Terraform-provider-aws: Support at-rest and in-transit encryption for aws_elasticache_cluster (Redis)

Created on 25 Jun 2018  ·  7Comments  ·  Source: hashicorp/terraform-provider-aws

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

ElastiCache Redis version 4.0+ supports encryption at-rest and in-transit, also for non-clustered mode.

The terraform aws_elasticache_cluster currently does not support these features.

New or Affected Resource(s)

  • aws_elasticache_cluster

Potential Terraform Configuration

Similar to how this is implemented in aws_elasticache_replication_group:

resource "aws_elasticache_cluster" "encrypted_redis" {
    [...]
    engine_version: "4.0.10"
    at_rest_encryption_enabled: true
    transit_encryption_enabled: true
}

References

enhancement servicelasticache upstream
Source
picture tomdev
👍7

Most helpful comment

@bflad can we please reopen? Encryption in-transit and at-rest is now available both in create-cache-cluster and create-replication-group in AWS API.

picture michal-kosinski on 26 Mar 2019
👍26

All 7 comments

related #4105

saravanan30erd picture saravanan30erd on 25 Jun 2018

Looks like TransitEncryptionEnabled is still not configured in AWS API(https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_CreateCacheCluster.html).

saravanan30erd picture saravanan30erd on 25 Jun 2018

@saravanan30erd appears to be correct here -- this feature is not available with the aws_elasticache_cluster resource because the underlying Elasticache API does not support it.

Elasticache has some confusing terminology when it comes to "clusters", where a Redis "cluster" (cluster mode enabled or disabled) is actually a "replication group" in terms of the API (and subsequently Terraform since it follows to the API implementation).

You can create encrypted Redis replication groups (cluster mode enabled or disabled) via the aws_elasticache_replication_group resource.

Since there's nothing to implement here until AWS adds encryption support for individual Redis nodes (annoyingly "clusters" in the API) or Memcached clusters, we'll close this issue out until that changes.

bflad picture bflad on 26 Jun 2018
👍2

@bflad can we please reopen? Encryption in-transit and at-rest is now available both in create-cache-cluster and create-replication-group in AWS API.

michal-kosinski picture michal-kosinski on 26 Mar 2019
👍26

Yes, we badly need this to improve the security of our redis cache cluster

facos86 picture facos86 on 13 May 2019
👍11

Yep.. This feature is most essential

krishnaastica picture krishnaastica on 10 Mar 2020

I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!

hashibot[bot] picture hashibot[bot] on 10 Mar 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

joelittlejohn picture joelittlejohn  ·  3Comments
blaltarriba picture blaltarriba  ·  3Comments
hashibot picture hashibot  ·  3Comments
hashibot picture hashibot  ·  3Comments
dvishniakov picture dvishniakov  ·  3Comments