chore: Updates from testing and validating examples

Author: bryantbiggs

README.md

@@ -85,7 +85,7 @@ No modules.
 | <a name="input_kms_key_arn"></a> [kms\_key\_arn](#input\_kms\_key\_arn) | The ARN of the key that you wish to use if encrypting at rest. If not supplied, uses service managed encryption. Can be specified only if `at_rest_encryption_enabled = true` | `string` | `null` | no |
 | <a name="input_log_delivery_configuration"></a> [log\_delivery\_configuration](#input\_log\_delivery\_configuration) | (Redis only) Specifies the destination and format of Redis SLOWLOG or Redis Engine Log | `any` | <pre>{<br>  "slow-log": {<br>    "destination_type": "cloudwatch-logs",<br>    "log_format": "json"<br>  }<br>}</pre> | no |
 | <a name="input_maintenance_window"></a> [maintenance\_window](#input\_maintenance\_window) | Specifies the weekly time range for when maintenance on the cache cluster is performed. The format is `ddd:hh24:mi-ddd:hh24:mi` (24H Clock UTC) | `string` | `null` | no |
-| <a name="input_multi_az_enabled"></a> [multi\_az\_enabled](#input\_multi\_az\_enabled) | Specifies whether to enable Multi-AZ Support for the replication group. If true, `automatic_failover_enabled` must also be enabled. Defaults to `false` | `bool` | `null` | no |
+| <a name="input_multi_az_enabled"></a> [multi\_az\_enabled](#input\_multi\_az\_enabled) | Specifies whether to enable Multi-AZ Support for the replication group. If true, `automatic_failover_enabled` must also be enabled. Defaults to `false` | `bool` | `false` | no |
 | <a name="input_network_type"></a> [network\_type](#input\_network\_type) | The IP versions for cache cluster connections. Valid values are `ipv4`, `ipv6` or `dual_stack` | `string` | `null` | no |
 | <a name="input_node_type"></a> [node\_type](#input\_node\_type) | The instance class used. For Memcached, changing this value will re-create the resource | `string` | `null` | no |
 | <a name="input_notification_topic_arn"></a> [notification\_topic\_arn](#input\_notification\_topic\_arn) | ARN of an SNS topic to send ElastiCache notifications to | `string` | `null` | no |
@@ -119,7 +119,7 @@ No modules.
 | <a name="input_subnet_ids"></a> [subnet\_ids](#input\_subnet\_ids) | List of VPC Subnet IDs for the Elasticache subnet group | `list(string)` | `[]` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | A map of tags to add to all resources | `map(string)` | `{}` | no |
 | <a name="input_transit_encryption_enabled"></a> [transit\_encryption\_enabled](#input\_transit\_encryption\_enabled) | Enable encryption in-transit. Supported only with Memcached versions `1.6.12` and later, running in a VPC | `bool` | `null` | no |
-| <a name="input_user_group_ids"></a> [user\_group\_ids](#input\_user\_group\_ids) | User Group ID to associate with the replication group. Only a maximum of one (1) user group ID is valid | `list(string)` | `[]` | no |
+| <a name="input_user_group_ids"></a> [user\_group\_ids](#input\_user\_group\_ids) | User Group ID to associate with the replication group. Only a maximum of one (1) user group ID is valid | `list(string)` | `null` | no |
 | <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | Identifier of the VPC where the security group will be created | `string` | `null` | no |
 
 ## Outputs

examples/memcached-cluster/main.tf

@@ -28,11 +28,13 @@ module "elasticache" {
   cluster_id = local.name
 
   engine          = "memcached"
-  engine_version  = "1.6"
+  engine_version  = "1.6.17"
   node_type       = "cache.t4g.small"
   num_cache_nodes = 2
   az_mode         = "cross-az"
 
+  # Security group
+  vpc_id = module.vpc.vpc_id
   security_group_rules = {
     ingress_vpc = {
       # Default type is `ingress`

examples/redis-cluster/main.tf

@@ -30,6 +30,8 @@ module "elasticache" {
   engine_version = "7.1"
   node_type      = "cache.t4g.small"
 
+  # Security group
+  vpc_id = module.vpc.vpc_id
   security_group_rules = {
     ingress_vpc = {
       # Default type is `ingress`
@@ -50,16 +52,12 @@ module "elasticache" {
   # parameter group
   create_parameter_group      = true
   parameter_group_name        = local.name
-  parameter_group_family      = "redis7.1"
+  parameter_group_family      = "redis7"
   parameter_group_description = "${title(local.name)} parameter group"
   parameters = [
     {
-      name  = "activerehashing"
+      name  = "latency-tracking"
       value = "yes"
-    },
-    {
-      name  = "min-slaves-to-write"
-      value = "2"
     }
   ]
 

examples/redis-replication-group/main.tf

@@ -25,6 +25,7 @@ locals {
 module "elasticache" {
   source = "../../"
 
+  create_cluster           = false
   create_replication_group = true
   replication_group_id     = local.name
 
@@ -42,6 +43,8 @@ module "elasticache" {
   transit_encryption_enabled = true
   auth_token                 = "PickSomethingMoreSecure123!"
 
+  # Security group
+  vpc_id = module.vpc.vpc_id
   security_group_rules = {
     ingress_vpc = {
       # Default type is `ingress`
@@ -62,16 +65,12 @@ module "elasticache" {
   # parameter group
   create_parameter_group      = true
   parameter_group_name        = local.name
-  parameter_group_family      = "redis7.1"
+  parameter_group_family      = "redis7"
   parameter_group_description = "${title(local.name)} parameter group"
   parameters = [
     {
-      name  = "activerehashing"
+      name  = "latency-tracking"
       value = "yes"
-    },
-    {
-      name  = "min-slaves-to-write"
-      value = "2"
     }
   ]
 

main.tf

@@ -2,7 +2,7 @@ locals {
   # https://github.com/hashicorp/terraform-provider-aws/blob/3c4cb52c5dc2c09e10e5a717f73d1d8bc4186e87/internal/service/elasticache/cluster.go#L271
   in_replication_group = var.replication_group_id != null
 
-  security_group_ids = local.create_security_group ? concat(var.security_group_ids, aws_security_group.this[0].id) : var.security_group_ids
+  security_group_ids = local.create_security_group ? concat(var.security_group_ids, [aws_security_group.this[0].id]) : var.security_group_ids
   port               = var.engine == "memcached" ? 11211 : 6379
 
   tags = merge(var.tags, { terraform-aws-modules = "elasticache" })
@@ -29,10 +29,10 @@ resource "aws_elasticache_cluster" "this" {
     for_each = { for k, v in var.log_delivery_configuration : k => v if var.engine == "redis" }
 
     content {
-      destination      = try(v.create_cloudwatch_log_group, true) && log_delivery_configuration.value.destination_type == "cloudwatch-logs" ? aws_cloudwatch_log_group.this[each.key].name : log_delivery_configuration.value.destination
+      destination      = try(log_delivery_configuration.value.create_cloudwatch_log_group, true) && log_delivery_configuration.value.destination_type == "cloudwatch-logs" ? aws_cloudwatch_log_group.this[log_delivery_configuration.key].name : log_delivery_configuration.value.destination
       destination_type = log_delivery_configuration.value.destination_type
       log_format       = log_delivery_configuration.value.log_format
-      log_type         = try(log_delivery_configuration.value.log_type, each.key)
+      log_type         = try(log_delivery_configuration.value.log_type, log_delivery_configuration.key)
     }
   }
 
@@ -52,7 +52,7 @@ resource "aws_elasticache_cluster" "this" {
   snapshot_name                = local.in_replication_group ? null : var.snapshot_name
   snapshot_retention_limit     = local.in_replication_group ? null : var.snapshot_retention_limit
   snapshot_window              = local.in_replication_group ? null : var.snapshot_window
-  subnet_group_name            = local.in_replication_group ? null : var.subnet_group_name
+  subnet_group_name            = local.in_replication_group ? null : local.subnet_group_name
   transit_encryption_enabled   = var.transit_encryption_enabled
 
   tags = local.tags
@@ -89,10 +89,10 @@ resource "aws_elasticache_replication_group" "this" {
     for_each = { for k, v in var.log_delivery_configuration : k => v if var.engine == "redis" }
 
     content {
-      destination      = try(v.create_cloudwatch_log_group, true) && log_delivery_configuration.value.destination_type == "cloudwatch-logs" ? aws_cloudwatch_log_group.this[each.key].name : log_delivery_configuration.value.destination
+      destination      = try(log_delivery_configuration.value.create_cloudwatch_log_group, true) && log_delivery_configuration.value.destination_type == "cloudwatch-logs" ? aws_cloudwatch_log_group.this[log_delivery_configuration.key].name : log_delivery_configuration.value.destination
       destination_type = log_delivery_configuration.value.destination_type
       log_format       = log_delivery_configuration.value.log_format
-      log_type         = try(log_delivery_configuration.value.log_type, each.key)
+      log_type         = try(log_delivery_configuration.value.log_type, log_delivery_configuration.key)
     }
   }
 
@@ -114,7 +114,7 @@ resource "aws_elasticache_replication_group" "this" {
   snapshot_name               = local.in_global_replication_group ? null : var.snapshot_name
   snapshot_retention_limit    = var.snapshot_retention_limit
   snapshot_window             = var.snapshot_window
-  subnet_group_name           = var.subnet_group_name
+  subnet_group_name           = local.subnet_group_name
   transit_encryption_enabled  = local.in_global_replication_group ? null : var.transit_encryption_enabled
   user_group_ids              = var.user_group_ids
 
@@ -166,10 +166,6 @@ resource "aws_elasticache_parameter_group" "this" {
     }
   }
 
-  lifecycle {
-    create_before_destroy = true
-  }
-
   tags = local.tags
 }
 
@@ -178,13 +174,14 @@ resource "aws_elasticache_parameter_group" "this" {
 ################################################################################
 
 locals {
-  subnet_group_name = try(coalesce(var.subnet_group_name, var.cluster_id, var.replication_group_id), "")
+  inter_subnet_group_name = try(coalesce(var.subnet_group_name, var.cluster_id, var.replication_group_id), "")
+  subnet_group_name       = var.create && var.create_subnet_group ? aws_elasticache_subnet_group.this[0].name : var.subnet_group_name
 }
 
 resource "aws_elasticache_subnet_group" "this" {
   count = var.create && var.create_subnet_group ? 1 : 0
 
-  name        = local.subnet_group_name
+  name        = local.inter_subnet_group_name
   description = coalesce(var.subnet_group_description, "ElastiCache subnet group")
   subnet_ids  = var.subnet_ids
 
@@ -216,7 +213,7 @@ resource "aws_security_group" "this" {
 }
 
 resource "aws_vpc_security_group_ingress_rule" "this" {
-  for_each = { for k, v in var.security_group_rules : k => v if local.create_security_group && try(v.type == "ingress") }
+  for_each = { for k, v in var.security_group_rules : k => v if local.create_security_group && try(v.type, "ingress") == "ingress" }
 
   # Required
   security_group_id = aws_security_group.this[0].id
@@ -235,7 +232,7 @@ resource "aws_vpc_security_group_ingress_rule" "this" {
 }
 
 resource "aws_vpc_security_group_egress_rule" "this" {
-  for_each = { for k, v in var.security_group_rules : k => v if local.create_security_group && try(v.type == "egress") }
+  for_each = { for k, v in var.security_group_rules : k => v if local.create_security_group && try(v.type, "ingress") == "egress" }
 
   # Required
   security_group_id = aws_security_group.this[0].id

variables.tf

@@ -236,7 +236,7 @@ variable "kms_key_arn" {
 variable "multi_az_enabled" {
   description = "Specifies whether to enable Multi-AZ Support for the replication group. If true, `automatic_failover_enabled` must also be enabled. Defaults to `false`"
   type        = bool
-  default     = null
+  default     = false
 }
 
 variable "num_cache_clusters" {
@@ -278,7 +278,7 @@ variable "security_group_names" {
 variable "user_group_ids" {
   description = "User Group ID to associate with the replication group. Only a maximum of one (1) user group ID is valid"
   type        = list(string)
-  default     = []
+  default     = null
 }
 
 ################################################################################