Merge pull request #470 from cisagov/cd_elasticache_add_create_policy

Update elasticache terraform to modify VPC cidr notation
cisagov · Jul 23, 2024 · 17e4e62 · 17e4e62
2 parents 8ce1832 + b54056e
commit 17e4e62
Showing 1 changed file with 13 additions and 2 deletions.
diff --git a/infrastructure/elasticache.tf b/infrastructure/elasticache.tf
@@ -6,7 +6,7 @@ resource "aws_security_group" "elasticache_security_group" {
  from_port = 6379
  to_port = 6379
  protocol = "tcp"
- cidr_blocks = ["10.0.2.0/24"] // Restrict to a specific CIDR block, ideally your VPC's CIDR
+ cidr_blocks = ["10.0.0.0/16"] // Restrict to a specific CIDR block, ideally your VPC's CIDR
  }
 }
 
@@ -61,14 +61,25 @@ resource "aws_iam_policy" "elasticache_policy" {
  "elasticache:CreateCacheSubnetGroup",
  "elasticache:DeleteCacheSubnetGroup",
  "elasticache:DescribeCacheSubnetGroups",
+ "elasticache:DescribeCacheClusters",
+ "elasticache:DescribeCacheEngineVersions",
+ "elasticache:DescribeCacheSecurityGroups",
+ "elasticache:DescribeCacheParameters",
+ "elasticache:DescribeCacheParameterGroups",
  "elasticache:ModifyCacheSubnetGroup",
  "elasticache:AddTagsToResource",
  "elasticache:ListTagsForResource",
+ "elasticache:CreateCacheParameterGroup",
+ "elasticache:DeleteCacheParameterGroup",
+ "elasticache:DescribeCacheParameterGroups",
+ "elasticache:ModifyCacheParameterGroup",
+ "iam:ListAttachedUserPolicies",
  "iam:CreatePolicy",
  "iam:AttachUserPolicy",
  "iam:GetPolicyVersion",
  "iam:ListPolicyVersions",
- "iam:DeletePolicy"
+ "iam:DeletePolicy",
+ "iam:DetachUserPolicy"
  ]
  Resource = "*"
  }