Setting in transit_encryption_enabled is ignored

cloudposse / terraform-aws-elasticache-redis

Terraform module to provision an ElastiCache Redis Cluster

https://cloudposse.com/accelerate

Apache License 2.0

141 stars 244 forks source link

Setting in transit_encryption_enabled is ignored #112

Closed andrelanka closed 3 years ago

andrelanka commented 3 years ago

Hey guys,

Your latest seems to ignore the setting in transit_encryption_enabled completely. Independently of the actual value, it always creates an instance with Transit encryption set to true. This is not the first version where this happens.

I pinned the module to tag 0.30.0 in my configuration, now. There it's possible to create an instance without transit encryption.

Kind regards André

sneas commented 3 years ago

Hi @andrelanka, I've just tried to set transit_encryption_enabled to false on version 0.38.0 and it seems working as expected.

nitrocode commented 3 years ago

It looks like the var.auth_token needs to be provided for the var.transit_encryption_enabled to take affect. Is that provided ? Could you provide a minimum viable reproducible example ?

https://github.com/cloudposse/terraform-aws-elasticache-redis/blob/790f4d69028a8568a6cbd9089d50d5664af1484d/main.tf#L80-L83

https://github.com/cloudposse/terraform-aws-elasticache-redis/blob/790f4d69028a8568a6cbd9089d50d5664af1484d/main.tf#L99

Nuru commented 3 years ago

Not a bug, but a failure of documentation. Transit Encryption is forced on if auth_token is set because that is an AWS requirement. Leave auth_token set to null (the default value) if you want to disable transit encryption.