v2.0.70 - AWS MSK Module

• A module to instantiate an AWS MSK cluster: #418

v2.0.69 - AWS OpenSearch

This pull request introduces a new Terraform module for setting up an AWS OpenSearch domain, This module supports both public and VPC-based deployments, depending on the value of the vpc_enabled variable. The module covers the creation of an OpenSearch domain, security group, and associated ingress and egress rules.

Key Features

• OpenSearch domain creation with aws_opensearch_domain resource.
• Security group creation with aws_security_group resource, including ingress and egress rules.
• Ingress and egress rules support for CIDR blocks and IPv6 CIDR blocks.
• Cloudwatch Log groups - To publish slow logs to CloudWatch Log Groups for monitoring and analysis

Input Variables

• domain_name (Optional, string): The user-friendly name for the OpenSearch domain. If not provided, Terraform will generate a default domain name.
• aws_region (Optional, string, default: "us-west-2"): The AWS region where the OpenSearch domain will be created.
• account_id (Optional, string): The AWS account ID of your AWS account.
• tags (Optional, any, default: {}): AWS tags that will be applied to the OpenSearch domain and related resources.
• subnet_ids (Required, list(string)): A list of private subnet IDs within your VPC where the OpenSearch domain will be created.
• vpc_id (Required, string): The ID of the VPC where the OpenSearch domain will be created.
• instance_count (Optional, number, default: 2): The number of instances in the OpenSearch domain cluster.
• ingress_rule (Optional, list(any), default: provided): A list of ingress rules for the OpenSearch domain security group.
• egress_rule (Optional, list(any), default: provided): A list of egress rules for the OpenSearch domain security group.

Domain Configuration
The OpenSearch domain is created using the aws_opensearch_domain resource with the following settings:

• Engine version: OpenSearch 2.5

• Cluster instance type: r4.large.search

• Zone awareness enabled : By Default 2 availability zones

• EBS storage enabled with 10GB volume size

• Encryption at rest and node-to-node encryption enabled

• HTTPS enforced with TLS security policy: Policy-Min-TLS-1-2-2019-07

• vpc_options: A dynamic block that conditionally creates a VPC configuration for the domain, based on the value of vpc_enabled.

• access_policies: JSON-encoded access policies for the domain, with a conditional policy that enforces secure transport (HTTPS) if the domain is deployed within a VPC.

• Log publishing options for index slow logs, search slow logs.

Security Group Configuration

• The security group is created using the aws_security_group resource, and it includes ingress and egress rules for controlling access to the OpenSearch domain.

  • The ingress rules are defined in the ingress_rule variable.
  • The egress rules are defined in the egress_rule variable.

Both ingress and egress rules support CIDR blocks and IPv6 CIDR blocks.

TERRAGRUNT APPLY:

Apply complete! Resources: 1 added, 0 changed, 1 destroyed.

Outputs:

opensearch_domain_endpoint = "vpc-opensearch-dp-dev-sgm53htkbflrs5iudpldzbuljq.us-west-2.es.amazonaws.com"
opensearch_security_group_id = "sg-06d24f962f3ed1c22"

v2.0.68 - AWS QLDB Module

• AWS QLDB module: #421

v2.0.66 - AWS Airflow

• #413

This PR includes updates to the Terraform module for deploying an Airflow environment on AWS. The following changes were made:

• The webserver_access_mode variable was added to the aws_mwaa_environment resource block, allowing for more control over the web server's access mode.

• The IAM role module was updated to the latest version (5.11.2) to incorporate bug fixes and other improvements.

An Amazon S3 bucket with versioning, server-side encryption, and access control policies

• The aws_s3_bucket resource creates an S3 bucket, which is used as the source for the MWAA environment. The aws_s3_bucket_versioning resource enables versioning for the S3 bucket. The aws_s3_bucket_acl resource sets the bucket ACL to private, which means that only authorized users can access the bucket.

• The aws_s3_bucket_server_side_encryption_configuration resource enables server-side encryption for the S3 bucket. The aws_s3_bucket_public_access_block resource blocks public access to the S3 bucket.

v2.0.65 - AWS S3 bucket ownership input

• module able to receive s3 bucket ownership controls rule as input variable: #420

v2.0.64 - AWS S3 buckets

• Module to create s3 buckets

v2.0.63 - AWS Airflow Modul updates

This PR includes updates to the Terraform module for deploying an Airflow environment on AWS. The following changes were made:

• The webserver_access_mode variable was added to the aws_mwaa_environment resource block, allowing for more control over the web server's access mode.

• The IAM role module was updated to the latest version (5.11.2) to incorporate bug fixes and other improvements.

An Amazon S3 bucket with versioning, server-side encryption, and access control policies

• The aws_s3_bucket resource creates an S3 bucket, which is used as the source for the MWAA environment. The aws_s3_bucket_versioning resource enables versioning for the S3 bucket. The aws_s3_bucket_acl resource sets the bucket ACL to private, which means that only authorized users can access the bucket.

• The aws_s3_bucket_server_side_encryption_configuration resource enables server-side encryption for the S3 bucket. The aws_s3_bucket_public_access_block resource blocks public access to the S3 bucket.

#413

v2.0.62 - AWS - Security Group Module

• Create security groups with dynamic egress and ingress rules: #410

v2.0.61 - Azure - external-secrets - access policies variable

• Parameterizes the Azure Vault Access Policies: #409

v2.0.60 - Upgrade cluster autoscaler - 9.24.0

• Updates cluster autoscaler to the latest chart: #407