Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

aws_elasticache_cluster: redis in-transit and at-rest encryption #22123

Open
alex4108 opened this issue Dec 9, 2021 · 3 comments
Open

aws_elasticache_cluster: redis in-transit and at-rest encryption #22123

alex4108 opened this issue Dec 9, 2021 · 3 comments
Labels
enhancement Requests to existing resources that expand the functionality or scope. service/elasticache Issues and PRs that pertain to the elasticache service.

Comments

@alex4108
Copy link

alex4108 commented Dec 9, 2021
edited

Community Note

  • Please vote on this issue by adding a 馃憤 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Feature Gap in aws_elasticache_cluster prevents manging in-transit and at-rest encryption.

New or Affected Resource(s)

  • aws_elasticache_cluster

Potential Terraform Configuration

resource "aws_elasticache_cluster" "demo" { 
  // ...
  auth_token = "string"
  at_rest_encryption_enabled    = true
  transit_encryption_enabled    = true
  // ...
}

References

Implementation of the topic in aws_elasticache_replication_group

More descriptions & discussion about the topic
@alex4108 alex4108 added the enhancement Requests to existing resources that expand the functionality or scope. label Dec 9, 2021
@github-actions github-actions bot added needs-triage Waiting for first response or review from a maintainer. service/elasticache Issues and PRs that pertain to the elasticache service. labels Dec 9, 2021
@alex4108 alex4108 changed the title aws_elasticache_cluster: in-transit and at-rest encryption aws_elasticache_cluster: redis in-transit and at-rest encryption Dec 9, 2021
@alex4108
Copy link
Author

alex4108 commented Dec 9, 2021
edited

It looks like we can work around this using this example.

resource "aws_elasticache_replication_group" "this" { 
  // ...
  auth_token = "string"
  at_rest_encryption_enabled    = true
  transit_encryption_enabled    = true
  // ...
}

resource "aws_elasticache_cluster" "this" { 
    cluster_id = "foo"
    replication_group_id = aws_elasticache_replication_group.this
}

This yields us a Redis Cluster Mode Off ElastiCache cluster with the appropriate encryption parameters

@justinretzolk justinretzolk removed the needs-triage Waiting for first response or review from a maintainer. label Dec 9, 2021
@loftwah
Copy link

loftwah commented Nov 4, 2022
edited

It looks like we can work around this using this example.

resource "aws_elasticache_replication_group" "this" { 
  // ...
  auth_token = "string"
  at_rest_encryption_enabled    = true
  transit_encryption_enabled    = true
  // ...
}

resource "aws_elasticache_cluster" "this" { 
    cluster_id = "foo"
    replication_group_id = aws_elasticache_replication_group.this
}

This yields us a Redis Cluster Mode Off ElastiCache cluster with the appropriate encryption parameters

Thank you! This helped me out and I'm surprised I had to look so deep to find it.

Edit: it turns out I don't need the aws_elasticache_cluster resource at all here.

@Chirag-Bhatti Chirag-Bhatti mentioned this issue Oct 24, 2023
Merged
@Mifrill
Copy link

Mifrill commented Nov 14, 2023

Hey @alex4108 regarding your comment:

This yields us a Redis Cluster

Could you please confirm it works with Redis? According to documentation for transit_encryption_enabledoption. It seems like it's only works if the engine is Memcached, not Redis, or it works with any Redis and with Memcached but only with versions 1.6.12 and later?

@loftwah Could you also please check if you using Redis engine?

@mikhailshilkov mikhailshilkov mentioned this issue Nov 21, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement Requests to existing resources that expand the functionality or scope. service/elasticache Issues and PRs that pertain to the elasticache service.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@alex4108 @loftwah @Mifrill @justinretzolk