def create_cache_cluster(stack, name, cache_type, vpc, cidrs, subnet_ids, instance_type, num_cache_clusters): """Add Elasticache Cache cluster Resource.""" ports = {'redis': 6379, 'memcached': 11211} ingress = [] for idx, cidr in enumerate(cidrs): ingress.append( SecurityGroupRule( '{0}{1}{2}'.format(name.replace('-', ''), cache_type, idx), CidrIp=cidr, FromPort=ports[cache_type], ToPort=ports[cache_type], IpProtocol='tcp', )) secgroup = stack.stack.add_resource( SecurityGroup( '{0}{1}SecurityGroup'.format(name.replace('-', ''), cache_type), GroupDescription='{0} {1} Security Group'.format(name, cache_type), SecurityGroupIngress=ingress, SecurityGroupEgress=[ SecurityGroupRule('{0}egress'.format(name.replace('-', '')), CidrIp='0.0.0.0/0', IpProtocol='-1') ], VpcId=vpc, )) subnet_group = stack.stack.add_resource( elasticache.SubnetGroup( '{0}{1}cache'.format(name.replace('-', ''), cache_type), Description='{0}{1} cache'.format(name, cache_type), SubnetIds=subnet_ids, )) if num_cache_clusters > 1: stack.stack.add_resource( elasticache.ReplicationGroup( '{0}CacheCluster'.format(name.replace('-', '')), ReplicationGroupId='{0}'.format(name), ReplicationGroupDescription='{0}cluster'.format(name), Engine='{0}'.format(cache_type), EngineVersion='3.2.6', CacheNodeType=instance_type, NumCacheClusters=num_cache_clusters, CacheSubnetGroupName=Ref(subnet_group), SecurityGroupIds=[Ref(secgroup)], AtRestEncryptionEnabled=True)) else: stack.stack.add_resource( elasticache.CacheCluster('{0}CacheCluster'.format( name.replace('-', '')), ClusterName='{0}'.format(name), Engine='{0}'.format(cache_type), EngineVersion='3.2.10', CacheNodeType=instance_type, NumCacheNodes=num_cache_clusters, VpcSecurityGroupIds=[Ref(secgroup)], CacheSubnetGroupName=Ref(subnet_group)))
def create_elasticache_replication_group(self): elasticache_security_group_name = 'sgCacheCluster' elasticache_security_group = self.add_resource( ec2.SecurityGroup( elasticache_security_group_name, GroupDescription='Enables access to the cache cluster', VpcId=Ref(self.vpc_id), SecurityGroupIngress=[ ec2.SecurityGroupRule(IpProtocol='tcp', CidrIp=VPC_CIDR, FromPort=p, ToPort=p) for p in [REDIS] ], SecurityGroupEgress=[ ec2.SecurityGroupRule(IpProtocol='tcp', CidrIp=VPC_CIDR, FromPort=p, ToPort=p) for p in [REDIS] ], Tags=self.get_tags(Name=elasticache_security_group_name))) elasticache_subnet_group = self.add_resource( ec.SubnetGroup( 'ecsngCacheCluster', Description='Private subnets for the ElastiCache instances', SubnetIds=Ref(self.private_subnets))) elasticache_parameter_group = self.add_resource( ec.ParameterGroup( 'ecpgCacheCluster', CacheParameterGroupFamily='redis2.8', Description='Parameter group for the ElastiCache instances', Properties={'maxmemory-policy': 'allkeys-lru'})) elasticache_group = self.add_resource( ec.ReplicationGroup( 'CacheReplicationGroup', AutomaticFailoverEnabled=True, AutoMinorVersionUpgrade=True, CacheNodeType=Ref(self.elasticache_instance_type), CacheParameterGroupName=Ref(elasticache_parameter_group), CacheSubnetGroupName=Ref(elasticache_subnet_group), Engine='redis', EngineVersion='2.8.24', NotificationTopicArn=Ref(self.notification_topic_arn), NumCacheClusters=2, PreferredCacheClusterAZs=Ref(self.availability_zones), PreferredMaintenanceWindow= 'sun:05:00-sun:06:00', # NOQA SUN 01:00AM-02:00AM ET ReplicationGroupDescription='Redis replication group', SecurityGroupIds=[Ref(elasticache_security_group)], SnapshotRetentionLimit=30, SnapshotWindow='04:00-05:00' # 12:00AM-01:00AM ET )) return elasticache_group, elasticache_security_group
def redis_adder_replcation(self, name, tags, instance_type='cache.m3.medium', cache_clusters=2, version='3.2.4'): rule = self.rule_adder(6379, cidr='10.0.0.0/16') subnetname = Join("", [name, Ref("DeploymentEnvironment")]) self.group_adder("redissg", [rule]) subnetgroup = self.template.add_resource( elasticache.SubnetGroup( "SubnetGroup", CacheSubnetGroupName=subnetname, Description='Subnet Group for ElasticCache Redis {0}'.format( name), SubnetIds=self.config['subnets'])) self.template.add_resource( elasticache.ReplicationGroup( 'RedisReplicationGroup', ReplicationGroupId=name, Engine='redis', EngineVersion=version, CacheNodeType=instance_type, NumCacheClusters=cache_clusters, Tags=tags, CacheSubnetGroupName=Ref(subnetgroup), ReplicationGroupDescription="%s replication group" % name, SecurityGroupIds=[GetAtt('redissg', "GroupId")], )) redisdnsrecord = RecordSetType( "RedisDNSRecord", HostedZoneName=Join("", [Ref("RedisDNSDomain"), "."]), Name=Join("", [Ref("RedisDNSName"), ".", Ref("RedisDNSDomain"), "."]), Type="CNAME", TTL="900", ResourceRecords=[ GetAtt("RedisReplicationGroup", "PrimaryEndPoint.Address") ], ) self.template.add_resource(redisdnsrecord)
def create_cache_cluster(stack, cache_type): """Add Elasticache Cache cluster Resource.""" ports = {'redis': 6379, 'memcached': 11211} secgroup = stack.stack.add_resource( SecurityGroup( '{0}SecurityGroup'.format(cache_type), GroupDescription="{0} Security Group".format(cache_type), SecurityGroupIngress=[ SecurityGroupRule( "{0}".format(cache_type), CidrIp=Ref(stack.vpc_address_param), FromPort=ports[cache_type], ToPort=ports[cache_type], IpProtocol="tcp", ) ], VpcId=Ref(stack.vpc), )) subnet_group = stack.stack.add_resource( elasticache.SubnetGroup( '{0}cache'.format(stack.env), Description='{0} cache'.format(stack.env), SubnetIds=[Ref(stack.backend1_subnet), Ref(stack.backend2_subnet)], )) stack.stack.add_resource( elasticache.ReplicationGroup( 'CacheCluster', ReplicationGroupId='{0}cluster'.format(stack.env), ReplicationGroupDescription='{0}cluster'.format(stack.env), Engine='{0}'.format(cache_type), CacheNodeType=Ref(stack.cache_instance_type_param), NumCacheClusters='2', CacheSubnetGroupName=Ref(subnet_group), SecurityGroupIds=[Ref(secgroup)]))
CacheSubnetGroupName=Ref(cache_subnet_group), Tags=Tags(Name=Join("-", [Ref("AWS::StackName"), "cache"]), ), ) redis_replication_group = elasticache.ReplicationGroup( "RedisReplicationGroup", template=template, AtRestEncryptionEnabled=use_aes256_encryption, AutomaticFailoverEnabled=Ref(redis_automatic_failover), AuthToken=If(using_auth_token_condition, Ref(redis_auth_token), Ref("AWS::NoValue")), Engine="redis", EngineVersion=Ref(redis_version), CacheNodeType=Ref(redis_node_type), CacheSubnetGroupName=Ref(cache_subnet_group), Condition=using_redis_condition, NumCacheClusters=redis_num_cache_clusters, Port=constants.REDIS_PORT, PreferredCacheClusterAZs=If( redis_uses_automatic_failover, [Ref(primary_az), Ref(secondary_az)], Ref("AWS::NoValue")), ReplicationGroupDescription="Redis ReplicationGroup", SecurityGroupIds=[Ref(cache_security_group)], SnapshotRetentionLimit=redis_snapshot_retention_limit, TransitEncryptionEnabled=use_aes256_encryption, KmsKeyId=If(use_cmk_arn, Ref(cmk_arn), Ref("AWS::NoValue")), Tags=Tags(Name=Join("-", [Ref("AWS::StackName"), "redis"]), ), ) cache_address = If( using_memcached_condition, GetAtt(cache_cluster, 'ConfigurationEndpoint.Address'),
def configure(self): elasticache_metadata = constants.ENVIRONMENTS[self.env]['elasticache'] self.name = 'elasticache' self.add_description('Sets up elasticache in VPC') self.get_standard_parameters() self.get_default_security_groups() for cache in elasticache_metadata: name = self.env + cache['name'].replace( '-', '').capitalize() + cache['engine'].capitalize() tags = self.get_tags(service_override=self.name, role_override=cache['name']) _port = 6379 if cache['engine'] == 'redis' else 11211 security_group = self.add_resource( ec2.SecurityGroup( '{}ElastiCacheSecurityGroup'.format(name), VpcId=self.vpc_id, GroupDescription='Security Group for {} Access'.format( name), SecurityGroupIngress=[{ 'IpProtocol': 'tcp', 'FromPort': _port, 'ToPort': _port, 'CidrIp': self.vpc_cidr }], Tags=tags)) # Default to true for preferred subnet unless using multi_az preferred_only = False if cache.get( 'multi_az') is True else cache.get('preferred_only', True) subnet_group = self.add_resource( elasticache.SubnetGroup( '{}SubnetGroup'.format(name), Description='SubnetGroup for {} Elasticache'.format(name), SubnetIds=list( map( lambda x: x['SubnetId'], self.get_subnets( 'private', _preferred_only=preferred_only))))) if cache['engine'] == 'redis': cache_cluster = self.add_resource( elasticache.ReplicationGroup( '{}ReplicationGroup'.format(name), AutomaticFailoverEnabled=False, AutoMinorVersionUpgrade=True, CacheNodeType=cache['instance_type'], CacheSubnetGroupName=Ref(subnet_group), Engine='redis', EngineVersion=cache.get('engine_version', '5.0.6'), NumCacheClusters=1, ReplicationGroupDescription= '{} RedisElasticache Cluster'.format(name), SecurityGroupIds=[Ref(security_group)])) records = [GetAtt(cache_cluster, 'PrimaryEndPoint.Address')] else: cache_cluster = self.add_resource( elasticache.CacheCluster( '{}CacheCluster'.format(name), AutoMinorVersionUpgrade=True, CacheNodeType=cache['instance_type'], CacheSubnetGroupName=Ref(subnet_group), ClusterName=cache.get('cluster_name', name), Engine='memcached', EngineVersion='1.5.16', NumCacheNodes=3, VpcSecurityGroupIds=[Ref(security_group)])) records = [ GetAtt(cache_cluster, 'ConfigurationEndpoint.Address') ] if self.get_partition() != 'aws-us-gov': hosted_zone = constants.ENVIRONMENTS[self.env]['route53_zone'] self.add_resource( route53.RecordSetGroup( '{}Route53'.format(name), HostedZoneName=hosted_zone, RecordSets=[ route53.RecordSet( Name='{}.{}.{}'.format(cache['name'], cache['engine'], hosted_zone), ResourceRecords=[ GetAtt(cache_cluster, 'PrimaryEndPoint.Address') ], Type='CNAME', TTL=600) ]))