Use Security Group rules instead of inline rule blocks. Fix example. Fix...

Use Security Group rules instead of inline rule blocks. Fix example. Fix README. Update to latest versions of modules. Change region for tests (#54)

* Use Security Group rules instead of inline rule blocks. Fix example. Fix README. Update to latest versions of modules. Change region for tests

* Use Security Group rules instead of inline rule blocks. Fix example. Fix README. Update to latest versions of modules. Change region for tests

* Use Security Group rules instead of inline rule blocks. Fix example. Fix README. Update to latest versions of modules. Change region for tests

README.md

-<!-- This file was automatically generated by the `build-harness`. Make all changes to `README.yaml` and run `make readme` to rebuild this file. -->
+<!-- 
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+  ** DO NOT EDIT THIS FILE
+  ** 
+  ** This file was automatically generated by the `build-harness`. 
+  ** 1) Make all changes to `README.yaml` 
+  ** 2) Run `make init` (you only need to do this once)
+  ** 3) Run`make readme` to rebuild this file. 
+  **
+  ** (We maintain HUNDREDS of open source projects. This is how we maintain our sanity.)
+  **
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+  -->
 [![README Header][readme_header_img]][readme_header_link]
 
 [![Cloud Posse][logo]](https://cpco.io/homepage)
@@ -48,38 +87,62 @@ Instead pin to the release tag (e.g. `?ref=tags/x.y.z`) of one of our [latest re
 
 
 
+For a complete example, see [examples/complete](examples/complete).
+
+For automated tests of the complete example using [bats](https://github.com/bats-core/bats-core) and [Terratest](https://github.com/gruntwork-io/terratest) (which tests and deploys the example on AWS), see [test](test).
+
 ```hcl
-// Generate a random string for auth token, no special chars
-resource "random_string" "auth_token" {
-  length = 64
-  special = false
-}
-
-module "example_redis" {
-  source          = "git::https://github.com/cloudposse/terraform-aws-elasticache-redis.git?ref=master"
-  namespace       = "eg"
-  stage           = "dev"
-  name            = "redis"
-  zone_id         = var.route53_zone_id
-  security_groups = [var.security_group_id]
-
-  auth_token                   = random_string.auth_token.result
-  vpc_id                       = var.vpc_id
-  subnets                      = var.private_subnets
-  maintenance_window           = "wed:03:00-wed:04:00"
-  cluster_size                 = 2
-  instance_type                = "cache.t2.micro"
-  engine_version               = "4.0.10"
-  alarm_cpu_threshold_percent  = var.cache_alarm_cpu_threshold_percent
-  alarm_memory_threshold_bytes = var.cache_alarm_memory_threshold_bytes
-  apply_immediately            = true
-  availability_zones           = var.availability_zones
-  automatic_failover           = false
-}
-
-output "auth_token" {
-  value = random_string.auth_token.result
-}
+  provider "aws" {
+    region = var.region
+  }
+
+  module "vpc" {
+    source     = "git::https://github.com/cloudposse/terraform-aws-vpc.git?ref=tags/0.8.1"
+    namespace  = var.namespace
+    stage      = var.stage
+    name       = var.name
+    cidr_block = "172.16.0.0/16"
+  }
+
+  module "subnets" {
+    source               = "git::https://github.com/cloudposse/terraform-aws-dynamic-subnets.git?ref=tags/0.18.1"
+    availability_zones   = var.availability_zones
+    namespace            = var.namespace
+    stage                = var.stage
+    name                 = var.name
+    vpc_id               = module.vpc.vpc_id
+    igw_id               = module.vpc.igw_id
+    cidr_block           = module.vpc.vpc_cidr_block
+    nat_gateway_enabled  = true
+    nat_instance_enabled = false
+  }
+
+  module "redis" {
+    source                     = "git::https://github.com/cloudposse/terraform-aws-elasticache-redis.git?ref=master"
+    availability_zones         = var.availability_zones
+    namespace                  = var.namespace
+    stage                      = var.stage
+    name                       = var.name
+    zone_id                    = var.zone_id
+    vpc_id                     = module.vpc.vpc_id
+    allowed_security_groups    = [module.vpc.vpc_default_security_group_id]
+    subnets                    = module.subnets.private_subnet_ids
+    cluster_size               = var.cluster_size
+    instance_type              = var.instance_type
+    apply_immediately          = true
+    automatic_failover         = false
+    engine_version             = var.engine_version
+    family                     = var.family
+    at_rest_encryption_enabled = var.at_rest_encryption_enabled
+    transit_encryption_enabled = var.transit_encryption_enabled
+
+    parameter = [
+      {
+        name  = "notify-keyspace-events"
+        value = "lK"
+      }
+    ]
+  }
 ```
 
 
@@ -108,17 +171,23 @@ Available targets:
 | alarm_actions | Alarm action list | list(string) | `<list>` | no |
 | alarm_cpu_threshold_percent | CPU threshold alarm level | number | `75` | no |
 | alarm_memory_threshold_bytes | Ram threshold alarm level | number | `10000000` | no |
+| allowed_cidr_blocks | List of CIDR blocks that are allowed ingress to the cluster's Security Group created in the module | list(string) | `<list>` | no |
+| allowed_security_groups | List of Security Group IDs that are allowed ingress to the cluster's Security Group created in the module | list(string) | `<list>` | no |
 | apply_immediately | Apply changes immediately | bool | `true` | no |
 | at_rest_encryption_enabled | Enable encryption at rest | bool | `false` | no |
 | attributes | Additional attributes (_e.g._ "1") | list(string) | `<list>` | no |
-| auth_token | Auth token for password protecting redis, `transit_encryption_enabled` must be set to `true`. Password must be longer than 16 chars | string | `` | no |
-| automatic_failover | Automatic failover (Not available for T1/T2 instances) | bool | `false` | no |
+| auth_token | Auth token for password protecting redis, `transit_encryption_enabled` must be set to `true`. Password must be longer than 16 chars | string | `null` | no |
+| automatic_failover_enabled | Automatic failover (Not available for T1/T2 instances) | bool | `false` | no |
 | availability_zones | Availability zone IDs | list(string) | `<list>` | no |
-| cluster_size | Count of nodes in cluster | number | `1` | no |
+| cluster_mode_enabled | Flag to enable/disable creation of a native redis cluster. `automatic_failover_enabled` must be set to `true`. Only 1 `cluster_mode` block is allowed | bool | `false` | no |
+| cluster_mode_num_node_groups | Number of node groups (shards) for this Redis replication group. Changing this number will trigger an online resizing operation before other settings modifications | number | `0` | no |
+| cluster_mode_replicas_per_node_group | Number of replica nodes in each node group. Valid values are 0 to 5. Changing this number will force a new resource | number | `0` | no |
+| cluster_size | Number of nodes in cluster | number | `1` | no |
 | delimiter | Delimiter between `name`, `namespace`, `stage` and `attributes` | string | `-` | no |
 | elasticache_subnet_group_name | Subnet group name for the ElastiCache instance | string | `` | no |
 | enabled | Set to false to prevent the module from creating any resources | bool | `true` | no |
 | engine_version | Redis engine version | string | `4.0.10` | no |
+| existing_security_groups | List of existing Security Group IDs to place the cluster into. Set `use_existing_security_groups` to `true` to enable using `existing_security_groups` as Security Groups for the cluster | list(string) | `<list>` | no |
 | family | Redis family | string | `redis4.0` | no |
 | instance_type | Elastic cache instance type | string | `cache.t2.micro` | no |
 | maintenance_window | Maintenance window | string | `wed:03:00-wed:04:00` | no |
@@ -129,13 +198,13 @@ Available targets:
 | parameter | A list of Redis parameters to apply. Note that parameters may differ from one Redis family to another | object | `<list>` | no |
 | port | Redis port | number | `6379` | no |
 | replication_group_id | Replication group ID with the following constraints:  A name must contain from 1 to 20 alphanumeric characters or hyphens.   The first character must be a letter.   A name cannot end with a hyphen or contain two consecutive hyphens. | string | `` | no |
-| security_groups | Security Group IDs | list(string) | `<list>` | no |
 | snapshot_retention_limit | The number of days for which ElastiCache will retain automatic cache cluster snapshots before deleting them. | number | `0` | no |
 | snapshot_window | The daily time range (in UTC) during which ElastiCache will begin taking a daily snapshot of your cache cluster. | string | `06:30-07:30` | no |
 | stage | Stage (e.g. `prod`, `dev`, `staging`) | string | `` | no |
 | subnets | Subnet IDs | list(string) | `<list>` | no |
 | tags | Additional tags (_e.g._ map("BusinessUnit","ABC") | map(string) | `<map>` | no |
 | transit_encryption_enabled | Enable TLS | bool | `true` | no |
+| use_existing_security_groups | Flag to enable/disable creation of Security Group in the module. Set to `true` to disable Security Group creation and provide a list of existing security Group IDs in `existing_security_groups` to place the cluster into | bool | `false` | no |
 | vpc_id | VPC ID | string | - | yes |
 | zone_id | Route53 DNS Zone ID | string | `` | no |
 
@@ -143,7 +212,8 @@ Available targets:
 
 | Name | Description |
 |------|-------------|
-| host | Redis host |
+| endpoint | Redis primary endpoint |
+| host | Redis hostname |
 | id | Redis cluster ID |
 | port | Redis port |
 | security_group_id | Security group ID |
@@ -153,34 +223,33 @@ Available targets:
 
 ## Help
 
-**Got a question?**
+**Got a question?** We got answers. 
 
 File a GitHub [issue](https://github.com/cloudposse/terraform-aws-elasticache-redis/issues), send us an [email][email] or join our [Slack Community][slack].
 
 [![README Commercial Support][readme_commercial_support_img]][readme_commercial_support_link]
 
-## Commercial Support
-
-Work directly with our team of DevOps experts via email, slack, and video conferencing. 
-
-We provide [*commercial support*][commercial_support] for all of our [Open Source][github] projects. As a *Dedicated Support* customer, you have access to our team of subject matter experts at a fraction of the cost of a full-time engineer. 
+## DevOps Accelerator for Startups
 
-[![E-Mail](https://img.shields.io/badge/email-hello@cloudposse.com-blue.svg)][email]
 
-- **Questions.** We'll use a Shared Slack channel between your team and ours.
-- **Troubleshooting.** We'll help you triage why things aren't working.
-- **Code Reviews.** We'll review your Pull Requests and provide constructive feedback.
-- **Bug Fixes.** We'll rapidly work to fix any bugs in our projects.
-- **Build New Terraform Modules.** We'll [develop original modules][module_development] to provision infrastructure.
-- **Cloud Architecture.** We'll assist with your cloud strategy and design.
-- **Implementation.** We'll provide hands-on support to implement our reference architectures. 
+We are a [**DevOps Accelerator**][commercial_support]. We'll help you build your cloud infrastructure from the ground up so you can own it. Then we'll show you how to operate it and stick around for as long as you need us. 
 
+[![Learn More](https://img.shields.io/badge/learn%20more-success.svg?style=for-the-badge)][commercial_support]
 
+Work directly with our team of DevOps experts via email, slack, and video conferencing.
 
-## Terraform Module Development
-
-Are you interested in custom Terraform module development? Submit your inquiry using [our form][module_development] today and we'll get back to you ASAP.
+We deliver 10x the value for a fraction of the cost of a full-time engineer. Our track record is not even funny. If you want things done right and you need it done FAST, then we're your best bet.
 
+- **Reference Architecture.** You'll get everything you need from the ground up built using 100% infrastructure as code.
+- **Release Engineering.** You'll have end-to-end CI/CD with unlimited staging environments.
+- **Site Reliability Engineering.** You'll have total visibility into your apps and microservices.
+- **Security Baseline.** You'll have built-in governance with accountability and audit logs for all changes.
+- **GitOps.** You'll be able to operate your infrastructure via Pull Requests.
+- **Training.** You'll receive hands-on training so your team can operate what we build.
+- **Questions.** You'll have a direct line of communication between our teams via a Shared Slack channel.
+- **Troubleshooting.** You'll get help to triage when things aren't working.
+- **Code Reviews.** You'll receive constructive feedback on Pull Requests.
+- **Bug Fixes.** We'll rapidly work with you to fix any bugs in our projects.
 
 ## Slack Community
 
@@ -188,7 +257,13 @@ Join our [Open Source Community][slack] on Slack. It's **FREE** for everyone! Ou
 
 ## Newsletter
 
-Signup for [our newsletter][newsletter] that covers everything on our technology radar.  Receive updates on what we're up to on GitHub as well as awesome new projects we discover. 
+Sign up for [our newsletter][newsletter] that covers everything on our technology radar.  Receive updates on what we're up to on GitHub as well as awesome new projects we discover. 
+
+## Office Hours
+
+[Join us every Wednesday via Zoom][office_hours] for our weekly "Lunch & Learn" sessions. It's **FREE** for everyone! 
+
+[![zoom](https://img.cloudposse.com/fit-in/200x200/https://cloudposse.com/wp-content/uploads/2019/08/Powered-by-Zoom.png")][office_hours]
 
 ## Contributing
 
@@ -284,33 +359,31 @@ Check out [our other projects][github], [follow us on twitter][twitter], [apply
   [christopherriley_homepage]: https://github.com/christopherriley
   [christopherriley_avatar]: https://img.cloudposse.com/150x150/https://github.com/christopherriley.png
 
-
-
 [![README Footer][readme_footer_img]][readme_footer_link]
 [![Beacon][beacon]][website]
 
   [logo]: https://cloudposse.com/logo-300x69.svg
-  [docs]: https://cpco.io/docs
-  [website]: https://cpco.io/homepage
-  [github]: https://cpco.io/github
-  [jobs]: https://cpco.io/jobs
-  [hire]: https://cpco.io/hire
-  [slack]: https://cpco.io/slack
-  [linkedin]: https://cpco.io/linkedin
-  [twitter]: https://cpco.io/twitter
-  [testimonial]: https://cpco.io/leave-testimonial
-  [newsletter]: https://cpco.io/newsletter
-  [email]: https://cpco.io/email
-  [commercial_support]: https://cpco.io/commercial-support
-  [we_love_open_source]: https://cpco.io/we-love-open-source
-  [module_development]: https://cpco.io/module-development
-  [terraform_modules]: https://cpco.io/terraform-modules
-  [readme_header_img]: https://cloudposse.com/readme/header/img?repo=cloudposse/terraform-aws-elasticache-redis
-  [readme_header_link]: https://cloudposse.com/readme/header/link?repo=cloudposse/terraform-aws-elasticache-redis
-  [readme_footer_img]: https://cloudposse.com/readme/footer/img?repo=cloudposse/terraform-aws-elasticache-redis
-  [readme_footer_link]: https://cloudposse.com/readme/footer/link?repo=cloudposse/terraform-aws-elasticache-redis
-  [readme_commercial_support_img]: https://cloudposse.com/readme/commercial-support/img?repo=cloudposse/terraform-aws-elasticache-redis
-  [readme_commercial_support_link]: https://cloudposse.com/readme/commercial-support/link?repo=cloudposse/terraform-aws-elasticache-redis
+  [docs]: https://cpco.io/docs?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-elasticache-redis&utm_content=docs
+  [website]: https://cpco.io/homepage?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-elasticache-redis&utm_content=website
+  [github]: https://cpco.io/github?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-elasticache-redis&utm_content=github
+  [jobs]: https://cpco.io/jobs?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-elasticache-redis&utm_content=jobs
+  [hire]: https://cpco.io/hire?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-elasticache-redis&utm_content=hire
+  [slack]: https://cpco.io/slack?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-elasticache-redis&utm_content=slack
+  [linkedin]: https://cpco.io/linkedin?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-elasticache-redis&utm_content=linkedin
+  [twitter]: https://cpco.io/twitter?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-elasticache-redis&utm_content=twitter
+  [testimonial]: https://cpco.io/leave-testimonial?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-elasticache-redis&utm_content=testimonial
+  [office_hours]: https://cloudposse.com/office-hours?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-elasticache-redis&utm_content=office_hours
+  [newsletter]: https://cpco.io/newsletter?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-elasticache-redis&utm_content=newsletter
+  [email]: https://cpco.io/email?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-elasticache-redis&utm_content=email
+  [commercial_support]: https://cpco.io/commercial-support?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-elasticache-redis&utm_content=commercial_support
+  [we_love_open_source]: https://cpco.io/we-love-open-source?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-elasticache-redis&utm_content=we_love_open_source
+  [terraform_modules]: https://cpco.io/terraform-modules?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-elasticache-redis&utm_content=terraform_modules
+  [readme_header_img]: https://cloudposse.com/readme/header/img
+  [readme_header_link]: https://cloudposse.com/readme/header/link?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-elasticache-redis&utm_content=readme_header_link
+  [readme_footer_img]: https://cloudposse.com/readme/footer/img
+  [readme_footer_link]: https://cloudposse.com/readme/footer/link?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-elasticache-redis&utm_content=readme_footer_link
+  [readme_commercial_support_img]: https://cloudposse.com/readme/commercial-support/img
+  [readme_commercial_support_link]: https://cloudposse.com/readme/commercial-support/link?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-elasticache-redis&utm_content=readme_commercial_support_link
   [share_twitter]: https://twitter.com/intent/tweet/?text=terraform-aws-elasticache-redis&url=https://github.com/cloudposse/terraform-aws-elasticache-redis
   [share_linkedin]: https://www.linkedin.com/shareArticle?mini=true&title=terraform-aws-elasticache-redis&url=https://github.com/cloudposse/terraform-aws-elasticache-redis
   [share_reddit]: https://reddit.com/submit/?url=https://github.com/cloudposse/terraform-aws-elasticache-redis

README.yaml

@@ -49,38 +49,62 @@ description: |-
 # How to use this project
 usage: |-
 
+  For a complete example, see [examples/complete](examples/complete).
+
+  For automated tests of the complete example using [bats](https://github.com/bats-core/bats-core) and [Terratest](https://github.com/gruntwork-io/terratest) (which tests and deploys the example on AWS), see [test](test).
+
   ```hcl
-  // Generate a random string for auth token, no special chars
-  resource "random_string" "auth_token" {
-    length = 64
-    special = false
-  }
-
-  module "example_redis" {
-    source          = "git::https://github.com/cloudposse/terraform-aws-elasticache-redis.git?ref=master"
-    namespace       = "eg"
-    stage           = "dev"
-    name            = "redis"
-    zone_id         = var.route53_zone_id
-    security_groups = [var.security_group_id]
-
-    auth_token                   = random_string.auth_token.result
-    vpc_id                       = var.vpc_id
-    subnets                      = var.private_subnets
-    maintenance_window           = "wed:03:00-wed:04:00"
-    cluster_size                 = 2
-    instance_type                = "cache.t2.micro"
-    engine_version               = "4.0.10"
-    alarm_cpu_threshold_percent  = var.cache_alarm_cpu_threshold_percent
-    alarm_memory_threshold_bytes = var.cache_alarm_memory_threshold_bytes
-    apply_immediately            = true
-    availability_zones           = var.availability_zones
-    automatic_failover           = false
-  }
-
-  output "auth_token" {
-    value = random_string.auth_token.result
-  }
+    provider "aws" {
+      region = var.region
+    }
+
+    module "vpc" {
+      source     = "git::https://github.com/cloudposse/terraform-aws-vpc.git?ref=tags/0.8.1"
+      namespace  = var.namespace
+      stage      = var.stage
+      name       = var.name
+      cidr_block = "172.16.0.0/16"
+    }
+
+    module "subnets" {
+      source               = "git::https://github.com/cloudposse/terraform-aws-dynamic-subnets.git?ref=tags/0.18.1"
+      availability_zones   = var.availability_zones
+      namespace            = var.namespace
+      stage                = var.stage
+      name                 = var.name
+      vpc_id               = module.vpc.vpc_id
+      igw_id               = module.vpc.igw_id
+      cidr_block           = module.vpc.vpc_cidr_block
+      nat_gateway_enabled  = true
+      nat_instance_enabled = false
+    }
+
+    module "redis" {
+      source                     = "git::https://github.com/cloudposse/terraform-aws-elasticache-redis.git?ref=master"
+      availability_zones         = var.availability_zones
+      namespace                  = var.namespace
+      stage                      = var.stage
+      name                       = var.name
+      zone_id                    = var.zone_id
+      vpc_id                     = module.vpc.vpc_id
+      allowed_security_groups    = [module.vpc.vpc_default_security_group_id]
+      subnets                    = module.subnets.private_subnet_ids
+      cluster_size               = var.cluster_size
+      instance_type              = var.instance_type
+      apply_immediately          = true
+      automatic_failover         = false
+      engine_version             = var.engine_version
+      family                     = var.family
+      at_rest_encryption_enabled = var.at_rest_encryption_enabled
+      transit_encryption_enabled = var.transit_encryption_enabled
+
+      parameter = [
+        {
+          name  = "notify-keyspace-events"
+          value = "lK"
+        }
+      ]
+    }
   ```
 
 examples: |-

docs/terraform.md

@@ -5,17 +5,23 @@
 | alarm_actions | Alarm action list | list(string) | `<list>` | no |
 | alarm_cpu_threshold_percent | CPU threshold alarm level | number | `75` | no |
 | alarm_memory_threshold_bytes | Ram threshold alarm level | number | `10000000` | no |
+| allowed_cidr_blocks | List of CIDR blocks that are allowed ingress to the cluster's Security Group created in the module | list(string) | `<list>` | no |
+| allowed_security_groups | List of Security Group IDs that are allowed ingress to the cluster's Security Group created in the module | list(string) | `<list>` | no |
 | apply_immediately | Apply changes immediately | bool | `true` | no |
 | at_rest_encryption_enabled | Enable encryption at rest | bool | `false` | no |
 | attributes | Additional attributes (_e.g._ "1") | list(string) | `<list>` | no |
-| auth_token | Auth token for password protecting redis, `transit_encryption_enabled` must be set to `true`. Password must be longer than 16 chars | string | `` | no |
-| automatic_failover | Automatic failover (Not available for T1/T2 instances) | bool | `false` | no |
+| auth_token | Auth token for password protecting redis, `transit_encryption_enabled` must be set to `true`. Password must be longer than 16 chars | string | `null` | no |
+| automatic_failover_enabled | Automatic failover (Not available for T1/T2 instances) | bool | `false` | no |
 | availability_zones | Availability zone IDs | list(string) | `<list>` | no |
-| cluster_size | Count of nodes in cluster | number | `1` | no |
+| cluster_mode_enabled | Flag to enable/disable creation of a native redis cluster. `automatic_failover_enabled` must be set to `true`. Only 1 `cluster_mode` block is allowed | bool | `false` | no |
+| cluster_mode_num_node_groups | Number of node groups (shards) for this Redis replication group. Changing this number will trigger an online resizing operation before other settings modifications | number | `0` | no |
+| cluster_mode_replicas_per_node_group | Number of replica nodes in each node group. Valid values are 0 to 5. Changing this number will force a new resource | number | `0` | no |
+| cluster_size | Number of nodes in cluster | number | `1` | no |
 | delimiter | Delimiter between `name`, `namespace`, `stage` and `attributes` | string | `-` | no |
 | elasticache_subnet_group_name | Subnet group name for the ElastiCache instance | string | `` | no |
 | enabled | Set to false to prevent the module from creating any resources | bool | `true` | no |
 | engine_version | Redis engine version | string | `4.0.10` | no |
+| existing_security_groups | List of existing Security Group IDs to place the cluster into. Set `use_existing_security_groups` to `true` to enable using `existing_security_groups` as Security Groups for the cluster | list(string) | `<list>` | no |
 | family | Redis family | string | `redis4.0` | no |
 | instance_type | Elastic cache instance type | string | `cache.t2.micro` | no |
 | maintenance_window | Maintenance window | string | `wed:03:00-wed:04:00` | no |
@@ -26,13 +32,13 @@
 | parameter | A list of Redis parameters to apply. Note that parameters may differ from one Redis family to another | object | `<list>` | no |
 | port | Redis port | number | `6379` | no |
 | replication_group_id | Replication group ID with the following constraints:  A name must contain from 1 to 20 alphanumeric characters or hyphens.   The first character must be a letter.   A name cannot end with a hyphen or contain two consecutive hyphens. | string | `` | no |
-| security_groups | Security Group IDs | list(string) | `<list>` | no |
 | snapshot_retention_limit | The number of days for which ElastiCache will retain automatic cache cluster snapshots before deleting them. | number | `0` | no |
 | snapshot_window | The daily time range (in UTC) during which ElastiCache will begin taking a daily snapshot of your cache cluster. | string | `06:30-07:30` | no |
 | stage | Stage (e.g. `prod`, `dev`, `staging`) | string | `` | no |
 | subnets | Subnet IDs | list(string) | `<list>` | no |
 | tags | Additional tags (_e.g._ map("BusinessUnit","ABC") | map(string) | `<map>` | no |
 | transit_encryption_enabled | Enable TLS | bool | `true` | no |
+| use_existing_security_groups | Flag to enable/disable creation of Security Group in the module. Set to `true` to disable Security Group creation and provide a list of existing security Group IDs in `existing_security_groups` to place the cluster into | bool | `false` | no |
 | vpc_id | VPC ID | string | - | yes |
 | zone_id | Route53 DNS Zone ID | string | `` | no |
 
@@ -40,7 +46,8 @@
 
 | Name | Description |
 |------|-------------|
-| host | Redis host |
+| endpoint | Redis primary endpoint |
+| host | Redis hostname |
 | id | Redis cluster ID |
 | port | Redis port |
 | security_group_id | Security group ID |

examples/basic/main.tf

-module "elasticsearch" {
-  source                  = "../../"
-  namespace               = "eg"
-  stage                   = "dev"
-  name                    = "es"
-  dns_zone_id             = "Z14EN2YD427LRQ"
-  security_groups         = ["sg-XXXXXXXXX", "sg-YYYYYYYY"]
-  vpc_id                  = "vpc-XXXXXXXXX"
-  subnet_ids              = ["subnet-XXXXXXXXX", "subnet-YYYYYYYY"]
-  zone_awareness_enabled  = "true"
-  elasticsearch_version   = "6.5"
-  instance_type           = "t2.small.elasticsearch"
-  instance_count          = 4
-  iam_role_arns           = ["arn:aws:iam::XXXXXXXXX:role/ops", "arn:aws:iam::XXXXXXXXX:role/dev"]
-  iam_actions             = ["es:ESHttpGet", "es:ESHttpPut", "es:ESHttpPost"]
-  encrypt_at_rest_enabled = "true"
-  kibana_subdomain_name   = "kibana-es"
-
-  advanced_options = {
-    rest.action.multi.allow_explicit_index = "true"
-  }
-}

examples/complete/fixtures.us-west-1.tfvars → examples/complete/fixtures.us-east-2.tfvars

-region = "us-west-1"
+region = "us-east-2"
 
-availability_zones = ["us-west-1b", "us-west-1c"]
+availability_zones = ["us-east-2a", "us-east-2b"]
 
 namespace = "eg"
 

examples/complete/main.tf

@@ -3,7 +3,7 @@ provider "aws" {
 }
 
 module "vpc" {
-  source     = "git::https://github.com/cloudposse/terraform-aws-vpc.git?ref=tags/0.7.0"
+  source     = "git::https://github.com/cloudposse/terraform-aws-vpc.git?ref=tags/0.8.1"
   namespace  = var.namespace
   stage      = var.stage
   name       = var.name
@@ -11,7 +11,7 @@ module "vpc" {
 }
 
 module "subnets" {
-  source               = "git::https://github.com/cloudposse/terraform-aws-dynamic-subnets.git?ref=tags/0.16.0"
+  source               = "git::https://github.com/cloudposse/terraform-aws-dynamic-subnets.git?ref=tags/0.18.1"
   availability_zones   = var.availability_zones
   namespace            = var.namespace
   stage                = var.stage
@@ -31,12 +31,12 @@ module "redis" {
   name                       = var.name
   zone_id                    = var.zone_id
   vpc_id                     = module.vpc.vpc_id
-  security_groups            = [module.vpc.vpc_default_security_group_id]
+  allowed_security_groups    = [module.vpc.vpc_default_security_group_id]
   subnets                    = module.subnets.private_subnet_ids
   cluster_size               = var.cluster_size
   instance_type              = var.instance_type
   apply_immediately          = true
-  automatic_failover         = false
+  automatic_failover_enabled = false
   engine_version             = var.engine_version
   family                     = var.family
   at_rest_encryption_enabled = var.at_rest_encryption_enabled

examples/complete/outputs.tf

@@ -23,7 +23,12 @@ output "cluster_security_group_id" {
   description = "Cluster Security Group ID"
 }
 
+output "cluster_endpoint" {
+  value       = module.redis.endpoint
+  description = "Redis primary endpoint"
+}
+
 output "cluster_host" {
   value       = module.redis.host
-  description = "Redis host"
+  description = "Redis hostname"
 }

examples/complete/variables.tf

@@ -25,7 +25,7 @@ variable "name" {
 
 variable "cluster_size" {
   type        = number
-  description = "Count of nodes in cluster"
+  description = "Number of nodes in cluster"
 }
 
 variable "instance_type" {

main.tf

 module "label" {
-  source     = "git::https://github.com/cloudposse/terraform-null-label.git?ref=tags/0.14.1"
+  source     = "git::https://github.com/cloudposse/terraform-null-label.git?ref=tags/0.16.0"
   enabled    = var.enabled
   namespace  = var.namespace
   name       = var.name
@@ -13,25 +13,43 @@ module "label" {
 # Security Group Resources
 #
 resource "aws_security_group" "default" {
-  count  = var.enabled ? 1 : 0
+  count  = var.enabled && var.use_existing_security_groups == false ? 1 : 0
   vpc_id = var.vpc_id
   name   = module.label.id
+  tags   = module.label.tags
+}
 
-  ingress {
-    from_port       = var.port # Redis
-    to_port         = var.port
-    protocol        = "tcp"
-    security_groups = var.security_groups
-  }
+resource "aws_security_group_rule" "egress" {
+  count             = var.enabled && var.use_existing_security_groups == false ? 1 : 0
+  description       = "Allow all egress traffic"
+  from_port         = 0
+  to_port           = 0
+  protocol          = "-1"
+  cidr_blocks       = ["0.0.0.0/0"]
+  security_group_id = join("", aws_security_group.default.*.id)
+  type              = "egress"
+}
 
-  egress {
-    from_port   = 0
-    to_port     = 0
-    protocol    = "-1"
-    cidr_blocks = ["0.0.0.0/0"]
-  }
+resource "aws_security_group_rule" "ingress_security_groups" {
+  count                    = var.enabled && var.use_existing_security_groups == false ? length(var.allowed_security_groups) : 0
+  description              = "Allow inbound traffic from existing Security Groups"
+  from_port                = var.port
+  to_port                  = var.port
+  protocol                 = "tcp"
+  source_security_group_id = var.allowed_security_groups[count.index]
+  security_group_id        = join("", aws_security_group.default.*.id)
+  type                     = "ingress"
+}
 
-  tags = module.label.tags
+resource "aws_security_group_rule" "ingress_cidr_blocks" {
+  count             = var.enabled && var.use_existing_security_groups == false && length(var.allowed_cidr_blocks) > 0 ? 1 : 0
+  description       = "Allow inbound traffic from CIDR blocks"
+  from_port         = var.port
+  to_port           = var.port
+  protocol          = "tcp"
+  cidr_blocks       = var.allowed_cidr_blocks
+  security_group_id = join("", aws_security_group.default.*.id)
+  type              = "ingress"
 }
 
 locals {
@@ -61,7 +79,7 @@ resource "aws_elasticache_parameter_group" "default" {
 resource "aws_elasticache_replication_group" "default" {
   count = var.enabled ? 1 : 0
 
-  auth_token                    = var.auth_token
+  auth_token                    = var.transit_encryption_enabled ? var.auth_token : null
   replication_group_id          = var.replication_group_id == "" ? module.label.id : var.replication_group_id
   replication_group_description = module.label.id
   node_type                     = var.instance_type
@@ -69,9 +87,9 @@ resource "aws_elasticache_replication_group" "default" {
   port                          = var.port
   parameter_group_name          = join("", aws_elasticache_parameter_group.default.*.name)
   availability_zones            = slice(var.availability_zones, 0, var.cluster_size)
-  automatic_failover_enabled    = var.automatic_failover
+  automatic_failover_enabled    = var.automatic_failover_enabled
   subnet_group_name             = local.elasticache_subnet_group_name
-  security_group_ids            = [join("", aws_security_group.default.*.id)]
+  security_group_ids            = var.use_existing_security_groups ? var.existing_security_groups : [join("", aws_security_group.default.*.id)]
   maintenance_window            = var.maintenance_window
   notification_topic_arn        = var.notification_topic_arn
   engine_version                = var.engine_version
@@ -81,6 +99,14 @@ resource "aws_elasticache_replication_group" "default" {
   snapshot_retention_limit      = var.snapshot_retention_limit
 
   tags = module.label.tags
+
+  dynamic "cluster_mode" {
+    for_each = var.cluster_mode_enabled ? ["true"] : []
+    content {
+      replicas_per_node_group = var.cluster_mode_replicas_per_node_group
+      num_node_groups         = var.cluster_mode_num_node_groups
+    }
+  }
 }
 
 #

outputs.tf

@@ -13,13 +13,12 @@ output "port" {
   description = "Redis port"
 }
 
+output "endpoint" {
+  value       = join("", aws_elasticache_replication_group.default.*.primary_endpoint_address)
+  description = "Redis primary endpoint"
+}
+
 output "host" {
-  value = coalesce(
-    module.dns.hostname,
-    join(
-      "",
-      aws_elasticache_replication_group.default.*.primary_endpoint_address
-    )
-  )
-  description = "Redis host"
+  value       = module.dns.hostname
+  description = "Redis hostname"
 }

test/src/examples_complete_test.go

@@ -16,7 +16,7 @@ func TestExamplesComplete(t *testing.T) {
 		TerraformDir: "../../examples/complete",
 		Upgrade:      true,
 		// Variables to pass to our Terraform code using -var-file options
-		VarFiles: []string{"fixtures.us-west-1.tfvars"},
+		VarFiles: []string{"fixtures.us-east-2.tfvars"},
 	}
 
 	// At the end of the test, run `terraform destroy` to clean up any resources that were created
@@ -33,12 +33,12 @@ func TestExamplesComplete(t *testing.T) {
 	// Run `terraform output` to get the value of an output variable
 	privateSubnetCidrs := terraform.OutputList(t, terraformOptions, "private_subnet_cidrs")
 	// Verify we're getting back the outputs we expect
-	assert.Equal(t, []string{"172.16.0.0/18", "172.16.64.0/18"}, privateSubnetCidrs)
+	assert.Equal(t, []string{"172.16.0.0/19", "172.16.32.0/19"}, privateSubnetCidrs)
 
 	// Run `terraform output` to get the value of an output variable
 	publicSubnetCidrs := terraform.OutputList(t, terraformOptions, "public_subnet_cidrs")
 	// Verify we're getting back the outputs we expect
-	assert.Equal(t, []string{"172.16.128.0/18", "172.16.192.0/18"}, publicSubnetCidrs)
+	assert.Equal(t, []string{"172.16.96.0/19", "172.16.128.0/19"}, publicSubnetCidrs)
 
 	// Run `terraform output` to get the value of an output variable
 	clusterHost := terraform.Output(t, terraformOptions, "cluster_host")

variables.tf

@@ -21,10 +21,28 @@ variable "name" {
   description = "Name of the application"
 }
 
-variable "security_groups" {
+variable "use_existing_security_groups" {
+  type        = bool
+  description = "Flag to enable/disable creation of Security Group in the module. Set to `true` to disable Security Group creation and provide a list of existing security Group IDs in `existing_security_groups` to place the cluster into"
+  default     = false
+}
+
+variable "existing_security_groups" {
   type        = list(string)
   default     = []
-  description = "Security Group IDs"
+  description = "List of existing Security Group IDs to place the cluster into. Set `use_existing_security_groups` to `true` to enable using `existing_security_groups` as Security Groups for the cluster"
+}
+
+variable "allowed_security_groups" {
+  type        = list(string)
+  default     = []
+  description = "List of Security Group IDs that are allowed ingress to the cluster's Security Group created in the module"
+}
+
+variable "allowed_cidr_blocks" {
+  type        = list(string)
+  default     = []
+  description = "List of CIDR blocks that are allowed ingress to the cluster's Security Group created in the module"
 }
 
 variable "vpc_id" {
@@ -53,7 +71,7 @@ variable "maintenance_window" {
 variable "cluster_size" {
   type        = number
   default     = 1
-  description = "Count of nodes in cluster"
+  description = "Number of nodes in cluster"
 }
 
 variable "port" {
@@ -138,7 +156,7 @@ variable "apply_immediately" {
   description = "Apply changes immediately"
 }
 
-variable "automatic_failover" {
+variable "automatic_failover_enabled" {
   type        = bool
   default     = false
   description = "Automatic failover (Not available for T1/T2 instances)"
@@ -177,7 +195,7 @@ variable "tags" {
 variable "auth_token" {
   type        = string
   description = "Auth token for password protecting redis, `transit_encryption_enabled` must be set to `true`. Password must be longer than 16 chars"
-  default     = ""
+  default     = null
 }
 
 variable "replication_group_id" {
@@ -197,3 +215,21 @@ variable "snapshot_retention_limit" {
   description = "The number of days for which ElastiCache will retain automatic cache cluster snapshots before deleting them."
   default     = 0
 }
+
+variable "cluster_mode_enabled" {
+  type        = bool
+  description = "Flag to enable/disable creation of a native redis cluster. `automatic_failover_enabled` must be set to `true`. Only 1 `cluster_mode` block is allowed"
+  default     = false
+}
+
+variable "cluster_mode_replicas_per_node_group" {
+  type        = number
+  description = "Number of replica nodes in each node group. Valid values are 0 to 5. Changing this number will force a new resource"
+  default     = 0
+}
+
+variable "cluster_mode_num_node_groups" {
+  type        = number
+  description = "Number of node groups (shards) for this Redis replication group. Changing this number will trigger an online resizing operation before other settings modifications"
+  default     = 0
+}