add kms for encryption

anmolnagpal · anmolnagpal · commit 72953724964b · 2020-06-10T20:22:23.000+05:30
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,13 +1,14 @@
 repos:
   - repo: git://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.12.0
+    rev: v1.30.0
     hooks:
-    - id: terraform_fmt
+      - id: terraform_fmt
+      - id: terraform_tflint
 
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v2.0.0
+    rev: v3.1.0
     hooks:
       - id: check-merge-conflict
       - id: trailing-whitespace
       - id: check-yaml
-      - id: check-added-large-files
+      - id: check-added-large-files
diff --git a/LICENSE b/LICENSE
@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2019 Cloud Drove
+Copyright (c) 2020 Cloud Drove
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
diff --git a/README.md b/README.md
@@ -144,54 +144,56 @@ Here are some examples of how you can use this module in your inventory structur
 
 | Name | Description | Type | Default | Required |
 |------|-------------|:----:|:-----:|:-----:|
-| application | Application (e.g. `cd` or `clouddrove`). | string | `` | no |
-| apply_immediately | Specifies whether any modifications are applied immediately, or during the next maintenance window. Default is false. | string | `false` | no |
-| at_rest_encryption_enabled | Enable encryption at rest. | string | `false` | no |
-| attributes | Additional attributes (e.g. `1`). | list | `<list>` | no |
-| auth_token | The password used to access a password protected server. Can be specified only if transit_encryption_enabled = true. | string | `` | no |
-| auto_minor_version_upgrade | Specifies whether a minor engine upgrades will be applied automatically to the underlying Cache Cluster instances during the maintenance window. Defaults to true. | string | `true` | no |
-| automatic_failover_enabled | Specifies whether a read-only replica will be automatically promoted to read/write primary if the existing primary fails. If true, Multi-AZ is enabled for this replication group. If false, Multi-AZ is disabled for this replication group. Must be enabled for Redis (cluster mode enabled) replication groups. Defaults to false. | string | `false` | no |
-| availability_zones | A list of EC2 availability zones in which the replication group's cache clusters will be created. The order of the availability zones in the list is not important. | list(string) | - | yes |
-| az_mode | (Memcached only) Specifies whether the nodes in this Memcached node group are created in a single Availability Zone or created across multiple Availability Zones in the cluster's region. Valid values for this parameter are single-az or cross-az, default is single-az. If you want to choose cross-az, num_cache_nodes must be greater than 1. | string | `single-az` | no |
-| cluster_enabled | (Memcache only) Enabled or disabled cluster. | bool | `false` | no |
-| cluster_replication_enabled | (Redis only) Enabled or disabled replication_group for redis cluster. | bool | `false` | no |
-| description | Description for the cache subnet group. Defaults to `Managed by Terraform`. | string | `Managed by Terraform` | no |
-| enable | Enable or disable of elasticache | bool | `true` | no |
-| engine | The name of the cache engine to be used for the clusters in this replication group. e.g. redis. | string | `` | no |
-| engine_version | The version number of the cache engine to be used for the cache clusters in this replication group. | string | `` | no |
-| environment | Environment (e.g. `prod`, `dev`, `staging`). | string | `` | no |
-| family | (Required) The family of the ElastiCache parameter group. | string | `` | no |
-| label_order | Label order, e.g. `name`,`application`. | list | `<list>` | no |
-| maintenance_window | Maintenance window. | string | `sun:05:00-sun:06:00` | no |
-| managedby | ManagedBy, eg 'CloudDrove' or 'AnmolNagpal'. | string | `anmol@clouddrove.com` | no |
-| name | Name  (e.g. `app` or `cluster`). | string | `` | no |
-| node_type | The compute and memory capacity of the nodes in the node group. | string | `` | no |
-| notification_topic_arn | An Amazon Resource Name (ARN) of an SNS topic to send ElastiCache notifications to. | string | `` | no |
-| num_cache_nodes | (Required unless replication_group_id is provided) The initial number of cache nodes that the cache cluster will have. For Redis, this value must be 1. For Memcache, this value must be between 1 and 20. If this number is reduced on subsequent runs, the highest numbered nodes will be removed. | string | `1` | no |
-| num_node_groups | Number of Shards (nodes). | string | `` | no |
-| number_cache_clusters | (Required for Cluster Mode Disabled) The number of cache clusters (primary and replicas) this replication group will have. If Multi-AZ is enabled, the value of this parameter must be at least 2. Updates will occur before other modifications. | string | `` | no |
-| port | the port number on which each of the cache nodes will accept connections. | string | `` | no |
-| replicas_per_node_group | Replicas per Shard. | string | `` | no |
-| replication_enabled | (Redis only) Enabled or disabled replication_group for redis standalone instance. | bool | `false` | no |
-| replication_group_id | The replication group identifier This parameter is stored as a lowercase string. | string | `` | no |
-| security_group_ids | One or more VPC security groups associated with the cache cluster. | list | `<list>` | no |
-| security_group_names | A list of cache security group names to associate with this replication group. | string | `` | no |
-| snapshot_arns | A single-element string list containing an Amazon Resource Name (ARN) of a Redis RDB snapshot file stored in Amazon S3. | string | `` | no |
-| snapshot_name | The name of a snapshot from which to restore data into the new node group. Changing the snapshot_name forces a new resource. | string | `` | no |
-| snapshot_retention_limit | (Redis only) The number of days for which ElastiCache will retain automatic cache cluster snapshots before deleting them. For example, if you set SnapshotRetentionLimit to 5, then a snapshot that was taken today will be retained for 5 days before being deleted. If the value of SnapshotRetentionLimit is set to zero (0), backups are turned off. Please note that setting a snapshot_retention_limit is not supported on cache.t1.micro or cache.t2.* cache nodes. | string | `0` | no |
-| snapshot_window | (Redis only) The daily time range (in UTC) during which ElastiCache will begin taking a daily snapshot of your cache cluster. The minimum snapshot window is a 60 minute period. | string | `` | no |
-| subnet_ids | List of VPC Subnet IDs for the cache subnet group. | list | `<list>` | no |
-| tags | Additional tags (e.g. map(`BusinessUnit`,`XYZ`). | map | `<map>` | no |
-| transit_encryption_enabled | Whether to enable encryption in transit. | string | `false` | no |
+| application | Application \(e.g. `cd` or `clouddrove`\). | string | `""` | no |
+| apply\_immediately | Specifies whether any modifications are applied immediately, or during the next maintenance window. Default is false. | string | `"false"` | no |
+| at\_rest\_encryption\_enabled | Enable encryption at rest. | string | `"false"` | no |
+| attributes | Additional attributes \(e.g. `1`\). | list | `<list>` | no |
+| auth\_token | The password used to access a password protected server. Can be specified only if transit\_encryption\_enabled = true. | string | `""` | no |
+| auto\_minor\_version\_upgrade | Specifies whether a minor engine upgrades will be applied automatically to the underlying Cache Cluster instances during the maintenance window. Defaults to true. | string | `"true"` | no |
+| automatic\_failover\_enabled | Specifies whether a read-only replica will be automatically promoted to read/write primary if the existing primary fails. If true, Multi-AZ is enabled for this replication group. If false, Multi-AZ is disabled for this replication group. Must be enabled for Redis \(cluster mode enabled\) replication groups. Defaults to false. | string | `"false"` | no |
+| availability\_zones | A list of EC2 availability zones in which the replication group's cache clusters will be created. The order of the availability zones in the list is not important. | list(string) | n/a | yes |
+| az\_mode | \(Memcached only\) Specifies whether the nodes in this Memcached node group are created in a single Availability Zone or created across multiple Availability Zones in the cluster's region. Valid values for this parameter are single-az or cross-az, default is single-az. If you want to choose cross-az, num\_cache\_nodes must be greater than 1. | string | `"single-az"` | no |
+| cluster\_enabled | \(Memcache only\) Enabled or disabled cluster. | bool | `"false"` | no |
+| cluster\_replication\_enabled | \(Redis only\) Enabled or disabled replication\_group for redis cluster. | bool | `"false"` | no |
+| description | Description for the cache subnet group. Defaults to `Managed by Terraform`. | string | `"Managed by Terraform"` | no |
+| enable | Enable or disable of elasticache | bool | `"true"` | no |
+| engine | The name of the cache engine to be used for the clusters in this replication group. e.g. redis. | string | `""` | no |
+| engine\_version | The version number of the cache engine to be used for the cache clusters in this replication group. | string | `""` | no |
+| environment | Environment \(e.g. `prod`, `dev`, `staging`\). | string | `""` | no |
+| family | \(Required\) The family of the ElastiCache parameter group. | string | `""` | no |
+| kms\_key\_id | The ARN of the key that you wish to use if encrypting at rest. If not supplied, uses service managed encryption. Can be specified only if at\_rest\_encryption\_enabled = true. | string | `""` | no |
+| label\_order | Label order, e.g. `name`,`application`. | list | `<list>` | no |
+| maintenance\_window | Maintenance window. | string | `"sun:05:00-sun:06:00"` | no |
+| managedby | ManagedBy, eg 'CloudDrove' or 'AnmolNagpal'. | string | `"anmol@clouddrove.com"` | no |
+| name | Name  \(e.g. `app` or `cluster`\). | string | `""` | no |
+| node\_type | The compute and memory capacity of the nodes in the node group. | string | `"cache.t2.small"` | no |
+| notification\_topic\_arn | An Amazon Resource Name \(ARN\) of an SNS topic to send ElastiCache notifications to. | string | `""` | no |
+| num\_cache\_nodes | \(Required unless replication\_group\_id is provided\) The initial number of cache nodes that the cache cluster will have. For Redis, this value must be 1. For Memcache, this value must be between 1 and 20. If this number is reduced on subsequent runs, the highest numbered nodes will be removed. | string | `"1"` | no |
+| num\_node\_groups | Number of Shards \(nodes\). | string | `""` | no |
+| number\_cache\_clusters | \(Required for Cluster Mode Disabled\) The number of cache clusters \(primary and replicas\) this replication group will have. If Multi-AZ is enabled, the value of this parameter must be at least 2. Updates will occur before other modifications. | string | `""` | no |
+| parameter\_group\_name | The name of the parameter group to associate with this replication group. If this argument is omitted, the default cache parameter group for the specified engine is used. | string | `""` | no |
+| port | the port number on which each of the cache nodes will accept connections. | string | `""` | no |
+| replicas\_per\_node\_group | Replicas per Shard. | string | `""` | no |
+| replication\_enabled | \(Redis only\) Enabled or disabled replication\_group for redis standalone instance. | bool | `"false"` | no |
+| replication\_group\_id | The replication group identifier This parameter is stored as a lowercase string. | string | `""` | no |
+| security\_group\_ids | One or more VPC security groups associated with the cache cluster. | list | `<list>` | no |
+| security\_group\_names | A list of cache security group names to associate with this replication group. | string | `""` | no |
+| snapshot\_arns | A single-element string list containing an Amazon Resource Name \(ARN\) of a Redis RDB snapshot file stored in Amazon S3. | string | `""` | no |
+| snapshot\_name | The name of a snapshot from which to restore data into the new node group. Changing the snapshot\_name forces a new resource. | string | `""` | no |
+| snapshot\_retention\_limit | \(Redis only\) The number of days for which ElastiCache will retain automatic cache cluster snapshots before deleting them. For example, if you set SnapshotRetentionLimit to 5, then a snapshot that was taken today will be retained for 5 days before being deleted. If the value of SnapshotRetentionLimit is set to zero \(0\), backups are turned off. Please note that setting a snapshot\_retention\_limit is not supported on cache.t1.micro or cache.t2.\* cache nodes. | string | `"0"` | no |
+| snapshot\_window | \(Redis only\) The daily time range \(in UTC\) during which ElastiCache will begin taking a daily snapshot of your cache cluster. The minimum snapshot window is a 60 minute period. | string | `""` | no |
+| subnet\_ids | List of VPC Subnet IDs for the cache subnet group. | list | `<list>` | no |
+| tags | Additional tags \(e.g. map\(`BusinessUnit`,`XYZ`\). | map | `<map>` | no |
+| transit\_encryption\_enabled | Whether to enable encryption in transit. | string | `"false"` | no |
 
 ## Outputs
 
 | Name | Description |
 |------|-------------|
 | id | Redis cluster id. |
-| memcached_endpoint_address | Memcached endpoint address. |
+| memcached\_endpoint | Memcached endpoint address. |
 | port | Redis port. |
-| redis_endpoint | Redis endpoint address. |
+| redis\_endpoint | Redis endpoint address. |
 | tags | A mapping of tags to assign to the resource. |
 
 
diff --git a/main.tf b/main.tf
@@ -10,6 +10,7 @@
 module "labels" {
   source = "git::https://github.com/clouddrove/terraform-labels.git?ref=tags/0.12.0"
 
+  enabled     = var.enable
   name        = var.name
   application = var.application
   environment = var.environment
@@ -54,6 +55,7 @@ resource "aws_elasticache_replication_group" "default" {
   at_rest_encryption_enabled    = var.at_rest_encryption_enabled
   transit_encryption_enabled    = var.transit_encryption_enabled
   auth_token                    = var.auth_token
+  kms_key_id                    = var.kms_key_id
   tags                          = module.labels.tags
 }
 
@@ -84,6 +86,7 @@ resource "aws_elasticache_replication_group" "cluster" {
   at_rest_encryption_enabled    = var.at_rest_encryption_enabled
   transit_encryption_enabled    = var.transit_encryption_enabled
   auth_token                    = var.auth_token
+  kms_key_id                    = var.kms_key_id
   tags                          = module.labels.tags
   cluster_mode {
     replicas_per_node_group = var.replicas_per_node_group #Replicas per Shard
@@ -101,7 +104,7 @@ resource "aws_elasticache_cluster" "default" {
   port                         = var.port
   num_cache_nodes              = var.num_cache_nodes
   az_mode                      = var.az_mode
-  parameter_group_name         = "default.memcached1.5"
+  parameter_group_name         = var.parameter_group_name
   node_type                    = var.node_type
   subnet_group_name            = join("", aws_elasticache_subnet_group.default.*.name)
   security_group_ids           = var.security_group_ids
diff --git a/variables.tf b/variables.tf
@@ -76,7 +76,7 @@ variable "port" {
 }
 
 variable "node_type" {
-  default     = ""
+  default     = "cache.t2.small"
   description = "The compute and memory capacity of the nodes in the node group."
 }
 
@@ -211,3 +211,14 @@ variable "num_node_groups" {
   default     = ""
   description = "Number of Shards (nodes)."
 }
+
+variable "kms_key_id" {
+  default     = ""
+  description = "The ARN of the key that you wish to use if encrypting at rest. If not supplied, uses service managed encryption. Can be specified only if at_rest_encryption_enabled = true."
+}
+
+variable "parameter_group_name" {
+  type        = string
+  default     = ""
+  description = "The name of the parameter group to associate with this replication group. If this argument is omitted, the default cache parameter group for the specified engine is used."
+}
