From d447dd33c3f91f7a9e4e2a10b3b60a36573db910 Mon Sep 17 00:00:00 2001 From: theprashantyadav Date: Mon, 22 May 2023 16:46:27 +0530 Subject: [PATCH] feat: added kms module and update module --- _example/memcached/example.tf | 58 ++++++++++++++++++++++++------- _example/redis-cluster/example.tf | 43 ++++++++++++++++++++--- _example/redis/example.tf | 40 +++++++++++++++++++-- 3 files changed, 123 insertions(+), 18 deletions(-) diff --git a/_example/memcached/example.tf b/_example/memcached/example.tf index 7bc4ce7..eba2f39 100644 --- a/_example/memcached/example.tf +++ b/_example/memcached/example.tf @@ -43,6 +43,39 @@ module "memcached-sg" { allowed_ports = [11211] } +module "kms_key" { + source = "clouddrove/kms/aws" + version = "1.3.0" + + name = "kms" + environment = "test" + label_order = ["name", "environment"] + + enabled = true + description = "KMS key for aurora" + alias = "alias/aurora" + key_usage = "ENCRYPT_DECRYPT" + customer_master_key_spec = "SYMMETRIC_DEFAULT" + deletion_window_in_days = 7 + is_enabled = true + policy = data.aws_iam_policy_document.default.json +} + +data "aws_iam_policy_document" "default" { + version = "2012-10-17" + + statement { + sid = "Enable IAM User Permissions" + effect = "Allow" + principals { + type = "AWS" + identifiers = ["*"] + } + actions = ["kms:*"] + resources = ["*"] + } +} + module "memcached" { source = "./../../" @@ -50,18 +83,19 @@ module "memcached" { environment = "test" label_order = ["name", "environment"] - cluster_enabled = true - engine = "memcached" - engine_version = "1.5.10" - family = "memcached1.5" - parameter_group_name = "" - az_mode = "cross-az" - port = 11211 - node_type = "cache.t2.micro" - num_cache_nodes = 2 - subnet_ids = module.subnets.public_subnet_id - security_group_ids = [module.memcached-sg.security_group_ids] - availability_zones = ["eu-west-1a", "eu-west-1b"] + cluster_enabled = true + engine = "memcached" + engine_version = "1.5.10" + family = "memcached1.5" + parameter_group_name = "" + az_mode = "cross-az" + port = 11211 + node_type = "cache.t2.micro" + num_cache_nodes = 2 + kms_key_id = module.kms_key.key_arn + subnet_ids = module.subnets.public_subnet_id + security_group_ids = [module.memcached-sg.security_group_ids] + availability_zones = ["eu-west-1a", "eu-west-1b"] extra_tags = { Application = "CloudDrove" } diff --git a/_example/redis-cluster/example.tf b/_example/redis-cluster/example.tf index 59edae2..14773df 100644 --- a/_example/redis-cluster/example.tf +++ b/_example/redis-cluster/example.tf @@ -1,5 +1,5 @@ provider "aws" { - region = "eu-west-1" + region = "us-east-1" } module "vpc" { @@ -20,7 +20,7 @@ module "subnets" { name = "subnets" environment = "test" label_order = ["name", "environment"] - availability_zones = ["eu-west-1a", "eu-west-1b", "eu-west-1c"] + availability_zones = ["us-east-1a", "us-east-1b", "us-east-1c"] vpc_id = module.vpc.vpc_id type = "public" igw_id = module.vpc.igw_id @@ -41,6 +41,40 @@ module "redis-sg" { allowed_ports = [6379] } +module "kms_key" { + source = "clouddrove/kms/aws" + version = "1.3.0" + + name = "kms" + environment = "test" + label_order = ["name", "environment"] + + enabled = true + + description = "KMS key for aurora" + alias = "alias/redis-cluster" + key_usage = "ENCRYPT_DECRYPT" + customer_master_key_spec = "SYMMETRIC_DEFAULT" + deletion_window_in_days = 7 + is_enabled = true + policy = data.aws_iam_policy_document.default.json +} + +data "aws_iam_policy_document" "default" { + version = "2012-10-17" + + statement { + sid = "Enable IAM User Permissions" + effect = "Allow" + principals { + type = "AWS" + identifiers = ["*"] + } + actions = ["kms:*"] + resources = ["*"] + } +} + module "redis-cluster" { source = "./../../" @@ -54,13 +88,14 @@ module "redis-cluster" { parameter_group_name = "default.redis6.x.cluster.on" port = 6379 node_type = "cache.t2.micro" + kms_key_id = module.kms_key.key_arn subnet_ids = module.subnets.public_subnet_id security_group_ids = [module.redis-sg.security_group_ids] - availability_zones = ["eu-west-1a", "eu-west-1b"] + availability_zones = ["us-east-1a", "us-east-1b"] auto_minor_version_upgrade = true replicas_per_node_group = 2 num_node_groups = 1 - snapshot_retention_limit = 7 + snapshot_retention_limit = 7 automatic_failover_enabled = true extra_tags = { Application = "CloudDrove" diff --git a/_example/redis/example.tf b/_example/redis/example.tf index c7df0c5..edb861a 100644 --- a/_example/redis/example.tf +++ b/_example/redis/example.tf @@ -41,6 +41,39 @@ module "redis-sg" { allowed_ports = [6379] } +module "kms_key" { + source = "clouddrove/kms/aws" + version = "1.3.0" + + name = "kms" + environment = "test" + label_order = ["name", "environment"] + + enabled = true + description = "KMS key for aurora" + alias = "alias/redis" + key_usage = "ENCRYPT_DECRYPT" + customer_master_key_spec = "SYMMETRIC_DEFAULT" + deletion_window_in_days = 7 + is_enabled = true + policy = data.aws_iam_policy_document.default.json +} + +data "aws_iam_policy_document" "default" { + version = "2012-10-17" + + statement { + sid = "Enable IAM User Permissions" + effect = "Allow" + principals { + type = "AWS" + identifiers = ["*"] + } + actions = ["kms:*"] + resources = ["*"] + } +} + module "redis" { source = "./../../" name = "redis" @@ -49,14 +82,17 @@ module "redis" { replication_enabled = true engine = "redis" - engine_version = "6.2" - parameter_group_name = "default.redis6.x" + engine_version = "7.0" + parameter_group_name = "default.redis7" port = 6379 node_type = "cache.t2.micro" + kms_key_id = module.kms_key.key_arn subnet_ids = module.subnets.public_subnet_id security_group_ids = [module.redis-sg.security_group_ids] availability_zones = ["eu-west-1a", "eu-west-1b"] + automatic_failover_enabled = true auto_minor_version_upgrade = true + multi_az_enabled = true #Specifies whether to enable Multi-AZ Support for the replication group. If true, automatic_failover_enabled must also be enabled num_cache_clusters = 2 retention_in_days = 0 snapshot_retention_limit = 7