Adding ability to encrypt redis at rest and ability to enable TLS for… (#15)

mntechguy · osterman · commit b5c789a602f3 · 2018-07-18T16:20:34.000-07:00
* Adding ability to encrypt redis at rest and ability to enable TLS for redis

* Including missing files, generate README correctly

* Fix regression on availability_zone variable (wrong default)

* Fixing spacing
diff --git a/README.md b/README.md
@@ -19,6 +19,11 @@ It's 100% Open Source and licensed under the [APACHE2](LICENSE).
 
 
 
+
+
+
+
+
 ## Usage
 
 Include this repository as a module in your existing terraform code:
@@ -70,9 +75,10 @@ Available targets:
 | alarm_cpu_threshold_percent | CPU threshold alarm level | string | `75` | no |
 | alarm_memory_threshold_bytes | Ram threshold alarm level | string | `10000000` | no |
 | apply_immediately | Apply changes immediately | string | `true` | no |
+| at_rest_encryption_enabled | Enable encryption at rest | string | `false` | no |
 | attributes | Additional attributes (_e.g._ "1") | list | `<list>` | no |
 | automatic_failover | Automatic failover (Not available for T1/T2 instances) | string | `false` | no |
-| availability_zones | Availability zone ids | list | `Availability zone ids` | no |
+| availability_zones | Availability zone ids | list | `<list>` | no |
 | cluster_size | Count of nodes in cluster | string | `1` | no |
 | delimiter | Delimiter between `name`, `namespace`, `stage` and `attributes` | string | `-` | no |
 | enabled | Set to false to prevent the module from creating any resources | string | `true` | no |
@@ -88,6 +94,7 @@ Available targets:
 | stage | Stage | string | `default` | no |
 | subnets | AWS subnet ids | list | `<list>` | no |
 | tags | Additional tags (_e.g._ map("BusinessUnit","ABC") | map | `<map>` | no |
+| transit_encryption_enabled | Enable TLS | string | `false` | no |
 | vpc_id | AWS VPC id | string | `REQUIRED` | no |
 | zone_id | Route53 DNS Zone id | string | `false` | no |
 
@@ -181,6 +188,13 @@ See [LICENSE](LICENSE) for full details.
     under the License.
 
 
+
+
+
+
+
+
+
 ## Trademarks
 
 All other trademarks referenced herein are the property of their respective owners.
diff --git a/docs/terraform.md b/docs/terraform.md
@@ -7,9 +7,10 @@
 | alarm_cpu_threshold_percent | CPU threshold alarm level | string | `75` | no |
 | alarm_memory_threshold_bytes | Ram threshold alarm level | string | `10000000` | no |
 | apply_immediately | Apply changes immediately | string | `true` | no |
+| at_rest_encryption_enabled | Enable encryption at rest | string | `false` | no |
 | attributes | Additional attributes (_e.g._ "1") | list | `<list>` | no |
 | automatic_failover | Automatic failover (Not available for T1/T2 instances) | string | `false` | no |
-| availability_zones | Availability zone ids | list | `Availability zone ids` | no |
+| availability_zones | Availability zone ids | list | `<list>` | no |
 | cluster_size | Count of nodes in cluster | string | `1` | no |
 | delimiter | Delimiter between `name`, `namespace`, `stage` and `attributes` | string | `-` | no |
 | enabled | Set to false to prevent the module from creating any resources | string | `true` | no |
@@ -25,6 +26,7 @@
 | stage | Stage | string | `default` | no |
 | subnets | AWS subnet ids | list | `<list>` | no |
 | tags | Additional tags (_e.g._ map("BusinessUnit","ABC") | map | `<map>` | no |
+| transit_encryption_enabled | Enable TLS | string | `false` | no |
 | vpc_id | AWS VPC id | string | `REQUIRED` | no |
 | zone_id | Route53 DNS Zone id | string | `false` | no |
 
diff --git a/main.tf b/main.tf
@@ -62,6 +62,8 @@ resource "aws_elasticache_replication_group" "default" {
   maintenance_window            = "${var.maintenance_window}"
   notification_topic_arn        = "${var.notification_topic_arn}"
   engine_version                = "${var.engine_version}"
+  at_rest_encryption_enabled    = "${var.at_rest_encryption_enabled}"
+  transit_encryption_enabled    = "${var.transit_encryption_enabled}"
 
   tags = "${module.label.tags}"
 }
diff --git a/variables.tf b/variables.tf
@@ -65,6 +65,16 @@ variable "engine_version" {
   description = "Redis engine version"
 }
 
+variable "at_rest_encryption_enabled" {
+  default     = "false"
+  description = "Enable encryption at rest"
+}
+
+variable "transit_encryption_enabled" {
+  default     = "false"
+  description = "Enable TLS"
+}
+
 variable "notification_topic_arn" {
   default     = "10000000"
   description = "Notification topic arn"
@@ -100,7 +110,7 @@ variable "automatic_failover" {
 variable "availability_zones" {
   type        = "list"
   description = "Availability zone ids"
-  default     = "Availability zone ids"
+  default     = []
 }
 
 variable "zone_id" {

Original file line number	Diff line number	Diff line change
`@@ -62,6 +62,8 @@ resource "aws_elasticache_replication_group" "default" {`
`62`	`62`	`maintenance_window = "${var.maintenance_window}"`
`63`	`63`	`notification_topic_arn = "${var.notification_topic_arn}"`
`64`	`64`	`engine_version = "${var.engine_version}"`
	`65`	`+ at_rest_encryption_enabled = "${var.at_rest_encryption_enabled}"`
	`66`	`+ transit_encryption_enabled = "${var.transit_encryption_enabled}"`
`65`	`67`
`66`	`68`	`tags = "${module.label.tags}"`
`67`	`69`	`}`