Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature request: add auth-token parameter for aws_elasticache_cluster #4105

Closed
ghost opened this issue Apr 6, 2018 · 11 comments
Closed

Feature request: add auth-token parameter for aws_elasticache_cluster #4105

ghost opened this issue Apr 6, 2018 · 11 comments
Assignees
@nywilken
Labels
enhancement Requests to existing resources that expand the functionality or scope. service/elasticache Issues and PRs that pertain to the elasticache service.

Comments

@ghost
Copy link

ghost commented Apr 6, 2018
edited by catsby
Loading

This issue was originally opened by @mitpwd as hashicorp/terraform#17797. It was migrated here as a result of the provider split. The original body of the issue is below.

Expected Behavior

  • auth-token to be supported by aws_elasticache_cluster AWS provider

Actual Behavior

Error msg: invalid or unknown key: auth-token

Steps to Reproduce

  1. tf code: (catsby edited for formatting)
resource "aws_elasticache_cluster" "app-elasticache-redis-cluster" {
  cluster_id           = "env-app-redis"
  engine               = "redis"
  node_type            = "cache.t2.small"
  num_cache_nodes      = 1
  maintenance_window   = "thu:02:00-thu:04:00"
  subnet_group_name    = "${aws_elasticache_subnet_group.app_redis_subnet_group.name}"
  #security_group_names =
  security_group_ids   = ["${aws_security_group.app_sg.id}"]
  apply_immediately    = true
  auth-token           = "somerandomkeyMKdw>N3>$5&F5#aa3"

  parameter_group_name = "default.redis3.2"
  port                 = 6379
  }
}
  1. terraform init
  2. terraform apply

References

Reference to AWS Documentation:
https://docs.aws.amazon.com/AmazonElastiCache/latest/UserGuide/auth.html
@ghost ghost mentioned this issue Apr 6, 2018
Closed
@catsby catsby added the enhancement Requests to existing resources that expand the functionality or scope. label Apr 6, 2018
@catsby catsby changed the title Missing auth-token parameter for aws_elasticache_cluster Feature request: add auth-token parameter for aws_elasticache_cluster Apr 6, 2018
@catsby catsby added the service/elasticache Issues and PRs that pertain to the elasticache service. label Apr 6, 2018
@saravanan30erd saravanan30erd mentioned this issue Jun 25, 2018
Closed
@saravanan30erd
Copy link
Contributor

saravanan30erd commented Jun 25, 2018
edited
Loading

@bflad
AuthToken requires TransitEncryptionEnabled is set to true(https://docs.aws.amazon.com/sdk-for-go/api/service/elasticache/#CreateCacheClusterInput), looks like TransitEncryptionEnabled is still not implemented in AWS API(https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_CreateCacheCluster.html).

@tdmalone
Copy link
Contributor

Looks like this issue could be closed like #4973 was - it seems to be confusion caused by the naming in the AWS API. Copying from @bflad in that other ticket:

Elasticache has some confusing terminology when it comes to "clusters", where a Redis "cluster" (cluster mode enabled or disabled) is actually a "replication group" in terms of the API (and subsequently Terraform since it follows to the API implementation).

You can create encrypted Redis replication groups (cluster mode enabled or disabled) via the aws_elasticache_replication_group resource.

@internetrush1
Copy link

@tdmalone i don think this is talking about ENCRYPTION, more about AUTH-TOKENS. There doesnt seem to be any method here to provide a token for password authentication on request:
https://www.terraform.io/docs/providers/aws/r/elasticache_cluster.html

@tdmalone
Copy link
Contributor

@internetrush1 It’s the same problem - confusion with the AWS API naming. It is supported - see here:

https://www.terraform.io/docs/providers/aws/r/elasticache_replication_group.html#auth_token

@alkar alkar mentioned this issue Sep 3, 2018
Merged
@alkar alkar mentioned this issue Sep 13, 2018
Closed
5 tasks
@grjones
Copy link

grjones commented Feb 12, 2019
edited
Loading

@tdmalone Is indeed correct. I changed from:

resource "aws_elasticache_cluster" "my_redis_cluster" {
  cluster_id           = "my-redis-cluster"
  engine               = "redis"
  node_type            = "cache.m5.large"
  num_cache_nodes      = 1
  parameter_group_name = "default.redis5.0"
  engine_version       = "5.0.0"
  port                 = 6379
  availability_zone    = "${var.region}a"
  subnet_group_name    = "${aws_elasticache_subnet_group.redis_subnet_group.name}"
  security_group_ids   = ["${aws_security_group.redis_cluster_security_group.id}"]
}

to

resource "aws_elasticache_replication_group" "my_redis_cluster" {
  engine                        = "redis"
  engine_version                = "5.0.0"
  transit_encryption_enabled    = true
  auth_token                    = "my_auth_token"
  automatic_failover_enabled    = false
  availability_zones            = ["${var.region}a"]
  replication_group_id          = "my-redis-cluster"
  node_type                     = "cache.m5.large"
  number_cache_clusters         = 1
  parameter_group_name          = "default.redis5.0"
  port                          = 6379
  subnet_group_name             = "${aws_elasticache_subnet_group.redis_subnet_group.name}"
  security_group_ids            = ["${aws_security_group.redis_cluster_security_group.id}"]
  replication_group_description = "Redis cluster for caching storage (has automatic eviction)"
}

And everything now works as expected with AUTH turned on.

@vikmalik
Copy link

auth_token related details is missing in documentation though

@nywilken
Copy link
Contributor

Hey Folks, looking at the comments it doesn't seem like there is anything to do here and this issue is safe to close. But before doing so @vikmalik could you elaborate on the statement below a little more. Is there information missing from our existing resource documentation that could better assist?

auth_token related details is missing in documentation though

@nywilken nywilken added the waiting-response Maintainers are waiting on response from community or contributor. label Jun 19, 2019
@nywilken
Copy link
Contributor

@vikmalik I'm going to go ahead an close this issue as there has not been any activity since my last comment. If you have a minute to elaborate on your documentation request I invite you to open a new issue explaining what is missing in the documentation and what would make it easier for the user. Thanks again!

@nywilken nywilken removed the waiting-response Maintainers are waiting on response from community or contributor. label Jul 29, 2019
@zmw85
Copy link

zmw85 commented Aug 2, 2019

@tdmalone Is indeed correct. I changed from:

resource "aws_elasticache_cluster" "my_redis_cluster" {
  cluster_id           = "my-redis-cluster"
  engine               = "redis"
  node_type            = "cache.m5.large"
  num_cache_nodes      = 1
  parameter_group_name = "default.redis5.0"
  engine_version       = "5.0.0"
  port                 = 6379
  availability_zone    = "${var.region}a"
  subnet_group_name    = "${aws_elasticache_subnet_group.redis_subnet_group.name}"
  security_group_ids   = ["${aws_security_group.redis_cluster_security_group.id}"]
}

to

resource "aws_elasticache_replication_group" "my_redis_cluster" {
  engine                        = "redis"
  engine_version                = "5.0.0"
  transit_encryption_enabled    = true
  auth_token                    = "my_auth_token"
  automatic_failover_enabled    = false
  availability_zones            = ["${var.region}a"]
  replication_group_id          = "my-redis-cluster"
  node_type                     = "cache.m5.large"
  number_cache_clusters         = 1
  parameter_group_name          = "default.redis5.0"
  port                          = 6379
  subnet_group_name             = "${aws_elasticache_subnet_group.redis_subnet_group.name}"
  security_group_ids            = ["${aws_security_group.redis_cluster_security_group.id}"]
  replication_group_description = "Redis cluster for caching storage (has automatic eviction)"
}

And everything now works as expected with AUTH turned on.

the problem with "aws_elasticache_replication_group" is that the attribute "primary_endpoint_address" is empty. And I want to setup a nat instance in the same terraform try to reference to the endpoint of resource. and it couldn't be done in this way. Anyone got a solution to this?

@tdmalone
Copy link
Contributor

tdmalone commented Aug 6, 2019

@zmw85 This doesn't seem related to this issue, which is also closed - you might want to create a new issue, or try asking in one of the community resources.

@ghost
Copy link
Author

ghost commented Nov 2, 2019

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!

@ghost ghost locked and limited conversation to collaborators Nov 2, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@nywilken nywilken

Labels
enhancement Requests to existing resources that expand the functionality or scope. service/elasticache Issues and PRs that pertain to the elasticache service.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@catsby @grjones @tdmalone @nywilken @vikmalik @zmw85 @internetrush1 @saravanan30erd