diff --git a/elasticache-redis/auth-token/main.tf b/elasticache-redis/auth-token/main.tf index 64e2206..f1e3554 100644 --- a/elasticache-redis/auth-token/main.tf +++ b/elasticache-redis/auth-token/main.tf @@ -1,5 +1,5 @@ module "secret" { - source = "github.com/thoughtbot/terraform-aws-secrets//secret?ref=v0.4.0" + source = "github.com/thoughtbot/terraform-aws-secrets//secret?ref=v0.8.0" admin_principals = var.admin_principals description = "Redis auth token for: ${local.full_name}" @@ -16,7 +16,7 @@ module "secret" { } module "rotation" { - source = "github.com/thoughtbot/terraform-aws-secrets//secret-rotation-function?ref=v0.4.0" + source = "github.com/thoughtbot/terraform-aws-secrets//secret-rotation-function?ref=v0.8.0" handler = "lambda_function.lambda_handler" role_arn = module.secret.rotation_role_arn diff --git a/elasticache-redis/auth-token/versions.tf b/elasticache-redis/auth-token/versions.tf index 540414a..21c5f63 100644 --- a/elasticache-redis/auth-token/versions.tf +++ b/elasticache-redis/auth-token/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "~> 4.0" + version = "~> 5.0" } } } diff --git a/elasticache-redis/replication-group/main.tf b/elasticache-redis/replication-group/main.tf index 6a40a3a..d93cf0f 100644 --- a/elasticache-redis/replication-group/main.tf +++ b/elasticache-redis/replication-group/main.tf @@ -1,22 +1,23 @@ resource "aws_elasticache_replication_group" "this" { replication_group_id = coalesce(var.replication_group_id, var.name) - at_rest_encryption_enabled = var.at_rest_encryption_enabled - automatic_failover_enabled = local.replica_enabled - engine = var.engine - engine_version = var.engine_version - kms_key_id = var.kms_key == null ? module.customer_kms.kms_key_arn : var.kms_key.id - multi_az_enabled = local.replica_enabled - node_type = var.node_type - num_cache_clusters = local.instance_count - parameter_group_name = var.parameter_group_name - port = var.port - replication_group_description = var.description - security_group_ids = local.server_security_group_ids - snapshot_name = var.snapshot_name - snapshot_retention_limit = var.snapshot_retention_limit - subnet_group_name = aws_elasticache_subnet_group.this.name - transit_encryption_enabled = var.transit_encryption_enabled + at_rest_encryption_enabled = var.at_rest_encryption_enabled + automatic_failover_enabled = local.replica_enabled + description = var.description + engine = var.engine + engine_version = var.engine_version + global_replication_group_id = var.global_replication_group_id + kms_key_id = local.primary_kms_key + multi_az_enabled = local.replica_enabled + node_type = var.node_type + num_cache_clusters = local.instance_count + parameter_group_name = var.parameter_group_name + port = var.port + security_group_ids = local.server_security_group_ids + snapshot_name = var.snapshot_name + snapshot_retention_limit = var.snapshot_retention_limit + subnet_group_name = aws_elasticache_subnet_group.this.name + transit_encryption_enabled = var.transit_encryption_enabled # Auth tokens aren't supported without TLS auth_token = ( @@ -36,7 +37,7 @@ resource "aws_elasticache_replication_group" "this" { } module "customer_kms" { - source = "github.com/thoughtbot/terraform-aws-secrets//customer-managed-kms?ref=v0.7.0" + source = "github.com/thoughtbot/terraform-aws-secrets//customer-managed-kms?ref=v0.8.0" name = var.name } @@ -229,7 +230,7 @@ data "aws_ec2_instance_type" "instance_attributes" { locals { instance_count = var.replica_count + 1 - instance_size = split(".", var.node_type)[2] + instance_size = replace(var.node_type, "cache.", "") instances = sort(aws_elasticache_replication_group.this.member_clusters) owned_security_group_ids = module.server_security_group.*.id replica_enabled = var.replica_count > 0 @@ -241,4 +242,6 @@ locals { local.owned_security_group_ids, local.shared_security_group_ids ) + + primary_kms_key = var.enable_kms ? (var.kms_key_id == null ? module.customer_kms.kms_key_arn : var.kms_key_id) : var.kms_key_id } diff --git a/elasticache-redis/replication-group/variables.tf b/elasticache-redis/replication-group/variables.tf index 91224ee..d41553c 100644 --- a/elasticache-redis/replication-group/variables.tf +++ b/elasticache-redis/replication-group/variables.tf @@ -10,9 +10,9 @@ variable "at_rest_encryption_enabled" { default = true } -variable "kms_key" { - description = "Custom KMS key to encrypt data at rest" - type = object({ arn = string }) +variable "kms_key_id" { + description = "KMS key to encrypt data at rest" + type = string default = null } @@ -21,6 +21,12 @@ variable "description" { type = string } +variable "enable_kms" { + type = bool + description = "Enable KMS encryption" + default = true +} + variable "engine" { type = string description = "Elasticache database engine; defaults to Redis" @@ -32,6 +38,12 @@ variable "engine_version" { description = "Version for RDS database engine" } +variable "global_replication_group_id" { + type = string + description = "The ID of the global replication group to which this replication group should belong." + default = null +} + variable "initial_auth_token" { type = string description = "Override the initial auth token" diff --git a/elasticache-redis/replication-group/versions.tf b/elasticache-redis/replication-group/versions.tf index b26e354..b1b4ee2 100644 --- a/elasticache-redis/replication-group/versions.tf +++ b/elasticache-redis/replication-group/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "~> 4.0" + version = "~> 5.0" } random = { source = "hashicorp/random" diff --git a/kafka/versions.tf b/kafka/versions.tf index 540414a..21c5f63 100644 --- a/kafka/versions.tf +++ b/kafka/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "~> 4.0" + version = "~> 5.0" } } } diff --git a/rds-postgres/admin-login/main.tf b/rds-postgres/admin-login/main.tf index 4ad1b59..716ad2b 100644 --- a/rds-postgres/admin-login/main.tf +++ b/rds-postgres/admin-login/main.tf @@ -1,5 +1,5 @@ module "secret" { - source = "github.com/thoughtbot/terraform-aws-secrets//secret?ref=v0.4.0" + source = "github.com/thoughtbot/terraform-aws-secrets//secret?ref=v0.8.0" admin_principals = var.admin_principals description = "Postgres password for: ${local.full_name}" @@ -19,7 +19,7 @@ module "secret" { } module "rotation" { - source = "github.com/thoughtbot/terraform-aws-secrets//secret-rotation-function?ref=v0.4.0" + source = "github.com/thoughtbot/terraform-aws-secrets//secret-rotation-function?ref=v0.8.0" handler = "lambda_function.lambda_handler" role_arn = module.secret.rotation_role_arn diff --git a/rds-postgres/admin-login/versions.tf b/rds-postgres/admin-login/versions.tf index 540414a..21c5f63 100644 --- a/rds-postgres/admin-login/versions.tf +++ b/rds-postgres/admin-login/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "~> 4.0" + version = "~> 5.0" } } } diff --git a/rds-postgres/cloudwatch-alarms/versions.tf b/rds-postgres/cloudwatch-alarms/versions.tf index 540414a..21c5f63 100644 --- a/rds-postgres/cloudwatch-alarms/versions.tf +++ b/rds-postgres/cloudwatch-alarms/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "~> 4.0" + version = "~> 5.0" } } } diff --git a/rds-postgres/parameter-group/versions.tf b/rds-postgres/parameter-group/versions.tf index 540414a..21c5f63 100644 --- a/rds-postgres/parameter-group/versions.tf +++ b/rds-postgres/parameter-group/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "~> 4.0" + version = "~> 5.0" } } } diff --git a/rds-postgres/primary-instance/main.tf b/rds-postgres/primary-instance/main.tf index 709a84b..90fe038 100644 --- a/rds-postgres/primary-instance/main.tf +++ b/rds-postgres/primary-instance/main.tf @@ -51,7 +51,7 @@ resource "aws_db_instance" "this" { } module "customer_kms" { - source = "github.com/thoughtbot/terraform-aws-secrets//customer-managed-kms?ref=v0.7.0" + source = "github.com/thoughtbot/terraform-aws-secrets//customer-managed-kms?ref=v0.8.0" name = var.identifier } @@ -155,5 +155,5 @@ locals { local.shared_vpc_security_group_ids ) - primary_kms_key = var.kms_key_id == null ? module.customer_kms.kms_key_arn : var.kms_key_id + primary_kms_key = var.enable_kms ? (var.kms_key_id == null ? module.customer_kms.kms_key_arn : var.kms_key_id) : var.kms_key_id } diff --git a/rds-postgres/primary-instance/variables.tf b/rds-postgres/primary-instance/variables.tf index 376175e..176ea94 100644 --- a/rds-postgres/primary-instance/variables.tf +++ b/rds-postgres/primary-instance/variables.tf @@ -53,6 +53,12 @@ variable "enabled_cloudwatch_logs_exports" { default = [] } +variable "enable_kms" { + type = bool + description = "Enable KMS encryption" + default = true +} + variable "engine" { type = string description = "RDS database engine; defaults to Postgres" diff --git a/rds-postgres/primary-instance/versions.tf b/rds-postgres/primary-instance/versions.tf index b26e354..b1b4ee2 100644 --- a/rds-postgres/primary-instance/versions.tf +++ b/rds-postgres/primary-instance/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "~> 4.0" + version = "~> 5.0" } random = { source = "hashicorp/random" diff --git a/rds-postgres/rds-postgres-login/main.tf b/rds-postgres/rds-postgres-login/main.tf index 4739664..7563d8c 100644 --- a/rds-postgres/rds-postgres-login/main.tf +++ b/rds-postgres/rds-postgres-login/main.tf @@ -1,5 +1,5 @@ module "secret" { - source = "github.com/thoughtbot/terraform-aws-secrets//secret?ref=v0.4.0" + source = "github.com/thoughtbot/terraform-aws-secrets//secret?ref=v0.8.0" admin_principals = var.admin_principals description = "Postgres password for: ${local.full_name}" @@ -9,7 +9,7 @@ module "secret" { trust_tags = var.trust_tags initial_value = jsonencode({ - dbname = var.database.name + dbname = var.database.db_name engine = var.database.engine host = var.database.address password = "" @@ -19,7 +19,7 @@ module "secret" { } module "rotation" { - source = "github.com/thoughtbot/terraform-aws-secrets//secret-rotation-function?ref=v0.4.0" + source = "github.com/thoughtbot/terraform-aws-secrets//secret-rotation-function?ref=v0.8.0" handler = "lambda_function.lambda_handler" role_arn = module.secret.rotation_role_arn diff --git a/rds-postgres/rds-postgres-login/variables.tf b/rds-postgres/rds-postgres-login/variables.tf index 735dfc1..95f7424 100644 --- a/rds-postgres/rds-postgres-login/variables.tf +++ b/rds-postgres/rds-postgres-login/variables.tf @@ -27,9 +27,9 @@ variable "database" { type = object({ address = string arn = string + db_name = string engine = string identifier = string - name = string port = number }) } diff --git a/rds-postgres/rds-postgres-login/versions.tf b/rds-postgres/rds-postgres-login/versions.tf index 540414a..21c5f63 100644 --- a/rds-postgres/rds-postgres-login/versions.tf +++ b/rds-postgres/rds-postgres-login/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "~> 4.0" + version = "~> 5.0" } } } diff --git a/rds-postgres/replica/versions.tf b/rds-postgres/replica/versions.tf index 540414a..21c5f63 100644 --- a/rds-postgres/replica/versions.tf +++ b/rds-postgres/replica/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "~> 4.0" + version = "~> 5.0" } } } diff --git a/security-group-ingress/versions.tf b/security-group-ingress/versions.tf index 540414a..21c5f63 100644 --- a/security-group-ingress/versions.tf +++ b/security-group-ingress/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "~> 4.0" + version = "~> 5.0" } } } diff --git a/security-group/versions.tf b/security-group/versions.tf index 10d1156..88ee133 100644 --- a/security-group/versions.tf +++ b/security-group/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "~> 4.0" + version = "~> 5.0" } random = { source = "hashicorp/random"