Redis module (#53)

* Initial commit

* Missing space

* default boolean fix

* var fixes here and there

* Typo

* numbering variables

* Fixing defaults

* nulling some

* To supershort

* Fixing nulls

* Typo in secret name

* Making redis connection secret optional

* Small tweaks and typos fix

* rocket

* Typo

* Fixing num_cache_cluster incompat with num_node_groups

* Fixing var name

* Fixing dynamics

* Removing dynamic block

* Adding cluster check to failover

* Typo

* Fix

* Cosmetic details

* Adding aws_redis_cloudwatch_retention_days

* Typo

* Fix

* Adding maintenance options

* Dynamic approach 2

* Fix

* Dynamic x2

* Cosmetics

* Adding aws_redis_automatic_failover

* nulling default

Author: LeoDiazL

README.md

@@ -61,6 +61,7 @@ jobs:
 1. [RDS](#rds-inputs)
 1. [Amazon Aurora Inputs](#aurora-inputs)
 1. [Docker](#docker-inputs)
+1. [Redis](#redis-inputs)
 1. [ECS](#ecs-inputs)
 1. [ECR](#ecr-inputs)
 1. [EKS](#eks-inputs)
@@ -305,6 +306,44 @@ The following inputs can be used as `step.with` keys
 <hr/>
 <br/>
 
+#### **Redis Inputs**
+| Name             | Type    | Description                        |
+|------------------|---------|------------------------------------|
+| `aws_redis_enable` | Boolean | Enables the creation of a Redis instance. |
+| `aws_redis_user` | String | Redis username. Defaults to `redisuser`. |
+| `aws_redis_user_access_string` | String | String expression for user access. Defaults to `on ~* +@all`. |
+| `aws_redis_user_group_name` | String | User group name. Defaults to `aws_resource_identifier-redis`. |
+| `aws_redis_security_group_name` | String | Redis security group name. Defaults to `SG for aws_resource_identifier - Redis`. |
+| `aws_redis_ingress_allow_all` | Boolean | Allow access from 0.0.0.0/0. Defaults to `true`. |
+| `aws_redis_allowed_security_groups` | String | Comma separated list of security groups to be added to the Redis SG. |
+| `aws_redis_subnets` | String | Define a list of specific subnets where Redis will live. Defaults to all of the VPC ones. If nome defined, default VPC. |
+| `aws_redis_port` | String | Redis port. Defaults to `6379`. |
+| `aws_redis_at_rest_encryption` | Boolean | Encryption at rest. Defaults to `true`. |
+| `aws_redis_in_transit_encryption` | Boolean | In-transit encryption. Defaults to `true`. |
+| `aws_redis_replication_group_id` | String | Name of the Redis replication group. Defaults to `aws_resource_identifier-redis`. |
+| `aws_redis_node_type` | String | Node type of the Redis instance. Defaults to `cache.t2.small`. |
+| `aws_redis_num_cache_clusters` | String | Amount of Redis nodes. Defaults to `1`. |
+| `aws_redis_parameter_group_name` | String | Redis parameters groups name. If cluster wanted, set it to something that includes *.cluster.on.* Defaults to `default.redis7`. |
+| `aws_redis_num_node_groups` | String | Number of node groups. Defaults to `0`. |
+| `aws_redis_replicas_per_node_group` | String | Number of replicas per node group. Defaults to `0`. |
+| `aws_redis_multi_az_enabled` | Boolean | Enables multi-availability-zone redis. Defaults to `false`. |
+| `aws_redis_automatic_failover` | Boolean | Allows overriding the automatic configuration of this value, only needed when playing with resources in a non-conventional way. |
+| `aws_redis_apply_immediately` | Boolean | Specifies whether any modifications are applied immediately, or during the next maintenance window. Defaults to `false`. |
+| `aws_redis_auto_minor_upgrade` | Boolean | Specifies whether minor version engine upgrades will be applied automatically to the underlying Cache Cluster instances during the maintenance window. Defaults to `true`. |
+| `aws_redis_maintenance_window` | String | Specifies the weekly time range for when maintenance on the cache cluster is performed. Example:`sun:05:00-sun:06:00`. Defaults to `null`. |
+| `aws_redis_snapshot_window` | String | Daily time range (in UTC) when to start taking a daily snapshot. Minimum is a 60 minute period. Example: `05:00-09:00`. Defaults to `null`. |
+| `aws_redis_final_snapshot` | String | Change name to define a final snapshot. |
+| `aws_redis_snapshot_restore_name` | String | Set name to restore a snapshot to the cluster. The default behaviour is to restore it each time this action runs. |
+| `aws_redis_cloudwatch_enabled` | String | Enable or disables Cloudwatch logging. |
+| `aws_redis_cloudwatch_lg_name` | String | Cloudwatch log group name. Defaults to `/aws/redis/aws_resource_identifier` **Will append log_type to it** eg. `/your/name/slow-log`. |
+| `aws_redis_cloudwatch_log_format` | String | Define log format between `json`(default) and text. |
+| `aws_redis_cloudwatch_log_type` | String | Log type. Older Redis engines need `slow-log`. Newer support `engine-log` (default). You could add both by setting `slow-log,engine-log`.  |
+| `aws_redis_cloudwatch_retention_days` | String | Number of days to retain cloudwatch logs. Defaults to `14`. |
+| `aws_redis_single_line_url_secret`| Boolean | Creates an AWS secret containing the connection string containing `protocol://user@pass:endpoint:port` |
+| `aws_redis_additional_tags` | String | Additional tags to be added to every Redis related resource. |
+<hr/>
+<br/>
+
 #### **ECS Inputs***
 | Name             | Type    | Description                        |
 |------------------|---------|------------------------------------|

action.yaml

@@ -463,6 +463,104 @@ inputs:
     description: 'A list of strings that will be added to created resources'
     required: false
 
+  # Redis
+  aws_redis_enable:
+    description: 'Enables the creation of a Redis instance'
+    required: false
+  aws_redis_user:
+    description: 'Redis username. Defaults to redisuser'
+    required: false
+  aws_redis_user_access_string:
+    description: 'String expression for user access. Defaults to on ~* +@all'
+    required: false
+  aws_redis_user_group_name:
+    description: 'User group name. Defaults to aws_resource_identifier-redis'
+    required: false
+  aws_redis_security_group_name:
+    description: 'Redis security group name. Defaults to SG for aws_resource_identifier - Redis'
+    required: false
+  aws_redis_ingress_allow_all:
+    description: 'Allow access from 0.0.0.0/0 in the same VPC'
+    required: false
+  aws_redis_allowed_security_groups:
+    description: 'Comma separated list of security groups to be added to the Redis SG.'
+    required: false
+  aws_redis_subnets:
+    description: 'Define a list of specific subnets where Redis will live. Defaults to all of the VPC ones. If not defined, default VPC.'
+    required: false
+  aws_redis_port:
+    description: 'Redis port. Defaults to 6379'
+    required: false
+  aws_redis_at_rest_encryption:
+    description: 'Encryption at rest. Defaults to true.'
+    required: false
+  aws_redis_in_transit_encryption:
+    description: 'In-transit encryption. Defaults to true.'
+    required: false
+  aws_redis_replication_group_id:
+    description: 'Name of the Redis replication group. Defaults to aws_resource_identifier-redis'
+    required: false
+  aws_redis_node_type:
+    description: 'Node type of the Redis instance. Defaults to cache.t2.small'
+    required: false
+  aws_redis_num_cache_clusters:
+    description: 'Amount of Redis nodes. Defaults to 1'
+    required: false
+  aws_redis_parameter_group_name:
+    description: 'Redis parameters groups name. If cluster wanted, set it to something that includes .cluster.on. Defaults to default.redis7'
+    required: false
+  aws_redis_num_node_groups:
+    description: 'Number of node groups. Defaults to 0.'
+    required: false
+  aws_redis_replicas_per_node_group:
+    description: 'Number of replicas per node group. Defaults to 0'
+    required: false
+  aws_redis_multi_az_enabled:
+    description: 'Enables multi-availability-zone redis. Defaults to false'
+    required: false
+  aws_redis_automatic_failover:
+    description: 'Allows overriding the automatic configuration of this value, only needed when playing with resources in a non-conventional way.'
+    required: false
+  aws_redis_apply_immediately:
+    description: 'Specifies whether any modifications are applied immediately, or during the next maintenance window. Default is false.'
+    required: false
+  aws_redis_auto_minor_upgrade:
+    description: 'Specifies whether minor version engine upgrades will be applied automatically to the underlying Cache Cluster instances during the maintenance window. Defaults to true.'
+    required: false
+  aws_redis_maintenance_window:
+    description: 'Specifies the weekly time range for when maintenance on the cache cluster is performed. Example:sun:05:00-sun:06:00. Defaults to null.'
+    required: false
+  aws_redis_snapshot_window:
+    description: 'Daily time range (in UTC) when to start taking a daily snapshot. Minimum is a 60 minute period. Example: 05:00-09:00. Defaults to null.'
+    required: false
+  aws_redis_final_snapshot:
+    description: 'Change name to define a final snapshot.'
+    required: false
+  aws_redis_snapshot_restore_name:
+    description: 'Set name to restore a snapshot to the cluster. The default behaviour is to restore it each time this action runs.'
+    required: false
+  aws_redis_cloudwatch_enabled:
+    description: 'Enable or disables Cloudwatch logging.'
+    required: false
+  aws_redis_cloudwatch_lg_name:
+    description: 'Cloudwatch log group name. Defaults to /aws/redis/aws_resource_identifier. Will append log_type to it.'
+    required: false
+  aws_redis_cloudwatch_log_format:
+    description: 'Define log format between json (default) and text.'
+    required: false
+  aws_redis_cloudwatch_log_type:
+    description: 'Log type. Older Redis engines need slow-log. Newer support engine-log (default)'
+    required: false
+  aws_redis_cloudwatch_retention_days:
+    description: "Number of days to retain logs. 0 to never expire. Default '14'"
+    reuired: false
+  aws_redis_single_line_url_secret:
+    description: 'Creates an AWS secret containing the connection string containing protocol://user@pass:endpoint:port'
+    required: false
+  aws_redis_additional_tags:
+    description: 'Additional tags to be added to every Redis related resource'
+    required: false
+
   # Docker 
   docker_install: 
     description: 'Define if docker should be installed. After this, docker-compose up will be excecuted.'
@@ -775,7 +873,16 @@ outputs:
   ecr_repository_url:
     description: "ECR Repo URL"
     value: ${{ steps.deploy.outputs.ecr_repository_url }}
-
+  # REDIS
+  redis_endpoint:
+    description: "Redis Endpoint"
+    value: ${{ steps.deploy.outputs.redis_endpoint }}
+  redis_secret_name:
+    description: "Redis Secret name"
+    value: ${{ steps.deploy.outputs.redis_secret_name }}
+  redis_connection_string_secret:
+    description: "Redis secret containing complete URL to connect directly. (e.g. rediss://user:pass@host:port)"
+    value: ${{ steps.deploy.outputs.redis_connection_string_secret }}
 runs:
   using: 'composite'
   steps:
@@ -959,6 +1066,40 @@ runs:
         AWS_DB_PROXY_CLOUDWATCH_RETENTION_DAYS : ${{ inputs.aws_db_proxy_cloudwatch_retention_days }}
         AWS_DB_PROXY_ADDITIONAL_TAGS: ${{ inputs.aws_db_proxy_additional_tags }}
 
+        # AWS REDIS
+        AWS_REDIS_ENABLE: ${{ inputs.aws_redis_enable }}
+        AWS_REDIS_USER: ${{ inputs.aws_redis_user }}
+        AWS_REDIS_USER_ACCESS_STRING: ${{ inputs.aws_redis_user_access_string }}
+        AWS_REDIS_USER_GROUP_NAME: ${{ inputs.aws_redis_user_group_name }}
+        AWS_REDIS_SECURITY_GROUP_NAME: ${{ inputs.aws_redis_security_group_name }}
+        AWS_REDIS_INGRESS_ALLOW_ALL: ${{ inputs.aws_redis_ingress_allow_all }}
+        AWS_REDIS_ALLOWED_SECURITY_GROUPS: ${{ inputs.aws_redis_allowed_security_groups }}
+        AWS_REDIS_SUBNETS: ${{ inputs.aws_redis_subnets }}
+        AWS_REDIS_PORT: ${{ inputs.aws_redis_port }}
+        AWS_REDIS_AT_REST_ENCRYPTION: ${{ inputs.aws_redis_at_rest_encryption }}
+        AWS_REDIS_IN_TRANSIT_ENCRYPTION: ${{ inputs.aws_redis_in_transit_encryption }}
+        AWS_REDIS_REPLICATION_GROUP_ID: ${{ inputs.aws_redis_replication_group_id }}
+        AWS_REDIS_NODE_TYPE: ${{ inputs.aws_redis_node_type }}
+        AWS_REDIS_NUM_CACHE_CLUSTER: ${{ inputs.aws_redis_num_cache_clusters }}
+        AWS_REDIS_PARAMETER_GROUP_NAME: ${{ inputs.aws_redis_parameter_group_name }}
+        AWS_REDIS_NUM_NODE_GROUPS: ${{ inputs.aws_redis_num_node_groups }}
+        AWS_REDIS_REPLICAS_PER_NODE_GROUP: ${{ inputs.aws_redis_replicas_per_node_group }}
+        AWS_REDIS_MULTI_AZ_ENABLED: ${{ inputs.aws_redis_multi_az_enabled }}
+        AWS_REDIS_AUTOMATIC_FAILOVER: ${{ inputs.aws_redis_automatic_failover }}
+        AWS_REDIS_APPLY_IMMEDIATELY: ${{ inputs.aws_redis_apply_immediately }}
+        AWS_REDIS_AUTO_MINOR_UPGRADE: ${{ inputs.aws_redis_auto_minor_upgrade }}
+        AWS_REDIS_MAINTENANCE_WINDOW: ${{ inputs.aws_redis_maintenance_window }}
+        AWS_REDIS_SNAPSHOT_WINDOW: ${{ inputs.aws_redis_snapshot_window }}
+        AWS_REDIS_FINAL_SNAPSHOT: ${{ inputs.aws_redis_final_snapshot }}
+        AWS_REDIS_SNAPSHOT_RESTORE_NAME: ${{ inputs.aws_redis_snapshot_restore_name }}
+        AWS_REDIS_CLOUDWATCH_ENABLED: ${{ inputs.aws_redis_cloudwatch_enabled }}
+        AWS_REDIS_CLOUDWATCH_LG_NAME: ${{ inputs.aws_redis_cloudwatch_lg_name }}
+        AWS_REDIS_CLOUDWATCH_LOG_FORMAT: ${{ inputs.aws_redis_cloudwatch_log_format }}
+        AWS_REDIS_CLOUDWATCH_LOG_TYPE: ${{ inputs.aws_redis_cloudwatch_log_type }}
+        AWS_REDIS_CLOUDWATCH_RETENTION_DAYS: ${{ inputs.aws_redis_cloudwatch_retention_days }}
+        AWS_REDIS_SINGLE_LINE_URL_SECRET: ${{ inputs.aws_redis_single_line_url_secret }}
+        AWS_REDIS_ADDITIONAL_TAGS: ${{ inputs.aws_redis_additional_tags }}
+
         # Docker
         DOCKER_INSTALL: ${{ inputs.docker_install }}
         DOCKER_REMOVE_ORPHANS: ${{ inputs.docker_remove_orphans }}
@@ -1085,6 +1226,9 @@ runs:
         ECS_DNS:  ${{ steps.deploy.outputs.ecs_dns_record }}
         ECR_REPO_ARN: ${{ steps.deploy.outputs.ecr_repository_arn }}
         ECR_REPO_URL: ${{ steps.deploy.outputs.ecr_repository_url }}
+        REDIS_ENDPOINT: ${{ steps.deploy.outputs.redis_endpoint }}
+        REDIS_SECRET_NAME: ${{ steps.deploy.outputs.redis_secret_name }}
+        REDIS_SECRET_URL: ${{ steps.deploy.outputs.redis_connection_string_secret }}
       run: $GITHUB_ACTION_PATH/operations/_scripts/deploy/summary.sh
 
     # upload generated artifacts to GitHub if enabled

operations/_scripts/deploy/deploy.sh

@@ -80,6 +80,7 @@ if [[ $(alpha_only "$TF_STATE_BUCKET_DESTROY") == true ]] && ! [[ $(alpha_only "
      [[ $(alpha_only "$AWS_EC2_INSTANCE_CREATE") == true ]] ||
      [[ $(alpha_only "$AWS_ECS_ENABLE") == true ]] || 
      [[ $(alpha_only "$AWS_DB_PROXY_ENABLE") == true ]] ||
+     [[ $(alpha_only "$AWS_REDIS_ENABLE") == true ]] ||
      [[ $(alpha_only "$AWS_ECR_REPO_CREATE") == true ]] ||
      [[ $(alpha_only "$AWS_EKS_CREATE") == true ]]; then 
     export TF_STATE_BUCKET_DESTROY="false"

operations/_scripts/deploy/summary.sh

@@ -22,6 +22,9 @@
 # ECS_DNS
 # ECR_REPO_ARN
 # ECR_REPO_URL
+# REDIS_ENDPOINT
+# REDIS_SECRET_NAME
+# REDIS_SECRET_URL
 
 # Create an error code mechanism so we don't have to check the actual static text,
 # just which case we fell into
@@ -41,6 +44,7 @@
 # 12 - success, Aurora created
 # 13 - success, DB Proxy created
 # 14 - success, ECS created
+# 15 - success, Redis created
 # 500 - cancelled
 
 # Function to process and return the result as a string
@@ -122,6 +126,15 @@ if [[ $SUCCESS == 'success' ]]; then
     result_string="## Deploy Complete! :rocket:
     ECS LB Endpoing: ${ECS_ALB_DNS}
     ECS Public DNS: ${ECS_DNS}"
+  elif [[ -n $REDIS_ENDPOINT ]] && [[ -n $REDIS_SECRET_NAME ]]; then
+    SUMMARY_CODE=15
+    result_string="## Deploy Complete! :rocket:
+    Redis endpoint: ${REDIS_ENDPOINT}
+    Redis secret name: ${REDIS_SECRET_NAME}"
+    if [[ -n $REDIS_SECRET_URL ]]; then
+    result_string+="
+    Redis connection URL secret name: ${REDIS_SECRET_URL}"
+    fi
   elif [[ $BITOPS_CODE_ONLY == 'true' ]]; then
     if [[ $BITOPS_CODE_STORE == 'true' ]]; then
       SUMMARY_CODE=6

operations/_scripts/generate/generate_bitops_config.sh

@@ -95,7 +95,8 @@ if ([[ $(alpha_only "$AWS_EC2_INSTANCE_CREATE") == true ]] ||
     [[ $(alpha_only "$AWS_AURORA_ENABLE") == true ]] ||
     [[ $(alpha_only "$AWS_RDS_DB_ENABLE") == true ]] ||
     [[ $(alpha_only "$AWS_ECS_ENABLE") == true ]] ||
-    [[ $(alpha_only "$AWS_DB_PROXY_ENABLE") == true ]]) && 
+    [[ $(alpha_only "$AWS_DB_PROXY_ENABLE") == true ]] ||
+    [[ $(alpha_only "$AWS_REDIS_ENABLE") == true ]]) && 
     [[ "$(alpha_only $TF_STACK_DESTROY)" != "true" ]]; then
   # random_integer.az_select needs to be created before the "full stack" to avoid a potential state dependency locks
   targets="$targets
@@ -144,7 +145,7 @@ bitops:
       create_bitops_terraform_config aws false targets
     fi
   else
-    if [[ $(alpha_only "$AWS_EC2_INSTANCE_CREATE") != "" ]] || [[ $(alpha_only "$AWS_EFS_ENABLE") != "" ]] || [[ "$AWS_AURORA_ENABLE" != "" ]] || [[ "$AWS_RDS_DB_ENABLE" != "" ]] || [[ "$AWS_ECS_ENABLE" != "" ]] || [[ "$AWS_RDS_PROXY_ENABLE" != "" ]]; then
+    if [[ $(alpha_only "$AWS_EC2_INSTANCE_CREATE") != "" ]] || [[ $(alpha_only "$AWS_EFS_ENABLE") != "" ]] || [[ "$AWS_AURORA_ENABLE" != "" ]] || [[ "$AWS_RDS_DB_ENABLE" != "" ]] || [[ "$AWS_ECS_ENABLE" != "" ]] || [[ "$AWS_RDS_PROXY_ENABLE" != "" ]] || [[ "$AWS_REDIS_ENABLE" != "" ]]; then
       add_terraform_module aws
       create_bitops_terraform_config aws true targets
     fi

operations/_scripts/generate/generate_provider.sh

@@ -66,7 +66,7 @@ provider \"aws\" {
 done
 }
 
-generate_provider_aws aws ec2,r53,elb,efs,vpc,rds,aurora,ecs,db_proxy
+generate_provider_aws aws ec2,r53,elb,efs,vpc,rds,aurora,ecs,db_proxy,redis
 generate_provider_aws ecr ecr
 generate_provider_aws eks