From 285bd6df2cc71e8d2be5328dece86a0610e7b4cc Mon Sep 17 00:00:00 2001
From: cmanzur <manzurcarim@gmail.com>
Date: Tue, 7 Oct 2025 11:24:08 +0200
Subject: [PATCH 1/2] chore: support transit_encryption_enabled for Redis
 Engine

---
 README.md        | 2 +-
 main.tf          | 2 +-
 variables.tf     | 2 +-
 wrappers/main.tf | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index 5dfb4c7..aa79fd4 100644
--- a/README.md
+++ b/README.md
@@ -464,7 +464,7 @@ No modules.
 | <a name="input_subnet_ids"></a> [subnet\_ids](#input\_subnet\_ids) | List of VPC Subnet IDs for the Elasticache subnet group | `list(string)` | `[]` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | A map of tags to add to all resources | `map(string)` | `{}` | no |
 | <a name="input_timeouts"></a> [timeouts](#input\_timeouts) | Define maximum timeout for creating, updating, and deleting cluster resource | `map(string)` | `{}` | no |
-| <a name="input_transit_encryption_enabled"></a> [transit\_encryption\_enabled](#input\_transit\_encryption\_enabled) | Enable encryption in-transit. Supported only with Memcached versions `1.6.12` and later, running in a VPC | `bool` | `true` | no |
+| <a name="input_transit_encryption_enabled"></a> [transit\_encryption\_enabled](#input\_transit\_encryption\_enabled) | Enable encryption in-transit. Supported on replication groups running Valkey 7.2 and later, and Redis OSS versions 3.2.6, 4.0.10 and later, running in a VPC | `bool` | `true` | no |
 | <a name="input_transit_encryption_mode"></a> [transit\_encryption\_mode](#input\_transit\_encryption\_mode) | A setting that enables clients to migrate to in-transit encryption with no downtime. Valid values are preferred and required | `string` | `null` | no |
 | <a name="input_user_group_ids"></a> [user\_group\_ids](#input\_user\_group\_ids) | User Group ID to associate with the replication group. Only a maximum of one (1) user group ID is valid | `list(string)` | `null` | no |
 | <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | Identifier of the VPC where the security group will be created | `string` | `null` | no |
diff --git a/main.tf b/main.tf
index 2020140..4ee7685 100644
--- a/main.tf
+++ b/main.tf
@@ -53,7 +53,7 @@ resource "aws_elasticache_cluster" "this" {
   snapshot_retention_limit     = local.in_replication_group ? null : var.snapshot_retention_limit
   snapshot_window              = local.in_replication_group ? null : var.snapshot_window
   subnet_group_name            = local.in_replication_group ? null : local.subnet_group_name
-  transit_encryption_enabled   = var.engine == "memcached" ? var.transit_encryption_enabled : null
+  transit_encryption_enabled   = var.transit_encryption_enabled
 
   tags = local.tags
 
diff --git a/variables.tf b/variables.tf
index d157d04..5ec6634 100644
--- a/variables.tf
+++ b/variables.tf
@@ -176,7 +176,7 @@ variable "snapshot_window" {
 }
 
 variable "transit_encryption_enabled" {
-  description = "Enable encryption in-transit. Supported only with Memcached versions `1.6.12` and later, running in a VPC"
+  description = "Enable encryption in-transit. Supported on replication groups running Valkey 7.2 and later, and Redis OSS versions 3.2.6, 4.0.10 and later, running in a VPC"
   type        = bool
   default     = true
 }
diff --git a/wrappers/main.tf b/wrappers/main.tf
index d53ac58..60cb3ab 100644
--- a/wrappers/main.tf
+++ b/wrappers/main.tf
@@ -7,8 +7,8 @@ module "wrapper" {
   at_rest_encryption_enabled                = try(each.value.at_rest_encryption_enabled, var.defaults.at_rest_encryption_enabled, true)
   auth_token                                = try(each.value.auth_token, var.defaults.auth_token, null)
   auth_token_update_strategy                = try(each.value.auth_token_update_strategy, var.defaults.auth_token_update_strategy, null)
-  auto_minor_version_upgrade                = try(each.value.auto_minor_version_upgrade, var.defaults.auto_minor_version_upgrade, null)
   automatic_failover_enabled                = try(each.value.automatic_failover_enabled, var.defaults.automatic_failover_enabled, null)
+  auto_minor_version_upgrade                = try(each.value.auto_minor_version_upgrade, var.defaults.auto_minor_version_upgrade, null)
   availability_zone                         = try(each.value.availability_zone, var.defaults.availability_zone, null)
   az_mode                                   = try(each.value.az_mode, var.defaults.az_mode, null)
   cluster_id                                = try(each.value.cluster_id, var.defaults.cluster_id, "")

From a627d54060706a0068d89811590b83353deea734 Mon Sep 17 00:00:00 2001
From: cmanzur <manzurcarim@gmail.com>
Date: Tue, 7 Oct 2025 15:33:02 +0200
Subject: [PATCH 2/2] switch line for automatic_failover_enabled inside wrapper
 module

---
 wrappers/main.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/wrappers/main.tf b/wrappers/main.tf
index 60cb3ab..d53ac58 100644
--- a/wrappers/main.tf
+++ b/wrappers/main.tf
@@ -7,8 +7,8 @@ module "wrapper" {
   at_rest_encryption_enabled                = try(each.value.at_rest_encryption_enabled, var.defaults.at_rest_encryption_enabled, true)
   auth_token                                = try(each.value.auth_token, var.defaults.auth_token, null)
   auth_token_update_strategy                = try(each.value.auth_token_update_strategy, var.defaults.auth_token_update_strategy, null)
-  automatic_failover_enabled                = try(each.value.automatic_failover_enabled, var.defaults.automatic_failover_enabled, null)
   auto_minor_version_upgrade                = try(each.value.auto_minor_version_upgrade, var.defaults.auto_minor_version_upgrade, null)
+  automatic_failover_enabled                = try(each.value.automatic_failover_enabled, var.defaults.automatic_failover_enabled, null)
   availability_zone                         = try(each.value.availability_zone, var.defaults.availability_zone, null)
   az_mode                                   = try(each.value.az_mode, var.defaults.az_mode, null)
   cluster_id                                = try(each.value.cluster_id, var.defaults.cluster_id, "")