diff --git a/README.md b/README.md index 03728bd..410e82d 100644 --- a/README.md +++ b/README.md @@ -129,7 +129,7 @@ Available targets: | parameter | A list of Redis parameters to apply. Note that parameters may differ from one Redis family to another | object | `` | no | | port | Redis port | number | `6379` | no | | replication_group_id | Replication group ID with the following constraints: A name must contain from 1 to 20 alphanumeric characters or hyphens. The first character must be a letter. A name cannot end with a hyphen or contain two consecutive hyphens. | string | `` | no | -| security_groups | Security Group IDs | list(string) | `` | no | +| security_groups | A list of security group IDs that are allowed ingress to the cluster | list(string) | `` | no | | snapshot_retention_limit | The number of days for which ElastiCache will retain automatic cache cluster snapshots before deleting them. | number | `0` | no | | snapshot_window | The daily time range (in UTC) during which ElastiCache will begin taking a daily snapshot of your cache cluster. | string | `06:30-07:30` | no | | stage | Stage (e.g. `prod`, `dev`, `staging`) | string | `` | no | diff --git a/docs/terraform.md b/docs/terraform.md index e7ed9d0..ac16bb6 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -26,7 +26,7 @@ | parameter | A list of Redis parameters to apply. Note that parameters may differ from one Redis family to another | object | `` | no | | port | Redis port | number | `6379` | no | | replication_group_id | Replication group ID with the following constraints: A name must contain from 1 to 20 alphanumeric characters or hyphens. The first character must be a letter. A name cannot end with a hyphen or contain two consecutive hyphens. | string | `` | no | -| security_groups | Security Group IDs | list(string) | `` | no | +| security_groups | A list of security group IDs that are allowed ingress to the cluster | list(string) | `` | no | | snapshot_retention_limit | The number of days for which ElastiCache will retain automatic cache cluster snapshots before deleting them. | number | `0` | no | | snapshot_window | The daily time range (in UTC) during which ElastiCache will begin taking a daily snapshot of your cache cluster. | string | `06:30-07:30` | no | | stage | Stage (e.g. `prod`, `dev`, `staging`) | string | `` | no | diff --git a/main.tf b/main.tf index bff8159..3bc5701 100644 --- a/main.tf +++ b/main.tf @@ -17,21 +17,31 @@ resource "aws_security_group" "default" { vpc_id = var.vpc_id name = module.label.id - ingress { - from_port = var.port # Redis - to_port = var.port - protocol = "tcp" - security_groups = var.security_groups - } + tags = module.label.tags +} - egress { - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_blocks = ["0.0.0.0/0"] - } +resource "aws_security_group_rule" "default_ingress" { + for_each = var.enabled ? toset(var.security_groups) : [] + description = "default ingress" + type = "ingress" + from_port = var.port # Redis + to_port = var.port + protocol = "tcp" + source_security_group_id = each.value - tags = module.label.tags + security_group_id = join("", aws_security_group.default.*.id) +} + +resource "aws_security_group_rule" "default_egress" { + count = var.enabled ? 1 : 0 + description = "default egress" + type = "egress" + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + + security_group_id = join("", aws_security_group.default.*.id) } locals { @@ -133,7 +143,7 @@ resource "aws_cloudwatch_metric_alarm" "cache_memory" { module "dns" { source = "git::https://github.com/cloudposse/terraform-aws-route53-cluster-hostname.git?ref=tags/0.3.0" enabled = var.enabled && var.zone_id != "" ? true : false - name = var.name + name = length(var.host_name) > 0 ? var.host_name : module.label.id ttl = 60 zone_id = var.zone_id records = [join("", aws_elasticache_replication_group.default.*.primary_endpoint_address)] diff --git a/variables.tf b/variables.tf index 76b65de..fef1732 100644 --- a/variables.tf +++ b/variables.tf @@ -24,7 +24,7 @@ variable "name" { variable "security_groups" { type = list(string) default = [] - description = "Security Group IDs" + description = "A list of security group IDs that are allowed ingress to the cluster" } variable "vpc_id" { @@ -180,6 +180,12 @@ variable "auth_token" { default = "" } +variable "host_name" { + type = string + description = "The DNS subdomain to add to Route53 for the cluster." + default = "" +} + variable "replication_group_id" { type = string description = "Replication group ID with the following constraints: \nA name must contain from 1 to 20 alphanumeric characters or hyphens. \n The first character must be a letter. \n A name cannot end with a hyphen or contain two consecutive hyphens."