Validate elasticache user password is between 16-128

[scottd018]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Add validation for password for the aws_elasticache_user resource. The below configuration will get through deployment and fail with an AWS validation error. This is especially problematic for long-running Terraform modules as the input is not validated up front.

Without this validation the following error may occur:

│ Error: error creating ElastiCache User: InvalidParameterValue: Passwords length must be between 16-128 characters.
│       status code: 400, request id: <ID>
│ 
│   with module.test.aws_elasticache_user.this,
│   on ../elasticache.tf line 56, in resource "aws_elasticache_user" "this":
│   56: resource "aws_elasticache_user" "this" {

New or Affected Resource(s)

N/A

Potential Terraform Configuration

# Copy-paste your Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key.

resource "aws_elasticache_user" "this" {
  user_id       = var.redis_user
  user_name     = var.redis_user
  access_string = "on ~app::* -@all +@read +@hash +@bitmap +@geo -setbit -bitfield -hset -hsetnx -hmset -hincrby -hincrbyfloat -hdel -bitop -geoadd -georadius -georadiusbymember"
  engine        = "REDIS"
  passwords     = ["small"]

  # there will likely be a separate process that handles updates here, so we do not want the changes in this module to
  # overwrite those changes.  we simply want to ensure that all of the possible values exist
  lifecycle {
    ignore_changes = [passwords]
  }
}

References

• N/A

[github-actions]

This functionality has been released in v4.11.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.