diff --git a/cloudwatch.tf b/cloudwatch.tf index 75bbea9..5ec7a4d 100644 --- a/cloudwatch.tf +++ b/cloudwatch.tf @@ -45,4 +45,3 @@ resource "aws_cloudwatch_metric_alarm" "cache_memory" { alarm_actions = ["${var.alarm_actions}"] } */ - diff --git a/main.tf b/main.tf index 40ebd3c..7c06d0f 100644 --- a/main.tf +++ b/main.tf @@ -1,5 +1,5 @@ data "aws_vpc" "vpc" { - id = "${var.vpc_id}" + id = var.vpc_id } resource "random_id" "salt" { @@ -7,31 +7,64 @@ resource "random_id" "salt" { } resource "aws_elasticache_replication_group" "redis" { - replication_group_id = "${format("%.20s","${var.name}-${var.env}")}" + replication_group_id = format("%.20s", "${var.name}-${var.env}") replication_group_description = "Terraform-managed ElastiCache replication group for ${var.name}-${var.env}-${data.aws_vpc.vpc.tags["Name"]}" - number_cache_clusters = "${var.redis_clusters}" - node_type = "${var.redis_node_type}" - automatic_failover_enabled = "${var.redis_failover}" - engine_version = "${var.redis_version}" - port = "${var.redis_port}" - parameter_group_name = "${aws_elasticache_parameter_group.redis_parameter_group.id}" - subnet_group_name = "${aws_elasticache_subnet_group.redis_subnet_group.id}" - security_group_ids = ["${aws_security_group.redis_security_group.id}"] - apply_immediately = "${var.apply_immediately}" - maintenance_window = "${var.redis_maintenance_window}" - snapshot_window = "${var.redis_snapshot_window}" - snapshot_retention_limit = "${var.redis_snapshot_retention_limit}" - tags = "${merge(map("Name", format("tf-elasticache-%s-%s", var.name, lookup(data.aws_vpc.vpc.tags,"Name",""))), var.tags)}" + number_cache_clusters = var.redis_clusters + node_type = var.redis_node_type + automatic_failover_enabled = var.redis_failover + engine_version = var.redis_version + port = var.redis_port + parameter_group_name = aws_elasticache_parameter_group.redis_parameter_group.id + subnet_group_name = aws_elasticache_subnet_group.redis_subnet_group.id + security_group_ids = [aws_security_group.redis_security_group.id] + apply_immediately = var.apply_immediately + maintenance_window = var.redis_maintenance_window + snapshot_window = var.redis_snapshot_window + snapshot_retention_limit = var.redis_snapshot_retention_limit + tags = merge( + { + "Name" = format( + "tf-elasticache-%s-%s", + var.name, + lookup(data.aws_vpc.vpc.tags, "Name", ""), + ) + }, + var.tags, + ) } resource "aws_elasticache_parameter_group" "redis_parameter_group" { - name = "${replace(format("%.255s", lower(replace("tf-redis-${var.name}-${var.env}-${data.aws_vpc.vpc.tags["Name"]}-${random_id.salt.hex}", "_", "-"))), "/\\s/", "-")}" + name = replace( + format( + "%.255s", + lower( + replace( + "tf-redis-${var.name}-${var.env}-${data.aws_vpc.vpc.tags["Name"]}-${random_id.salt.hex}", + "_", + "-", + ), + ), + ), + "/\\s/", + "-", + ) description = "Terraform-managed ElastiCache parameter group for ${var.name}-${var.env}-${data.aws_vpc.vpc.tags["Name"]}" # Strip the patch version from redis_version var - family = "redis${replace(var.redis_version, "/\\.[\\d]+$/","")}" - parameter = "${var.redis_parameters}" + family = "redis${replace(var.redis_version, "/\\.[\\d]+$/", "")}" + dynamic "parameter" { + for_each = var.redis_parameters + content { + # TF-UPGRADE-TODO: The automatic upgrade tool can't predict + # which keys might be set in maps assigned here, so it has + # produced a comprehensive set here. Consider simplifying + # this after confirming which keys can be set in practice. + + name = parameter.value.name + value = parameter.value.value + } + } lifecycle { create_before_destroy = true @@ -39,6 +72,19 @@ resource "aws_elasticache_parameter_group" "redis_parameter_group" { } resource "aws_elasticache_subnet_group" "redis_subnet_group" { - name = "${replace(format("%.255s", lower(replace("tf-redis-${var.name}-${var.env}-${data.aws_vpc.vpc.tags["Name"]}", "_", "-"))), "/\\s/", "-")}" - subnet_ids = ["${var.subnets}"] + name = replace( + format( + "%.255s", + lower( + replace( + "tf-redis-${var.name}-${var.env}-${data.aws_vpc.vpc.tags["Name"]}", + "_", + "-", + ), + ), + ), + "/\\s/", + "-", + ) + subnet_ids = var.subnets } diff --git a/outputs.tf b/outputs.tf index da6df54..8ccbbd4 100644 --- a/outputs.tf +++ b/outputs.tf @@ -1,23 +1,24 @@ output "redis_security_group_id" { - value = "${aws_security_group.redis_security_group.id}" + value = aws_security_group.redis_security_group.id } output "parameter_group" { - value = "${aws_elasticache_parameter_group.redis_parameter_group.id}" + value = aws_elasticache_parameter_group.redis_parameter_group.id } output "redis_subnet_group_name" { - value = "${aws_elasticache_subnet_group.redis_subnet_group.name}" + value = aws_elasticache_subnet_group.redis_subnet_group.name } output "id" { - value = "${aws_elasticache_replication_group.redis.id}" + value = aws_elasticache_replication_group.redis.id } output "port" { - value = "${var.redis_port}" + value = var.redis_port } output "endpoint" { - value = "${aws_elasticache_replication_group.redis.primary_endpoint_address}" + value = aws_elasticache_replication_group.redis.primary_endpoint_address } + diff --git a/security_groups.tf b/security_groups.tf index 9b86875..a2d498b 100644 --- a/security_groups.tf +++ b/security_groups.tf @@ -1,28 +1,32 @@ resource "aws_security_group" "redis_security_group" { - name = "${format("%.255s", "tf-sg-ec-${var.name}-${var.env}-${data.aws_vpc.vpc.tags["Name"]}")}" + name = format( + "%.255s", + "tf-sg-ec-${var.name}-${var.env}-${data.aws_vpc.vpc.tags["Name"]}", + ) description = "Terraform-managed ElastiCache security group for ${var.name}-${var.env}-${data.aws_vpc.vpc.tags["Name"]}" - vpc_id = "${data.aws_vpc.vpc.id}" + vpc_id = data.aws_vpc.vpc.id - tags { + tags = { Name = "tf-sg-ec-${var.name}-${var.env}-${data.aws_vpc.vpc.tags["Name"]}" } } resource "aws_security_group_rule" "redis_ingress" { - count = "${length(var.allowed_security_groups)}" + count = length(var.allowed_security_groups) type = "ingress" - from_port = "${var.redis_port}" - to_port = "${var.redis_port}" + from_port = var.redis_port + to_port = var.redis_port protocol = "tcp" - source_security_group_id = "${element(var.allowed_security_groups, count.index)}" - security_group_id = "${aws_security_group.redis_security_group.id}" + source_security_group_id = element(var.allowed_security_groups, count.index) + security_group_id = aws_security_group.redis_security_group.id } resource "aws_security_group_rule" "redis_networks_ingress" { type = "ingress" - from_port = "${var.redis_port}" - to_port = "${var.redis_port}" + from_port = var.redis_port + to_port = var.redis_port protocol = "tcp" - cidr_blocks = ["${var.allowed_cidr}"] - security_group_id = "${aws_security_group.redis_security_group.id}" + cidr_blocks = var.allowed_cidr + security_group_id = aws_security_group.redis_security_group.id } + diff --git a/variables.tf b/variables.tf index 9da1683..49d0df0 100644 --- a/variables.tf +++ b/variables.tf @@ -20,13 +20,13 @@ variable "apply_immediately" { } variable "allowed_cidr" { - type = "list" + type = list(string) default = ["127.0.0.1/32"] description = "A list of Security Group ID's to allow access to." } variable "allowed_security_groups" { - type = "list" + type = list(string) default = [] description = "A list of Security Group ID's to allow access to." } @@ -57,7 +57,7 @@ variable "redis_port" { } variable "subnets" { - type = "list" + type = list(string) description = "List of VPC Subnet IDs for the cache subnet group" } @@ -72,7 +72,7 @@ variable "vpc_id" { } variable "redis_parameters" { - type = "list" + type = list(string) description = "additional parameters modifyed in parameter group" default = [] } @@ -96,3 +96,4 @@ variable "tags" { description = "Tags for redis nodes" default = {} } + diff --git a/versions.tf b/versions.tf new file mode 100644 index 0000000..ac97c6a --- /dev/null +++ b/versions.tf @@ -0,0 +1,4 @@ + +terraform { + required_version = ">= 0.12" +}