Skip to content

Groundwork new workflows #193

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Mar 28, 2023
Merged

Groundwork new workflows #193

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
eccfc21
Baseline fixes
max-lobur Mar 27, 2023
04eeaa2
Groundwork new workflows
max-lobur Mar 27, 2023
adaa9ed
fix regex
max-lobur Mar 27, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -424,7 +424,7 @@ In general, PRs are welcome. We follow the typical "fork-and-pull" Git workflow.

## Copyright

Copyright © 2017-2022 [Cloud Posse, LLC](https://cpco.io/copyright)
Copyright © 2017-2023 [Cloud Posse, LLC](https://cpco.io/copyright)



Expand Down
5 changes: 0 additions & 5 deletions examples/complete/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,11 +38,6 @@ variable "transit_encryption_enabled" {
description = "Enable TLS"
}

variable "zone_id" {
type = string
description = "Route53 DNS Zone ID"
}

variable "cloudwatch_metric_alarms_enabled" {
type = bool
description = "Boolean flag to enable/disable CloudWatch metrics alarms"
Expand Down
8 changes: 4 additions & 4 deletions main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ module "aws_security_group" {
}

locals {
elasticache_subnet_group_name = var.elasticache_subnet_group_name != "" ? var.elasticache_subnet_group_name : join("", aws_elasticache_subnet_group.default.*.name)
elasticache_subnet_group_name = var.elasticache_subnet_group_name != "" ? var.elasticache_subnet_group_name : join("", aws_elasticache_subnet_group.default[*].name)

# if !cluster, then node_count = replica cluster_size, if cluster then node_count = shard*(replica + 1)
# Why doing this 'The "count" value depends on resource attributes that cannot be determined until apply'. So pre-calculating
Expand All @@ -77,7 +77,7 @@ locals {
var.cluster_size
)

elasticache_member_clusters = module.this.enabled ? tolist(aws_elasticache_replication_group.default.0.member_clusters) : []
elasticache_member_clusters = module.this.enabled ? tolist(aws_elasticache_replication_group.default[0].member_clusters) : []
}

resource "aws_elasticache_subnet_group" "default" {
Expand Down Expand Up @@ -121,7 +121,7 @@ resource "aws_elasticache_replication_group" "default" {
node_type = var.instance_type
num_cache_clusters = var.cluster_mode_enabled ? null : var.cluster_size
port = var.port
parameter_group_name = join("", aws_elasticache_parameter_group.default.*.name)
parameter_group_name = join("", aws_elasticache_parameter_group.default[*].name)
Copy link

@bridgecrew bridgecrew bot Mar 27, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

MEDIUM  Ensure AWS ElastiCache Redis cluster with Multi-AZ Automatic Failover feature set to enabled
    Resource: aws_elasticache_replication_group.default | Bridgecrew ID: BC_AWS_GENERAL_185 | Checkov ID: CKV2_AWS_50

How to Fix

resource "aws_elasticache_replication_group" "pass" {
  automatic_failover_enabled  = true
  preferred_cache_cluster_azs = ["us-west-2a", "us-west-2b"]
  replication_group_id        = "tf-rep-group-1"
  description                 = "example description"
  node_type                   = "cache.m4.large"
  num_cache_clusters          = 2
  parameter_group_name        = "default.redis3.2"
  port                        = 6379
}

Description

This policy identifies ElastiCache Redis clusters that have Multi-AZ Automatic Failover feature set to disabled. It is recommended to enable the Multi-AZ Automatic Failover feature for your Redis Cache cluster, which will improve primary node reachability by providing read replica in case of network connectivity loss or loss of availability in the primary's availability zone for read/write operations.\nNote: Redis cluster Multi-AZ with automatic failover does not support T1 and T2 cache node types and is only available if the cluster has at least one read replica.
     🎉   Fixed by commit adaa9ed - fix regex

availability_zones = length(var.availability_zones) == 0 ? null : [for n in range(0, var.cluster_size) : element(var.availability_zones, n)]
automatic_failover_enabled = var.cluster_mode_enabled ? true : var.automatic_failover_enabled
multi_az_enabled = var.multi_az_enabled
Expand Down Expand Up @@ -222,7 +222,7 @@ module "dns" {
dns_name = var.dns_subdomain != "" ? var.dns_subdomain : module.this.id
ttl = 60
zone_id = try(var.zone_id[0], tostring(var.zone_id), "")
records = var.cluster_mode_enabled ? [join("", aws_elasticache_replication_group.default.*.configuration_endpoint_address)] : [join("", aws_elasticache_replication_group.default.*.primary_endpoint_address)]
records = var.cluster_mode_enabled ? [join("", aws_elasticache_replication_group.default[*].configuration_endpoint_address)] : [join("", aws_elasticache_replication_group.default[*].primary_endpoint_address)]

context = module.this.context
}
14 changes: 7 additions & 7 deletions outputs.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
output "id" {
value = join("", aws_elasticache_replication_group.default.*.id)
value = join("", aws_elasticache_replication_group.default[*].id)
description = "Redis cluster ID"
}

Expand All @@ -19,17 +19,17 @@ output "port" {
}

output "endpoint" {
value = var.cluster_mode_enabled ? join("", aws_elasticache_replication_group.default.*.configuration_endpoint_address) : join("", aws_elasticache_replication_group.default.*.primary_endpoint_address)
value = var.cluster_mode_enabled ? join("", aws_elasticache_replication_group.default[*].configuration_endpoint_address) : join("", aws_elasticache_replication_group.default[*].primary_endpoint_address)
description = "Redis primary or configuration endpoint, whichever is appropriate for the given cluster mode"
}

output "reader_endpoint_address" {
value = join("", compact(aws_elasticache_replication_group.default.*.reader_endpoint_address))
value = join("", compact(aws_elasticache_replication_group.default[*].reader_endpoint_address))
description = "The address of the endpoint for the reader node in the replication group, if the cluster mode is disabled."
}

output "member_clusters" {
value = aws_elasticache_replication_group.default.*.member_clusters
value = aws_elasticache_replication_group.default[*].member_clusters
description = "Redis cluster members"
}

Expand All @@ -39,16 +39,16 @@ output "host" {
}

output "arn" {
value = join("", aws_elasticache_replication_group.default.*.arn)
value = join("", aws_elasticache_replication_group.default[*].arn)
description = "Elasticache Replication Group ARN"
}

output "engine_version_actual" {
value = join("", aws_elasticache_replication_group.default.*.engine_version_actual)
value = join("", aws_elasticache_replication_group.default[*].engine_version_actual)
description = "The running version of the cache engine"
}

output "cluster_enabled" {
value = join("", aws_elasticache_replication_group.default.*.cluster_enabled)
value = join("", aws_elasticache_replication_group.default[*].cluster_enabled)
description = "Indicates if cluster mode is enabled"
}