AWSTemplateFormatVersion: 2010-09-09 Description: >- Redis cluster for Admin server and portal servers. (qs-1qtp7fd3f) Parameters: RemoteAccessCIDR: AllowedPattern: >- ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/x Description: Allowed CIDR block for PortalServer access Type: String PrivateSubnet1ID: Description: Private Subnet Id 1 Type: 'AWS::EC2::Subnet::Id' PrivateSubnet2ID: Description: Private Subnet Id 2 Type: 'AWS::EC2::Subnet::Id' VPCID: Description: 'ID of the VPC (e.g., vpc-0343606e)' Type: 'AWS::EC2::VPC::Id' RedisAuth: Description: The Auth Token for the redis cluster Type: String ConstraintDescription: Must be 16-128 characters including atleast three of uppercase, lowercase, nonalphanumeric, and digits RedisCacheNodeType: Type: String Description: Enter one of the allowed values RedisEngineVersion: Type: String Description: Redis replication group version NumShards: Description: 'Number of shards in the cluster.' Type: 'Number' NumReplicas: Description: 'Number of replicas per shard.' Type: 'Number' SnapshotName: Description: 'Optional name of a snapshot from which you want to restore (leave blank to create an empty cache).' Type: 'String' SnapshotRetentionLimit: Description: 'The number of days for which ElastiCache retains automatic redis snapshots before deleting them (set to 0 to disable backups).' Type: Number Conditions: HasSnapshotName: !Not [!Equals [!Ref SnapshotName, '']] Resources: RedisServerSecurityGroup: Type: 'AWS::EC2::SecurityGroup' Properties: GroupDescription: Allows inbound connection to redis traffic port VpcId: !Ref VPCID RedisServerSecurityGroupIngress: Type: 'AWS::EC2::SecurityGroupIngress' Properties: GroupId: !GetAtt RedisServerSecurityGroup.GroupId IpProtocol: tcp FromPort: 6379 ToPort: 6379 CidrIp: !Ref RemoteAccessCIDR RedisReplicationGroup: DeletionPolicy: Snapshot UpdateReplacePolicy: Snapshot Type: 'AWS::ElastiCache::ReplicationGroup' Properties: AtRestEncryptionEnabled: true AuthToken: !Ref RedisAuth AutomaticFailoverEnabled: true CacheNodeType: !Ref RedisCacheNodeType CacheParameterGroupName: 'default.redis3.2' CacheSubnetGroupName: !Ref CacheSubnetGroupName NumNodeGroups: !Ref NumShards ReplicasPerNodeGroup: !Ref NumReplicas Engine: redis EngineVersion: !Ref RedisEngineVersion ReplicationGroupDescription: 'Duo DNG Redis replication group' SecurityGroupIds: - !Ref RedisServerSecurityGroup PreferredMaintenanceWindow: 'sat:07:00-sat:08:00' SnapshotName: !If [HasSnapshotName, !Ref SnapshotName, !Ref 'AWS::NoValue'] SnapshotRetentionLimit: !Ref SnapshotRetentionLimit SnapshotWindow: '00:00-03:00' Tags: - Key: name Value: Duo DNG Redis Replication Group TransitEncryptionEnabled: true UpdatePolicy: UseOnlineResharding: true CacheSubnetGroupName: Type: 'AWS::ElastiCache::SubnetGroup' Properties: Description: Duo DNG Redis Subnet Group SubnetIds: - !Ref PrivateSubnet1ID - !Ref PrivateSubnet2ID Outputs: RedisClusterName: Description: 'The name of the cluster' Value: !Ref RedisReplicationGroup Export: Name: !Sub '${AWS::StackName}-ClusterName' PrimaryEndPointAddress: Description: 'The DNS address of the primary read-write cache node.' Value: !GetAtt 'RedisReplicationGroup.PrimaryEndPoint.Address' Export: Name: !Sub '${AWS::StackName}-PrimaryEndPointAddress' PrimaryEndPointPort: Description: 'The port that the primary read-write cache engine is listening on.' Value: !GetAtt 'RedisReplicationGroup.PrimaryEndPoint.Port' Export: Name: !Sub '${AWS::StackName}-PrimaryEndPointPort' RedisAuthToken: Description: Redis Auth Token Value: !Ref RedisAuth Export: Name: !Sub '${AWS::StackName}-RedisAuth'