Add Computed flag set to true for Port property in ElastiCache Cluster

[xsalazar]

Summary

Sets the Computed flag to true for the aws_elasticache_cluster resource. This property is already exposed as readable; however, there was a lack of identification to tell other resources to wait for the value to be set before using it. This is especially important when utilizing the default ports for both Memcached and Redis, since they will not be set explicitly in Terraform and only get a value after the resource is created.

The Existing Issue

Currently, the port property on the resource_aws_elasticache_cluster is allowed to be read externally and used throughout other resources; however, there was no explicit identifier to tell other resources when it would be safe to read this property.

For example, if you set up an aws_elasticache_cluster as follows:

resource "aws_elasticache_cluster" "redis_cluster" {
  cluster_id           = "redis"
  engine               = "redis"
  engine_version       = "5.0.4"
  node_type            = "cache.t2.micro"
  num_cache_nodes      = 1
  parameter_group_name = "default.redis5.0"
}

And you also wish to set up an aws_security_group to create an ingress rule using the port exposed by this cluster:

resource "aws_security_group" "redis_security_group" {
  description = "Redis Security Group"
  name        = "RedisSecurityGroup"

  ingress {
    from_port = aws_elasticache_cluster.redis_cluster.port
    protocol  = "tcp"
    to_port   = aws_elasticache_cluster.redis_cluster.port
  }
}

You get the following error on apply:

Error: "ingress.0.to_port": required field is not set

  on main.tf line 15, in resource "aws_security_group" "redis_security_group":
  15: resource "aws_security_group" "redis_security_group" {



Error: "ingress.0.from_port": required field is not set

  on main.tf line 15, in resource "aws_security_group" "redis_security_group":
  15: resource "aws_security_group" "redis_security_group" {

This property is eventually set; however, Terraform does not know to wait until the cluster resource is created to read this property

What's Fixed

You can see below that the new plan generated by Terraform is successful and also correctly identifies that the ingress rule will properly set the to- and from-port after the apply is done. Further, you can see the resource creation explicitly waits until the aws_elasticache_cluster is complete to start creating the aws_security_group.

Terraform will perform the following actions:

  # aws_elasticache_cluster.redis_cluster will be created
  + resource "aws_elasticache_cluster" "redis_cluster" {
      + apply_immediately      = (known after apply)
      + availability_zone      = (known after apply)
      + az_mode                = (known after apply)
      + cache_nodes            = (known after apply)
      + cluster_address        = (known after apply)
      + cluster_id             = "redis"
      + configuration_endpoint = (known after apply)
      + engine                 = "redis"
      + engine_version         = "5.0.4"
      + id                     = (known after apply)
      + maintenance_window     = (known after apply)
      + node_type              = "cache.t2.micro"
      + num_cache_nodes        = 1
      + parameter_group_name   = "default.redis5.0"
      + port                   = (known after apply)
      + replication_group_id   = (known after apply)
      + security_group_ids     = (known after apply)
      + security_group_names   = (known after apply)
      + snapshot_window        = (known after apply)
      + subnet_group_name      = (known after apply)
    }

  # aws_security_group.redis_security_group will be created
  + resource "aws_security_group" "redis_security_group" {
      + arn                    = (known after apply)
      + description            = "Redis Security Group"
      + egress                 = (known after apply)
      + id                     = (known after apply)
      + ingress                = [
          + {
              + cidr_blocks      = []
              + description      = ""
              + from_port        = (known after apply)
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "tcp"
              + security_groups  = []
              + self             = false
              + to_port          = (known after apply)
            },
        ]
      + name                   = "RedisSecurityGroup"
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + vpc_id                 = (known after apply)
    }

Plan: 2 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

aws_elasticache_cluster.redis_cluster: Creating...
...
aws_elasticache_cluster.redis_cluster: Still creating... [3m40s elapsed]
aws_elasticache_cluster.redis_cluster: Creation complete after 3m47s [id=redis]
aws_security_group.redis_security_group: Creating...
aws_security_group.redis_security_group: Creation complete after 2s [id=sg-0358a451871d9ced4]

Apply complete! Resources: 2 added, 0 changed, 0 destroyed.

Outputs:

redis_security_group = {
  "arn" = "arn:aws:ec2:us-west-1:368081326042:security-group/sg-0358a451871d9ced4"
  "description" = "Redis Security Group"
  "egress" = []
  "id" = "sg-0358a451871d9ced4"
  "ingress" = [
    {
      "cidr_blocks" = []
      "description" = ""
      "from_port" = 6379
      "ipv6_cidr_blocks" = []
      "prefix_list_ids" = []
      "protocol" = "tcp"
      "security_groups" = []
      "self" = false
      "to_port" = 6379
    },
  ]
  "name" = "RedisSecurityGroup"
  "owner_id" = "368081326042"
  "revoke_rules_on_delete" = false
  "vpc_id" = "vpc-708d8317"
}

Community Note

• Please vote on this pull request by adding a 👍 reaction to the original pull request comment to help the community and maintainers prioritize this request
• Please do not leave "+1" comments, they generate extra noise for pull request followers and do not help prioritize the request

Release Notes

Release note for CHANGELOG:

Fix bug with port property on elasticache_cluster being read before the resource is fully initialized

Test

Output from acceptance testing:

make testacc TESTARGS='-run=TestAccAWSElasticacheCluster_Port_Redis_Default' TEST=./aws
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws -v -parallel 20 -run=TestAccAWSElasticacheCluster_Port_Redis_Default -timeout 120m
=== RUN   TestAccAWSElasticacheCluster_Port_Redis_Default
=== PAUSE TestAccAWSElasticacheCluster_Port_Redis_Default
=== CONT  TestAccAWSElasticacheCluster_Port_Redis_Default
--- PASS: TestAccAWSElasticacheCluster_Port_Redis_Default (518.26s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	518.299s

[aeschright]

Hi @xsalazar ! Thanks so much for the detailed explanation and use case. Can you have a look at the acceptance tests for the resource and add a new test to demonstrate the change? Let us know if you need pointers on where to start.

[xsalazar]

@aeschright I went ahead and added a test around this scenario! The Travis CI check failed, but I'm not sure why; everything is passing on my local.

[xsalazar]

Any update on this? @aeschright

[aeschright]

Looks good at first read, thank you! Please run make fmt to clean up the linter errors, then I can verify the acceptance tests.

[aeschright]

Looks like we're good to go! Thanks for taking care of this.

--- PASS: TestAccAWSElasticacheCluster_Port_Redis_Default (524.58s)

[xsalazar]

@aeschright thanks for being responsive this long and helping get this in! 🚀

[ghost]

This has been released in version 2.48.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks!

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!