Terraform-provider-aws: Support ElastiCache/Redis In-Transit and At-Rest Encryption

Created on 27 Oct 2017  ยท  22Comments  ยท  Source: hashicorp/terraform-provider-aws

Recently announced support for in-transit and at-rest encryption for ElastiCache for Redis clusters.
Add support in Terraform.

enhancement servicelasticache

Most helpful comment

@dave-receptiviti @jayudhandha the changes were rolled out in 1.6, so it's officially supported now!

  • at_rest_encryption_enabled - (Optional) Whether to enable encryption at rest.
  • transit_encryption_enabled - (Optional) Whether to enable encryption in transit.
  • auth_token - (Optional) The password used to access a password protected server. Can be specified only if transit_encryption_enabled = true.

https://www.terraform.io/docs/providers/aws/r/elasticache_replication_group.html

All 22 comments

@ewbankkit are you working on this? I'm getting started on this myself!

No, just added it as an issue that I'd tackle sooner or later if nobody got to it first. Thanks for tackling this.

Surely! I've been looking for something I could contribute to and this looked like a great opportunity!

It looks like this is already possible by using a custom parameter group, http://docs.aws.amazon.com/AmazonElastiCache/latest/UserGuide/ParameterGroups.Redis.html.

Any news about this PR?

I am very interested in progress on this effort. Looking forward to news of it's release. Thanks for taking on this task.

I saw that the encryption enhancement is on master so far. Any news when it will be released ?

@LukaszTheProgrammer Looking at the Changelog history, I can see releases averaging every week to 2 weeks. It shouldn't be too much longer! It's also possible to build master locally and use it sooner if you like!

Thanks for the info.

@yelvert I have checked your suggestion https://github.com/terraform-providers/terraform-provider-aws/issues/2087#issuecomment-344365352
But it looks like there is not any specific option to enable the In-Transit/At-Rest encryption in Custom Parameter group.
Please guide!

Any update on this?

It would really be awesome to be able to terraform this part of the infrastructure (encryption is a prerequisite) :)

@dave-receptiviti @jayudhandha the changes were rolled out in 1.6, so it's officially supported now!

  • at_rest_encryption_enabled - (Optional) Whether to enable encryption at rest.
  • transit_encryption_enabled - (Optional) Whether to enable encryption in transit.
  • auth_token - (Optional) The password used to access a password protected server. Can be specified only if transit_encryption_enabled = true.

https://www.terraform.io/docs/providers/aws/r/elasticache_replication_group.html

Maintainers: this issue is resolved, so it can be closed!

@nathanielks I am using 1.2 right now.
Is there any changes that i need to take care if i am upgrading to 1.6?

@jayudhandha best bet would be to consult the changelog: https://github.com/terraform-providers/terraform-provider-aws/blob/master/CHANGELOG.md

This was previously released in version 1.6.0 of the AWS provider and has been available in all releases since. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

This is not yet available for AWS ElastiCache Redis w/out Cluster Mode Enabled?

@jl2501 correct, this is only for ElastiCache Replication Groups.

I'm going to lock this issue because it has been closed for _30 days_ โณ. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!

Was this page helpful?
0 / 5 - 0 ratings