cloudposse / terraform-aws-elasticache-redis

Terraform module to provision an ElastiCache Redis Cluster
https://cloudposse.com/accelerate
Apache License 2.0
144 stars 253 forks source link

Add port 6380 for Serverless Valkey #250

Open kdeyko opened 1 month ago

kdeyko commented 1 month ago

Describe the Feature

Port 6380 should be added to the security group by default if we use ElastiCache Serverless for Valkey. Currently, only 6379 is added.

From Get started with Amazon ElastiCache for Valkey | Amazon Web Services

ElastiCache Serverless for Valkey cache uses both ports 6379 and port 6380. To successfully connect and execute Valkey commands from your EC2 instance, your security group must allow access to these ports as needed.

See Finding replication group endpoints - Amazon ElastiCache on Primary and Reader endpoints explanation.

Other links: https://docs.aws.amazon.com/AmazonElastiCache/latest/dg/RedisConfiguration.html#RedisConfiguration.Serverless https://docs.aws.amazon.com/AmazonElastiCache/latest/dg/wwe-troubleshooting.html#wwe-troubleshooting.connection

Expected Behavior

When create_security_group and serverless_enabled are true and engine is redis, both 6379 and 6380 ports are allowed for ingress connection in the created SG.

Use Case

Create ElastiCache Serverless for Valkey.

Describe Ideal Solution

Both ports 6379 and 6380 are added to SG in we use ElastiCache Serverless for Valkey.

Alternatives Considered

This can be work arounded (in theory) using additional_security_group_rules:

  additional_security_group_rules = [
    {
      type              = "ingress"
      from_port         = 6380
      to_port           = 6380
      protocol          = "tcp"
    }
  ]

(assuming that rule for port 6379 is added by default)

Additional Context

No response

kdeyko commented 1 month ago

Alternatively, allow passing a list of ports in the port field.