This Terraform module provisions an AWS ElastiCache for Redis deployment, including subnet group, parameter group, and optional security group associations, suitable for production workloads.
- ElastiCache Redis replication group (cluster mode optional)
- Subnet group for private subnets
- Parameter group customization
- Encryption at rest and in transit
- Auth token support (optional)
- Automatic failover with Multi-AZ
- Maintenance window configuration
- CloudWatch metrics and tagging
module "elasticache" {
source = "Senora-dev/elasticache/aws"
environment = "dev"
engine = "redis"
engine_version = "7.1"
node_type = "cache.t4g.small"
# High availability
multi_az_enabled = true
automatic_failover = true
# Sizing
replicas_per_node_group = 1
num_node_groups = 1 # set >1 to enable cluster mode
cluster_mode_enabled = false # true when using sharding (num_node_groups > 1)
# Networking
subnet_ids = ["subnet-abc", "subnet-def"]
security_group_ids = ["sg-1234567890abcdef0"]
# Security
at_rest_encryption_enabled = true
transit_encryption_enabled = true
auth_token_enabled = true
auth_token_ssm_parameter_arn = "arn:aws:ssm:us-east-1:123456789012:parameter/elasticache/auth-token"
# Maintenance
maintenance_window = "sun:03:00-sun:04:00"
snapshot_window = "05:00-06:00"
snapshot_retention_days = 7
tags = {
Project = "ExampleProject"
Environment = "dev"
}
}| Name | Version |
|---|---|
| terraform | >= 1.0 |
| aws | >= 4.0 |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| environment | Environment name (e.g., dev, staging, prod) | string |
n/a | yes |
| engine | Cache engine (redis) | string |
"redis" |
no |
| engine_version | Redis engine version | string |
"7.1" |
no |
| node_type | Instance type for cache nodes | string |
n/a | yes |
| multi_az_enabled | Enable Multi-AZ | bool |
true |
no |
| automatic_failover | Enable automatic failover | bool |
true |
no |
| replicas_per_node_group | Number of replicas per node group | number |
1 |
no |
| num_node_groups | Number of node groups (shards) | number |
1 |
no |
| cluster_mode_enabled | Enable cluster mode (sharding) | bool |
false |
no |
| subnet_ids | Subnet IDs for the subnet group | list(string) |
n/a | yes |
| security_group_ids | Security group IDs to attach to the cluster ENIs | list(string) |
[] |
no |
| at_rest_encryption_enabled | Enable encryption at rest | bool |
true |
no |
| transit_encryption_enabled | Enable in-transit encryption | bool |
true |
no |
| auth_token_enabled | Enable Redis AUTH token | bool |
false |
no |
| auth_token_ssm_parameter_arn | SSM Parameter ARN containing the auth token (if enabled) | string |
null |
no |
| maintenance_window | Weekly maintenance window (UTC) | string |
"sun:03:00-sun:04:00" |
no |
| snapshot_window | Daily snapshot window (UTC) | string |
"05:00-06:00" |
no |
| snapshot_retention_days | Number of days to retain snapshots | number |
7 |
no |
| parameter_group_family | Parameter group family (e.g., redis7) | string |
"redis7" |
no |
| parameters | Custom parameter overrides | map(string) |
{} |
no |
| tags | Tags to apply to all resources | map(string) |
{} |
no |
| Name | Description |
|---|---|
| replication_group_id | ID of the ElastiCache replication group |
| primary_endpoint_address | Primary endpoint address |
| reader_endpoint_address | Reader endpoint address |
| port | Redis port |
| subnet_group_name | Name of the subnet group |
| parameter_group_name | Name of the parameter group |
- Set
cluster_mode_enabled = truewhennum_node_groups > 1to enable sharding - When
transit_encryption_enabled = true, Redis AUTH is required by AWS; setauth_token_enabled = true - Store the auth token in AWS SSM Parameter Store and reference via
auth_token_ssm_parameter_arn - Ensure subnets are private with appropriate NAT/route configuration
- Security groups should allow inbound on the Redis port (default 6379) from allowed sources only
MIT Licensed. See LICENSE for full details.
This module is maintained by Senora.dev.