#terraform-aws-modules (2021-12)
Terraform Modules
Discussions related to https://github.com/terraform-aws-modules
Archive: https://archive.sweetops.com/terraform-aws-modules/
2021-12-06
Hi, I’m trying to upgrade the Redis engine on my AWS Elasticache cluster from 5.0.5 to 6.2 I’m using this module//github.com/cloudposse/terraform-aws-elasticache-redis/releases/tag/0.41.2> And seeing this error
Error: error updating ElastiCache Replication Group (elasticache-env5-redis): InvalidParameterCombination: Must specify a parameter group for the engine major version upgrade from redis 5.0 to 6.2 status code: 400, request id: 6811f0fc-9f44-4e3b-beff-a973135174ac
with module.redis.aws_elasticache_replication_group.default[0]
on .terraform/modules/redis/main.tf line 104, in resource "aws_elasticache_replication_group" "default":
resource "aws_elasticache_replication_group" "default" {
Completely stumped. Where can I find help ?
Please include your inputs in this thread
here is the resource that’s failing https://github.com/cloudposse/terraform-aws-elasticache-redis/blob/7293a0e34195637ce11ae6e157620bca48b88e46/main.tf#L104-L124
it’s possible you have a mismatch with the engine_version supplied and the replication group
I updated the engine_version to 6.x, but the family is still set to my default value redis5.0
Let me try updating that. If it still fails, I’ll post the inputs.
module "redis" {
source = "git::<https://github.com/cloudposse/terraform-aws-elasticache-redis.git?ref=tags/0.41.2>"
availability_zones = ["us-east-1a", "us-east-1b", "us-east-1c"]
namespace = var.namespace
stage = var.env
name = "redis"
vpc_id = data.terraform_remote_state.network.outputs.vpc_id
create_security_group = false
associated_security_group_ids= length(var.external_sg_list) != 0 ? concat([data.terraform_remote_state.platform_networking.outputs.elasticache_security_group], var.external_sg_list) : [data.terraform_remote_state.platform_networking.outputs.elasticache_security_group]
subnets = data.terraform_remote_state.network.outputs.private_subnets
instance_type = var.instance_type
apply_immediately = true
automatic_failover_enabled = true
multi_az_enabled = true
transit_encryption_enabled = true
at_rest_encryption_enabled = true
cluster_mode_enabled = true
cluster_mode_num_node_groups = var.cluster_mode_num_node_groups
cluster_mode_replicas_per_node_group = 1
replication_group_id = "${var.namespace}-${var.env}-redis"
cluster_size = 2
engine_version = "6.x"
family = "redis6.0"
snapshot_retention_limit = 5
snapshot_window = "06:30-07:30"
}
a family of redis6.0 should prevent the error
Now it tries to delete and recreate the parameter group, but it’s already in use by the same cluster
Error: error deleting ElastiCache Parameter Group (elasticache-env5-redis): InvalidCacheParameterGroupState: One or more cache clusters are still members of this parameter group elasticache-env5-redis, so the group cannot be deleted. status code: 400, request id: 5b7f4b2e-1273-4c28-85b9-dc714205a002
try a full destroy and then run terraform apply
Oh, so in place upgrade is not possible ?
That might be a problem in prod
ah yes i thought this was a new cluster
perhaps just remove the old param group from the state and allow it to craete a new param group
I’m (spoiled by) using TF cloud. Not sure whether I can modify the state
you could try creating a new param group, associating the existing rds instance with the new param group, upgrading the rds instance to the version specified
but you may have to do state manipulations
I just tried deleting the parameter group from the statefile. I would also need to delete the actual resource, and would need to create a duplicate param group before I can delete the desired one. And I can’t seem to find a copy command. All this feels like too much manual work. At this point I might as well propose recreating the Elasticache Redis cluster with the new engine version/family.
2021-12-09
Hey, not sure if I needed to ping in here to get a PR reviewed but here it goes https://github.com/cloudposse/terraform-aws-cloudfront-s3-cdn/pull/188
Hi Neil! Post it to #pr-reviews I left a comment inside
2021-12-10
2021-12-16
heads up with a giant PR on EKS module https://github.com/terraform-aws-modules/terraform-aws-eks/pull/1680 What caught my attention is
• Drop support for managing aws-auth configmap
◦ Drop requirement of requiring aws-iam-authenticator
◦ Drop requirement of Kubernetes terraform provider
as i’ve bumped into it recently (has been very nicely documented by @Erik Osterman (Cloud Posse) and his team btw)
@Erik Osterman (Cloud Posse) You scared me there, I thought at first this was a PR for our EKS module. I think it is a mistake to drop support for managing the aws-auth ConfigMap. It needs to be managed, and AWS is hopefully going to provide an AWS (as opposed to Kubernetes) API for managing it, so I think removing it is not a good long-term plan. Our module mostly handles it OK for now, and of course has the option to not manage it if you want to go that way.
That said, this Kubernetes operator looks like it is worth investigating.