From 59b4d1b62beeb7f0a05134cdf5fa2a3408914b00 Mon Sep 17 00:00:00 2001 From: test vaibhav Date: Wed, 6 Sep 2023 18:21:13 +0530 Subject: [PATCH] Feat: Added the random password resource block to genrate the auth token --- _example/redis-cluster/main.tf | 10 +++++----- _example/redis-cluster/outputs.tf | 5 +++++ main.tf | 18 ++++++++++++++---- outputs.tf | 6 ++++++ variables.tf | 6 ++++++ 5 files changed, 36 insertions(+), 9 deletions(-) diff --git a/_example/redis-cluster/main.tf b/_example/redis-cluster/main.tf index c174e86..c70d2f1 100644 --- a/_example/redis-cluster/main.tf +++ b/_example/redis-cluster/main.tf @@ -37,11 +37,11 @@ module "subnets" { ipv6_cidr_block = module.vpc.ipv6_cidr_block } -####---------------------------------------------------------------------------------- -## Amazon ElastiCache [REDIS-CLUSTER] is a fully managed in-memory data store and cache service by Amazon Web Services. -## The service improves the performance of web applications by retrieving information from managed in-memory caches, -## instead of relying entirely on slower disk-based databases. -####---------------------------------------------------------------------------------- +###---------------------------------------------------------------------------------- +# Amazon ElastiCache [REDIS-CLUSTER] is a fully managed in-memory data store and cache service by Amazon Web Services. +# The service improves the performance of web applications by retrieving information from managed in-memory caches, +# instead of relying entirely on slower disk-based databases. +###---------------------------------------------------------------------------------- module "redis-cluster" { source = "./../../" diff --git a/_example/redis-cluster/outputs.tf b/_example/redis-cluster/outputs.tf index e50332d..b4f3571 100644 --- a/_example/redis-cluster/outputs.tf +++ b/_example/redis-cluster/outputs.tf @@ -22,3 +22,8 @@ output "redis_ssm_arn" { value = module.redis-cluster.redis_ssm_name description = "A map of the names and ARNs created" } + +output "auth_token" { + value = module.redis-cluster.auth_token + sensitive = true +} \ No newline at end of file diff --git a/main.tf b/main.tf index fa04ec5..d75c0e7 100644 --- a/main.tf +++ b/main.tf @@ -137,6 +137,16 @@ resource "aws_elasticache_subnet_group" "default" { tags = module.labels.tags } +##---------------------------------------------------------------------------------- +## Below resource will create random passoword for the auth_token +##---------------------------------------------------------------------------------- + +resource "random_password" "auth_token" { + count = var.auth_token_enable && var.auth_token == null ? 1 : 0 +length = 25 +special = false +} + ##---------------------------------------------------------------------------------- ## Below resource will create replication-group resource for redis-cluster and memcached. ##---------------------------------------------------------------------------------- @@ -165,7 +175,7 @@ resource "aws_elasticache_replication_group" "cluster" { at_rest_encryption_enabled = var.at_rest_encryption_enabled transit_encryption_enabled = var.transit_encryption_enabled multi_az_enabled = var.multi_az_enabled - auth_token = var.auth_token + auth_token = var.auth_token_enable ? ( var.auth_token == null ? random_password.auth_token[0].result : var.auth_token ) : null kms_key_id = var.kms_key_id == "" ? join("", aws_kms_key.default[*].arn) : var.kms_key_id tags = module.labels.tags num_cache_clusters = var.num_cache_clusters @@ -223,15 +233,15 @@ resource "aws_route53_record" "elasticache" { } ##---------------------------------------------------------------------------------- -## Below resource will create ssm-parameter resource for redisand memcached with auth-token. +## Below resource will create ssm-parameter resource for redis and memcached with auth-token. ##---------------------------------------------------------------------------------- resource "aws_ssm_parameter" "secret" { - count = var.auth_token != null ? 1 : 0 + count = var.auth_token_enable ? 1 : 0 name = format("/%s/%s/auth-token", var.environment, var.name) description = var.ssm_parameter_description type = var.ssm_parameter_type - value = var.auth_token + value = var.auth_token == null ? random_password.auth_token[0].result : var.auth_token key_id = var.kms_key_id == "" ? join("", aws_kms_key.default[*].arn) : var.kms_key_id } diff --git a/outputs.tf b/outputs.tf index a8b4a59..66639d6 100644 --- a/outputs.tf +++ b/outputs.tf @@ -59,3 +59,9 @@ output "Memcached_ssm_name" { value = join("", aws_ssm_parameter.memcached_secret-endpoint[*].name) description = "A list of all of the parameter values" } + +output "auth_token" { + value = random_password.auth_token[0].result + sensitive = true + description = "Auth token generated value" +} \ No newline at end of file diff --git a/variables.tf b/variables.tf index cf553e3..1927f7a 100644 --- a/variables.tf +++ b/variables.tf @@ -175,6 +175,12 @@ variable "transit_encryption_enabled" { description = "Whether to enable encryption in transit." } +variable "auth_token_enable" { + type = bool + default = true + description = "Flag to specify whether to create auth token (password) protected cluster. Can be specified only if transit_encryption_enabled = true." +} + variable "auth_token" { type = string default = null