Merge pull request #414 from cisagov/cd_add_elasticache

Add AWS Elasticache
cisagov · Jul 17, 2024 · 5d13bee · 5d13bee
2 parents 74c36e2 + 3aefd3b
commit 5d13bee
Show file tree

Hide file tree

Showing 4 changed files with 47 additions and 1 deletion.
diff --git a/infrastructure/elasticache.tf b/infrastructure/elasticache.tf
@@ -0,0 +1,39 @@
+resource "aws_security_group" "elasticache_security_group" {
+  name_prefix = "elasticache-"
+  description = "ElastiCache security group"
+
+  ingress {
+    from_port   = 6379
+    to_port     = 6379
+    protocol    = "tcp"
+    cidr_blocks = ["10.0.2.0/24"] // Restrict to a specific CIDR block, ideally your VPC's CIDR
+  }
+}
+
+resource "aws_elasticache_subnet_group" "crossfeed_vpc" {
+  name       = "aws_vpc.crossfeed_vpc"
+  subnet_ids = [aws_subnet.backend.id]
+
+  tags = {
+    Name = "crossfeed_vpc"
+  }
+}
+
+resource "aws_elasticache_cluster" "crossfeed_vpc_elasticache_cluster" {
+  count                = var.create_elasticache_cluster ? 1 : 0
+  cluster_id           = "crossfeed-vpc-cluster"
+  engine               = "redis"
+  node_type            = "cache.r7g.xlarge"
+  num_cache_nodes      = 1
+  parameter_group_name = "default.redis7.1"
+  engine_version       = "7.1"
+  port                 = 6379
+  subnet_group_name    = aws_elasticache_subnet_group.crossfeed_vpc.name
+  security_group_ids   = [aws_security_group.elasticache_security_group.id]
+
+  tags = {
+    Name    = "crossfeed_vpc_elasticache-cluster"
+    Project = var.project
+    Stage   = var.stage
+  }
+}
diff --git a/infrastructure/prod.tfvars b/infrastructure/prod.tfvars
@@ -103,3 +103,4 @@ ssm_redshift_host                    = "/crossfeed/prod/REDSHIFT_HOST"
 ssm_redshift_database                = "/crossfeed/prod/REDSHIFT_DATABASE"
 ssm_redshift_user                    = "/crossfeed/prod/REDSHIFT_USER"
 ssm_redshift_password                = "/crossfeed/prod/REDSHIFT_PASSWORD"
+create_elasticache_cluster           = false
diff --git a/infrastructure/stage.tfvars b/infrastructure/stage.tfvars
@@ -70,7 +70,6 @@ pe_worker_ecs_cluster_name           = "pe-staging-worker"
 pe_worker_ecs_task_definition_family = "pe-staging-worker"
 pe_worker_ecs_log_group_name         = "pe-staging-worker"
 pe_worker_ecs_role_name              = "pe-staging-worker"
-pe_cybersixgill_ecs_service_name     = "pe-staging-cybersixgill"
 logging_bucket_name                  = "cisa-crossfeed-staging-logging"
 cloudtrail_name                      = "crossfeed-staging-all-events"
 cloudtrail_bucket_name               = "cisa-crossfeed-staging-cloudtrail"
@@ -107,3 +106,4 @@ ssm_redshift_host                    = "/crossfeed/staging/REDSHIFT_HOST"
 ssm_redshift_database                = "/crossfeed/staging/REDSHIFT_DATABASE"
 ssm_redshift_user                    = "/crossfeed/staging/REDSHIFT_USER"
 ssm_redshift_password                = "/crossfeed/staging/REDSHIFT_PASSWORD"
+create_elasticache_cluster           = true
diff --git a/infrastructure/vars.tf b/infrastructure/vars.tf
@@ -668,3 +668,9 @@ variable "ssm_redshift_password" {
   type        = string
   default     = "/crossfeed/staging/REDSHIFT_PASSWORD"
 }
+
+variable "create_elasticache_cluster" {
+  description = "Whether to create a elasticache cluster."
+  type        = bool
+  default     = false
+}