search

hashicorp / terraform-provider-aws

The AWS Provider enables Terraform to manage AWS resources.
https://registry.terraform.io/providers/hashicorp/aws
Mozilla Public License 2.0
9.81k stars 9.16k forks source link

Support at-rest and in-transit encryption for aws_elasticache_cluster (Redis) #12716

Closed vlamic closed 4 years ago

vlamic commented 4 years ago

Community Note

Description

As mentioned in #4973

ElastiCache Redis version 4.0+ supports encryption at-rest and in-transit, also for non-clustered mode.

The terraform aws_elasticache_cluster currently does not support these features.

New or Affected Resource(s)

aws_elasticache_cluster

Potential Terraform Configuration

Similar to how this is implemented in aws_elasticache_replication_group:

resource "aws_elasticache_cluster" "encrypted_redis" {
    [...]
    engine_version: "4.0.10"
    at_rest_encryption_enabled: true
    transit_encryption_enabled: true
}

References

trampfox commented 4 years ago

Looks like AtRestEncryptionEnabled and TransitEncryptionEnabled are still not available in the CreateCacheClusterInput struct of the aws-sdk-go (https://github.com/aws/aws-sdk-go/blob/master/service/elasticache/api.go#L8137)

ewbankkit commented 4 years ago

Similar:

vlamic commented 4 years ago

This is an issue for aws-sdk-go: https://github.com/aws/aws-sdk-go/issues/3257 to track.

vlamic commented 4 years ago

This can be solved if using aws_elasticache_replication_group of 1 instead of aws_elasticache_cluster. Closing the issue.

ghost commented 4 years ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!