fix: enable transit mode encryption var as it is now available in redis

willejs · willejs · commit fea701e117e5 · 2025-04-08T12:09:09.000+01:00
diff --git a/main.tf b/main.tf
@@ -58,7 +58,8 @@ resource "aws_elasticache_cluster" "this" {
   snapshot_retention_limit     = local.in_replication_group ? null : var.snapshot_retention_limit
   snapshot_window              = local.in_replication_group ? null : var.snapshot_window
   subnet_group_name            = local.in_replication_group ? null : local.subnet_group_name
-  transit_encryption_enabled   = var.engine == "memcached" ? var.transit_encryption_enabled : null
+  # this makes it so that the transit encryption is enabled by default for memcached, which prevents a backwards incompatible change
+  transit_encryption_enabled   = var.engine == "memcached" ? true : var.transit_encryption_enabled
 
   tags = local.tags
 
diff --git a/variables.tf b/variables.tf
@@ -176,9 +176,9 @@ variable "snapshot_window" {
 }
 
 variable "transit_encryption_enabled" {
-  description = "Enable encryption in-transit. Supported only with Memcached versions `1.6.12` and later, running in a VPC"
+  description = "Enable encryption in-transit."
   type        = bool
-  default     = true
+  default     = null
 }
 
 variable "transit_encryption_mode" {

Original file line number	Diff line number	Diff line change
`@@ -176,9 +176,9 @@ variable "snapshot_window" {`
`176`	`176`	`}`
`177`	`177`
`178`	`178`	`variable "transit_encryption_enabled" {`
`179`		- description = "Enable encryption in-transit. Supported only with Memcached versions `1.6.12` and later, running in a VPC"
	`179`	`+ description = "Enable encryption in-transit."`
`180`	`180`	`type = bool`
`181`		`- default = true`
	`181`	`+ default = null`
`182`	`182`	`}`
`183`	`183`
`184`	`184`	`variable "transit_encryption_mode" {`