##----------------------------------------------------------------------------------
+
+resource "random_password" "auth_token" {
+ count = var.auth_token_enable && var.auth_token == null ? 1 : 0
+length = 25
+special = false
+}
+
 ##----------------------------------------------------------------------------------
 ## Below resource will create replication-group resource for redis-cluster and memcached.
 ##----------------------------------------------------------------------------------
@@ -165,7 +175,7 @@ resource "aws_elasticache_replication_group" "cluster" {
   at_rest_encryption_enabled = var.at_rest_encryption_enabled
   transit_encryption_enabled = var.transit_encryption_enabled
   multi_az_enabled           = var.multi_az_enabled
-  auth_token                 = var.auth_token
+  auth_token                 = var.auth_token_enable ? ( var.auth_token == null ? random_password.auth_token[0].result : var.auth_token ) : null
   kms_key_id                 = var.kms_key_id == "" ? join("", aws_kms_key.default[*].arn) : var.kms_key_id
   tags                       = module.labels.tags
   num_cache_clusters         = var.num_cache_clusters
@@ -223,15 +233,15 @@ resource "aws_route53_record" "elasticache" {
 }
 
 ##----------------------------------------------------------------------------------
-## Below resource will create ssm-parameter resource for redisand memcached with auth-token.
+## Below resource will create ssm-parameter resource for redis and memcached with auth-token.
 ##----------------------------------------------------------------------------------
 resource "aws_ssm_parameter" "secret" {
-  count = var.auth_token != null ? 1 : 0
+  count = var.auth_token_enable ? 1 : 0
 
   name        = format("/%s/%s/auth-token", var.environment, var.name)
   description = var.ssm_parameter_description
   type        = var.ssm_parameter_type
-  value       = var.auth_token
+  value       = var.auth_token == null ? random_password.auth_token[0].result : var.auth_token
   key_id      = var.kms_key_id == "" ? join("", aws_kms_key.default[*].arn) : var.kms_key_id
 }
 

diff --git a/outputs.tf b/outputs.tf
@@ -59,3 +59,9 @@ output "Memcached_ssm_name" {
   value       = join("", aws_ssm_parameter.memcached_secret-endpoint[*].name)
   description = "A list of all of the parameter values"
 }
+
+output "auth_token" {
+  value = random_password.auth_token[0].result
+  sensitive = true
+  description = "Auth token generated value"
+}
diff --git a/variables.tf b/variables.tf
@@ -175,6 +175,12 @@ variable "transit_encryption_enabled" {
   description = "Whether to enable encryption in transit."
 }
 
+variable "auth_token_enable" {
+  type        = bool
+  default     = true
+  description = "Flag to specify whether to create auth token (password) protected cluster. Can be specified only if transit_encryption_enabled = true."
+}
+
 variable "auth_token" {
   type        = string
   default     = null