Open adworacz opened 1 year ago
The workaround seems to be using a CfnReplicationGroup
instead.
Something like:
const redis = new CfnReplicationGroup(this, 'APICacheV2', {
engine: 'redis',
replicationGroupDescription: 'Cache for the API',
cacheNodeType: 'cache.t4g.micro',
cacheSubnetGroupName: redisSubnetGroup.ref,
securityGroupIds: [redisSecurityGroup.securityGroupId],
transitEncryptionEnabled: true,
// As minimal of a cache cluster as I can make.
clusterMode: 'Disabled',
numCacheClusters: 1,
automaticFailoverEnabled: false,
})
Yup, this looks like an oversight somewhere.
This parameter is valid only if the Engine parameter is redis, the EngineVersion parameter is 3.2.6 or 4.x onward, and the cluster is being created in an Amazon VPC.
There's a few other checks that have to be made as well here.
Agreed. I also realized that I included the link to the ReplicationGroup documentation instead of the CacheCluster documentation in my OP. I've fixed this.
Here's the current documentation for CacheCluster + in-transit encryption: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticache-cache-cluster.html#cfn-elasticache-cachecluster-transitencryptionenabled
It doesn't mention any stipulations at all, which is rather surprising given the stipulations that exist on ReplicationGroup.
I think I have a similar issue when trying to create ElastiCache with TerraForm It seems like it is working fine with same configuration via console but doesn't work through cli
Error: creating ElastiCache Cache Cluster (lab-redis): InvalidParameterCombination: Encryption feature is not supported for engine REDIS.
│ status code: 400, request id: 1a3d764c-90a2-4a25-9a1d-cf90883fd006
Yeah, I'm starting to wonder if this isn't a CDK issue at all, and is in fact an underlying "service doesn't meet documentation" issue.
CloudFormation template has this, too, so not an SDK problem.
The "encryption at rest" feature is also missing entirely.
looks like still issue opened, I just run into the same using terraform
Describe the bug
When attempting to create a Redis elasticache cluster that enables in-transit encryption, we receive the following error:
This doesn't make any sense though, as the public documentation clearly states that encryption is supported: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticache-cache-cluster.html#cfn-elasticache-cachecluster-transitencryptionenabled
In addition, we are using VPC, per the documentation.
Here's our code that should enable easy reproduction:
Expected Behavior
I am able to create a Redis Elasticache instance with transit encryption enabled.
Current Behavior
An error occurs (see description)
Reproduction Steps
Use the CDK code in the description to deploy a Redis cluster.
Possible Solution
No response
Additional Information/Context
No response
CDK CLI Version
2.92.0 (build bf62e55)
Framework Version
No response
Node.js Version
18
OS
Linux
Language
Typescript
Language Version
No response
Other information
No response