fix(aws, stack): elasticache_transit_encryption_mode

dbl-works · Aug 30, 2024 · 099a772 · 099a772
1 parent 0c6ebe0
commit 099a772
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 0 deletions.
diff --git a/aws/stack/app/elasticache.tf b/aws/stack/app/elasticache.tf
@@ -29,4 +29,5 @@ module "elasticache" {
   cluster_mode               = var.elasticache_cluster_mode
   maxmemory_policy           = var.elasticache_maxmemory_policy == null ? (var.elasticache_cluster_mode ? "volatile-lru" : "noeviction") : var.elasticache_maxmemory_policy
   transit_encryption_enabled = var.elasticache_transit_encryption_enabled
+  transit_encryption_mode    = var.elasticache_transit_encryption_mode
 }
diff --git a/aws/stack/app/variables.tf b/aws/stack/app/variables.tf
@@ -397,6 +397,17 @@ variable "rds_ca_cert_identifier" {
 # =============== ECS ================ #
 variable "health_check_path" { default = "/livez" }
 
+variable "elasticache_transit_encryption_mode" {
+  type        = string
+  default     = "required"
+  description = "when migrating from no encryption to encryption, this must be set to 'preferred', then apply changes, then set to 'required'"
+
+  validation {
+    condition     = contains(["required", "preferred"], var.elasticache_transit_encryption_mode)
+    error_message = "elasticache_transit_encryption_mode must be either 'required' or 'preferred'"
+  }
+}
+
 variable "enable_container_insights" {
   type    = bool
   default = null