Top / Amazon Web Service / AWS ElastiCache / Cluster

AWS ElastiCache Cluster

This page shows how to write Terraform and CloudFormation for ElastiCache Cluster and write them securely.

terraform-logo

Review your .tf file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

aws_elasticache_cluster (Terraform)

The Cluster in ElastiCache can be configured in Terraform with the resource name aws_elasticache_cluster. The following sections describe 5 examples of how to use the resource and its parameters.

Example Usage from GitHub

elasticcache.tf#L1
resource "aws_elasticache_cluster" "noMemcachedInElastiCache" {
  cluster_id           = "cluster-example"
  engine               = "memcached"
  node_type            = "cache.m4.large"
  num_cache_nodes      = 2
  parameter_group_name = "default.memcached1.4"
main.tf#L3
resource "aws_elasticache_cluster" "enabled" {
  cluster_id           = "cluster"
  engine               = "redis"
  node_type            = "cache.m5.large"
  num_cache_nodes      = 1
  parameter_group_name = "default.redis6.x"
elasticache_cluster_test.tf#L12
resource "aws_elasticache_cluster" "memcached" {
  cluster_id           = "cluster-example"
  engine               = "memcached"
  node_type            = "cache.m4.large"
  num_cache_nodes      = 2
  parameter_group_name = "default.redis3.2"
main.tf#L3
resource "aws_elasticache_cluster" "enabled" {
  cluster_id           = "cluster"
  engine               = "redis"
  node_type            = "cache.m5.large"
  num_cache_nodes      = 1
  parameter_group_name = "default.redis6.x"
main.tf#L3
resource "aws_elasticache_cluster" "enabled" {
  cluster_id           = "cluster"
  engine               = "redis"
  node_type            = "cache.m5.large"
  num_cache_nodes      = 1
  parameter_group_name = "default.redis6.x"

Review your Terraform file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Security Best Practices for aws_elasticache_cluster

There is 1 setting in aws_elasticache_cluster that should be taken care of for security reasons. The following section explain an overview and example code.

risk-label

Ensure to enable backup retention of Elasitcache

It's better to take snapshots of Redis clusters to improve data availability.

Review your AWS ElastiCache settings

You can check if the aws_elasticache_cluster setting in your .tf file is correct in 3 min with Shisho Cloud.

Parameters

>> from Terraform Registry

Explanation in Terraform Registry

Provides an ElastiCache Cluster resource, which manages either a Memcached cluster, a single-node Redis instance, or a [read replica in a Redis (Cluster Mode Enabled) replication group]. For working with Redis (Cluster Mode Enabled) replication groups, see the aws_elasticache_replication_group resource.

Note: When you change an attribute, such as num_cache_nodes, by default it is applied in the next maintenance window. Because of this, Terraform may report a difference in its planning phase because the actual modification has not yet taken place. You can use the apply_immediately flag to instruct the service to apply the change immediately. Using apply_immediately can result in a brief downtime as the server reboots. See the AWS Documentation on Modifying an ElastiCache Cache Cluster for ElastiCache for Memcached or ElastiCache for Redis for more information. Note: Any attribute changes that re-create the resource will be applied immediately, regardless of the value of apply_immediately.

>> from Terraform Registry

Tips: Best Practices for The Other AWS ElastiCache Resources

In addition to the aws_elasticache_replication_group, AWS ElastiCache has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.

risk-label

aws_elasticache_replication_group

Ensure to enable in-transit encryption of ElastiCache

It's better to enable in-transit encryption of ElastiCahe. If the ElastiCache replication group uses unencrypted traffic, it is vulnerable to meet-in-the-middle (MITM) attacks.

Review your AWS ElastiCache settings

In addition to the above, there are other security points you should be aware of making sure that your .tf files are protected in Shisho Cloud.

AWS::ElastiCache::CacheCluster (CloudFormation)

The CacheCluster in ElastiCache can be configured in CloudFormation with the resource name AWS::ElastiCache::CacheCluster. The following sections describe how to use the resource and its parameters.

Example Usage from GitHub

An example could not be found in GitHub.

Parameters

>> from AWS CloudFormation Documentation

Explanation in CloudFormation Registry

The AWS::ElastiCache::CacheCluster type creates an Amazon ElastiCache cache cluster.

>> from AWS CloudFormation Documentation

The Other Related AWS ElastiCache Resources

Frequently asked questions

What is AWS ElastiCache Cluster?

AWS ElastiCache Cluster is a resource for ElastiCache of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.

Where can I find the example code for the AWS ElastiCache Cluster?

For Terraform, the storebot/pr_demo_flat, melscoop-test/check and gilyas/infracost source code examples are useful. See the Terraform Example section for further details.

security-icon

Automate config file reviews on your commits

Fix issues in your infrastructure as code with auto-generated patches.

Table of Contents