Skip to content
/ terraform-aws-opensearch Public

Terraform module for terraform-aws-opensearch

License

Apache-2.0 license
2 stars 15 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Datatamer/terraform-aws-opensearch

BranchesTags

Repository files navigation

Tamr AWS OpenSearch Terraform Module

This terraform module creates an OpenSearch domain on AWS.

Prerequisite

This module requires an IAM service linked role for OpenSearch on the AWS account.

To create an OpenSearch service role in terraform:

resource "aws_iam_service_linked_role" "opensearch-service-role" {
  aws_service_name = "opensearchservice.amazonaws.com"
}

OpenSearch Service automatically creates a new OpenSearch service-linked role the first time you create an OpenSearch domain if you have permissions for the iam:CreateServiceLinkedRole action and the legacy Elasticsearch role doesn't exist in your account.

There can be only one service linked role for per AWS account.

You may run into an error like this when trying to remove the service linked role if there is still an OpenSearch domain in the account:

Error: Error waiting for role (arn:aws:iam::000000000000:role/aws-service-role/es.amazonaws.com/AWSServiceRoleForAmazonElasticsearchService) to be deleted: unexpected state 'FAILED', wanted target 'SUCCEEDED'.

You will need to ensure all the domains are completely removed before attempting to remove the service linked service role. If it appears like all the domains have already been removed, you can try again.

Examples

Minimal

Smallest complete fully working example. This example might require extra resources to run the example.

Resources Created

This module creates:

  • a new OpenSearch domain in AWS

Requirements

Name Version
terraform >= 0.13
aws >= 3.36, !=4.0.0, !=4.1.0, !=4.2.0, !=4.3.0, !=4.4.0, !=4.5.0, !=4.6.0, !=4.7.0, !=4.8.0

Providers

No provider.

Inputs

Name Description Type Default Required
domain_name The name to give to the OpenSearch domain string n/a yes
subnet_ids List of subnet IDs for the OpenSearch domain to be created in list(string) n/a yes
arn_partition The partition in which the resource is located. A partition is a group of AWS Regions.
Each AWS account is scoped to one partition.
The following are the supported partitions:
aws -AWS Regions
aws-cn - China Regions
aws-us-gov - AWS GovCloud (US) Regions		 string "aws" no
ebs_enabled Whether EBS volumes are attached to data nodes bool true no
ebs_iops The baseline I/O performance of EBS volumes attached to nodes.
Iops is only valid when volume type is io1		 number null no
ebs_volume_size The size of EBS volumes attached to data nodes (in GB) number 100 no
ebs_volume_type The type of EBS volumes attached to data nodes string "gp2" no
enforce_https Whether or not to require HTTPS on the domain endpoint bool true no
es_tags [DEPRECATED: Use tags instead] Additional tags to be attached to the OpenSearch domain and associated resources. map(string) {} no
es_version Version of OpenSearch to deploy string "6.8" no
instance_count Number of instances to launch in the OpenSearch domain number 2 no
instance_type Instance type of data nodes in the domain string "c5.large.elasticsearch" no
kms_key_id The KMS key id to encrypt the OpenSearch domain with.
If not specified then it defaults to using the aws/es service KMS key		 string null no
log_group_name The name of an existent CloudWatch Log Group that OpenSearch will publish logs to string "" no
log_types A list of log types that will be published to CloudWatch. Valid values are SEARCH_SLOW_LOGS, INDEX_SLOW_LOGS, ES_APPLICATION_LOGS and AUDIT_LOGS. list(string) 
[
  "ES_APPLICATION_LOGS",
  "SEARCH_SLOW_LOGS",
  "INDEX_SLOW_LOGS"
]
 no
node_to_node_encryption_enabled Whether to enable node-to-node encryption bool true no
security_group_ids List of security group IDs to be applied to the OpenSearch domain list(string) [] no
snapshot_start_hour Hour when an automated daily snapshot of the indices is taken number 0 no
tags A map of tags to add to all resources. Replaces es_tags. map(string) {} no
tls_security_policy The name of the TLS security policy that needs to be applied to the HTTPS endpoint.
Valid values: Policy-Min-TLS-1-0-2019-07 and Policy-Min-TLS-1-2-2019-07.		 string "Policy-Min-TLS-1-2-2019-07" no

Outputs

Name Description
tamr_es_domain_endpoint Endpoint of OpenSearch domain created
tamr_es_domain_id ID of the OpenSearch domain created

References

This repo is based on:

Development

Generating Docs

Run make terraform/docs to generate the section of docs around terraform inputs, outputs and requirements.

Checkstyles

Run make lint, this will run terraform fmt, in addition to a few other checks to detect whitespace issues. NOTE: this requires having docker working on the machine running the test

Releasing new versions

  • Update version contained in VERSION
  • Document changes in CHANGELOG.md
  • Create a tag in github for the commit associated with the version

License

Apache 2 Licensed. See LICENSE for full details.

About

Terraform module for terraform-aws-opensearch

Topics

aws elasticsearch terraform opensearch terraform-module terraform-managed

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

2 stars

Watchers

30 watching

Forks

15 forks
Report repository

Releases 15

6.0.0 Latest
Aug 24, 2022
+ 14 releases

Packages

No packages published

Contributors 8

Languages