Skip to content

Latest commit

 

History

History
223 lines (175 loc) · 21.3 KB

README.md

File metadata and controls

223 lines (175 loc) · 21.3 KB

Redis

squareops_avatar

SquareOps Technologies Your DevOps Partner for Accelerating cloud journey.


This module is a Terraform module that provides an easy and efficient way to deploy and manage an Amazon ElastiCache Redis cluster in AWS. It simplifies the process of setting up a Redis cluster with customizable configurations, allowing you to focus on your application development and performance optimization. Features
  1. Simple Configuration: The module offers a simple and intuitive configuration interface, allowing you to define your Redis cluster's properties, such as instance type, node count, subnet, security groups, and more.

  2. Scalability: Easily scale your Redis cluster up or down by modifying the number of cache nodes, enabling you to meet the changing demands of your application.

  3. High Availability: Enable multi-AZ deployment to achieve high availability and automatic failover in case of a node or zone failure. This ensures that your Redis cluster remains accessible and your data stays protected.

  4. Flexible Networking: Choose the VPC and subnets where you want to deploy your Redis cluster, providing you with control over network access and integration with other resources in your AWS environment.

  5. Encryption and Security: Enable encryption at rest with your own KMS key or use AWS-managed encryption. Control access to your Redis cluster using CIDR blocks and security groups, ensuring secure communication and data protection.

  6. Backup and Recovery: Configure automated daily snapshots and set the retention period for backups. You can also specify a final snapshot for a smooth and controlled cluster termination process.

  7. Logging and Monitoring: Easily configure logging destinations for slow logs and engine logs, allowing you to monitor the performance and troubleshoot any issues efficiently.

  8. CloudWatch Alerts: Set up CloudWatch alarms to monitor the health and performance of your Redis cluster. Integrate these alarms with AWS Simple Notification Service (SNS) to receive real-time alerts. Use AWS Lambda functions to customize your alerting logic, and send notifications to Slack channels for immediate visibility into your Redis cluster's status.

Uses Example

module "redis" {
  source          = "squareops/elasticache-redis/aws"  
  environment     = "production"
  name            = "redis"
  family          = "redis6.x"
  vpc_id                           = "vpc-06eb7eskaf"
  subnets                          = ["subnet-0bfa3eskaf","subnet-0140bskaf"]
  node_type                        = "cache.t3.small"
  kms_key_arn                      = "arn:aws:kms:us-east-2:222222222222:key/kms_key_arn"
  num_cache_nodes                  = 2
  engine_version                   = "6.x"
  multi_az_enabled                 = false
  availability_zones               = 2
  automatic_failover_enabled       = true
  snapshot_retention_limit         = 7
  transit_encryption_enabled       = false
  notification_topic_arn           = null
  allowed_security_groups          = [sg-0132a18skaf]
  snapshot_window                  = "07:00-08:00"
  maintenance_window               = "sun:09:00-sun:10:00"
  cloudwatch_metric_alarms_enabled = true  # For enabling basic alerting
  alarm_cpu_threshold_percent      = 70
  alarm_memory_threshold_bytes     = "10000000" # in bytes
  slack_notification_enabled       = true
  slack_username                   = "john"
  slack_channel                    = "redis-alerts"
  slack_webhook_url                = "https://hooks.slack.com/services/xxxxxxxxx"
}

Refer examples for more details.

IAM Permissions

The required IAM permissions to create resources from this module can be found here

Important Note

  1. By default, the variable create_random_password is set to true. Therefore, even if the user provides a password, it will not be read. The create_random_password variable should be set to false and the password variable should have a non-null value to be read and used.

Security & Compliance

Security scanning is graciously provided by Prowler. Proowler is the leading fully hosted, cloud-native solution providing continuous cluster security and compliance.

Benchmark Description
Ensure that encryption is enabled for RDS instances Enabled for RDS created using this module.

Requirements

Name Version
terraform >= 1.0
aws >= 4.23
random >= 3.0.0

Providers

Name Version
archive n/a
aws >= 4.23
random >= 3.0.0

Modules

Name Source Version
cw_sns_slack ./lambda n/a
security_group_redis terraform-aws-modules/security-group/aws 4.13.0

Resources

Name Type
aws_cloudwatch_metric_alarm.cache_cpu resource
aws_cloudwatch_metric_alarm.cache_memory resource
aws_elasticache_parameter_group.default resource
aws_elasticache_replication_group.redis resource
aws_elasticache_subnet_group.elasticache resource
aws_kms_ciphertext.slack_url resource
aws_kms_key.this resource
aws_lambda_permission.sns_lambda_slack_invoke resource
aws_secretsmanager_secret.secret_redis resource
aws_secretsmanager_secret_version.redis_credentials resource
aws_security_group_rule.cidr_ingress resource
aws_security_group_rule.default_ingress resource
aws_sns_topic.slack_topic resource
aws_sns_topic_subscription.slack-endpoint resource
random_password.password resource
archive_file.lambdazip data source

Inputs

Name Description Type Default Required
alarm_actions Alarm action list list(string) [] no
alarm_cpu_threshold_percent CPU threshold alarm level number 75 no
alarm_memory_threshold_bytes Ram threshold alarm level in bytes number 10000000 no
allowed_cidr_blocks A list of CIDR blocks which are allowed to access the database list(any) [] no
allowed_security_groups A list of Security Group ID's to allow access to list(any) [] no
at_rest_encryption_enabled (Optional) Whether to enable encryption at rest bool true no
automatic_failover_enabled Enable automatic failover bool true no
availability_zones The no. of AZs list(string) [] no
cloudwatch_metric_alarms_enabled Boolean flag to enable/disable CloudWatch metrics alarms bool false no
cluster_mode_enabled Whether to enable/disable creation of a native redis cluster. bool false no
cluster_mode_num_node_groups Number of node groups (shards) for this Redis replication group. number 0 no
cluster_mode_replicas_per_node_group Number of replica nodes in each node group. Valid values are between 0 to 5. number 0 no
cw_sns_topic_arn The username to use when sending notifications to Slack. string "" no
engine_log_destination The destination for engine logs(eg. Cloudwatch log-group name or kinesis firehose stream name) string null no
engine_log_destination_type The type of destination for engine logs(eg . cloudwatch-logs or kinesis-firehose) string "" no
engine_log_format the format for logs eg. json/text string "json" no
engine_version The redis engine version string "" no
environment The name of environment string "" no
family Redis family string "redis4.0" no
final_snapshot_identifier The name of your final node group (shard) snapshot. ElastiCache creates the snapshot from the primary node in the cluster. If omitted, no final snapshot will be made. string null no
kms_key_arn The ARN of the key that you wish to use if encrypting at rest. If not supplied, uses service managed encryption. Can be specified only if at_rest_encryption_enabled = true string "" no
maintenance_window Specifies the weekly time range for when maintenance on the cache cluster is performed. The format is ddd:hh24:mi-ddd:hh24:mi (24H Clock UTC). The minimum maintenance window is a 60 minute period string "fri:08:00-fri:09:00" no
multi_az_enabled Enable multi az bool false no
name The name of the redis cluster string "" no
node_type The instance size of the redis cluster string "cache.t3.micro" no
notification_topic_arn (Optional) ARN of an SNS topic to send ElastiCache notifications string null no
num_cache_nodes The number of cache nodes number 1 no
ok_actions The list of actions to execute when this alarm transitions into an OK state from any other state. Each action is specified as an Amazon Resource Number (ARN) list(string) [] no
parameter A list of Redis parameters to apply. It can be different based on mode slection.
list(object({
name = string
value = string
}))
[] no
parameter_group_description Parameter group string null no
port The redis port number 6379 no
recovery_window_aws_secret Number of days that AWS Secrets Manager waits before it can delete the secret. This value can be 0 to force deletion without recovery or range from 7 to 30 days. number 0 no
slack_channel The Slack channel where notifications will be posted. string "" no
slack_notification_enabled Whether to enable/disable slack notification. bool false no
slack_username The username to use when sending notifications to Slack. string "" no
slack_webhook_url The Slack Webhook URL where notifications will be sent. string "" no
slow_log_destination The destination for slow logs(eg. Cloudwatch log-group name or kinesis firehose stream name.) string null no
slow_log_destination_type The type of destination for slow logs(eg . cloudwatch-logs or kinesis-firehose) string "" no
slow_log_format the format for logs eg. json/text string "json" no
snapshot_arns (Optional) A single-element string list containing an Amazon Resource Name (ARN) of a Redis RDB snapshot file stored in Amazon S3. Example: arn:aws:s3:::my_bucket/snapshot1.rdb . This will be used to add data to a fresh new instance. list(string) [] no
snapshot_retention_limit The number of days for which ElastiCache will retain automatic cache cluster snapshots before deleting them. For example, if you set SnapshotRetentionLimit to 5, then a snapshot that was taken today will be retained for 5 days before being deleted. If the value of SnapshotRetentionLimit is set to zero (0), backups are turned off. Please note that setting a snapshot_retention_limit is not supported on cache.t1.micro or cache.t2.* cache nodes number 7 no
snapshot_window The daily time range (in UTC) during which ElastiCache will begin taking a daily snapshot of your cache cluster. The minimum maintenance window is a 60 minute period. Example: 05:00-09:00 string "03:00-05:00" no
subnets The subnets where the redis cluster is deployed list(string) [] no
transit_encryption_enabled (Optional) Whether to enable encryption in transit bool true no
vpc_id The vpc where we will put the redis cluster string "" no

Outputs

Name Description
auth_token_password Elasticache-redis auth token password(this password may be old, because Terraform doesn't track it after initial creation)
elastic_cache_redis_cluster_id ID of the elasticache-redis cluster
elastic_cache_redis_port Port number of Redis
elastic_cache_redis_primary_endpoint_address Primary endpoint address of redis
elastic_cache_redis_security_group The security group ID of the cluster
elastic_cache_redis_subnet_group_name Subnet group name of the elasticache_redis cluster
reader_endpoint_address The address of the endpoint for the reader node in the replication group, if the cluster mode is disabled.

Contribute & Issue Report

To report an issue with a project:

  1. Check the repository's issue tracker on GitHub
  2. Search to check if the issue has already been reported
  3. If you can't find an answer to your question in the documentation or issue tracker, you can ask a question by creating a new issue. Make sure to provide enough context and details.

License

Apache License, Version 2.0, January 2004 (https://www.apache.org/licenses/LICENSE-2.0)

Support Us

To support our GitHub project by liking it, you can follow these steps:

  1. Visit the repository: Navigate to the GitHub repository

  2. Click the "Star" button: On the repository page, you'll see a "Star" button in the upper right corner. Clicking on it will star the repository, indicating your support for the project.

  3. Optionally, you can also leave a comment on the repository or open an issue to give feedback or suggest changes.

Staring a repository on GitHub is a simple way to show your support and appreciation for the project. It also helps to increase the visibility of the project and make it more discoverable to others.

Who we are

We believe that the key to success in the digital age is the ability to deliver value quickly and reliably. That’s why we offer a comprehensive range of DevOps & Cloud services designed to help your organization optimize its systems & Processes for speed and agility.

  1. We are an AWS Advanced consulting partner which reflects our deep expertise in AWS Cloud and helping 100+ clients over the last 5 years.
  2. Expertise in Kubernetes and overall container solution helps companies expedite their journey by 10X.
  3. Infrastructure Automation is a key component to the success of our Clients and our Expertise helps deliver the same in the shortest time.
  4. DevSecOps as a service to implement security within the overall DevOps process and helping companies deploy securely and at speed.
  5. Platform engineering which supports scalable,Cost efficient infrastructure that supports rapid development, testing, and deployment.
  6. 24*7 SRE service to help you Monitor the state of your infrastructure and eradicate any issue within the SLA.

We provide support on all of our projects, no matter how small or large they may be.

To find more information about our company, visit squareops.com, follow us on Linkedin, or fill out a job application. If you have any questions or would like assistance with your cloud strategy and implementation, please don't hesitate to contact us.