fix: docs, add examples and fix formatting

willejs · willejs · commit 5694400e097f · 2025-04-08T12:15:39.000+01:00
diff --git a/README.md b/README.md
@@ -463,7 +463,7 @@ No modules.
 | <a name="input_subnet_ids"></a> [subnet\_ids](#input\_subnet\_ids) | List of VPC Subnet IDs for the Elasticache subnet group | `list(string)` | `[]` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | A map of tags to add to all resources | `map(string)` | `{}` | no |
 | <a name="input_timeouts"></a> [timeouts](#input\_timeouts) | Define maximum timeout for creating, updating, and deleting cluster resource | `map(string)` | `{}` | no |
-| <a name="input_transit_encryption_enabled"></a> [transit\_encryption\_enabled](#input\_transit\_encryption\_enabled) | Enable encryption in-transit. Supported only with Memcached versions `1.6.12` and later, running in a VPC | `bool` | `true` | no |
+| <a name="input_transit_encryption_enabled"></a> [transit\_encryption\_enabled](#input\_transit\_encryption\_enabled) | Enable encryption in-transit. | `bool` | `null` | no |
 | <a name="input_transit_encryption_mode"></a> [transit\_encryption\_mode](#input\_transit\_encryption\_mode) | A setting that enables clients to migrate to in-transit encryption with no downtime. Valid values are preferred and required | `string` | `null` | no |
 | <a name="input_user_group_ids"></a> [user\_group\_ids](#input\_user\_group\_ids) | User Group ID to associate with the replication group. Only a maximum of one (1) user group ID is valid | `list(string)` | `null` | no |
 | <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | Identifier of the VPC where the security group will be created | `string` | `null` | no |
diff --git a/examples/redis-replication-group/main.tf b/examples/redis-replication-group/main.tf
@@ -30,10 +30,9 @@ module "elasticache" {
   engine_version = "7.1"
   node_type      = "cache.t4g.small"
 
-  transit_encryption_enabled = true
-  auth_token                 = "PickSomethingMoreSecure123!"
-  maintenance_window         = "sun:05:00-sun:09:00"
-  apply_immediately          = true
+  auth_token         = "PickSomethingMoreSecure123!"
+  maintenance_window = "sun:05:00-sun:09:00"
+  apply_immediately  = true
 
   # Security Group
   vpc_id = module.vpc.vpc_id
@@ -63,6 +62,10 @@ module "elasticache" {
     }
   ]
 
+  # enable encryption in-transit
+  transit_encryption_enabled = true
+  transit_encryption_mode    = "preferred"
+
   tags = local.tags
 }
 
diff --git a/main.tf b/main.tf
@@ -59,7 +59,7 @@ resource "aws_elasticache_cluster" "this" {
   snapshot_window              = local.in_replication_group ? null : var.snapshot_window
   subnet_group_name            = local.in_replication_group ? null : local.subnet_group_name
   # this makes it so that the transit encryption is enabled by default for memcached, which prevents a backwards incompatible change
-  transit_encryption_enabled   = var.engine == "memcached" ? true : var.transit_encryption_enabled
+  transit_encryption_enabled = var.engine == "memcached" ? true : var.transit_encryption_enabled
 
   tags = local.tags
 
