Michael Freno
7b925c89bd
- P2: Replace wget with curl for ECS health check (Alpine lacks wget) - P2: Add AWS credentials step to CI terraform-plan job for S3 backend auth - P3: Remove unused GitHub provider from infra/main.tf Co-Authored-By: Paperclip <noreply@paperclip.ing>
103 lines
2.3 KiB
HCL
103 lines
2.3 KiB
HCL
variable "environment" {
|
|
description = "Deployment environment"
|
|
type = string
|
|
}
|
|
|
|
variable "vpc_id" {
|
|
description = "VPC ID"
|
|
type = string
|
|
}
|
|
|
|
variable "subnet_ids" {
|
|
description = "Private subnet IDs"
|
|
type = list(string)
|
|
}
|
|
|
|
variable "security_group_id" {
|
|
description = "ElastiCache security group ID"
|
|
type = string
|
|
}
|
|
|
|
variable "node_type" {
|
|
description = "Cache node type"
|
|
type = string
|
|
}
|
|
|
|
variable "num_nodes" {
|
|
description = "Number of cache nodes"
|
|
type = number
|
|
}
|
|
|
|
variable "project_name" {
|
|
description = "Project name"
|
|
type = string
|
|
}
|
|
|
|
resource "aws_elasticache_subnet_group" "main" {
|
|
name = "${var.project_name}-${var.environment}-redis-subnet"
|
|
subnet_ids = var.subnet_ids
|
|
|
|
tags = {
|
|
Name = "${var.project_name}-${var.environment}-redis-subnet"
|
|
}
|
|
}
|
|
|
|
resource "random_password" "redis_auth" {
|
|
length = 32
|
|
special = false
|
|
|
|
keepers = {
|
|
environment = var.environment
|
|
}
|
|
}
|
|
|
|
resource "aws_elasticache_replication_group" "main" {
|
|
replication_group_id = "${var.project_name}-${var.environment}-redis"
|
|
description = "${var.project_name} Redis cluster (${var.environment})"
|
|
|
|
node_type = var.node_type
|
|
num_cache_clusters = var.num_nodes
|
|
engine = "redis"
|
|
engine_version = "7.0"
|
|
|
|
auth_token = random_password.redis_auth.result
|
|
|
|
transit_encryption_enabled = true
|
|
at_rest_encryption_enabled = true
|
|
|
|
port = 6379
|
|
|
|
subnet_group_name = aws_elasticache_subnet_group.main.name
|
|
security_group_ids = [var.security_group_id]
|
|
|
|
automatic_failover_enabled = var.environment == "production"
|
|
|
|
snapshot_retention_limit = var.environment == "production" ? 7 : 1
|
|
snapshot_window = "03:00-04:00"
|
|
|
|
tags = {
|
|
Name = "${var.project_name}-${var.environment}-redis"
|
|
}
|
|
}
|
|
|
|
output "cache_endpoint" {
|
|
description = "ElastiCache primary endpoint"
|
|
value = aws_elasticache_replication_group.main.primary_endpoint_address
|
|
}
|
|
|
|
output "reader_endpoint" {
|
|
description = "ElastiCache reader endpoint"
|
|
value = aws_elasticache_replication_group.main.reader_endpoint_address
|
|
}
|
|
|
|
output "auth_token" {
|
|
description = "Redis auth token"
|
|
value = random_password.redis_auth.result
|
|
sensitive = true
|
|
}
|
|
|
|
output "replication_group_arn" {
|
|
description = "ElastiCache replication group ARN"
|
|
value = aws_elasticache_replication_group.main.arn
|
|
}
|