mirror of
https://github.com/open-webui/open-webui.git
synced 2025-12-14 13:25:20 +00:00
120 lines
3.5 KiB
HCL
120 lines
3.5 KiB
HCL
# Generate random password for Redis
|
|
resource "random_password" "redis_auth_token" {
|
|
length = 32
|
|
special = false # Disable special characters to avoid invalid ones for ElastiCache
|
|
upper = true
|
|
lower = true
|
|
numeric = true
|
|
}
|
|
|
|
# ElastiCache subnet group
|
|
resource "aws_elasticache_subnet_group" "redis_subnet_group" {
|
|
name = "openwebui-redis-subnet-group"
|
|
subnet_ids = var.private_subnet_ids
|
|
|
|
tags = {
|
|
Name = "OpenWebUI Redis Subnet Group"
|
|
}
|
|
}
|
|
|
|
# Security group for Redis
|
|
resource "aws_security_group" "redis_sg" {
|
|
name_prefix = "openwebui-redis-"
|
|
vpc_id = var.vpc_id
|
|
description = "Security group for OpenWebUI Redis cluster"
|
|
|
|
# Allow Redis traffic from ECS tasks
|
|
ingress {
|
|
description = "Redis from ECS"
|
|
from_port = 6379
|
|
to_port = 6379
|
|
protocol = "tcp"
|
|
security_groups = [var.existing_ecs_security_group_id, aws_security_group.ecs_scaled_sg.id]
|
|
}
|
|
|
|
egress {
|
|
from_port = 0
|
|
to_port = 0
|
|
protocol = "-1"
|
|
cidr_blocks = ["0.0.0.0/0"]
|
|
}
|
|
|
|
tags = {
|
|
Name = "OpenWebUI Redis Security Group"
|
|
}
|
|
}
|
|
|
|
# ElastiCache Redis cluster
|
|
resource "aws_elasticache_replication_group" "redis" {
|
|
description = "Redis cluster for OpenWebUI horizontal scaling"
|
|
replication_group_id = "openwebui-redis"
|
|
|
|
# Use cluster mode for better scalability
|
|
num_cache_clusters = 1
|
|
|
|
node_type = var.redis_node_type
|
|
port = 6379
|
|
parameter_group_name = "default.redis7"
|
|
engine_version = var.redis_engine_version
|
|
|
|
# Security and networking
|
|
subnet_group_name = aws_elasticache_subnet_group.redis_subnet_group.name
|
|
security_group_ids = [aws_security_group.redis_sg.id]
|
|
|
|
# Enable encryption
|
|
at_rest_encryption_enabled = true
|
|
transit_encryption_enabled = true
|
|
auth_token = random_password.redis_auth_token.result
|
|
|
|
# Backup configuration
|
|
snapshot_retention_limit = 3
|
|
snapshot_window = "05:00-06:00"
|
|
maintenance_window = "sun:06:00-sun:07:00"
|
|
|
|
# Performance
|
|
apply_immediately = true
|
|
|
|
# Logging
|
|
log_delivery_configuration {
|
|
destination = aws_cloudwatch_log_group.redis_slow_log.name
|
|
destination_type = "cloudwatch-logs"
|
|
log_format = "text"
|
|
log_type = "slow-log"
|
|
}
|
|
|
|
tags = {
|
|
Name = "OpenWebUI Redis Cluster"
|
|
}
|
|
}
|
|
|
|
# CloudWatch log group for Redis
|
|
resource "aws_cloudwatch_log_group" "redis_slow_log" {
|
|
name = "/aws/elasticache/openwebui-redis/slow-log"
|
|
retention_in_days = 7
|
|
|
|
tags = {
|
|
Name = "OpenWebUI Redis Slow Log"
|
|
}
|
|
}
|
|
|
|
# Store Redis connection details in Secrets Manager
|
|
resource "aws_secretsmanager_secret" "redis_connection" {
|
|
name = "openwebui-redis-connection"
|
|
description = "Redis connection details for OpenWebUI"
|
|
recovery_window_in_days = 0 # Force immediate deletion to avoid naming conflicts
|
|
force_overwrite_replica_secret = true
|
|
|
|
tags = {
|
|
Name = "OpenWebUI Redis Connection Secret"
|
|
}
|
|
}
|
|
|
|
resource "aws_secretsmanager_secret_version" "redis_connection" {
|
|
secret_id = aws_secretsmanager_secret.redis_connection.id
|
|
secret_string = jsonencode({
|
|
host = aws_elasticache_replication_group.redis.primary_endpoint_address
|
|
port = aws_elasticache_replication_group.redis.port
|
|
auth_token = random_password.redis_auth_token.result
|
|
url = "rediss://:${random_password.redis_auth_token.result}@${aws_elasticache_replication_group.redis.primary_endpoint_address}:${aws_elasticache_replication_group.redis.port}"
|
|
})
|
|
}
|