Closed tomdev closed 6 years ago
related #4105
Looks like TransitEncryptionEnabled
is still not configured in AWS API(https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_CreateCacheCluster.html).
@saravanan30erd appears to be correct here -- this feature is not available with the aws_elasticache_cluster
resource because the underlying Elasticache API does not support it.
Elasticache has some confusing terminology when it comes to "clusters", where a Redis "cluster" (cluster mode enabled or disabled) is actually a "replication group" in terms of the API (and subsequently Terraform since it follows to the API implementation).
You can create encrypted Redis replication groups (cluster mode enabled or disabled) via the aws_elasticache_replication_group
resource.
Since there's nothing to implement here until AWS adds encryption support for individual Redis nodes (annoyingly "clusters" in the API) or Memcached clusters, we'll close this issue out until that changes.
@bflad can we please reopen? Encryption in-transit and at-rest is now available both in create-cache-cluster and create-replication-group in AWS API.
Yes, we badly need this to improve the security of our redis cache cluster
Yep.. This feature is most essential
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!
Community Note
Description
ElastiCache Redis version 4.0+ supports encryption at-rest and in-transit, also for non-clustered mode.
The terraform
aws_elasticache_cluster
currently does not support these features.New or Affected Resource(s)
Potential Terraform Configuration
Similar to how this is implemented in
aws_elasticache_replication_group
:References