r/aws_elasticache_replication_group: Add support for transit_encryption_mode and enabling transit encryption on existing groups

[stefansundin]

Hello, is opentofu accepting contributions yet? I can't find any discussion on whether or not you do.

Anyway, here's a change that I have been trying to submit to hashicorp (hashicorp#30403) but there has been zero movement in 262 days, so I figured I'll try here as well. This PR was opened well before the licensing change so I think it should be all clear for you to merge.

Please let me know if you want any changes. Thanks!

---

Description

I don't know if my fix for hashicorp#30402 is good or not since there might be a better way to do it that I did not find. It is working in my simple test case though.

Relations

Closes hashicorp#30402
Closes hashicorp#30700
Closes hashicorp#33906

References

Here's the various errors that you can get.

If you try to enable encryption on an older Redis version:

Error: updating ElastiCache Replication Group (tftest-redis): InvalidParameterCombination: Transit encryption mode is not supported for engine version 6.2.6. Please use engine version 7.0.5 or higher.

Have to set transit_encryption_mode when enabling encryption:

Error: updating ElastiCache Replication Group (tftest-redis): InvalidParameterCombination: To modify transit encryption, please specify transit-encryption-mode.

Can't go straight to transit_encryption_mode = "required":

Error: updating ElastiCache Replication Group (tftest-redis): InvalidParameterCombination: Direct transition from transit-encryption-disabled to transit-encryption-enabled is not allowed. Update the cluster to transit-encryption-mode preferred prior to enabling transit encryption.

Output from Acceptance Testing

I don't have time to work on updating the acceptance tests at the moment.

[github-actions]

Community Note

Voting for Prioritization

• Please vote on this pull request by adding a 👍 reaction to the original post to help the community and maintainers prioritize this pull request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

For Submitters

• Review the contribution guide relating to the type of change you are making to ensure all of the necessary steps have been taken.
• For new resources and data sources, use skaff to generate scaffolding with comments detailing common expectations.
• Whether or not the branch has been rebased will not impact prioritization, but doing so is always a welcome surprise.

[github-actions]

Welcome @stefansundin 👋

It looks like this is your first Pull Request submission to the Terraform AWS Provider! If you haven’t already done so please make sure you have checked out our CONTRIBUTOR guide and FAQ to make sure your contribution is adhering to best practice and has all the necessary elements in place for a successful approval.

Also take a look at our FAQ which details how we prioritize Pull Requests for inclusion.

Thanks again, and welcome to the community! 😃

[cube2222]

Hey @stefansundin! For now we're not accepting bug reports and changes requests to HashiCorp providers.

Right now we're just mirroring these without any changes, and introducing any changes from our side would make the maintenance overhead of those mirrors much larger. This is not something we currently have the bandwidth for, as we're growing the team.

[github-actions]

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.