TerraformPilot

Terraform

AWS ElastiCache Redis with Terraform - Complete Guide

Deploy AWS ElastiCache Redis with Terraform. Cluster mode, replication groups, subnet groups, encryption, and parameter group configuration.

LLuca Berton1 min read

Quick Answer

# 
resource "aws_elasticache_replication_group" "redis" {
  replication_group_id = "my-redis"
  description          = "Redis cluster"
  engine               = "redis"
  node_type            = "cache.t4g.micro"
  num_cache_clusters   = 2
  port                 = 6379
  subnet_group_name    = aws_elasticache_subnet_group.main.name
  security_group_ids   = [aws_security_group.redis.id]
  at_rest_encryption_enabled = true
  transit_encryption_enabled = true
}

Networking

# 
resource "aws_elasticache_subnet_group" "main" {
  name       = "${var.project}-redis"
  subnet_ids = aws_subnet.private[*].id
}
 
resource "aws_security_group" "redis" {
  name   = "${var.project}-redis"
  vpc_id = aws_vpc.main.id
 
  ingress {
    from_port       = 6379
    to_port         = 6379
    protocol        = "tcp"
    security_groups = [aws_security_group.app.id]
  }
 
  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }
}

Redis Replication Group (Production)

# 
resource "aws_elasticache_parameter_group" "redis7" {
  name   = "${var.project}-redis7"
  family = "redis7"
 
  parameter {
    name  = "maxmemory-policy"
    value = "allkeys-lru"
  }
}
 
resource "aws_elasticache_replication_group" "redis" {
  replication_group_id = "${var.project}-redis"
  description          = "${var.project} Redis cluster"
  engine               = "redis"
  engine_version       = "7.1"
  node_type            = var.redis_node_type
  num_cache_clusters   = 2  # Primary + 1 replica
  port                 = 6379
 
  subnet_group_name    = aws_elasticache_subnet_group.main.name
  security_group_ids   = [aws_security_group.redis.id]
  parameter_group_name = aws_elasticache_parameter_group.redis7.name
 
  at_rest_encryption_enabled = true
  transit_encryption_enabled = true
  auth_token                 = var.redis_auth_token
 
  automatic_failover_enabled = true
  multi_az_enabled           = true
 
  snapshot_retention_limit = 7
  snapshot_window          = "03:00-05:00"
  maintenance_window       = "sun:05:00-sun:07:00"
 
  apply_immediately = false
 
  tags = { Environment = var.environment }
 
  timeouts {
    create = "30m"
    update = "30m"
    delete = "30m"
  }
}
 
output "redis_endpoint" {
  value = aws_elasticache_replication_group.redis.primary_endpoint_address
}

Redis Cluster Mode (Sharding)

# 
resource "aws_elasticache_replication_group" "redis_cluster" {
  replication_group_id       = "${var.project}-redis-cluster"
  description                = "Redis cluster mode enabled"
  engine                     = "redis"
  engine_version             = "7.1"
  node_type                  = "cache.r7g.large"
  port                       = 6379
  parameter_group_name       = "default.redis7.cluster.on"
 
  num_node_groups         = 3  # 3 shards
  replicas_per_node_group = 1  # 1 replica per shard
 
  subnet_group_name          = aws_elasticache_subnet_group.main.name
  security_group_ids         = [aws_security_group.redis.id]
  at_rest_encryption_enabled = true
  transit_encryption_enabled = true
  automatic_failover_enabled = true
}
 
output "redis_config_endpoint" {
  value = aws_elasticache_replication_group.redis_cluster.configuration_endpoint_address
}

Node Types

#
TypevCPUMemoryUse Case
cache.t4g.micro20.5 GBDev/test
cache.t4g.medium23.09 GBSmall production
cache.r7g.large213.07 GBProduction
cache.r7g.xlarge426.32 GBHigh memory
#

Conclusion

#

Use replication groups (not standalone clusters) for production Redis. Enable automatic failover, multi-AZ, encryption at rest and in transit, and daily snapshots. Use cache.t4g for dev and cache.r7g for production. Set maxmemory-policy to allkeys-lru to handle memory pressure gracefully.

#Terraform#AWS#ElastiCache#Redis#Infrastructure as Code

Share this article

Related articles