Merge pull request #1 from SPHTech-Platform/init

adding initial changes of the redis module

Author: uchinda-sph

LICENSE

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2022-present SPH Media
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -1 +1,83 @@
 # Terraform Modules Template
+
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.18.0 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_cloudwatch_metric_alarm.cache_cpu](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_metric_alarm) | resource |
+| [aws_cloudwatch_metric_alarm.cache_memory](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_metric_alarm) | resource |
+| [aws_elasticache_parameter_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticache_parameter_group) | resource |
+| [aws_elasticache_replication_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticache_replication_group) | resource |
+| [aws_elasticache_subnet_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticache_subnet_group) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_alarm_actions"></a> [alarm\_actions](#input\_alarm\_actions) | The list of actions to execute when this alarm transitions into an ALARM state from any other state. | `list(string)` | `[]` | no |
+| <a name="input_alarm_cpu_threshold_percent"></a> [alarm\_cpu\_threshold\_percent](#input\_alarm\_cpu\_threshold\_percent) | CPU threshold alarm level | `number` | `75` | no |
+| <a name="input_alarm_memory_threshold_bytes"></a> [alarm\_memory\_threshold\_bytes](#input\_alarm\_memory\_threshold\_bytes) | Alarm memory threshold bytes | `number` | `10000000` | no |
+| <a name="input_apply_immediately"></a> [apply\_immediately](#input\_apply\_immediately) | Specifies whether any database modifications are applied immediately, or during the next maintenance window | `bool` | `true` | no |
+| <a name="input_auth_token"></a> [auth\_token](#input\_auth\_token) | Password used to access a password protected server. Can be specified only if `transit_encryption_enabled = true` | `string` | `null` | no |
+| <a name="input_cluster_id"></a> [cluster\_id](#input\_cluster\_id) | Cluster ID | `string` | `null` | no |
+| <a name="input_cluster_mode_enabled"></a> [cluster\_mode\_enabled](#input\_cluster\_mode\_enabled) | Set to false to diable cluster module | `bool` | `false` | no |
+| <a name="input_cluster_size"></a> [cluster\_size](#input\_cluster\_size) | Cluster size | `number` | `1` | no |
+| <a name="input_create_elasticache_subnet_group"></a> [create\_elasticache\_subnet\_group](#input\_create\_elasticache\_subnet\_group) | Create Elasticache Subnet Group | `bool` | `false` | no |
+| <a name="input_elasticache_parameter_group_family"></a> [elasticache\_parameter\_group\_family](#input\_elasticache\_parameter\_group\_family) | ElastiCache parameter group family | `string` | `"memcached1.6"` | no |
+| <a name="input_enabled"></a> [enabled](#input\_enabled) | Set to false to prevent the module from creating any resources | `bool` | `true` | no |
+| <a name="input_engine_version"></a> [engine\_version](#input\_engine\_version) | Memcached engine version. For more info, see https://docs.aws.amazon.com/AmazonElastiCache/latest/mem-ug/supported-engine-versions.html | `string` | `"1.6.6"` | no |
+| <a name="input_instance_type"></a> [instance\_type](#input\_instance\_type) | Elastic cache instance type | `string` | `"cache.t2.micro"` | no |
+| <a name="input_kms_key_id"></a> [kms\_key\_id](#input\_kms\_key\_id) | The ARN of the key that you wish to use if encrypting at rest. If not supplied, uses service managed encryption. Can be specified only if `at_rest_encryption_enabled = true` | `string` | `null` | no |
+| <a name="input_maintenance_window"></a> [maintenance\_window](#input\_maintenance\_window) | Maintenance window | `string` | `"wed:03:00-wed:04:00"` | no |
+| <a name="input_name"></a> [name](#input\_name) | Name of the application | `string` | `"value"` | no |
+| <a name="input_notification_topic_arn"></a> [notification\_topic\_arn](#input\_notification\_topic\_arn) | ARN of an SNS topic to send ElastiCache notifications | `string` | `""` | no |
+| <a name="input_num_node_groups"></a> [num\_node\_groups](#input\_num\_node\_groups) | Number of node groups (shards) for this Redis replication group. Changing this number will trigger an online resizing operation before other settings modifications. Required unless `global_replication_group_id` is set | `number` | `2` | no |
+| <a name="input_ok_actions"></a> [ok\_actions](#input\_ok\_actions) | The list of actions to execute when this alarm transitions into an OK state from any other state. | `list(string)` | `[]` | no |
+| <a name="input_parameter_group_name"></a> [parameter\_group\_name](#input\_parameter\_group\_name) | Excisting Parameter Group name | `string` | `""` | no |
+| <a name="input_parameters"></a> [parameters](#input\_parameters) | A list of Redis parameters to apply. Note that parameters may differ from one Redis family to another | <pre>list(object({<br>    name  = string<br>    value = string<br>  }))</pre> | `[]` | no |
+| <a name="input_port"></a> [port](#input\_port) | Redis port | `number` | `6379` | no |
+| <a name="input_preferred_cache_cluster_azs"></a> [preferred\_cache\_cluster\_azs](#input\_preferred\_cache\_cluster\_azs) | List of EC2 availability zones in which the replication group's cache clusters will be created. The order of the availability zones in the list is considered. The first item in the list will be the primary node. Ignored when updating | `list(string)` | <pre>[<br>  "ap-southeast-1a",<br>  "ap-southeast-1b"<br>]</pre> | no |
+| <a name="input_replicas_per_node_group"></a> [replicas\_per\_node\_group](#input\_replicas\_per\_node\_group) | Number of replica nodes in each node group. Valid values are 0 to 5. Changing this number will trigger an online resizing operation before other settings modifications. | `number` | `1` | no |
+| <a name="input_replication_enabled"></a> [replication\_enabled](#input\_replication\_enabled) | Set to false to diable replication in redis cluster | `bool` | `false` | no |
+| <a name="input_replication_group_id"></a> [replication\_group\_id](#input\_replication\_group\_id) | ElastiCache replication\_group\_id | `string` | `""` | no |
+| <a name="input_security_groups"></a> [security\_groups](#input\_security\_groups) | List of  Security Group IDs to place the cluster into | `list(string)` | `[]` | no |
+| <a name="input_snapshot_retention_limit"></a> [snapshot\_retention\_limit](#input\_snapshot\_retention\_limit) | Number of days for which ElastiCache will retain automatic cache cluster snapshots before deleting them. For example, if you set SnapshotRetentionLimit to 5, then a snapshot that was taken today will be retained for 5 days before being deleted. If the value of snapshot\_retention\_limit is set to zero (0), backups are turned off. Please note that setting a snapshot\_retention\_limit is not supported on cache.t1.micro cache nodes | `number` | `5` | no |
+| <a name="input_subnet_group_name"></a> [subnet\_group\_name](#input\_subnet\_group\_name) | Subnet group name for the ElastiCache instance | `string` | `""` | no |
+| <a name="input_subnets"></a> [subnets](#input\_subnets) | AWS subnet ids | `list(string)` | `[]` | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | Additional tags (\_e.g.\_ map("BusinessUnit","ABC") | `map(string)` | `{}` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_arn"></a> [arn](#output\_arn) | Elasticache Replication Group ARN |
+| <a name="output_cluster_enabled"></a> [cluster\_enabled](#output\_cluster\_enabled) | Indicates if cluster mode is enabled. |
+| <a name="output_configuration_endpoint_address"></a> [configuration\_endpoint\_address](#output\_configuration\_endpoint\_address) | Address of the replication group configuration endpoint when cluster mode is enabled. |
+| <a name="output_endpoint"></a> [endpoint](#output\_endpoint) | Redis primary or configuration endpoint, whichever is appropriate for the given cluster mode |
+| <a name="output_engine_version_actual"></a> [engine\_version\_actual](#output\_engine\_version\_actual) | Because ElastiCache pulls the latest minor or patch for a version, this attribute returns the running version of the cache engine. |
+| <a name="output_id"></a> [id](#output\_id) | ID of the ElastiCache Replication Group. |
+| <a name="output_member_clusters"></a> [member\_clusters](#output\_member\_clusters) | Redis cluster members |
+| <a name="output_parameter_group_arn"></a> [parameter\_group\_arn](#output\_parameter\_group\_arn) | The AWS ARN associated with the parameter group. |
+| <a name="output_parameter_group_id"></a> [parameter\_group\_id](#output\_parameter\_group\_id) | The ElastiCache parameter group name. |
+| <a name="output_reader_endpoint_address"></a> [reader\_endpoint\_address](#output\_reader\_endpoint\_address) | The address of the endpoint for the reader node in the replication group, if the cluster mode is disabled |
+| <a name="output_subnet_group_name"></a> [subnet\_group\_name](#output\_subnet\_group\_name) | The Name of the ElastiCache Subnet Group. |
+| <a name="output_subnet_group_subnet_ids"></a> [subnet\_group\_subnet\_ids](#output\_subnet\_group\_subnet\_ids) | The Subnet IDs of the ElastiCache Subnet Group. |
+<!-- END_TF_DOCS -->

alarms.tf

@@ -0,0 +1,61 @@
+resource "aws_cloudwatch_metric_alarm" "cache_cpu" {
+  count = var.enabled ? 1 : 0
+
+  alarm_name        = "${local.cluster_id}-cpu-utilization"
+  alarm_description = "Redis cluster CPU utilization"
+
+  comparison_operator = "GreaterThanThreshold"
+  evaluation_periods  = 1
+
+  metric_name = "CPUUtilization"
+  namespace   = "AWS/ElastiCache"
+
+  period    = 300
+  statistic = "Average"
+
+  tags = var.tags
+
+  threshold = var.alarm_cpu_threshold_percent
+
+  dimensions = {
+    CacheClusterId = local.cluster_id
+  }
+
+  alarm_actions = var.alarm_actions
+  ok_actions    = var.ok_actions
+
+  depends_on = [
+    aws_elasticache_replication_group.this
+  ]
+}
+
+resource "aws_cloudwatch_metric_alarm" "cache_memory" {
+  count = var.enabled ? 1 : 0
+
+  alarm_name        = "${local.cluster_id}-freeable-memory"
+  alarm_description = "Redis cluster freeable memory"
+
+  comparison_operator = "LessThanThreshold"
+  evaluation_periods  = 1
+
+  metric_name = "FreeableMemory"
+  namespace   = "AWS/ElastiCache"
+
+  period    = 60
+  statistic = "Average"
+
+  threshold = var.alarm_memory_threshold_bytes
+
+  tags = var.tags
+
+  dimensions = {
+    CacheClusterId = local.cluster_id
+  }
+
+  alarm_actions = var.alarm_actions
+  ok_actions    = var.ok_actions
+
+  depends_on = [
+    aws_elasticache_replication_group.this
+  ]
+}

examples/main.tf

@@ -0,0 +1,39 @@
+data "aws_caller_identity" "current" {}
+
+locals {
+  vpc_id = "vpc-0123456789"
+
+  db_subnets = [
+    "10.0.2.0/24",
+    "10.0.3.0/24"
+  ]
+}
+
+module "redis" {
+  source = "../"
+
+  enabled                         = true
+  cluster_mode_enabled            = false
+  create_elasticache_subnet_group = false
+  replication_enabled             = true
+
+  subnets = local.db_subnets
+
+  name = "redis-test-cluster-module"
+  port = 6379
+
+  instance_type   = "cache.t2.small"
+  engine_version  = "5.0.6"
+  security_groups = ["sg-0123456789"]
+
+  subnet_group_name                  = "default"
+  elasticache_parameter_group_family = "redis5.0"
+
+  cluster_size = 1
+
+  apply_immediately = true
+
+  tags = {
+    description = "redis-test-cluster-module"
+  }
+}

examples/outputs.tf

@@ -0,0 +1,14 @@
+output "account_id" {
+  description = "Account ID number of the account that owns or contains the calling entity"
+  value       = data.aws_caller_identity.current.account_id
+}
+
+output "caller_arn" {
+  description = "ARN associated with the calling entity"
+  value       = data.aws_caller_identity.current.arn
+}
+
+output "caller_user" {
+  description = "Unique identifier of the calling entity"
+  value       = data.aws_caller_identity.current.user_id
+}

examples/versions.tf

@@ -0,0 +1,9 @@
+terraform {
+  required_version = ">= 1.0"
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 4.0"
+    }
+  }
+}

main.tf

@@ -0,0 +1,63 @@
+locals {
+  cluster_id = coalesce(var.cluster_id, var.name)
+}
+
+resource "aws_elasticache_parameter_group" "this" {
+  count = var.enabled ? 1 : 0
+
+  name   = var.name
+  family = var.elasticache_parameter_group_family
+
+  dynamic "parameter" {
+    for_each = var.parameters
+
+    content {
+      name  = parameter.value.name
+      value = parameter.value.value
+    }
+  }
+}
+
+resource "aws_elasticache_subnet_group" "this" {
+  count = var.enabled && var.create_elasticache_subnet_group ? 1 : 0
+
+  name       = var.subnet_group_name
+  subnet_ids = var.subnets
+}
+
+resource "aws_elasticache_replication_group" "this" {
+  count = var.enabled ? 1 : 0
+
+  replication_group_id = var.replication_group_id == "" ? local.cluster_id : var.replication_group_id
+  description          = "Redis Cluster Rep"
+
+  engine         = "redis"
+  engine_version = var.engine_version
+  port           = var.port
+
+  node_type          = var.instance_type
+  num_cache_clusters = var.replication_enabled ? var.cluster_size >= 2 ? var.cluster_size : 2 : var.cluster_size
+
+  preferred_cache_cluster_azs = var.replication_enabled ? var.preferred_cache_cluster_azs : null
+
+  parameter_group_name = var.parameter_group_name != "" ? var.parameter_group_name : aws_elasticache_parameter_group.this[0].name
+  subnet_group_name    = try(aws_elasticache_subnet_group.this[0].name, var.subnet_group_name)
+  security_group_ids   = var.security_groups
+
+  multi_az_enabled           = var.replication_enabled ? true : false
+  at_rest_encryption_enabled = true
+  transit_encryption_enabled = true
+  automatic_failover_enabled = var.replication_enabled ? true : false
+
+  notification_topic_arn = var.notification_topic_arn
+
+  apply_immediately = var.apply_immediately
+
+  auth_token = var.auth_token
+  kms_key_id = var.kms_key_id
+
+  num_node_groups         = var.cluster_mode_enabled ? var.num_node_groups : null
+  replicas_per_node_group = var.cluster_mode_enabled ? var.replicas_per_node_group : null
+
+  tags = var.tags
+}

outputs.tf

@@ -0,0 +1,59 @@
+output "endpoint" {
+  description = "Redis primary or configuration endpoint, whichever is appropriate for the given cluster mode"
+  value       = aws_elasticache_replication_group.this[0].primary_endpoint_address
+}
+
+output "reader_endpoint_address" {
+  description = "The address of the endpoint for the reader node in the replication group, if the cluster mode is disabled"
+  value       = aws_elasticache_replication_group.this[0].reader_endpoint_address
+}
+
+output "member_clusters" {
+  description = "Redis cluster members"
+  value       = aws_elasticache_replication_group.this[0].member_clusters
+}
+
+output "arn" {
+  description = "Elasticache Replication Group ARN"
+  value       = aws_elasticache_replication_group.this[0].arn
+}
+
+output "cluster_enabled" {
+  description = "Indicates if cluster mode is enabled."
+  value       = aws_elasticache_replication_group.this[0].cluster_enabled
+}
+
+output "id" {
+  description = "ID of the ElastiCache Replication Group."
+  value       = aws_elasticache_replication_group.this[0].id
+}
+
+output "configuration_endpoint_address" {
+  description = "Address of the replication group configuration endpoint when cluster mode is enabled."
+  value       = aws_elasticache_replication_group.this[0].configuration_endpoint_address
+}
+
+output "engine_version_actual" {
+  description = "Because ElastiCache pulls the latest minor or patch for a version, this attribute returns the running version of the cache engine."
+  value       = aws_elasticache_replication_group.this[0].engine_version_actual
+}
+
+output "subnet_group_name" {
+  description = "The Name of the ElastiCache Subnet Group."
+  value       = aws_elasticache_subnet_group.this[0].name
+}
+
+output "subnet_group_subnet_ids" {
+  description = "The Subnet IDs of the ElastiCache Subnet Group."
+  value       = aws_elasticache_subnet_group.this[0].subnet_ids
+}
+
+output "parameter_group_arn" {
+  description = "The AWS ARN associated with the parameter group."
+  value       = aws_elasticache_parameter_group.this[0].arn
+}
+
+output "parameter_group_id" {
+  description = "The ElastiCache parameter group name."
+  value       = aws_elasticache_parameter_group.this[0].id
+}