Closed ghost closed 5 years ago
saravanan30erd
commented
6 years ago @bflad
AuthToken requires TransitEncryptionEnabled is set to true(https://docs.aws.amazon.com/sdk-for-go/api/service/elasticache/#CreateCacheClusterInput), looks like TransitEncryptionEnabled is still not implemented in AWS API(https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_CreateCacheCluster.html).
tdmalone
commented
6 years ago Looks like this issue could be closed like #4973 was - it seems to be confusion caused by the naming in the AWS API. Copying from @bflad in that other ticket:
Elasticache has some confusing terminology when it comes to "clusters", where a Redis "cluster" (cluster mode enabled or disabled) is actually a "replication group" in terms of the API (and subsequently Terraform since it follows to the API implementation).
You can create encrypted Redis replication groups (cluster mode enabled or disabled) via the
aws_elasticache_replication_groupresource.
internetrush1
commented
6 years ago @tdmalone i don think this is talking about ENCRYPTION, more about AUTH-TOKENS. There doesnt seem to be any method here to provide a token for password authentication on request: https://www.terraform.io/docs/providers/aws/r/elasticache_cluster.html
tdmalone
commented
6 years ago @internetrush1 It’s the same problem - confusion with the AWS API naming. It is supported - see here:
https://www.terraform.io/docs/providers/aws/r/elasticache_replication_group.html#auth_token
grjones
commented
5 years ago @tdmalone Is indeed correct. I changed from:
resource "aws_elasticache_cluster" "my_redis_cluster" {
cluster_id = "my-redis-cluster"
engine = "redis"
node_type = "cache.m5.large"
num_cache_nodes = 1
parameter_group_name = "default.redis5.0"
engine_version = "5.0.0"
port = 6379
availability_zone = "${var.region}a"
subnet_group_name = "${aws_elasticache_subnet_group.redis_subnet_group.name}"
security_group_ids = ["${aws_security_group.redis_cluster_security_group.id}"]
}to
resource "aws_elasticache_replication_group" "my_redis_cluster" {
engine = "redis"
engine_version = "5.0.0"
transit_encryption_enabled = true
auth_token = "my_auth_token"
automatic_failover_enabled = false
availability_zones = ["${var.region}a"]
replication_group_id = "my-redis-cluster"
node_type = "cache.m5.large"
number_cache_clusters = 1
parameter_group_name = "default.redis5.0"
port = 6379
subnet_group_name = "${aws_elasticache_subnet_group.redis_subnet_group.name}"
security_group_ids = ["${aws_security_group.redis_cluster_security_group.id}"]
replication_group_description = "Redis cluster for caching storage (has automatic eviction)"
}And everything now works as expected with AUTH turned on.
vikmalik
commented
5 years ago auth_token related details is missing in documentation though
nywilken
commented
5 years ago Hey Folks, looking at the comments it doesn't seem like there is anything to do here and this issue is safe to close. But before doing so @vikmalik could you elaborate on the statement below a little more. Is there information missing from our existing resource documentation that could better assist?
auth_tokenrelated details is missing in documentation though
nywilken
commented
5 years ago @vikmalik I'm going to go ahead an close this issue as there has not been any activity since my last comment. If you have a minute to elaborate on your documentation request I invite you to open a new issue explaining what is missing in the documentation and what would make it easier for the user. Thanks again!
zmw85
commented
5 years ago @tdmalone Is indeed correct. I changed from:
resource "aws_elasticache_cluster" "my_redis_cluster" { cluster_id = "my-redis-cluster" engine = "redis" node_type = "cache.m5.large" num_cache_nodes = 1 parameter_group_name = "default.redis5.0" engine_version = "5.0.0" port = 6379 availability_zone = "${var.region}a" subnet_group_name = "${aws_elasticache_subnet_group.redis_subnet_group.name}" security_group_ids = ["${aws_security_group.redis_cluster_security_group.id}"] }to
resource "aws_elasticache_replication_group" "my_redis_cluster" { engine = "redis" engine_version = "5.0.0" transit_encryption_enabled = true auth_token = "my_auth_token" automatic_failover_enabled = false availability_zones = ["${var.region}a"] replication_group_id = "my-redis-cluster" node_type = "cache.m5.large" number_cache_clusters = 1 parameter_group_name = "default.redis5.0" port = 6379 subnet_group_name = "${aws_elasticache_subnet_group.redis_subnet_group.name}" security_group_ids = ["${aws_security_group.redis_cluster_security_group.id}"] replication_group_description = "Redis cluster for caching storage (has automatic eviction)" }And everything now works as expected with AUTH turned on.
the problem with "aws_elasticache_replication_group" is that the attribute "primary_endpoint_address" is empty. And I want to setup a nat instance in the same terraform try to reference to the endpoint of resource. and it couldn't be done in this way. Anyone got a solution to this?
tdmalone
commented
5 years ago @zmw85 This doesn't seem related to this issue, which is also closed - you might want to create a new issue, or try asking in one of the community resources.
ghost
commented
4 years ago I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!
This issue was originally opened by @mitpwd as hashicorp/terraform#17797. It was migrated here as a result of the provider split. The original body of the issue is below.
Expected Behavior
Actual Behavior
Error msg: invalid or unknown key: auth-token
Steps to Reproduce
terraform initterraform applyReferences
Reference to AWS Documentation: https://docs.aws.amazon.com/AmazonElastiCache/latest/UserGuide/auth.html