Sync from management repo

Author: tomarv2

.github/workflows/stale-actions.yml

@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.64.0
+    rev: v1.76.0
     hooks:
       - id: terraform_fmt
       - id: terraform_tflint
@@ -12,14 +12,13 @@ repos:
           - '--args=--only=terraform_documented_outputs'
           - '--args=--only=terraform_documented_variables'
           - '--args=--only=terraform_typed_variables'
-          #- '--args=--only=terraform_module_pinned_source'
           - '--args=--only=terraform_naming_convention'
           - '--args=--only=terraform_required_providers'
           - '--args=--only=terraform_standard_module_structure'
           - '--args=--only=terraform_workspace_remote'
 
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.1.0
+    rev: v4.3.0
     hooks:
       - id: trailing-whitespace
       - id: end-of-file-fixer
@@ -31,7 +30,7 @@ repos:
       - id: requirements-txt-fixer
 
   - repo: https://github.com/bridgecrewio/checkov.git
-    rev: '2.0.914'
+    rev: '2.1.280'
     hooks:
     - id: checkov
       verbose: true

.pre-commit-config.yaml

@@ -25,7 +25,7 @@
 ### Versions
 
 - Module tested for Terraform 1.0.1.
-- AWS provider version [3.74](https://registry.terraform.io/providers/hashicorp/aws/latest)
+- AWS provider version [4.35](https://registry.terraform.io/providers/hashicorp/aws/latest)
 - `main` branch: Provider versions not pinned to keep up with Terraform releases
 - `tags` releases: Tags are pinned with versions (use <a href="https://github.com/tomarv2/terraform-aws-elasticache/tags" alt="GitHub tag">
         <img src="https://img.shields.io/github/v/tag/tomarv2/terraform-aws-elasticache" /></a> in your releases)
@@ -91,43 +91,6 @@ tf -c=aws destroy -var='teamid=foo' -var='prjid=bar'
 ```
 
 **Note:** Read more on [tfremote](https://github.com/tomarv2/tfremote)
-```
-terraform {
-  required_version = ">= 1.0.1"
-  required_providers {
-    aws = {
-      version = "~> 3.74"
-    }
-  }
-}
-
-provider "aws" {
-  region = var.region
-}
-
-module "redis" {
-  source = "../"
-
-  deploy_redis                 = true
-  deploy_redis_parameter_group = true
-
-  security_group_ids = [module.security_group.security_group_id]
-  # ----------------------------------------------
-  # Note: Do not change teamid and prjid once set.
-  teamid = var.teamid
-  prjid  = var.prjid
-}
-
-module "security_group" {
-  source = "git::git@github.com:tomarv2/terraform-aws-security-group.git?ref=v0.0.6"
-
-  deploy_security_group = true
-
-  service_ports = [6379]
-  teamid        = var.teamid
-  prjid         = var.prjid
-}
-```
 
 Please refer to examples directory [link](examples) for references.
 
@@ -138,65 +101,25 @@ Please refer to examples directory [link](examples) for references.
 <!-- BEGIN_TF_DOCS -->
 ## Requirements
 
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.1 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | ~> 3.74 |
+No requirements.
 
 ## Providers
 
-| Name | Version |
-|------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | ~> 3.74 |
+No providers.
 
 ## Modules
 
-| Name | Source | Version |
-|------|--------|---------|
-| <a name="module_global"></a> [global](#module\_global) | git::git@github.com:tomarv2/terraform-global.git//aws | v0.0.1 |
+No modules.
 
 ## Resources
 
-| Name | Type |
-|------|------|
-| [aws_elasticache_cluster.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticache_cluster) | resource |
-| [aws_elasticache_parameter_group.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticache_parameter_group) | resource |
-| [aws_elasticache_subnet_group.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticache_subnet_group) | resource |
-| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
-| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
+No resources.
 
 ## Inputs
 
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_apply_immediately"></a> [apply\_immediately](#input\_apply\_immediately) | Specifies whether any database modifications are applied immediately, or during the next maintenance window. Default is false. | `bool` | `true` | no |
-| <a name="input_availability_zone"></a> [availability\_zone](#input\_availability\_zone) | The Availability Zone for the cache cluster. If you want to create cache nodes in multi-az, use preferred\_availability\_zones instead. Default: System chosen Availability Zone. Changing this value will re-create the resource. | `string` | `null` | no |
-| <a name="input_az_mode"></a> [az\_mode](#input\_az\_mode) | (Memcached only) Specifies whether the nodes in this Memcached node group are created in a single Availability Zone or created across multiple Availability Zones in the cluster's region. Valid values for this parameter are single-az or cross-az, default is single-az. If you want to choose cross-az, num\_cache\_nodes must be greater than 1. | `string` | `null` | no |
-| <a name="input_cache_nodes"></a> [cache\_nodes](#input\_cache\_nodes) | The initial number of cache nodes that the cache cluster will have. For Redis, this value must be 1. For Memcache, this value must be between 1 and 20. | `number` | `1` | no |
-| <a name="input_cluster_id"></a> [cluster\_id](#input\_cluster\_id) | Group identifier. ElastiCache converts this name to lowercase | `string` | `null` | no |
-| <a name="input_cluster_mode_enabled"></a> [cluster\_mode\_enabled](#input\_cluster\_mode\_enabled) | Flag to enable/disable creation of a native redis cluster. `automatic_failover_enabled` must be set to `true`. Only 1 `cluster_mode` block is allowed | `bool` | `false` | no |
-| <a name="input_deploy_redis"></a> [deploy\_redis](#input\_deploy\_redis) | Feature flag, true or false | `bool` | `true` | no |
-| <a name="input_deploy_redis_parameter_group"></a> [deploy\_redis\_parameter\_group](#input\_deploy\_redis\_parameter\_group) | Feature flag, true or false | `bool` | `true` | no |
-| <a name="input_engine"></a> [engine](#input\_engine) | Name of the cache engine to be used for this cache cluster. Valid values for this parameter are memcached or redis. | `string` | `"redis"` | no |
-| <a name="input_engine_version"></a> [engine\_version](#input\_engine\_version) | Version of engine | `string` | `"5.0.6"` | no |
-| <a name="input_maintenance_window"></a> [maintenance\_window](#input\_maintenance\_window) | Specifies the weekly time range for when maintenance on the cache cluster is performed. | `string` | `"mon:10:30-mon:11:30"` | no |
-| <a name="input_node_type"></a> [node\_type](#input\_node\_type) | The compute and memory capacity of the nodes | `string` | `"cache.t2.micro"` | no |
-| <a name="input_notification_topic_arn"></a> [notification\_topic\_arn](#input\_notification\_topic\_arn) | An Amazon Resource Name (ARN) of an SNS topic to send ElastiCache notifications to. Example: arn:aws:sns:us-east-1:012345678999:my\_sns\_topic. | `string` | `null` | no |
-| <a name="input_parameter"></a> [parameter](#input\_parameter) | A list of Redis parameters to apply. Note that parameters may differ from one Redis family to another | <pre>list(object({<br>    name  = string<br>    value = string<br>  }))</pre> | `[]` | no |
-| <a name="input_parameter_group_family"></a> [parameter\_group\_family](#input\_parameter\_group\_family) | The family of the ElastiCache parameter group | `string` | `"redis5.0"` | no |
-| <a name="input_port"></a> [port](#input\_port) | The port number on which each of the cache nodes will accept connections. For Memcache the default is 11211, and for Redis the default port is 6379. | `number` | `6379` | no |
-| <a name="input_prjid"></a> [prjid](#input\_prjid) | Name of the project/stack e.g: mystack, nifieks, demoaci. Should not be changed after running 'tf apply' | `string` | n/a | yes |
-| <a name="input_security_group_ids"></a> [security\_group\_ids](#input\_security\_group\_ids) | One or more VPC security groups associated with the cache cluster | `string` | n/a | yes |
-| <a name="input_snapshot_arns"></a> [snapshot\_arns](#input\_snapshot\_arns) | A single-element string list containing an Amazon Resource Name (ARN) of a Redis RDB snapshot file stored in Amazon S3. Example: arn:aws:s3:::my\_bucket/snapshot1.rdb | `list(any)` | <pre>[<br>  ""<br>]</pre> | no |
-| <a name="input_snapshot_retention_limit"></a> [snapshot\_retention\_limit](#input\_snapshot\_retention\_limit) | Number of days snapshot image will be retained | `number` | `5` | no |
-| <a name="input_snapshot_window"></a> [snapshot\_window](#input\_snapshot\_window) | Daily time range (in UTC) during which ElastiCache will begin taking a daily snapshot of your cache cluster. Example: 05:00-09:00. | `string` | `""` | no |
-| <a name="input_teamid"></a> [teamid](#input\_teamid) | Name of the team/group e.g. devops, dataengineering. Should not be changed after running 'tf apply' | `string` | n/a | yes |
+No inputs.
 
 ## Outputs
 
-| Name | Description |
-|------|-------------|
-| <a name="output_aws_elasticache_parameter_group"></a> [aws\_elasticache\_parameter\_group](#output\_aws\_elasticache\_parameter\_group) | Elasticache Parameter Group |
-| <a name="output_elasticache_cluster_address"></a> [elasticache\_cluster\_address](#output\_elasticache\_cluster\_address) | Elasticache Cluster address |
-| <a name="output_elasticache_id"></a> [elasticache\_id](#output\_elasticache\_id) | Elasticache Id |
+No outputs.
 <!-- END_TF_DOCS -->

README.md

@@ -2,34 +2,59 @@ terraform {
   required_version = ">= 1.0.1"
   required_providers {
     aws = {
-      version = "~> 3.74"
+      version = "~> 4.35"
     }
   }
 }
 
 provider "aws" {
-  region = var.region
+  region = "us-west-2"
 }
 
 module "redis" {
   source = "../"
 
-  deploy_redis                 = true
-  deploy_redis_parameter_group = true
-
-  security_group_ids = [module.security_group.security_group_id]
-  # ----------------------------------------------
-  # Note: Do not change teamid and prjid once set.
-  teamid = var.teamid
-  prjid  = var.prjid
+  config = {
+    demo = {
+      security_group_ids = module.security_group.id
+      engine_version     = "6.2"
+      family             = "redis6.x"
+      parameter_group_config = {
+        activerehashing = {
+          value = "yes"
+        }
+      }
+    }
+  }
 }
 
 module "security_group" {
-  source = "git::git@github.com:tomarv2/terraform-aws-security-group.git?ref=v0.0.6"
-
-  deploy_security_group = true
-
-  service_ports = [6379]
-  teamid        = var.teamid
-  prjid         = var.prjid
+  #source = "git::git@github.com:tomarv2/terraform-aws-security-group.git?ref=v0.0.12"
+  source = "../../terraform-aws-security-group"
+  config = {
+    demo_redis = {
+      all_ingress_rules = [
+        {
+          description = "https"
+          type        = "ingress"
+          from_port   = 6379
+          protocol    = "tcp"
+          to_port     = 6379
+          self        = true
+          cidr_blocks = []
+        }
+      ]
+      all_egress_rules = [
+        {
+          description = "outbound traffic"
+          from_port   = 0
+          protocol    = "-1"
+          type        = "egress"
+          to_port     = 0
+          self        = false
+          cidr_blocks = ["0.0.0.0/0"]
+        }
+      ]
+    }
+  }
 }

examples/main.tf

@@ -1,19 +1,19 @@
-output "elasticache_id" {
+output "cluster_id" {
+  value       = module.redis.cluster_id
   description = "Elasticache Id"
-  value       = module.redis.elasticache_id
 }
 
-output "elasticache_cluster_address" {
+output "cluster_address" {
+  value       = module.redis.cluster_address
   description = "Elasticache Cluster address"
-  value       = module.redis.elasticache_cluster_address
 }
 
-output "aws_elasticache_parameter_group" {
+output "parameter_group" {
   description = "Elasticache Parameter Group"
-  value       = module.redis.aws_elasticache_parameter_group
+  value       = module.redis.parameter_group
 }
 
 output "security_group_id" {
   description = "Security group Id"
-  value       = module.security_group.security_group_id
+  value       = module.security_group.id
 }

examples/outputs.tf

@@ -2,25 +2,50 @@
 #NOTE: For working with Redis (Cluster Mode Enabled) replication groups
 # see the aws_elasticache_replication_group resource.
 #
-resource "aws_elasticache_cluster" "default" {
-  count = var.deploy_redis ? 1 : 0
+resource "aws_elasticache_cluster" "this" {
+  for_each             = var.config
+  cluster_id           = each.key
+  engine               = try(each.value.engine, "redis")
+  node_type            = try(each.value.node_type, "cache.t2.micro")
+  num_cache_nodes      = try(each.value.num_cache_nodes, 1)
+  parameter_group_name = try(each.value.parameter_group_config, null) == null ? "" : join("", [for entry in aws_elasticache_parameter_group.this : entry.name])
+  engine_version       = try(each.value.engine_version, "6.2")
+  port                 = try(each.value.port, 6379)
+  #subnet_group_name        = module.global.list_of_subnets[local.account_id][local.region]
+  security_group_ids       = try(each.value.security_group_ids, "")
+  snapshot_arns            = try(each.value.snapshot_arns, [])
+  snapshot_window          = try(each.value.snapshot_window, "")
+  snapshot_retention_limit = try(each.value.snapshot_retention_limit, 5)
+  az_mode                  = try(each.value.az_mode, null)
+  availability_zone        = try(each.value.availability_zone, null)
+  notification_topic_arn   = try(each.value.notification_topic_arn, null)
+  apply_immediately        = try(each.value.apply_immediately, true)
+  maintenance_window       = try(each.value.maintenance_window, "mon:10:30-mon:11:30")
+  tags                     = merge(local.shared_tags, var.extra_tags)
+}
+
+locals {
+  parameter_group_settings = flatten([
+    for instance, config in var.config : [
+      for k, v in config.parameter_group_config : {
+        name            = instance
+        family          = try(config.family, "redis6.0")
+        parameter_name  = k
+        parameter_value = v.value
+      }
+  ]])
+}
+
+resource "aws_elasticache_parameter_group" "this" {
+  for_each = { for i in local.parameter_group_settings : i.parameter_name => i }
+  name     = each.value.name
+  family   = each.value.family
 
-  cluster_id               = var.cluster_id == null ? "${var.teamid}-${var.prjid}" : var.cluster_id
-  engine                   = var.engine
-  node_type                = var.node_type
-  num_cache_nodes          = var.cache_nodes
-  parameter_group_name     = var.deploy_redis_parameter_group == true ? join("", aws_elasticache_parameter_group.default.*.name) : ""
-  engine_version           = var.engine_version
-  port                     = var.port
-  subnet_group_name        = aws_elasticache_subnet_group.default.name
-  security_group_ids       = var.security_group_ids
-  snapshot_arns            = var.snapshot_arns == [""] ? [] : var.snapshot_arns
-  snapshot_window          = var.snapshot_window == "" ? null : var.snapshot_window
-  snapshot_retention_limit = var.snapshot_retention_limit == "" ? null : var.snapshot_retention_limit
-  az_mode                  = var.az_mode == null ? null : var.az_mode
-  availability_zone        = var.availability_zone == null ? null : var.availability_zone
-  tags                     = merge(local.shared_tags)
-  notification_topic_arn   = var.notification_topic_arn == null ? null : var.notification_topic_arn
-  apply_immediately        = var.apply_immediately == "" ? true : var.apply_immediately
-  maintenance_window       = var.maintenance_window
+  dynamic "parameter" {
+    for_each = { for i in local.parameter_group_settings : i.parameter_name => i }
+    content {
+      name  = parameter.value.parameter_name
+      value = parameter.value.parameter_value
+    }
+  }
 }