From 21f71b0239b8a445918dd10767947382b52d51b7 Mon Sep 17 00:00:00 2001
From: Weston Reed <weston.reed@verkada.com>
Date: Tue, 2 Sep 2025 15:21:04 -0700
Subject: [PATCH] Set `auth_token_update_strategy` to `ROTATE` by default to
 handle new provider logic

---
 main.tf      |  1 +
 variables.tf | 11 +++++++++++
 2 files changed, 12 insertions(+)

diff --git a/main.tf b/main.tf
index 6a9d354..59a8055 100644
--- a/main.tf
+++ b/main.tf
@@ -186,6 +186,7 @@ resource "aws_elasticache_replication_group" "default" {
   apply_immediately          = var.apply_immediately
   data_tiering_enabled       = var.data_tiering_enabled
   auto_minor_version_upgrade = var.auto_minor_version_upgrade
+  auth_token_update_strategy = var.auth_token_update_strategy
 
   dynamic "log_delivery_configuration" {
     for_each = var.log_delivery_configuration
diff --git a/variables.tf b/variables.tf
index 58208eb..3da1c76 100644
--- a/variables.tf
+++ b/variables.tf
@@ -278,3 +278,14 @@ variable "insufficient_data_actions" {
   type        = list(string)
   default     = []
 }
+
+variable "auth_token_update_strategy" {
+  description = "Strategy to use when updating the auth_token. Valid values: SET, ROTATE, DELETE."
+  type        = string
+  default     = "ROTATE"
+
+  validation {
+    condition     = contains(["SET", "ROTATE", "DELETE"], var.auth_token_update_strategy)
+    error_message = "auth_token_update_strategy must be one of SET, ROTATE, or DELETE if auth_token is set."
+  }
+}