From 42b20f189b4b51542317e522a77c3490685c2fb6 Mon Sep 17 00:00:00 2001 From: Max Moon Date: Fri, 5 Oct 2018 16:54:19 -0700 Subject: [PATCH 1/4] add auth token --- README.md | 19 ++++++++++--------- main.tf | 2 ++ variables.tf | 8 +++++++- 3 files changed, 19 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index 712729c..a622bd5 100644 --- a/README.md +++ b/README.md @@ -30,19 +30,19 @@ Include this repository as a module in your existing terraform code: ```hcl module "example_redis" { - source = "git::https://github.com/cloudposse/terraform-aws-elasticache-redis.git?ref=master" - namespace = "general" - name = "redis" - stage = "prod" - zone_id = "${var.route53_zone_id}" - security_groups = ["${var.security_group_id}"] - + source = "git::https://github.com/cloudposse/terraform-aws-elasticache-redis.git?ref=master" + namespace = "general" + name = "redis" + stage = "prod" + zone_id = "${var.route53_zone_id}" + security_groups = ["${var.security_group_id}"] + auth_token = "${var.auth_token}" vpc_id = "${var.vpc_id}" subnets = "${var.private_subnets}" maintenance_window = "wed:03:00-wed:04:00" cluster_size = "2" instance_type = "cache.t2.micro" - engine_version = "3.2.4" + engine_version = "4.0.10" alarm_cpu_threshold_percent = "${var.cache_alarm_cpu_threshold_percent}" alarm_memory_threshold_bytes = "${var.cache_alarm_memory_threshold_bytes}" apply_immediately = "true" @@ -81,6 +81,7 @@ Available targets: | apply_immediately | Apply changes immediately | string | `true` | no | | at_rest_encryption_enabled | Enable encryption at rest | string | `false` | no | | attributes | Additional attributes (_e.g._ "1") | list | `` | no | +| auth_token | Auth token for password protecting redis (used as password) | string | `REQUIRED` | yes | | automatic_failover | Automatic failover (Not available for T1/T2 instances) | string | `false` | no | | availability_zones | Availability zone ids | list | `` | no | | cluster_size | Count of nodes in cluster | string | `1` | no | @@ -98,7 +99,7 @@ Available targets: | stage | Stage | string | `default` | no | | subnets | AWS subnet ids | list | `` | no | | tags | Additional tags (_e.g._ map("BusinessUnit","ABC") | map | `` | no | -| transit_encryption_enabled | Enable TLS | string | `false` | no | +| transit_encryption_enabled | Enable TLS | string | `true` | yes | | vpc_id | AWS VPC id | string | `REQUIRED` | no | | zone_id | Route53 DNS Zone id | string | `false` | no | diff --git a/main.tf b/main.tf index 3e1303d..e2e65ad 100644 --- a/main.tf +++ b/main.tf @@ -49,6 +49,8 @@ resource "aws_elasticache_parameter_group" "default" { resource "aws_elasticache_replication_group" "default" { count = "${var.enabled == "true" ? 1 : 0}" + + auth_token = "${var.auth_token}" replication_group_id = "${module.label.id}" replication_group_description = "${module.label.id}" node_type = "${var.instance_type}" diff --git a/variables.tf b/variables.tf index 208504d..da72e6d 100644 --- a/variables.tf +++ b/variables.tf @@ -71,7 +71,7 @@ variable "at_rest_encryption_enabled" { } variable "transit_encryption_enabled" { - default = "false" + default = "true" description = "Enable TLS" } @@ -135,3 +135,9 @@ variable "tags" { description = "Additional tags (_e.g._ map(\"BusinessUnit\",\"ABC\")" default = {} } + +variable "auth_token" { + type = "string" + description = "Auth token for password protecting redis, transit_encryption_enabled must be set to 'true'! Password must be longer than 16 chars" + default = "" +} From 192e51dfbe24364d4071147f0036d37a55123501 Mon Sep 17 00:00:00 2001 From: Max Moon Date: Fri, 5 Oct 2018 18:16:47 -0700 Subject: [PATCH 2/4] fmt --- main.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/main.tf b/main.tf index e2e65ad..2196905 100644 --- a/main.tf +++ b/main.tf @@ -48,8 +48,8 @@ resource "aws_elasticache_parameter_group" "default" { } resource "aws_elasticache_replication_group" "default" { - count = "${var.enabled == "true" ? 1 : 0}" - + count = "${var.enabled == "true" ? 1 : 0}" + auth_token = "${var.auth_token}" replication_group_id = "${module.label.id}" replication_group_description = "${module.label.id}" From 68026d9ac7dbc3b3703d02b1da9765f997ce7516 Mon Sep 17 00:00:00 2001 From: Max Moon Date: Fri, 5 Oct 2018 18:28:06 -0700 Subject: [PATCH 3/4] update readme properly --- README.md | 21 ++++++++++++--------- README.yaml | 3 ++- docs/targets.md | 3 ++- docs/terraform.md | 3 ++- 4 files changed, 18 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index a622bd5..ca05925 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,6 @@ + [![Cloud Posse](https://cloudposse.com/logo-300x69.svg)](https://cloudposse.com) # terraform-aws-elasticache-redis [![Build Status](https://travis-ci.org/cloudposse/terraform-aws-elasticache-redis.svg?branch=master)](https://travis-ci.org/cloudposse/terraform-aws-elasticache-redis) [![Latest Release](https://img.shields.io/github/release/cloudposse/terraform-aws-elasticache-redis.svg)](https://github.com/cloudposse/terraform-aws-elastic-beanstalk-environment/releases/latest) [![Slack Community](https://slack.cloudposse.com/badge.svg)](https://slack.cloudposse.com) @@ -30,12 +31,13 @@ Include this repository as a module in your existing terraform code: ```hcl module "example_redis" { - source = "git::https://github.com/cloudposse/terraform-aws-elasticache-redis.git?ref=master" - namespace = "general" - name = "redis" - stage = "prod" - zone_id = "${var.route53_zone_id}" - security_groups = ["${var.security_group_id}"] + source = "git::https://github.com/cloudposse/terraform-aws-elasticache-redis.git?ref=master" + namespace = "general" + name = "redis" + stage = "prod" + zone_id = "${var.route53_zone_id}" + security_groups = ["${var.security_group_id}"] + auth_token = "${var.auth_token}" vpc_id = "${var.vpc_id}" subnets = "${var.private_subnets}" @@ -65,8 +67,9 @@ Review the [complete example](examples/simple) to see how to use this module. ``` Available targets: - help This help screen + help Help screen help/all Display help for all targets + help/short This help short screen lint Lint terraform code ``` @@ -81,7 +84,7 @@ Available targets: | apply_immediately | Apply changes immediately | string | `true` | no | | at_rest_encryption_enabled | Enable encryption at rest | string | `false` | no | | attributes | Additional attributes (_e.g._ "1") | list | `` | no | -| auth_token | Auth token for password protecting redis (used as password) | string | `REQUIRED` | yes | +| auth_token | Auth token for password protecting redis, transit_encryption_enabled must be set to 'true'! Password must be longer than 16 chars | string | `` | no | | automatic_failover | Automatic failover (Not available for T1/T2 instances) | string | `false` | no | | availability_zones | Availability zone ids | list | `` | no | | cluster_size | Count of nodes in cluster | string | `1` | no | @@ -99,7 +102,7 @@ Available targets: | stage | Stage | string | `default` | no | | subnets | AWS subnet ids | list | `` | no | | tags | Additional tags (_e.g._ map("BusinessUnit","ABC") | map | `` | no | -| transit_encryption_enabled | Enable TLS | string | `true` | yes | +| transit_encryption_enabled | Enable TLS | string | `true` | no | | vpc_id | AWS VPC id | string | `REQUIRED` | no | | zone_id | Route53 DNS Zone id | string | `false` | no | diff --git a/README.yaml b/README.yaml index 28450f0..549bf40 100644 --- a/README.yaml +++ b/README.yaml @@ -45,12 +45,13 @@ usage: |- zone_id = "${var.route53_zone_id}" security_groups = ["${var.security_group_id}"] + auth_token = "${var.auth_token}" vpc_id = "${var.vpc_id}" subnets = "${var.private_subnets}" maintenance_window = "wed:03:00-wed:04:00" cluster_size = "2" instance_type = "cache.t2.micro" - engine_version = "3.2.4" + engine_version = "4.0.10" alarm_cpu_threshold_percent = "${var.cache_alarm_cpu_threshold_percent}" alarm_memory_threshold_bytes = "${var.cache_alarm_memory_threshold_bytes}" apply_immediately = "true" diff --git a/docs/targets.md b/docs/targets.md index 09c39cd..3d4be2a 100644 --- a/docs/targets.md +++ b/docs/targets.md @@ -2,8 +2,9 @@ ``` Available targets: - help This help screen + help Help screen help/all Display help for all targets + help/short This help short screen lint Lint terraform code ``` diff --git a/docs/terraform.md b/docs/terraform.md index 099295c..e0a2a72 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -9,6 +9,7 @@ | apply_immediately | Apply changes immediately | string | `true` | no | | at_rest_encryption_enabled | Enable encryption at rest | string | `false` | no | | attributes | Additional attributes (_e.g._ "1") | list | `` | no | +| auth_token | Auth token for password protecting redis, transit_encryption_enabled must be set to 'true'! Password must be longer than 16 chars | string | `` | no | | automatic_failover | Automatic failover (Not available for T1/T2 instances) | string | `false` | no | | availability_zones | Availability zone ids | list | `` | no | | cluster_size | Count of nodes in cluster | string | `1` | no | @@ -26,7 +27,7 @@ | stage | Stage | string | `default` | no | | subnets | AWS subnet ids | list | `` | no | | tags | Additional tags (_e.g._ map("BusinessUnit","ABC") | map | `` | no | -| transit_encryption_enabled | Enable TLS | string | `false` | no | +| transit_encryption_enabled | Enable TLS | string | `true` | no | | vpc_id | AWS VPC id | string | `REQUIRED` | no | | zone_id | Route53 DNS Zone id | string | `false` | no | From 875d6b2e9ab2553daa38c781d9fe21b5dc9c0985 Mon Sep 17 00:00:00 2001 From: Max Moon Date: Sat, 6 Oct 2018 12:08:15 -0700 Subject: [PATCH 4/4] add auth token generation to readme --- README.md | 12 +++++++++++- README.yaml | 12 +++++++++++- 2 files changed, 22 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index ca05925..385efd9 100644 --- a/README.md +++ b/README.md @@ -30,6 +30,12 @@ It's 100% Open Source and licensed under the [APACHE2](LICENSE). Include this repository as a module in your existing terraform code: ```hcl +// Generate a random string for auth token, no special chars +resource "random_string" "auth_token" { + length = 64 + special = false +} + module "example_redis" { source = "git::https://github.com/cloudposse/terraform-aws-elasticache-redis.git?ref=master" namespace = "general" @@ -38,7 +44,7 @@ module "example_redis" { zone_id = "${var.route53_zone_id}" security_groups = ["${var.security_group_id}"] - auth_token = "${var.auth_token}" + auth_token = "${random_string.auth_token.result}" vpc_id = "${var.vpc_id}" subnets = "${var.private_subnets}" maintenance_window = "wed:03:00-wed:04:00" @@ -52,6 +58,10 @@ module "example_redis" { automatic_failover = "false" } + +output "auth_token" { + value = "${random_string.auth_token.result}" +} ``` diff --git a/README.yaml b/README.yaml index 549bf40..213d5fb 100644 --- a/README.yaml +++ b/README.yaml @@ -37,6 +37,12 @@ usage: |- Include this repository as a module in your existing terraform code: ```hcl + // Generate a random string for auth token, no special chars + resource "random_string" "auth_token" { + length = 64 + special = false + } + module "example_redis" { source = "git::https://github.com/cloudposse/terraform-aws-elasticache-redis.git?ref=master" namespace = "general" @@ -45,7 +51,7 @@ usage: |- zone_id = "${var.route53_zone_id}" security_groups = ["${var.security_group_id}"] - auth_token = "${var.auth_token}" + auth_token = "${random_string.auth_token.result}" vpc_id = "${var.vpc_id}" subnets = "${var.private_subnets}" maintenance_window = "wed:03:00-wed:04:00" @@ -59,6 +65,10 @@ usage: |- automatic_failover = "false" } + + output "auth_token" { + value = "${random_string.auth_token.result}" + } ``` examples: |-