Terraform module which creates AWS ElastiCache resources.
See examples directory for working examples to reference:
module "elasticache" {
source = "terraform-aws-modules/elasticache/aws"
cluster_id = "example-memcached"
create_cluster = true
create_replication_group = false
engine = "memcached"
engine_version = "1.6.17"
node_type = "cache.t4g.small"
num_cache_nodes = 2
az_mode = "cross-az"
maintenance_window = "sun:05:00-sun:09:00"
apply_immediately = true
# Security group
vpc_id = module.vpc.vpc_id
security_group_rules = {
ingress_vpc = {
# Default type is `ingress`
# Default port is based on the default engine port
description = "VPC traffic"
cidr_ipv4 = module.vpc.vpc_cidr_block
}
}
# Subnet Group
subnet_ids = module.vpc.private_subnets
# Parameter Group
create_parameter_group = true
parameter_group_family = "memcached1.6"
parameters = [
{
name = "idle_timeout"
value = 60
}
]
tags = {
Terraform = "true"
Environment = "dev"
}
}module "elasticache" {
source = "terraform-aws-modules/elasticache/aws"
cluster_id = "example-redis"
create_cluster = true
create_replication_group = false
engine_version = "7.1"
node_type = "cache.t4g.small"
maintenance_window = "sun:05:00-sun:09:00"
apply_immediately = true
# Security group
vpc_id = module.vpc.vpc_id
security_group_rules = {
ingress_vpc = {
# Default type is `ingress`
# Default port is based on the default engine port
description = "VPC traffic"
cidr_ipv4 = module.vpc.vpc_cidr_block
}
}
# Subnet Group
subnet_ids = module.vpc.private_subnets
# Parameter Group
create_parameter_group = true
parameter_group_family = "redis7"
parameters = [
{
name = "latency-tracking"
value = "yes"
}
]
tags = {
Terraform = "true"
Environment = "dev"
}
}module "elasticache" {
source = "terraform-aws-modules/elasticache/aws"
replication_group_id = "example-redis-cluster"
# Cluster mode
cluster_mode_enabled = true
num_node_groups = 2
replicas_per_node_group = 3
automatic_failover_enabled = true
multi_az_enabled = true
maintenance_window = "sun:05:00-sun:09:00"
apply_immediately = true
# Security group
vpc_id = module.vpc.vpc_id
security_group_rules = {
ingress_vpc = {
# Default type is `ingress`
# Default port is based on the default engine port
description = "VPC traffic"
cidr_ipv4 = module.vpc.vpc_cidr_block
}
}
# Subnet Group
subnet_ids = module.vpc.private_subnets
# Parameter Group
create_parameter_group = true
parameter_group_family = "redis7"
parameters = [
{
name = "latency-tracking"
value = "yes"
}
]
tags = {
Terraform = "true"
Environment = "dev"
}
}module "elasticache_primary" {
source = "terraform-aws-modules/elasticache/aws"
replication_group_id = "example-redis-global-replication-group"
create_primary_global_replication_group = true
engine_version = "7.1"
node_type = "cache.r7g.large"
# Security group
vpc_id = module.vpc.vpc_id
security_group_rules = {
ingress_vpc = {
# Default type is `ingress`
# Default port is based on the default engine port
description = "VPC traffic"
cidr_ipv4 = module.vpc.vpc_cidr_block
}
}
# Subnet Group
subnet_ids = module.vpc.private_subnets
# Parameter Group
create_parameter_group = true
parameter_group_family = "redis7"
tags = {
Terraform = "true"
Environment = "dev"
}
}
module "elasticache_secondary" {
source = "terraform-aws-modules/elasticache/aws"
providers = {
aws = aws.other_region
}
replication_group_id = "example-redis-global-replication-group"
global_replication_group_id = module.elasticache_primary.global_replication_group_id
# Security group
vpc_id = module.vpc.vpc_id
security_group_rules = {
ingress_vpc = {
# Default type is `ingress`
# Default port is based on the default engine port
description = "VPC traffic"
cidr_ipv4 = module.vpc.vpc_cidr_block
}
}
# Subnet Group
subnet_ids = module.vpc.private_subnets
tags = {
Terraform = "true"
Environment = "dev"
}
}module "elasticache" {
source = "terraform-aws-modules/elasticache/aws"
replication_group_id = "example-redis-replication-group"
engine_version = "7.1"
node_type = "cache.t4g.small"
transit_encryption_enabled = true
auth_token = "PickSomethingMoreSecure123!"
maintenance_window = "sun:05:00-sun:09:00"
apply_immediately = true
# Security group
vpc_id = module.vpc.vpc_id
security_group_rules = {
ingress_vpc = {
# Default type is `ingress`
# Default port is based on the default engine port
description = "VPC traffic"
cidr_ipv4 = module.vpc.vpc_cidr_block
}
}
# Subnet Group
subnet_ids = module.vpc.private_subnets
# Parameter Group
create_parameter_group = true
parameter_group_family = "redis7"
parameters = [
{
name = "latency-tracking"
value = "yes"
}
]
tags = {
Terraform = "true"
Environment = "dev"
}
}module "elasticache" {
source = "terraform-aws-modules/elasticache/aws//modules/serverless-cache"
engine = "redis"
cache_name = "example-serverless-cache"
cache_usage_limits = {
data_storage = {
maximum = 2
}
ecpu_per_second = {
maximum = 1000
}
}
daily_snapshot_time = "22:00"
description = "example-serverless-cache serverless cluster"
kms_key_id = aws_kms_key.this.arn
major_engine_version = "7"
security_group_ids = [module.sg.security_group_id]
snapshot_retention_limit = 7
subnet_ids = module.vpc.private_subnets
user_group_id = module.cache_user_group.group_id
}module "elasticache" {
source = "terraform-aws-modules/elasticache/aws"
replication_group_id = local.name
engine = "valkey"
engine_version = "7.2"
node_type = "cache.t4g.small"
transit_encryption_enabled = true
auth_token = "PickSomethingMoreSecure123!"
maintenance_window = "sun:05:00-sun:09:00"
apply_immediately = true
# Security Group
vpc_id = module.vpc.vpc_id
security_group_rules = {
ingress_vpc = {
# Default type is `ingress`
# Default port is based on the default engine port
description = "VPC traffic"
cidr_ipv4 = module.vpc.vpc_cidr_block
}
}
# Subnet Group
subnet_group_name = local.name
subnet_group_description = "Valkey replication group subnet group"
subnet_ids = module.vpc.private_subnets
# Parameter Group
create_parameter_group = true
parameter_group_name = local.name
parameter_group_family = "valkey7"
parameter_group_description = "Valkey replication group parameter group"
parameters = [
{
name = "latency-tracking"
value = "yes"
}
]
tags = local.tags
}Examples codified under the examples are intended to give users references for how to use the module(s) as well as testing/validating changes to the source code of the module. If contributing to the project, please be sure to make any appropriate updates to the relevant examples to allow maintainers to test your changes and to keep the examples up to date for users. Thank you!
- Memcached Cluster
- Redis Cluster
- Redis Cluster Mode
- Redis Global Replication Group
- Redis Replication Group
- Serverless Cache
- Valkey Replication Group
| Name | Version |
|---|---|
| terraform | >= 1.0 |
| aws | >= 5.93 |
| random | >= 3.0 |
| Name | Version |
|---|---|
| aws | >= 5.93 |
| random | >= 3.0 |
No modules.
| Name | Type |
|---|---|
| aws_cloudwatch_log_group.this | resource |
| aws_elasticache_cluster.this | resource |
| aws_elasticache_global_replication_group.this | resource |
| aws_elasticache_parameter_group.this | resource |
| aws_elasticache_replication_group.global | resource |
| aws_elasticache_replication_group.this | resource |
| aws_elasticache_subnet_group.this | resource |
| aws_security_group.this | resource |
| aws_vpc_security_group_egress_rule.this | resource |
| aws_vpc_security_group_ingress_rule.this | resource |
| random_id.this | resource |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| apply_immediately | Whether any database modifications are applied immediately, or during the next maintenance window. Default is false |
bool |
null |
no |
| at_rest_encryption_enabled | Whether to enable encryption at rest | bool |
true |
no |
| auth_token | The password used to access a password protected server. Can be specified only if transit_encryption_enabled = true |
string |
null |
no |
| auth_token_update_strategy | Strategy to use when updating the auth_token. Valid values are SET, ROTATE, and DELETE. Defaults to ROTATE |
string |
null |
no |
| auto_minor_version_upgrade | Specifies whether minor version engine upgrades will be applied automatically to the underlying Cache Cluster instances during the maintenance window. Only supported for engine type redis and valkey and if the engine version is 6 or higher. Defaults to true |
bool |
null |
no |
| automatic_failover_enabled | Specifies whether a read-only replica will be automatically promoted to read/write primary if the existing primary fails. If true, Multi-AZ is enabled for this replication group. If false, Multi-AZ is disabled for this replication group. Must be enabled for Redis (cluster mode enabled) replication groups | bool |
null |
no |
| availability_zone | Availability Zone for the cache cluster. If you want to create cache nodes in multi-az, use preferred_availability_zones instead |
string |
null |
no |
| az_mode | Whether the nodes in this Memcached node group are created in a single Availability Zone or created across multiple Availability Zones in the cluster's region. Valid values for this parameter are single-az or cross-az, default is single-az |
string |
null |
no |
| cluster_id | Group identifier. ElastiCache converts this name to lowercase. Changing this value will re-create the resource | string |
"" |
no |
| cluster_mode | Specifies whether cluster mode is enabled or disabled. Valid values are enabled or disabled or compatible | string |
null |
no |
| cluster_mode_enabled | Whether to enable Redis [cluster mode https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/Replication.Redis-RedisCluster.html] | bool |
false |
no |
| create | Determines whether resources will be created (affects all resources) | bool |
true |
no |
| create_cluster | Determines whether an ElastiCache cluster will be created or not | bool |
false |
no |
| create_parameter_group | Determines whether the ElastiCache parameter group will be created or not | bool |
false |
no |
| create_primary_global_replication_group | Determines whether an primary ElastiCache global replication group will be created | bool |
false |
no |
| create_replication_group | Determines whether an ElastiCache replication group will be created or not | bool |
true |
no |
| create_secondary_global_replication_group | Determines whether an secondary ElastiCache global replication group will be created | bool |
false |
no |
| create_security_group | Determines if a security group is created | bool |
true |
no |
| create_subnet_group | Determines whether the Elasticache subnet group will be created or not | bool |
true |
no |
| data_tiering_enabled | Enables data tiering. Data tiering is only supported for replication groups using the r6gd node type. This parameter must be set to true when using r6gd nodes |
bool |
null |
no |
| description | User-created description for the replication group | string |
null |
no |
| engine | Name of the cache engine to be used for this cache cluster. Valid values are memcached, redis, or valkey |
string |
"redis" |
no |
| engine_version | Version number of the cache engine to be used. If not set, defaults to the latest version | string |
null |
no |
| final_snapshot_identifier | (Redis only) Name of your final cluster snapshot. If omitted, no final snapshot will be made | string |
null |
no |
| global_replication_group_id | The ID of the global replication group to which this replication group should belong | string |
null |
no |
| global_replication_group_id_suffix | The ID suffix of the global replication group | string |
null |
no |
| ip_discovery | The IP version to advertise in the discovery protocol. Valid values are ipv4 or ipv6 |
string |
null |
no |
| kms_key_arn | The ARN of the key that you wish to use if encrypting at rest. If not supplied, uses service managed encryption. Can be specified only if at_rest_encryption_enabled = true |
string |
null |
no |
| log_delivery_configuration | (Redis OSS or Valkey) Specifies the destination and format of Redis OSS/Valkey SLOWLOG or Redis OSS/Valkey Engine Log | any |
{ |
no |
| maintenance_window | Specifies the weekly time range for when maintenance on the cache cluster is performed. The format is ddd:hh24:mi-ddd:hh24:mi (24H Clock UTC) |
string |
null |
no |
| multi_az_enabled | Specifies whether to enable Multi-AZ Support for the replication group. If true, automatic_failover_enabled must also be enabled. Defaults to false |
bool |
false |
no |
| network_type | The IP versions for cache cluster connections. Valid values are ipv4, ipv6 or dual_stack |
string |
null |
no |
| node_type | The instance class used. For Memcached, changing this value will re-create the resource | string |
null |
no |
| notification_topic_arn | ARN of an SNS topic to send ElastiCache notifications to | string |
null |
no |
| num_cache_clusters | Number of cache clusters (primary and replicas) this replication group will have. If Multi-AZ is enabled, the value of this parameter must be at least 2. Updates will occur before other modifications. Conflicts with num_node_groups. Defaults to 1 |
number |
null |
no |
| num_cache_nodes | The initial number of cache nodes that the cache cluster will have. For Redis, this value must be 1. For Memcached, this value must be between 1 and 40. If this number is reduced on subsequent runs, the highest numbered nodes will be removed | number |
1 |
no |
| num_node_groups | Number of node groups (shards) for this Redis replication group. Changing this number will trigger a resizing operation before other settings modifications | number |
null |
no |
| outpost_mode | Specify the outpost mode that will apply to the cache cluster creation. Valid values are single-outpost and cross-outpost, however AWS currently only supports single-outpost mode |
string |
null |
no |
| parameter_group_description | The description of the ElastiCache parameter group. Defaults to Managed by Terraform |
string |
null |
no |
| parameter_group_family | The family of the ElastiCache parameter group | string |
"" |
no |
| parameter_group_name | The name of the parameter group. If create_parameter_group is true, this is the name assigned to the parameter group created. Otherwise, this is the name of an existing parameter group |
string |
null |
no |
| parameters | List of ElastiCache parameters to apply | list(map(string)) |
[] |
no |
| port | The port number on which each of the cache nodes will accept connections. For Memcached the default is 11211, and for Redis the default port is 6379 |
number |
null |
no |
| preferred_availability_zones | List of the Availability Zones in which cache nodes are created | list(string) |
[] |
no |
| preferred_cache_cluster_azs | List of EC2 availability zones in which the replication group's cache clusters will be created. The order of the availability zones in the list is considered. The first item in the list will be the primary node. Ignored when updating | list(string) |
[] |
no |
| preferred_outpost_arn | (Required if outpost_mode is specified) The outpost ARN in which the cache cluster will be created |
string |
null |
no |
| replicas_per_node_group | Number of replica nodes in each node group. Changing this number will trigger a resizing operation before other settings modifications. Valid values are 0 to 5 | number |
null |
no |
| replication_group_id | Replication group identifier. When create_replication_group is set to true, this is the ID assigned to the replication group created. When create_replication_group is set to false, this is the ID of an externally created replication group |
string |
null |
no |
| security_group_description | Description of the security group created | string |
null |
no |
| security_group_ids | One or more VPC security groups associated with the cache cluster | list(string) |
[] |
no |
| security_group_name | Name to use on security group created | string |
null |
no |
| security_group_names | Names of one or more Amazon VPC security groups associated with this replication group | list(string) |
[] |
no |
| security_group_rules | Security group ingress and egress rules to add to the security group created | any |
{} |
no |
| security_group_tags | A map of additional tags to add to the security group created | map(string) |
{} |
no |
| security_group_use_name_prefix | Determines whether the security group name (security_group_name) is used as a prefix |
bool |
true |
no |
| snapshot_arns | (Redis only) Single-element string list containing an Amazon Resource Name (ARN) of a Redis RDB snapshot file stored in Amazon S3 | list(string) |
[] |
no |
| snapshot_name | (Redis only) Name of a snapshot from which to restore data into the new node group. Changing snapshot_name forces a new resource |
string |
null |
no |
| snapshot_retention_limit | (Redis only) Number of days for which ElastiCache will retain automatic cache cluster snapshots before deleting them | number |
null |
no |
| snapshot_window | (Redis only) Daily time range (in UTC) during which ElastiCache will begin taking a daily snapshot of your cache cluster. Example: 05:00-09:00 |
string |
null |
no |
| subnet_group_description | Description for the Elasticache subnet group | string |
null |
no |
| subnet_group_name | The name of the subnet group. If create_subnet_group is true, this is the name assigned to the subnet group created. Otherwise, this is the name of an existing subnet group |
string |
null |
no |
| subnet_ids | List of VPC Subnet IDs for the Elasticache subnet group | list(string) |
[] |
no |
| tags | A map of tags to add to all resources | map(string) |
{} |
no |
| timeouts | Define maximum timeout for creating, updating, and deleting cluster resource | map(string) |
{} |
no |
| transit_encryption_enabled | Enable encryption in-transit | bool |
true |
no |
| transit_encryption_mode | A setting that enables clients to migrate to in-transit encryption with no downtime. Valid values are preferred and required |
string |
null |
no |
| user_group_ids | User Group ID to associate with the replication group. Only a maximum of one (1) user group ID is valid | list(string) |
null |
no |
| vpc_id | Identifier of the VPC where the security group will be created | string |
null |
no |
| Name | Description |
|---|---|
| cloudwatch_log_group_arn | Arn of cloudwatch log group created |
| cloudwatch_log_group_name | Name of cloudwatch log group created |
| cloudwatch_log_groups | Map of CloudWatch log groups created and their attributes |
| cluster_address | (Memcached only) DNS name of the cache cluster without the port appended |
| cluster_arn | The ARN of the ElastiCache Cluster |
| cluster_cache_nodes | List of node objects including id, address, port and availability_zone |
| cluster_configuration_endpoint | (Memcached only) Configuration endpoint to allow host discovery |
| cluster_engine_version_actual | Because ElastiCache pulls the latest minor or patch for a version, this attribute returns the running version of the cache engine |
| global_replication_group_arn | ARN of the created ElastiCache Global Replication Group |
| global_replication_group_engine_version_actual | The full version number of the cache engine running on the members of this global replication group |
| global_replication_group_id | ID of the ElastiCache Global Replication Group |
| global_replication_group_node_groups | Set of node groups (shards) on the global replication group |
| parameter_group_arn | The AWS ARN associated with the parameter group |
| parameter_group_id | The ElastiCache parameter group name |
| replication_group_arn | ARN of the created ElastiCache Replication Group |
| replication_group_configuration_endpoint_address | Address of the replication group configuration endpoint when cluster mode is enabled |
| replication_group_engine_version_actual | Because ElastiCache pulls the latest minor or patch for a version, this attribute returns the running version of the cache engine |
| replication_group_id | ID of the ElastiCache Replication Group |
| replication_group_member_clusters | Identifiers of all the nodes that are part of this replication group |
| replication_group_port | Port of the primary node in the replication group, if the cluster mode is disabled |
| replication_group_primary_endpoint_address | Address of the endpoint for the primary node in the replication group, if the cluster mode is disabled |
| replication_group_reader_endpoint_address | Address of the endpoint for the reader node in the replication group, if the cluster mode is disabled |
| security_group_arn | Amazon Resource Name (ARN) of the security group |
| security_group_id | ID of the security group |
| subnet_group_name | The ElastiCache subnet group name |
Apache-2.0 Licensed. See LICENSE.