SquareOps Technologies Your DevOps Partner for Accelerating cloud journey.
This module is a Terraform module that provides an easy and efficient way to deploy and manage an Amazon ElastiCache Redis cluster in AWS. It simplifies the process of setting up a Redis cluster with customizable configurations, allowing you to focus on your application development and performance optimization. Features
-
Simple Configuration: The module offers a simple and intuitive configuration interface, allowing you to define your Redis cluster's properties, such as instance type, node count, subnet, security groups, and more.
-
Scalability: Easily scale your Redis cluster up or down by modifying the number of cache nodes, enabling you to meet the changing demands of your application.
-
High Availability: Enable multi-AZ deployment to achieve high availability and automatic failover in case of a node or zone failure. This ensures that your Redis cluster remains accessible and your data stays protected.
-
Flexible Networking: Choose the VPC and subnets where you want to deploy your Redis cluster, providing you with control over network access and integration with other resources in your AWS environment.
-
Encryption and Security: Enable encryption at rest with your own KMS key or use AWS-managed encryption. Control access to your Redis cluster using CIDR blocks and security groups, ensuring secure communication and data protection.
-
Backup and Recovery: Configure automated daily snapshots and set the retention period for backups. You can also specify a final snapshot for a smooth and controlled cluster termination process.
-
Logging and Monitoring: Easily configure logging destinations for slow logs and engine logs, allowing you to monitor the performance and troubleshoot any issues efficiently.
-
CloudWatch Alerts: Set up CloudWatch alarms to monitor the health and performance of your Redis cluster. Integrate these alarms with AWS Simple Notification Service (SNS) to receive real-time alerts. Use AWS Lambda functions to customize your alerting logic, and send notifications to Slack channels for immediate visibility into your Redis cluster's status.
module "redis" {
source = "squareops/elasticache-redis/aws"
environment = "production"
name = "redis"
family = "redis6.x"
vpc_id = "vpc-06eb7eskaf"
subnets = ["subnet-0bfa3eskaf","subnet-0140bskaf"]
node_type = "cache.t3.small"
kms_key_arn = "arn:aws:kms:us-east-2:222222222222:key/kms_key_arn"
num_cache_nodes = 2
engine_version = "6.x"
multi_az_enabled = false
availability_zones = 2
automatic_failover_enabled = true
snapshot_retention_limit = 7
transit_encryption_enabled = false
notification_topic_arn = null
allowed_security_groups = [sg-0132a18skaf]
snapshot_window = "07:00-08:00"
maintenance_window = "sun:09:00-sun:10:00"
cloudwatch_metric_alarms_enabled = true # For enabling basic alerting
alarm_cpu_threshold_percent = 70
alarm_memory_threshold_bytes = "10000000" # in bytes
slack_notification_enabled = true
slack_username = "john"
slack_channel = "redis-alerts"
slack_webhook_url = "https://hooks.slack.com/services/xxxxxxxxx"
}
Refer examples for more details.
The required IAM permissions to create resources from this module can be found here
- By default, the variable
create_random_password
is set to true. Therefore, even if the user provides a password, it will not be read. Thecreate_random_password
variable should be set to false and thepassword
variable should have a non-null value to be read and used.
Security scanning is graciously provided by Prowler. Proowler is the leading fully hosted, cloud-native solution providing continuous cluster security and compliance.
Benchmark | Description |
---|---|
Ensure that encryption is enabled for RDS instances | Enabled for RDS created using this module. |
Name | Version |
---|---|
terraform | >= 1.0 |
aws | >= 4.23 |
random | >= 3.0.0 |
Name | Version |
---|---|
archive | n/a |
aws | >= 4.23 |
random | >= 3.0.0 |
Name | Source | Version |
---|---|---|
cw_sns_slack | ./lambda | n/a |
security_group_redis | terraform-aws-modules/security-group/aws | 4.13.0 |
Name | Type |
---|---|
aws_cloudwatch_metric_alarm.cache_cpu | resource |
aws_cloudwatch_metric_alarm.cache_memory | resource |
aws_elasticache_parameter_group.default | resource |
aws_elasticache_replication_group.redis | resource |
aws_elasticache_subnet_group.elasticache | resource |
aws_kms_ciphertext.slack_url | resource |
aws_kms_key.this | resource |
aws_lambda_permission.sns_lambda_slack_invoke | resource |
aws_secretsmanager_secret.secret_redis | resource |
aws_secretsmanager_secret_version.redis_credentials | resource |
aws_security_group_rule.cidr_ingress | resource |
aws_security_group_rule.default_ingress | resource |
aws_sns_topic.slack_topic | resource |
aws_sns_topic_subscription.slack-endpoint | resource |
random_password.password | resource |
archive_file.lambdazip | data source |
Name | Description | Type | Default | Required |
---|---|---|---|---|
alarm_actions | Alarm action list | list(string) |
[] |
no |
alarm_cpu_threshold_percent | CPU threshold alarm level | number |
75 |
no |
alarm_memory_threshold_bytes | Ram threshold alarm level in bytes | number |
10000000 |
no |
allowed_cidr_blocks | A list of CIDR blocks which are allowed to access the database | list(any) |
[] |
no |
allowed_security_groups | A list of Security Group ID's to allow access to | list(any) |
[] |
no |
at_rest_encryption_enabled | (Optional) Whether to enable encryption at rest | bool |
true |
no |
automatic_failover_enabled | Enable automatic failover | bool |
true |
no |
availability_zones | The no. of AZs | list(string) |
[] |
no |
cloudwatch_metric_alarms_enabled | Boolean flag to enable/disable CloudWatch metrics alarms | bool |
false |
no |
cluster_mode_enabled | Whether to enable/disable creation of a native redis cluster. | bool |
false |
no |
cluster_mode_num_node_groups | Number of node groups (shards) for this Redis replication group. | number |
0 |
no |
cluster_mode_replicas_per_node_group | Number of replica nodes in each node group. Valid values are between 0 to 5. | number |
0 |
no |
cw_sns_topic_arn | The username to use when sending notifications to Slack. | string |
"" |
no |
engine_log_destination | The destination for engine logs(eg. Cloudwatch log-group name or kinesis firehose stream name) | string |
null |
no |
engine_log_destination_type | The type of destination for engine logs(eg . cloudwatch-logs or kinesis-firehose) | string |
"" |
no |
engine_log_format | the format for logs eg. json/text | string |
"json" |
no |
engine_version | The redis engine version | string |
"" |
no |
environment | The name of environment | string |
"" |
no |
family | Redis family | string |
"redis4.0" |
no |
final_snapshot_identifier | The name of your final node group (shard) snapshot. ElastiCache creates the snapshot from the primary node in the cluster. If omitted, no final snapshot will be made. | string |
null |
no |
kms_key_arn | The ARN of the key that you wish to use if encrypting at rest. If not supplied, uses service managed encryption. Can be specified only if at_rest_encryption_enabled = true | string |
"" |
no |
maintenance_window | Specifies the weekly time range for when maintenance on the cache cluster is performed. The format is ddd:hh24:mi-ddd:hh24:mi (24H Clock UTC). The minimum maintenance window is a 60 minute period | string |
"fri:08:00-fri:09:00" |
no |
multi_az_enabled | Enable multi az | bool |
false |
no |
name | The name of the redis cluster | string |
"" |
no |
node_type | The instance size of the redis cluster | string |
"cache.t3.micro" |
no |
notification_topic_arn | (Optional) ARN of an SNS topic to send ElastiCache notifications | string |
null |
no |
num_cache_nodes | The number of cache nodes | number |
1 |
no |
ok_actions | The list of actions to execute when this alarm transitions into an OK state from any other state. Each action is specified as an Amazon Resource Number (ARN) | list(string) |
[] |
no |
parameter | A list of Redis parameters to apply. It can be different based on mode slection. | list(object({ |
[] |
no |
parameter_group_description | Parameter group | string |
null |
no |
port | The redis port | number |
6379 |
no |
recovery_window_aws_secret | Number of days that AWS Secrets Manager waits before it can delete the secret. This value can be 0 to force deletion without recovery or range from 7 to 30 days. | number |
0 |
no |
slack_channel | The Slack channel where notifications will be posted. | string |
"" |
no |
slack_notification_enabled | Whether to enable/disable slack notification. | bool |
false |
no |
slack_username | The username to use when sending notifications to Slack. | string |
"" |
no |
slack_webhook_url | The Slack Webhook URL where notifications will be sent. | string |
"" |
no |
slow_log_destination | The destination for slow logs(eg. Cloudwatch log-group name or kinesis firehose stream name.) | string |
null |
no |
slow_log_destination_type | The type of destination for slow logs(eg . cloudwatch-logs or kinesis-firehose) | string |
"" |
no |
slow_log_format | the format for logs eg. json/text | string |
"json" |
no |
snapshot_arns | (Optional) A single-element string list containing an Amazon Resource Name (ARN) of a Redis RDB snapshot file stored in Amazon S3. Example: arn:aws:s3:::my_bucket/snapshot1.rdb . This will be used to add data to a fresh new instance. | list(string) |
[] |
no |
snapshot_retention_limit | The number of days for which ElastiCache will retain automatic cache cluster snapshots before deleting them. For example, if you set SnapshotRetentionLimit to 5, then a snapshot that was taken today will be retained for 5 days before being deleted. If the value of SnapshotRetentionLimit is set to zero (0), backups are turned off. Please note that setting a snapshot_retention_limit is not supported on cache.t1.micro or cache.t2.* cache nodes | number |
7 |
no |
snapshot_window | The daily time range (in UTC) during which ElastiCache will begin taking a daily snapshot of your cache cluster. The minimum maintenance window is a 60 minute period. Example: 05:00-09:00 | string |
"03:00-05:00" |
no |
subnets | The subnets where the redis cluster is deployed | list(string) |
[] |
no |
transit_encryption_enabled | (Optional) Whether to enable encryption in transit | bool |
true |
no |
vpc_id | The vpc where we will put the redis cluster | string |
"" |
no |
Name | Description |
---|---|
auth_token_password | Elasticache-redis auth token password(this password may be old, because Terraform doesn't track it after initial creation) |
elastic_cache_redis_cluster_id | ID of the elasticache-redis cluster |
elastic_cache_redis_port | Port number of Redis |
elastic_cache_redis_primary_endpoint_address | Primary endpoint address of redis |
elastic_cache_redis_security_group | The security group ID of the cluster |
elastic_cache_redis_subnet_group_name | Subnet group name of the elasticache_redis cluster |
reader_endpoint_address | The address of the endpoint for the reader node in the replication group, if the cluster mode is disabled. |
To report an issue with a project:
- Check the repository's issue tracker on GitHub
- Search to check if the issue has already been reported
- If you can't find an answer to your question in the documentation or issue tracker, you can ask a question by creating a new issue. Make sure to provide enough context and details.
Apache License, Version 2.0, January 2004 (https://www.apache.org/licenses/LICENSE-2.0)
To support our GitHub project by liking it, you can follow these steps:
-
Visit the repository: Navigate to the GitHub repository
-
Click the "Star" button: On the repository page, you'll see a "Star" button in the upper right corner. Clicking on it will star the repository, indicating your support for the project.
-
Optionally, you can also leave a comment on the repository or open an issue to give feedback or suggest changes.
Staring a repository on GitHub is a simple way to show your support and appreciation for the project. It also helps to increase the visibility of the project and make it more discoverable to others.
We believe that the key to success in the digital age is the ability to deliver value quickly and reliably. That’s why we offer a comprehensive range of DevOps & Cloud services designed to help your organization optimize its systems & Processes for speed and agility.
- We are an AWS Advanced consulting partner which reflects our deep expertise in AWS Cloud and helping 100+ clients over the last 5 years.
- Expertise in Kubernetes and overall container solution helps companies expedite their journey by 10X.
- Infrastructure Automation is a key component to the success of our Clients and our Expertise helps deliver the same in the shortest time.
- DevSecOps as a service to implement security within the overall DevOps process and helping companies deploy securely and at speed.
- Platform engineering which supports scalable,Cost efficient infrastructure that supports rapid development, testing, and deployment.
- 24*7 SRE service to help you Monitor the state of your infrastructure and eradicate any issue within the SLA.
We provide support on all of our projects, no matter how small or large they may be.
To find more information about our company, visit squareops.com, follow us on Linkedin, or fill out a job application. If you have any questions or would like assistance with your cloud strategy and implementation, please don't hesitate to contact us.