cloudposse · osterman · Oct 6, 2018 · Oct 5, 2018 · Oct 6, 2018 · Oct 6, 2018
diff --git a/README.md b/README.md
@@ -1,5 +1,6 @@
 <!-- This file was automatically generated by the `build-harness`. Make all changes to `README.yaml` and run `make readme` to rebuild this file. -->
 
+
 [![Cloud Posse](https://cloudposse.com/logo-300x69.svg)](https://cloudposse.com)
 
 # terraform-aws-elasticache-redis [![Build Status](https://travis-ci.org/cloudposse/terraform-aws-elasticache-redis.svg?branch=master)](https://travis-ci.org/cloudposse/terraform-aws-elasticache-redis) [![Latest Release](https://img.shields.io/github/release/cloudposse/terraform-aws-elasticache-redis.svg)](https://github.com/cloudposse/terraform-aws-elastic-beanstalk-environment/releases/latest) [![Slack Community](https://slack.cloudposse.com/badge.svg)](https://slack.cloudposse.com)
@@ -29,6 +30,12 @@ It's 100% Open Source and licensed under the [APACHE2](LICENSE).
 Include this repository as a module in your existing terraform code:
 
 ```hcl
+// Generate a random string for auth token, no special chars
+resource "random_string" "auth_token" {
+  length = 64
+  special = false
+}
+
 module "example_redis" {
   source          = "git::https://github.com/cloudposse/terraform-aws-elasticache-redis.git?ref=master"
   namespace       = "general"
@@ -37,19 +44,24 @@ module "example_redis" {
   zone_id         = "${var.route53_zone_id}"
   security_groups = ["${var.security_group_id}"]
 
+  auth_token                   = "${random_string.auth_token.result}"
   vpc_id                       = "${var.vpc_id}"
   subnets                      = "${var.private_subnets}"
   maintenance_window           = "wed:03:00-wed:04:00"
   cluster_size                 = "2"
   instance_type                = "cache.t2.micro"
-  engine_version               = "3.2.4"
+  engine_version               = "4.0.10"
   alarm_cpu_threshold_percent  = "${var.cache_alarm_cpu_threshold_percent}"
   alarm_memory_threshold_bytes = "${var.cache_alarm_memory_threshold_bytes}"
   apply_immediately            = "true"
   availability_zones           = "${var.availability_zones}"
 
   automatic_failover = "false"
 }
+
+output "auth_token" {
+  value = "${random_string.auth_token.result}"
+}
 ```
 
 
@@ -65,8 +77,9 @@ Review the [complete example](examples/simple) to see how to use this module.
 ```
 Available targets:
 
-  help                                This help screen
+  help                                Help screen
   help/all                            Display help for all targets
+  help/short                          This help short screen
   lint                                Lint terraform code
 
 ```
@@ -81,6 +94,7 @@ Available targets:
 | apply_immediately | Apply changes immediately | string | `true` | no |
 | at_rest_encryption_enabled | Enable encryption at rest | string | `false` | no |
 | attributes | Additional attributes (_e.g._ "1") | list | `<list>` | no |
+| auth_token | Auth token for password protecting redis, transit_encryption_enabled must be set to 'true'! Password must be longer than 16 chars | string | `` | no |
 | automatic_failover | Automatic failover (Not available for T1/T2 instances) | string | `false` | no |
 | availability_zones | Availability zone ids | list | `<list>` | no |
 | cluster_size | Count of nodes in cluster | string | `1` | no |
@@ -98,7 +112,7 @@ Available targets:
 | stage | Stage | string | `default` | no |
 | subnets | AWS subnet ids | list | `<list>` | no |
 | tags | Additional tags (_e.g._ map("BusinessUnit","ABC") | map | `<map>` | no |
-| transit_encryption_enabled | Enable TLS | string | `false` | no |
+| transit_encryption_enabled | Enable TLS | string | `true` | no |
 | vpc_id | AWS VPC id | string | `REQUIRED` | no |
 | zone_id | Route53 DNS Zone id | string | `false` | no |
 

diff --git a/README.yaml b/README.yaml
@@ -37,6 +37,12 @@ usage: |-
   Include this repository as a module in your existing terraform code:
 
   ```hcl
+  // Generate a random string for auth token, no special chars
+  resource "random_string" "auth_token" {
+    length = 64
+    special = false
+  }
+
   module "example_redis" {
     source          = "git::https://github.com/cloudposse/terraform-aws-elasticache-redis.git?ref=master"
     namespace       = "general"
@@ -45,19 +51,24 @@ usage: |-
     zone_id         = "${var.route53_zone_id}"
     security_groups = ["${var.security_group_id}"]
 
+    auth_token                   = "${random_string.auth_token.result}"
     vpc_id                       = "${var.vpc_id}"
     subnets                      = "${var.private_subnets}"
     maintenance_window           = "wed:03:00-wed:04:00"
     cluster_size                 = "2"
     instance_type                = "cache.t2.micro"
-    engine_version               = "3.2.4"
+    engine_version               = "4.0.10"
     alarm_cpu_threshold_percent  = "${var.cache_alarm_cpu_threshold_percent}"
     alarm_memory_threshold_bytes = "${var.cache_alarm_memory_threshold_bytes}"
     apply_immediately            = "true"
     availability_zones           = "${var.availability_zones}"
 
     automatic_failover = "false"
   }
+
+  output "auth_token" {
+    value = "${random_string.auth_token.result}"
+  }
   ```
 
 examples: |-

diff --git a/docs/targets.md b/docs/targets.md
@@ -2,8 +2,9 @@
 ```
 Available targets:
 
-  help                                This help screen
+  help                                Help screen
   help/all                            Display help for all targets
+  help/short                          This help short screen
   lint                                Lint terraform code
 
 ```
diff --git a/docs/terraform.md b/docs/terraform.md
@@ -9,6 +9,7 @@
 | apply_immediately | Apply changes immediately | string | `true` | no |
 | at_rest_encryption_enabled | Enable encryption at rest | string | `false` | no |
 | attributes | Additional attributes (_e.g._ "1") | list | `<list>` | no |
+| auth_token | Auth token for password protecting redis, transit_encryption_enabled must be set to 'true'! Password must be longer than 16 chars | string | `` | no |
 | automatic_failover | Automatic failover (Not available for T1/T2 instances) | string | `false` | no |
 | availability_zones | Availability zone ids | list | `<list>` | no |
 | cluster_size | Count of nodes in cluster | string | `1` | no |
@@ -26,7 +27,7 @@
 | stage | Stage | string | `default` | no |
 | subnets | AWS subnet ids | list | `<list>` | no |
 | tags | Additional tags (_e.g._ map("BusinessUnit","ABC") | map | `<map>` | no |
-| transit_encryption_enabled | Enable TLS | string | `false` | no |
+| transit_encryption_enabled | Enable TLS | string | `true` | no |
 | vpc_id | AWS VPC id | string | `REQUIRED` | no |
 | zone_id | Route53 DNS Zone id | string | `false` | no |
 

diff --git a/main.tf b/main.tf
@@ -48,7 +48,9 @@ resource "aws_elasticache_parameter_group" "default" {
 }
 
 resource "aws_elasticache_replication_group" "default" {
-  count                         = "${var.enabled == "true" ? 1 : 0}"
+  count = "${var.enabled == "true" ? 1 : 0}"
+
+  auth_token                    = "${var.auth_token}"
   replication_group_id          = "${module.label.id}"
   replication_group_description = "${module.label.id}"
   node_type                     = "${var.instance_type}"

diff --git a/variables.tf b/variables.tf
@@ -71,7 +71,7 @@ variable "at_rest_encryption_enabled" {
 }
 
 variable "transit_encryption_enabled" {
-  default     = "false"
+  default     = "true"
   description = "Enable TLS"
 }
 
@@ -135,3 +135,9 @@ variable "tags" {
   description = "Additional tags (_e.g._ map(\"BusinessUnit\",\"ABC\")"
   default     = {}
 }
+
+variable "auth_token" {
+  type        = "string"
+  description = "Auth token for password protecting redis, transit_encryption_enabled must be set to 'true'! Password must be longer than 16 chars"
+  default     = ""
+}