Reputation: 1
Error in Terraform: Can't configure values for "at_rest_encryption_enabled" and "transit_encryption_enabled" in aws_elasticache_cluster
I'm currently facing a challenge with my Terraform configuration while working on the deployment of an Amazon ElastiCache cluster coupled with a global replication group. The primary objective is to ensure both at-rest and in-transit encryption for the ElastiCache cluster
Here is a snippet of my Terraform configuration, focusing on the relevant resources:
resource "aws_elasticache_cluster" "redis_cluster" {
cluster_id = var.redis_cluster_name
engine = "redis"
engine_version = "6.2"
node_type = "cache.t2.small"
num_cache_nodes = 1
parameter_group_name = "default.redis6.x"
subnet_group_name = var.subnet_group_name
security_group_ids = [var.security_group_id]
port = 6379
log_delivery_configuration {
destination = aws_cloudwatch_log_group.redis_cluster_logs.name
destination_type = "cloudwatch-logs"
log_format = "text"
log_type = "slow-log"
}
maintenance_window = "sun:05:00-sun:06:00"
snapshot_window = "01:00-02:00"
snapshot_retention_limit = 30
}
resource "aws_elasticache_global_replication_group" "{replication_group_identifier}" {
global_replication_group_id_suffix = "{unique_suffix}"
automatic_failover_enabled = true
primary_replication_group_id = aws_elasticache_cluster.{cluster_identifier}.id
at_rest_encryption_enabled = true
transit_encryption_enabled = true
}
Applying the Terraform configuration, I encountered the following error:
Can't configure a value for "at_rest_encryption_enabled": its value will be decided automatically based on the result of applying this configuration. Value for unconfigurable attribute with aws_elasticache_global_replication_group.{replication_group_identifier}, on infra.tf line 537, in resource "aws_elasticache_global_replication_group" "{replication_group_identifier}": transit_encryption_enabled = true
Can't configure a value for "transit_encryption_enabled": its value will be decided automatically based on the result of applying this configuration. in this script
It seems that I cannot explicitly set values for "at_rest_encryption_enabled" and "transit_encryption_enabled" in the aws_elasticache_global_replication_group resource. How can I configure these attributes correctly to enable encryption for my ElastiCache cluster?
I appreciate any assistance or guidance on resolving this issue. If more details are needed, please let me know.
Upvotes: 0
Views: 843
Answers (1)
Reputation: 201008
Looking at the documentation, you will see that the encryption settings on aws_elasticache_global_replication_group are output attributes only. Those are not values you can set.
Looking at the example on that same page, it appears that you need to create a regular aws_elasticache_replication_group resource, with the encryptions settings specified on that resource, and then pass that resource to the aws_elasticache_global_replication_group as the primary_replication_group_id.
You are currently passing an aws_elasticache_cluster as the primary_replication_group_id which seems wrong. I think you would get an error on that, or at the very least some unexpected behavior.
Upvotes: 0
Related Questions
- Configure IAM for Fluent-bit on AWS EKS
- Can I create an API app in Azure using Terraform?
- aws_acm_certificate - how to make terraform wait until certificate status is ISSUED?
- Importing azurerm_linux_virtual_machine resource - Error: Value for unconfigurable attribute
- Terraform AWS Elasticache Global Replication group Secondary Cluster setting Auto failover to True
- Terraform AWS CloudTrail configurations fails
- Dynamically change in the configuration of aws_elasticache_replication_group in terraform