This Terraform module will create an Amazon ElastiCache for Redis cluster for use on the Cloud Platform.
module "redis" {
source = "github.com/ministryofjustice/cloud-platform-terraform-elasticache-cluster?ref=version" # use the latest release
# VPC configuration
vpc_name = var.vpc_name
# Redis cluster configuration
node_type = "cache.t4g.micro"
engine_version = "7.0"
parameter_group_name = "default.redis7"
auth_token_rotated_date = "2023-08-30"
# Tags
business_unit = var.business_unit
application = var.application
is_production = var.is_production
team_name = var.team_name
namespace = var.namespace
environment_name = var.environment
infrastructure_support = var.infrastructure_support
}
See the examples/ folder for more information.
Your redis instance is reachable only from inside the cluster VPC, but you can use the same technique to access it from your development environment as for accessing an RDS instance
- Run a port-forward pod
kubectl \
-n [your namespace] \
run port-forward-pod \
--generator=run-pod/v1 \
--image=ministryofjustice/port-forward \
--port=6379 \
--env="REMOTE_HOST=[your redis cluster hostname]" \
--env="LOCAL_PORT=6379" \
--env="REMOTE_PORT=6379"
- Forward local traffic to the port-forward-pod
kubectl \
-n [your namespace] \
port-forward \
port-forward-pod 6379:6379
You need to leave this running as long as you are accessing the redis cluster.
- Use the ruby redis client to access redis
At the time of writing, the
redis-cli
command-line tool cannot use encrypted redis connections (i.e. those with a URL startingrediss://...
as opposed toredis://...
). So, this section describes how to use theredis
ruby gem to connect to your elasticache cluster.
export REDIS_URL=[modified URL from namespace secret]
The value here should be the redis URL from your namespace secret, but with the hostname replaced with localhost
For instance, if the redis URL in your namespace secret is this:
url: rediss://dummyuser:6a36be5513564382b436b36be55e15a5@master.cp-8f56be55d06be5548.iwfvzo.euw2.cache.amazonaws.com:6379
...then the value you need for REDIS_URL
is:
rediss://dummyuser:6a36be5513564382b436b36be55e15a5@localhost:6379
Then you can use the ruby redis client like this:
ruby -r redis -e 'redis = Redis.new(uri: ENV.fetch("REDIS_URL")); redis.set("foo", 123); puts redis.get("foo")'
Name | Version |
---|---|
terraform | >= 1.2.5 |
aws | >= 4.0.0, < 5.0.0 |
random | >= 3.0.0 |
Name | Version |
---|---|
aws | >= 4.0.0, < 5.0.0 |
random | >= 3.0.0 |
No modules.
Name | Type |
---|---|
aws_elasticache_replication_group.ec_redis | resource |
aws_elasticache_subnet_group.ec_subnet | resource |
aws_iam_policy.irsa | resource |
aws_security_group.ec | resource |
random_id.auth_token | resource |
random_id.id | resource |
aws_availability_zones.available | data source |
aws_caller_identity.current | data source |
aws_iam_policy_document.irsa | data source |
aws_region.current | data source |
aws_subnet.private | data source |
aws_subnets.private | data source |
aws_vpc.selected | data source |
Name | Description | Type | Default | Required |
---|---|---|---|---|
application | Application name | string |
n/a | yes |
auth_token_rotated_date | Process to spin new auth token. Pass date to regenerate new token | string |
"" |
no |
business_unit | Area of the MOJ responsible for the service | string |
n/a | yes |
engine_version | Engine version (e.g. 7.0) | string |
n/a | yes |
environment_name | Environment name | string |
n/a | yes |
infrastructure_support | The team responsible for managing the infrastructure. Should be of the form () | string |
n/a | yes |
is_production | Whether this is used for production or not | string |
n/a | yes |
maintenance_window | Specifies the weekly time range for when maintenance on the cache cluster is performed. The format is ddd:hh24:mi-ddd:hh24:mi (24H Clock UTC). The minimum maintenance window is a 60 minute period. Example: sun:05:00-sun:09:00 . |
string |
"" |
no |
namespace | Namespace name | string |
n/a | yes |
node_type | Instance class to be used | string |
n/a | yes |
number_cache_clusters | Number of cache clusters (primary and replicas) this replication group will have | string |
"2" |
no |
parameter_group_name | Name of the parameter group aligned with the version specified in engine_version (e.g. default.redis7) | string |
n/a | yes |
snapshot_window | The daily time range (in UTC) during which ElastiCache will begin taking a daily snapshot of your cache cluster. The minimum snapshot window is a 60 minute period. Example: 05:00-09:00 | string |
"" |
no |
team_name | Team name | string |
n/a | yes |
vpc_name | The name of the vpc (eg.: live-1) | string |
n/a | yes |
Name | Description |
---|---|
auth_token | The password used to access the Redis protected server. |
irsa_policy_arn | IAM policy ARN for access to rotate the Redis AUTH token |
member_clusters | The identifiers of all the nodes that are part of this replication group. |
primary_endpoint_address | The address of the endpoint for the primary node in the replication group, if the cluster mode is disabled. |
replication_group_id | Redis cluster ID |
Some of the inputs for this module are tags. All infrastructure resources must be tagged to meet the MOJ Technical Guidance on Documenting owners of infrastructure.
You should use your namespace variables to populate these. See the Usage section for more information.