Adding DNS record when creating cluster

Author: yhakbar

README-HEADER.md

@@ -22,6 +22,8 @@ Provisions an Elasticache Redis cluster (with Cluster Mode Disabled).
 
 By default, it will provision one writer and one reader node, but that can be adjusted by setting the `nodes` variable to a different value.
 
+This module also assumes that connections are established through a private DNS record created in Route53. This makes it so that replacement of the ElastiCache cluster can be made in a fashion that is transparent to application configurations. This can be adjusted by setting `create_dns` to `false`.
+
 Integrate this module like so:
 
 ```hcl

README.md

@@ -7,7 +7,7 @@
 Use this URL for the source of the module. See the usage examples below for more details.
 
 ```hcl
-github.com/pbs/terraform-aws-elasticache-redis-standalone-module?ref=0.0.2
+github.com/pbs/terraform-aws-elasticache-redis-standalone-module?ref=x.y.z
 ```
 
 ### Alternative Installation Methods
@@ -22,11 +22,13 @@ Provisions an Elasticache Redis cluster (with Cluster Mode Disabled).
 
 By default, it will provision one writer and one reader node, but that can be adjusted by setting the `nodes` variable to a different value.
 
+This module also assumes that connections are established through a private DNS record created in Route53. This makes it so that replacement of the ElastiCache cluster can be made in a fashion that is transparent to application configurations. This can be adjusted by setting `create_dns` to `false`.
+
 Integrate this module like so:
 
 ```hcl
 module "elasticache-redis-standalone" {
-  source = "github.com/pbs/terraform-aws-elasticache-redis-standalone-module?ref=0.0.2"
+  source = "github.com/pbs/terraform-aws-elasticache-redis-standalone-module?ref=x.y.z"
 
   # Tagging Parameters
   organization = var.organization
@@ -42,7 +44,7 @@ module "elasticache-redis-standalone" {
 
 If this repo is added as a subtree, then the version of the module should be close to the version shown here:
 
-`0.0.2`
+`x.y.z`
 
 Note, however that subtrees can be altered as desired within repositories.
 
@@ -78,8 +80,11 @@ No modules.
 | [aws_elasticache_parameter_group.parameter_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticache_parameter_group) | resource |
 | [aws_elasticache_replication_group.replication_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticache_replication_group) | resource |
 | [aws_elasticache_subnet_group.subnet_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticache_subnet_group) | resource |
+| [aws_route53_record.primary_endpoint](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
+| [aws_route53_record.reader_endpoint](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
 | [aws_security_group.sg](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
 | [aws_security_group_rule.egress](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
+| [aws_route53_zone.private_hosted_zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route53_zone) | data source |
 | [aws_subnets.private_subnets](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnets) | data source |
 | [aws_vpc.vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source |
 
@@ -96,7 +101,10 @@ No modules.
 | <a name="input_auth_token"></a> [auth\_token](#input\_auth\_token) | Password used to access a password protected server. Can be specified only if transit\_encryption\_enabled = true. | `string` | `null` | no |
 | <a name="input_auto_minor_version_upgrade"></a> [auto\_minor\_version\_upgrade](#input\_auto\_minor\_version\_upgrade) | Specifies whether minor version engine upgrades will be applied automatically to the underlying nodes during the maintenance window. Only supported for engine type "redis" and if the engine version is 6 or higher. | `bool` | `true` | no |
 | <a name="input_automatic_failover_enabled"></a> [automatic\_failover\_enabled](#input\_automatic\_failover\_enabled) | Specifies whether a read-only replica will be automatically promoted to read/write primary if the existing primary fails. If null, will be enabled if `nodes` > 1. If true, `nodes` must be greater than 1. | `bool` | `null` | no |
+| <a name="input_cname"></a> [cname](#input\_cname) | The value to use for the CNAME record if `create_dns` is true. The primary endpoint will be <cname>.<private\_hosted\_zone>, and the reader endpoint will be <cname>-ro.<private\_hosted\_zone>. If null, the name variable will be used instead. | `string` | `null` | no |
+| <a name="input_create_dns"></a> [create\_dns](#input\_create\_dns) | Whether to create DNS records for the primary and reader endpoints. | `bool` | `true` | no |
 | <a name="input_data_tiering_enabled"></a> [data\_tiering\_enabled](#input\_data\_tiering\_enabled) | Enables data tiering. Data tiering is only supported for replication groups using the r6gd node type. This parameter must be set to true when using r6gd nodes. | `bool` | `false` | no |
+| <a name="input_dns_ttl"></a> [dns\_ttl](#input\_dns\_ttl) | TTL for DNS records. | `number` | `300` | no |
 | <a name="input_egress_cidr_blocks"></a> [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of CIDR blocks to assign to the egress rule of the security group. If null, `egress_security_group_ids` must be used. | `list(string)` | <pre>[<br>  "10.0.0.0/8"<br>]</pre> | no |
 | <a name="input_egress_source_sg_id"></a> [egress\_source\_sg\_id](#input\_egress\_source\_sg\_id) | List of security group ID to assign to the egress rule of the security group. If null, `egress_cidr_blocks` must be used. | `string` | `null` | no |
 | <a name="input_engine_version"></a> [engine\_version](#input\_engine\_version) | Version number of the cache engine to be used. If not set, defaults to the latest version. See Describe Cache Engine Versions in the AWS Documentation for supported versions. When engine is redis and the version is 6 or higher, the major and minor version can be set, e.g., 6.2, or the minor version can be unspecified which will use the latest version at creation time, e.g., 6.x. Otherwise, specify the full version desired, e.g., 5.0.6. | `string` | `null` | no |
@@ -114,6 +122,7 @@ No modules.
 | <a name="input_parameters"></a> [parameters](#input\_parameters) | Additional parameters that will be added to parameter group. | `list(map(any))` | `[]` | no |
 | <a name="input_port"></a> [port](#input\_port) | The port number on which each of the cache nodes will accept connections. Cannot be provided with replication\_group\_id. Changing this value will re-create the resource. | `number` | `6379` | no |
 | <a name="input_preferred_cache_cluster_azs"></a> [preferred\_cache\_cluster\_azs](#input\_preferred\_cache\_cluster\_azs) | List of availability zones in which to create cluster. | `list(string)` | `null` | no |
+| <a name="input_private_hosted_zone"></a> [private\_hosted\_zone](#input\_private\_hosted\_zone) | Private hosted zone to create DNS records in. If null, `create_dns` must be set to false. | `string` | `null` | no |
 | <a name="input_replication_group_description"></a> [replication\_group\_description](#input\_replication\_group\_description) | Description of the replication group to be created. If null, one will be generated using the name of the nodes. | `string` | `null` | no |
 | <a name="input_replication_group_id"></a> [replication\_group\_id](#input\_replication\_group\_id) | Replication group identifier. This parameter is stored as a lowercase string. If null, the name of the nodes will be used. | `string` | `null` | no |
 | <a name="input_security_group_ids"></a> [security\_group\_ids](#input\_security\_group\_ids) | One or more VPC security groups associated with the nodes. If null, use the one provided by this module. | `list(string)` | `null` | no |

data.tf

@@ -13,3 +13,9 @@ data "aws_subnets" "private_subnets" {
     }
   }
 }
+
+data "aws_route53_zone" "private_hosted_zone" {
+  count        = var.create_dns ? 1 : 0
+  name         = "${var.private_hosted_zone}."
+  private_zone = true
+}

dns.tf

@@ -0,0 +1,18 @@
+resource "aws_route53_record" "primary_endpoint" {
+  count   = var.create_dns ? 1 : 0
+  zone_id = local.private_hosted_zone
+  name    = local.cname
+  type    = "CNAME"
+  ttl     = var.dns_ttl
+  records = [aws_elasticache_replication_group.replication_group.primary_endpoint_address]
+}
+
+resource "aws_route53_record" "reader_endpoint" {
+  count   = var.create_dns ? 1 : 0
+  zone_id = local.private_hosted_zone
+  name    = "${local.cname}-ro"
+  type    = "CNAME"
+  ttl     = var.dns_ttl
+  records = [aws_elasticache_replication_group.replication_group.reader_endpoint_address]
+}
+

examples/basic/main.tf

@@ -1,6 +1,8 @@
 module "redis" {
   source = "../.."
 
+  private_hosted_zone = var.private_hosted_zone
+
   organization = var.organization
   environment  = var.environment
   product      = var.product

examples/basic/vars.tf

@@ -0,0 +1,4 @@
+variable "private_hosted_zone" {
+  type        = string
+  description = "Private hosted zone for this ElastiCache Cluster. Populate `TF_VAR_private_hosted_zone` before running any tests to have this value populated."
+}

examples/lambda/main.tf

@@ -23,6 +23,8 @@ module "lambda" {
 module "redis" {
   source = "../.."
 
+  private_hosted_zone = var.private_hosted_zone
+
   organization = var.organization
   environment  = var.environment
   product      = var.product

examples/lambda/vars.tf

@@ -0,0 +1,4 @@
+variable "private_hosted_zone" {
+  type        = string
+  description = "Private hosted zone for this ElastiCache Cluster. Populate `TF_VAR_private_hosted_zone` before running any tests to have this value populated."
+}

examples/no-dns/.gitignore

@@ -0,0 +1,2 @@
+backend.tf
+provider.tf

examples/no-dns/.terraform.lock.hcl

@@ -0,0 +1,10 @@
+module "redis" {
+  source = "../.."
+
+  create_dns = false
+
+  organization = var.organization
+  environment  = var.environment
+  product      = var.product
+  repo         = var.repo
+}

examples/no-dns/main.tf

@@ -0,0 +1,39 @@
+output "name" {
+  description = "The name of the ElastiCache replication group"
+  value       = module.redis.name
+}
+
+output "arn" {
+  description = "The ARN of the ElastiCache replication group"
+  value       = module.redis.arn
+}
+
+output "sg_ids" {
+  description = "The security group ids"
+  value       = module.redis.sg_ids
+}
+
+output "engine_version_actual" {
+  description = "Because ElastiCache pulls the latest minor or patch for a version, this attribute returns the running version of the cache engine."
+  value       = module.redis.engine_version_actual
+}
+
+output "member_clusters" {
+  description = "Identifiers of all the nodes that are part of this replication group."
+  value       = module.redis.member_clusters
+}
+
+output "primary_endpoint_address" {
+  description = "Address of the endpoint for the primary node in the replication group."
+  value       = module.redis.primary_endpoint_address
+}
+
+output "reader_endpoint_address" {
+  description = "Address of the endpoint for the reader node in the replication group."
+  value       = module.redis.reader_endpoint_address
+}
+
+output "tags" {
+  description = "The tags"
+  value       = module.redis.tags
+}

examples/no-dns/outputs.tf

@@ -0,0 +1,9 @@
+# terraform {
+#   backend "s3" {
+#     bucket         = "my-bucket-tfstate"
+#     key            = "example-terraform-aws-elasticache-redis-standalone-no-dns"
+#     profile        = "my-profile"
+#     region         = "us-east-1"
+#     dynamodb_table = "terraform-lock"
+#   }
+# }

examples/no-dns/sample-backend.tf

@@ -0,0 +1,12 @@
+# provider "aws" {
+#   region  = "us-east-1"
+#   profile = "my-profile"
+#   default_tags {
+#     tags = {
+#       product      = var.product
+#       environment  = var.environment
+#       repo         = var.repo
+#       organization = var.organization
+#     }
+#   }
+# }

examples/no-dns/sample-provider.tf

@@ -0,0 +1,45 @@
+variable "environment" {
+  description = "Environment (sharedtools, dev, staging, prod)"
+  type        = string
+
+  default = "sharedtools"
+
+  validation {
+    condition     = contains(["sharedtools", "dev", "staging", "prod"], var.environment)
+    error_message = "The environment variable must be one of [sharedtools, dev, staging, prod]."
+  }
+}
+
+variable "product" {
+  description = "Tag used to group resources according to application"
+
+  default = "ex-tf-redis-no-dns"
+
+  validation {
+    condition     = can(regex("[a-z\\-]+", var.product))
+    error_message = "The product variable violates approved regex."
+  }
+}
+
+variable "repo" {
+  description = "Tag used to point to the repo using this module"
+
+  default = "https://github.com/pbs/terraform-elasticache-redis-standalone-module.git"
+
+  validation {
+    condition     = can(regex("(?:git|ssh|https?|git@[-\\w.]+):(\\/\\/)?(.*?)(\\.git)(\\/?|\\#[-\\d\\w._]+?)$", var.repo))
+    error_message = "The repo variable violates approved regex."
+  }
+}
+
+variable "organization" {
+  description = "Organization using this module. Used to prefix tags so that they are easily identified as being from your organization"
+  type        = string
+
+  default = "example"
+
+  validation {
+    condition     = can(regex("[a-z\\-]+", var.organization))
+    error_message = "The organization variable violates approved regex."
+  }
+}

examples/no-dns/tags.tf

@@ -5,6 +5,8 @@ locals {
   vpc_id               = var.vpc_id != null ? var.vpc_id : data.aws_vpc.vpc[0].id
   subnets              = var.subnets != null ? var.subnets : data.aws_subnets.private_subnets[0].ids
   parameter_group_name = var.parameter_group_name != null ? var.parameter_group_name : aws_elasticache_parameter_group.parameter_group.id
+  cname                = var.cname != null ? var.cname : "${local.name}-cache"
+  private_hosted_zone  = var.create_dns ? data.aws_route53_zone.private_hosted_zone[0].zone_id : null
 
   vpc_data_lookup_tags = var.vpc_data_lookup_tags != null ? var.vpc_data_lookup_tags : {
     "environment" : var.environment

locals.tf

@@ -225,3 +225,27 @@ variable "egress_source_sg_id" {
   default     = null
   type        = string
 }
+
+variable "cname" {
+  description = "The value to use for the CNAME record if `create_dns` is true. The primary endpoint will be <cname>.<private_hosted_zone>, and the reader endpoint will be <cname>-ro.<private_hosted_zone>. If null, the name variable will be used instead."
+  default     = null
+  type        = string
+}
+
+variable "create_dns" {
+  description = "Whether to create DNS records for the primary and reader endpoints."
+  default     = true
+  type        = bool
+}
+
+variable "dns_ttl" {
+  description = "TTL for DNS records."
+  default     = 300
+  type        = number
+}
+
+variable "private_hosted_zone" {
+  description = "Private hosted zone to create DNS records in. If null, `create_dns` must be set to false."
+  default     = null
+  type        = string
+}

optional.tf

@@ -25,12 +25,12 @@ output "member_clusters" {
 
 output "primary_endpoint_address" {
   description = "Address of the endpoint for the primary node in the replication group."
-  value       = aws_elasticache_replication_group.replication_group.primary_endpoint_address
+  value       = var.create_dns ? aws_route53_record.primary_endpoint[0].fqdn : aws_elasticache_replication_group.replication_group.primary_endpoint_address
 }
 
 output "reader_endpoint_address" {
   description = "Address of the endpoint for the reader node in the replication group."
-  value       = aws_elasticache_replication_group.replication_group.reader_endpoint_address
+  value       = var.create_dns ? aws_route53_record.reader_endpoint[0].fqdn : aws_elasticache_replication_group.replication_group.reader_endpoint_address
 }
 
 output "tags" {