From 459abc230f7126b3fdff9521374b0793d4957435 Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Tue, 7 Oct 2025 16:39:03 -0500 Subject: [PATCH] fix: Revert - Enable `transit_encryption_enabled` for all avialble engines now that Elasticache supports this #56 --- .pre-commit-config.yaml | 2 +- README.md | 4 ++-- main.tf | 3 ++- variables.tf | 4 ++-- 4 files changed, 7 insertions(+), 6 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 52fd864..786a616 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.100.1 + rev: v1.101.0 hooks: - id: terraform_fmt - id: terraform_wrapper_module_for_each diff --git a/README.md b/README.md index aa79fd4..cd6a393 100644 --- a/README.md +++ b/README.md @@ -464,8 +464,8 @@ No modules. | [subnet\_ids](#input\_subnet\_ids) | List of VPC Subnet IDs for the Elasticache subnet group | `list(string)` | `[]` | no | | [tags](#input\_tags) | A map of tags to add to all resources | `map(string)` | `{}` | no | | [timeouts](#input\_timeouts) | Define maximum timeout for creating, updating, and deleting cluster resource | `map(string)` | `{}` | no | -| [transit\_encryption\_enabled](#input\_transit\_encryption\_enabled) | Enable encryption in-transit. Supported on replication groups running Valkey 7.2 and later, and Redis OSS versions 3.2.6, 4.0.10 and later, running in a VPC | `bool` | `true` | no | -| [transit\_encryption\_mode](#input\_transit\_encryption\_mode) | A setting that enables clients to migrate to in-transit encryption with no downtime. Valid values are preferred and required | `string` | `null` | no | +| [transit\_encryption\_enabled](#input\_transit\_encryption\_enabled) | Enable encryption in-transit | `bool` | `true` | no | +| [transit\_encryption\_mode](#input\_transit\_encryption\_mode) | A setting that enables clients to migrate to in-transit encryption with no downtime. Valid values are `preferred` and `required` | `string` | `null` | no | | [user\_group\_ids](#input\_user\_group\_ids) | User Group ID to associate with the replication group. Only a maximum of one (1) user group ID is valid | `list(string)` | `null` | no | | [vpc\_id](#input\_vpc\_id) | Identifier of the VPC where the security group will be created | `string` | `null` | no | diff --git a/main.tf b/main.tf index 4ee7685..e4ec87c 100644 --- a/main.tf +++ b/main.tf @@ -53,7 +53,8 @@ resource "aws_elasticache_cluster" "this" { snapshot_retention_limit = local.in_replication_group ? null : var.snapshot_retention_limit snapshot_window = local.in_replication_group ? null : var.snapshot_window subnet_group_name = local.in_replication_group ? null : local.subnet_group_name - transit_encryption_enabled = var.transit_encryption_enabled + # ToDo - remove restriction at next breaking change https://github.com/terraform-aws-modules/terraform-aws-elasticache/pull/56 + transit_encryption_enabled = var.engine == "memcached" ? var.transit_encryption_enabled : null tags = local.tags diff --git a/variables.tf b/variables.tf index 5ec6634..6d8d543 100644 --- a/variables.tf +++ b/variables.tf @@ -176,13 +176,13 @@ variable "snapshot_window" { } variable "transit_encryption_enabled" { - description = "Enable encryption in-transit. Supported on replication groups running Valkey 7.2 and later, and Redis OSS versions 3.2.6, 4.0.10 and later, running in a VPC" + description = "Enable encryption in-transit" type = bool default = true } variable "transit_encryption_mode" { - description = "A setting that enables clients to migrate to in-transit encryption with no downtime. Valid values are preferred and required" + description = "A setting that enables clients to migrate to in-transit encryption with no downtime. Valid values are `preferred` and `required`" type = string default = null }