def create_cache_cluster(stack, name, cache_type, vpc, cidrs, subnet_ids,
instance_type, num_cache_clusters):
"""Add Elasticache Cache cluster Resource."""
ports = {'redis': 6379, 'memcached': 11211}
ingress = []
for idx, cidr in enumerate(cidrs):
ingress.append(
SecurityGroupRule(
'{0}{1}{2}'.format(name.replace('-', ''), cache_type, idx),
CidrIp=cidr,
FromPort=ports[cache_type],
ToPort=ports[cache_type],
IpProtocol='tcp',
))
secgroup = stack.stack.add_resource(
SecurityGroup(
'{0}{1}SecurityGroup'.format(name.replace('-', ''), cache_type),
GroupDescription='{0} {1} Security Group'.format(name, cache_type),
SecurityGroupIngress=ingress,
SecurityGroupEgress=[
SecurityGroupRule('{0}egress'.format(name.replace('-', '')),
CidrIp='0.0.0.0/0',
IpProtocol='-1')
],
VpcId=vpc,
))
subnet_group = stack.stack.add_resource(
elasticache.SubnetGroup(
'{0}{1}cache'.format(name.replace('-', ''), cache_type),
Description='{0}{1} cache'.format(name, cache_type),
SubnetIds=subnet_ids,
))
if num_cache_clusters > 1:
stack.stack.add_resource(
elasticache.ReplicationGroup(
'{0}CacheCluster'.format(name.replace('-', '')),
ReplicationGroupId='{0}'.format(name),
ReplicationGroupDescription='{0}cluster'.format(name),
Engine='{0}'.format(cache_type),
EngineVersion='3.2.6',
CacheNodeType=instance_type,
NumCacheClusters=num_cache_clusters,
CacheSubnetGroupName=Ref(subnet_group),
SecurityGroupIds=[Ref(secgroup)],
AtRestEncryptionEnabled=True))
else:
stack.stack.add_resource(
elasticache.CacheCluster('{0}CacheCluster'.format(
name.replace('-', '')),
ClusterName='{0}'.format(name),
Engine='{0}'.format(cache_type),
EngineVersion='3.2.10',
CacheNodeType=instance_type,
NumCacheNodes=num_cache_clusters,
VpcSecurityGroupIds=[Ref(secgroup)],
CacheSubnetGroupName=Ref(subnet_group)))
def create_elasticache_replication_group(self):
elasticache_security_group_name = 'sgCacheCluster'
elasticache_security_group = self.add_resource(
ec2.SecurityGroup(
elasticache_security_group_name,
GroupDescription='Enables access to the cache cluster',
VpcId=Ref(self.vpc_id),
SecurityGroupIngress=[
ec2.SecurityGroupRule(IpProtocol='tcp',
CidrIp=VPC_CIDR,
FromPort=p,
ToPort=p) for p in [REDIS]
],
SecurityGroupEgress=[
ec2.SecurityGroupRule(IpProtocol='tcp',
CidrIp=VPC_CIDR,
FromPort=p,
ToPort=p) for p in [REDIS]
],
Tags=self.get_tags(Name=elasticache_security_group_name)))
elasticache_subnet_group = self.add_resource(
ec.SubnetGroup(
'ecsngCacheCluster',
Description='Private subnets for the ElastiCache instances',
SubnetIds=Ref(self.private_subnets)))
elasticache_parameter_group = self.add_resource(
ec.ParameterGroup(
'ecpgCacheCluster',
CacheParameterGroupFamily='redis2.8',
Description='Parameter group for the ElastiCache instances',
Properties={'maxmemory-policy': 'allkeys-lru'}))
elasticache_group = self.add_resource(
ec.ReplicationGroup(
'CacheReplicationGroup',
AutomaticFailoverEnabled=True,
AutoMinorVersionUpgrade=True,
CacheNodeType=Ref(self.elasticache_instance_type),
CacheParameterGroupName=Ref(elasticache_parameter_group),
CacheSubnetGroupName=Ref(elasticache_subnet_group),
Engine='redis',
EngineVersion='2.8.24',
NotificationTopicArn=Ref(self.notification_topic_arn),
NumCacheClusters=2,
PreferredCacheClusterAZs=Ref(self.availability_zones),
PreferredMaintenanceWindow=
'sun:05:00-sun:06:00', # NOQA SUN 01:00AM-02:00AM ET
ReplicationGroupDescription='Redis replication group',
SecurityGroupIds=[Ref(elasticache_security_group)],
SnapshotRetentionLimit=30,
SnapshotWindow='04:00-05:00' # 12:00AM-01:00AM ET
))
return elasticache_group, elasticache_security_group
def redis_adder_replcation(self,
name,
tags,
instance_type='cache.m3.medium',
cache_clusters=2,
version='3.2.4'):
rule = self.rule_adder(6379, cidr='10.0.0.0/16')
subnetname = Join("", [name, Ref("DeploymentEnvironment")])
self.group_adder("redissg", [rule])
subnetgroup = self.template.add_resource(
elasticache.SubnetGroup(
"SubnetGroup",
CacheSubnetGroupName=subnetname,
Description='Subnet Group for ElasticCache Redis {0}'.format(
name),
SubnetIds=self.config['subnets']))
self.template.add_resource(
elasticache.ReplicationGroup(
'RedisReplicationGroup',
ReplicationGroupId=name,
Engine='redis',
EngineVersion=version,
CacheNodeType=instance_type,
NumCacheClusters=cache_clusters,
Tags=tags,
CacheSubnetGroupName=Ref(subnetgroup),
ReplicationGroupDescription="%s replication group" % name,
SecurityGroupIds=[GetAtt('redissg', "GroupId")],
))
redisdnsrecord = RecordSetType(
"RedisDNSRecord",
HostedZoneName=Join("", [Ref("RedisDNSDomain"), "."]),
Name=Join("",
[Ref("RedisDNSName"), ".",
Ref("RedisDNSDomain"), "."]),
Type="CNAME",
TTL="900",
ResourceRecords=[
GetAtt("RedisReplicationGroup", "PrimaryEndPoint.Address")
],
)
self.template.add_resource(redisdnsrecord)
def create_cache_cluster(stack, cache_type):
"""Add Elasticache Cache cluster Resource."""
ports = {'redis': 6379, 'memcached': 11211}
secgroup = stack.stack.add_resource(
SecurityGroup(
'{0}SecurityGroup'.format(cache_type),
GroupDescription="{0} Security Group".format(cache_type),
SecurityGroupIngress=[
SecurityGroupRule(
"{0}".format(cache_type),
CidrIp=Ref(stack.vpc_address_param),
FromPort=ports[cache_type],
ToPort=ports[cache_type],
IpProtocol="tcp",
)
],
VpcId=Ref(stack.vpc),
))
subnet_group = stack.stack.add_resource(
elasticache.SubnetGroup(
'{0}cache'.format(stack.env),
Description='{0} cache'.format(stack.env),
SubnetIds=[Ref(stack.backend1_subnet),
Ref(stack.backend2_subnet)],
))
stack.stack.add_resource(
elasticache.ReplicationGroup(
'CacheCluster',
ReplicationGroupId='{0}cluster'.format(stack.env),
ReplicationGroupDescription='{0}cluster'.format(stack.env),
Engine='{0}'.format(cache_type),
CacheNodeType=Ref(stack.cache_instance_type_param),
NumCacheClusters='2',
CacheSubnetGroupName=Ref(subnet_group),
SecurityGroupIds=[Ref(secgroup)]))
CacheSubnetGroupName=Ref(cache_subnet_group),
Tags=Tags(Name=Join("-", [Ref("AWS::StackName"), "cache"]), ),
)
redis_replication_group = elasticache.ReplicationGroup(
"RedisReplicationGroup",
template=template,
AtRestEncryptionEnabled=use_aes256_encryption,
AutomaticFailoverEnabled=Ref(redis_automatic_failover),
AuthToken=If(using_auth_token_condition, Ref(redis_auth_token),
Ref("AWS::NoValue")),
Engine="redis",
EngineVersion=Ref(redis_version),
CacheNodeType=Ref(redis_node_type),
CacheSubnetGroupName=Ref(cache_subnet_group),
Condition=using_redis_condition,
NumCacheClusters=redis_num_cache_clusters,
Port=constants.REDIS_PORT,
PreferredCacheClusterAZs=If(
redis_uses_automatic_failover,
[Ref(primary_az), Ref(secondary_az)], Ref("AWS::NoValue")),
ReplicationGroupDescription="Redis ReplicationGroup",
SecurityGroupIds=[Ref(cache_security_group)],
SnapshotRetentionLimit=redis_snapshot_retention_limit,
TransitEncryptionEnabled=use_aes256_encryption,
KmsKeyId=If(use_cmk_arn, Ref(cmk_arn), Ref("AWS::NoValue")),
Tags=Tags(Name=Join("-", [Ref("AWS::StackName"), "redis"]), ),
)
cache_address = If(
using_memcached_condition,
GetAtt(cache_cluster, 'ConfigurationEndpoint.Address'),
def configure(self):
elasticache_metadata = constants.ENVIRONMENTS[self.env]['elasticache']
self.name = 'elasticache'
self.add_description('Sets up elasticache in VPC')
self.get_standard_parameters()
self.get_default_security_groups()
for cache in elasticache_metadata:
name = self.env + cache['name'].replace(
'-', '').capitalize() + cache['engine'].capitalize()
tags = self.get_tags(service_override=self.name,
role_override=cache['name'])
_port = 6379 if cache['engine'] == 'redis' else 11211
security_group = self.add_resource(
ec2.SecurityGroup(
'{}ElastiCacheSecurityGroup'.format(name),
VpcId=self.vpc_id,
GroupDescription='Security Group for {} Access'.format(
name),
SecurityGroupIngress=[{
'IpProtocol': 'tcp',
'FromPort': _port,
'ToPort': _port,
'CidrIp': self.vpc_cidr
}],
Tags=tags))
# Default to true for preferred subnet unless using multi_az
preferred_only = False if cache.get(
'multi_az') is True else cache.get('preferred_only', True)
subnet_group = self.add_resource(
elasticache.SubnetGroup(
'{}SubnetGroup'.format(name),
Description='SubnetGroup for {} Elasticache'.format(name),
SubnetIds=list(
map(
lambda x: x['SubnetId'],
self.get_subnets(
'private', _preferred_only=preferred_only)))))
if cache['engine'] == 'redis':
cache_cluster = self.add_resource(
elasticache.ReplicationGroup(
'{}ReplicationGroup'.format(name),
AutomaticFailoverEnabled=False,
AutoMinorVersionUpgrade=True,
CacheNodeType=cache['instance_type'],
CacheSubnetGroupName=Ref(subnet_group),
Engine='redis',
EngineVersion=cache.get('engine_version', '5.0.6'),
NumCacheClusters=1,
ReplicationGroupDescription=
'{} RedisElasticache Cluster'.format(name),
SecurityGroupIds=[Ref(security_group)]))
records = [GetAtt(cache_cluster, 'PrimaryEndPoint.Address')]
else:
cache_cluster = self.add_resource(
elasticache.CacheCluster(
'{}CacheCluster'.format(name),
AutoMinorVersionUpgrade=True,
CacheNodeType=cache['instance_type'],
CacheSubnetGroupName=Ref(subnet_group),
ClusterName=cache.get('cluster_name', name),
Engine='memcached',
EngineVersion='1.5.16',
NumCacheNodes=3,
VpcSecurityGroupIds=[Ref(security_group)]))
records = [
GetAtt(cache_cluster, 'ConfigurationEndpoint.Address')
]
if self.get_partition() != 'aws-us-gov':
hosted_zone = constants.ENVIRONMENTS[self.env]['route53_zone']
self.add_resource(
route53.RecordSetGroup(
'{}Route53'.format(name),
HostedZoneName=hosted_zone,
RecordSets=[
route53.RecordSet(
Name='{}.{}.{}'.format(cache['name'],
cache['engine'],
hosted_zone),
ResourceRecords=[
GetAtt(cache_cluster,
'PrimaryEndPoint.Address')
],
Type='CNAME',
TTL=600)
]))
