Merge pull request #17 from Pancham97/feat-add-security-group-to-dax

pearcem0 · web-flow · commit 348d6be2b65f · 2022-10-12T14:09:21.000+01:00
feat: add security group IDs to DAX module
diff --git a/.gitignore b/.gitignore
@@ -28,3 +28,4 @@ override.tf.json
 # Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
 # example: *tfplan*
 .DS_Store
+.dccache
diff --git a/dax/README.md b/dax/README.md
@@ -18,6 +18,7 @@ No requirements.
 | query\_cache\_ttl\_\_milli\_second | Time after which item query will invalidate. Default 5 minutes | `number` | `300000` | no |
 | region | n/a | `string` | n/a | yes |
 | replication\_factor | (Required) The number of nodes in the DAX cluster | `number` | `3` | no |
+| security_group_ids | The list of Security Group IDs to be associated with the DAX cluster | `list(string)` | n/a | yes |
 | tables | List of tables for using dax | `list(string)` | n/a | yes |
 | tags | A map of tags to assign to the resource | `any` | n/a | yes |
 | vpc\_id | n/a | `string` | n/a | yes |
@@ -53,6 +54,10 @@ module "my_dax" {
   replication_factor            = 3
   query_cache_ttl__milli_second = 30 * 1000
   item_cache_ttl_milli_second   = 30 * 60 * 1000
+  security_group_ids = [
+    "sg-123456789",
+    "sg-987654321"
+  ]
   tables = [
     "table1",
     "table2"
diff --git a/dax/main.tf b/dax/main.tf
@@ -44,16 +44,16 @@ data "aws_iam_policy_document" "document" {
   statement {
     effect = "Allow"
     actions = [
+      "dynamodb:BatchGetItem",
+      "dynamodb:BatchWriteItem",
+      "dynamodb:ConditionCheckItem",
+      "dynamodb:DeleteItem",
       "dynamodb:DescribeTable",
-      "dynamodb:PutItem",
       "dynamodb:GetItem",
-      "dynamodb:UpdateItem",
-      "dynamodb:DeleteItem",
+      "dynamodb:PutItem",
       "dynamodb:Query",
       "dynamodb:Scan",
-      "dynamodb:BatchGetItem",
-      "dynamodb:BatchWriteItem",
-      "dynamodb:ConditionCheckItem"
+      "dynamodb:UpdateItem"
     ]
     resources = flatten(local.table_arns)
   }
@@ -95,6 +95,7 @@ resource "aws_dax_cluster" "cluster" {
   node_type            = var.node_type
   replication_factor   = var.replication_factor
   parameter_group_name = aws_dax_parameter_group.group.name
+  security_group_ids   = var.security_group_ids
   subnet_group_name    = aws_dax_subnet_group.subnet_group.id
   server_side_encryption {
     enabled = true
diff --git a/dax/variables.tf b/dax/variables.tf
@@ -40,3 +40,8 @@ variable "query_cache_ttl__milli_second" {
   default     = 300000
   description = "Time after which query cache will invalidate. Default 5 minutes"
 }
+
+variable "security_group_ids" {
+  type        = list(string)
+  description = "(Required) One or more VPC security groups associated with the cluster"
+}

Original file line number	Diff line number	Diff line change
`@@ -40,3 +40,8 @@ variable "query_cache_ttl__milli_second" {`
`40`	`40`	`default = 300000`
`41`	`41`	`description = "Time after which query cache will invalidate. Default 5 minutes"`
`42`	`42`	`}`
	`43`	`+`
	`44`	`+variable "security_group_ids" {`
	`45`	`+ type = list(string)`
	`46`	`+ description = "(Required) One or more VPC security groups associated with the cluster"`
	`47`	`+}`