Merge pull request #7 from yaradigitallabs/DE-3650/redis-enable-encryption-at-rest

Sr3yas-sk · web-flow · commit d265fedf6e26 · 2025-03-25T11:09:00.000+05:30
DE-3650 Enabling encryption at rest parameter for redis
diff --git a/main.tf b/main.tf
@@ -23,6 +23,7 @@ resource "aws_elasticache_replication_group" "redis" {
   snapshot_retention_limit   = var.redis_snapshot_retention_limit
   tags                       = merge({ "Name" = format("tf-elasticache-%s", var.name) }, var.tags)
   transit_encryption_enabled = var.transit_encryption_enabled
+  at_rest_encryption_enabled = var.at_rest_encryption_enabled
   auth_token                 = var.transit_encryption_enabled ? var.auth_token : null
 }
 
diff --git a/variables.tf b/variables.tf
@@ -128,6 +128,12 @@ variable "transit_encryption_enabled" {
   description = "Enable TLS"
 }
 
+variable "at_rest_encryption_enabled" {
+  type        = bool
+  default     = true
+  description = "Enable encryption at rest"
+}
+
 variable "auth_token" {
   type        = string
   description = "token for password protecting redis, transit_encryption_enabled must`` be set to  `true`. Password must be longer than 16 chars"

Original file line number	Diff line number	Diff line change
`@@ -23,6 +23,7 @@ resource "aws_elasticache_replication_group" "redis" {`
`23`	`23`	`snapshot_retention_limit = var.redis_snapshot_retention_limit`
`24`	`24`	`tags = merge({ "Name" = format("tf-elasticache-%s", var.name) }, var.tags)`
`25`	`25`	`transit_encryption_enabled = var.transit_encryption_enabled`
	`26`	`+ at_rest_encryption_enabled = var.at_rest_encryption_enabled`
`26`	`27`	`auth_token = var.transit_encryption_enabled ? var.auth_token : null`
`27`	`28`	`}`
`28`	`29`