-
Notifications
You must be signed in to change notification settings - Fork 1
/
variables.tf
320 lines (277 loc) · 8.39 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
variable "enabled" {
description = "Enable OpenSearch."
type = bool
default = true
}
variable "cluster_name" {
description = "The name of the OpenSearch cluster."
type = string
default = "opensearch"
}
variable "cluster_version" {
description = "The version of OpenSearch to deploy."
type = string
default = "OpenSearch_1.2"
}
variable "cluster_domain_name" {
description = "The domain name for the OpenSearch cluster."
type = string
default = null
}
variable "master_instance_count" {
description = "The number of dedicated master nodes in the cluster."
type = number
default = 3
}
variable "master_instance_type" {
type = string
description = "Instance type for the OpenSearch master nodes."
default = "t3.small.elasticsearch"
}
variable "hot_instance_count" {
description = "The number of dedicated hot nodes in the cluster."
type = number
default = 3
}
variable "hot_instance_type" {
description = "The instance type for dedicated hot nodes in the cluster."
type = string
default = "t3.small.elasticsearch"
}
variable "warm_enabled" {
description = "Enable warm nodes."
type = bool
default = false
}
variable "warm_instance_type" {
description = "The type of EC2 instances to run for each warm node."
type = string
default = "ultrawarm1.medium.elasticsearch"
}
variable "warm_instance_count" {
description = "The number of dedicated warm nodes in the cluster."
type = number
default = 3
}
variable "cold_enabled" {
description = "Enable cold storage."
type = bool
default = false
}
variable "availability_zones" {
description = "The number of availability zones for the OpenSearch cluster. Valid values: 1, 2 or 3."
type = number
default = 3
}
variable "ebs_enabled" {
description = "Enable EBS volumes for data nodes"
type = bool
default = false
}
variable "ebs_iops" {
description = "Baseline I/O performance of EBS volumes attached to data nodes."
type = number
default = null
}
variable "ebs_volume_size" {
description = "EBS Volume size in GiB"
type = number
default = null
}
variable "ebs_volume_type" {
description = "EBS volume type. https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-volume-types.html"
type = string
default = null
}
variable "vpc_id" {
description = "The VPC id where to deploy the OpenSearch cluster."
type = string
default = null
}
variable "subnet_ids" {
description = "The subnet id where to deploy the OpenSearch cluster."
type = list(string)
default = []
}
variable "security_group_ids" {
description = "List of VPC security group id's."
type = list(string)
default = []
}
variable "enforce_https" {
description = "Enforce HTTPS domain endpoint."
type = string
default = null
}
variable "tls_security_policy" {
description = "Name of TLS security policy to use at HTTPS endpoint."
type = string
default = "Policy-Min-TLS-1-2-2019-07"
validation {
condition = can(regex("^Policy-Min-TLS-1-0-2019-07|Policy-Min-TLS-1-2-2019-07|Policy-Min-TLS-1-2-PFS-2023-10$", var.tls_security_policy))
error_message = "TLS security policy should be 'Policy-Min-TLS-1-0-2019-07, Policy-Min-TLS-1-2-2019-07, Policy-Min-TLS-1-2-PFS-2023-10'."
}
}
variable "custom_endpoint_enabled" {
description = "Enable custom endpoint."
type = bool
default = false
}
variable "custom_endpoint" {
description = "FQDN of the custom endpoint"
type = string
default = null
}
variable "custom_endpoint_certificate_arn" {
description = "ACM certificate ARN for your custom endpoint."
type = string
default = null
}
variable "internal_user_database_enabled" {
description = "Enable internal user database."
type = bool
default = true
}
variable "master_user_arn" {
description = "ARN of the main user."
type = string
default = null
}
variable "master_user_name" {
description = "Name of the main user."
type = string
default = null
}
variable "master_user_password" {
description = "Password of the main user."
type = string
default = null
}
variable "encrypt_kms_key_id" {
description = "KMS key id to encrypt OpenSearch domain with."
type = string
default = null
}
variable "cloudwatch_log_enabled" {
description = "Enabled Cloudwatch."
type = bool
default = true
}
variable "cloudwatch_log_retention" {
description = "Cloudwatch log retention in days."
type = number
default = 365
}
variable "cloudwatch_log_kms_key_id" {
description = "The ARN of the KMS key to use when encrypting log data."
type = string
default = null
}
variable "node_to_node_encryption" {
description = "Enable node-to-node encryption."
type = bool
default = true
}
variable "encrypt_at_rest" {
description = "Enable encryption at rest"
type = bool
default = true
}
variable "cognito_enabled" {
description = "Enable AWS cognito for OpenSearch."
type = bool
default = false
}
variable "cognito_user_pool_id" {
description = "ID of the Cognito user pool to use."
type = string
default = null
}
variable "cognito_identity_pool_id" {
description = "ID of the Cognito identity pool to use."
type = string
default = null
}
variable "cognito_role_arn" {
description = "ARN of the IAM role that has the AmazonESCognitoAccess policy."
type = string
default = null
}
variable "saml_options_enabled" {
description = "Enable saml_options"
type = bool
default = false
}
variable "saml_options_master_backend_role" {
description = "(Optional) This backend role from the SAML IdP receives full permissions to the cluster, equivalent to a new master user."
type = string
default = null
}
variable "saml_options_master_user_name" {
description = "(Optional) This username from the SAML IdP receives full permissions to the cluster, equivalent to a new master user."
type = string
default = null
}
variable "saml_options_roles_key" {
description = "(Optional) Element of the SAML assertion to use for backend roles. Default is roles. e.g. http://schemas.microsoft.com/ws/2008/06/identity/claims/groups"
type = string
default = null
}
variable "saml_options_subject_key" {
description = "(Optional) Custom SAML attribute to use for user names. Default is an empty string. This will cause Elasticsearch to use the NameID element of the Subject, which is the default location for name identifiers in the SAML specification."
type = string
default = null
}
variable "saml_options_session_timeout_minutes" {
description = "(Optional) Duration of a session in minutes after a user logs in. Default is 60. Maximum value is 1,440."
type = number
default = null
}
variable "saml_options_idp_entity_id" {
description = "URL of the entity id"
type = string
default = null
}
variable "saml_options_idp_metadata_content" {
type = string
description = "Contents of the saml-metadata.xml file"
default = null
}
variable "autotune_enabled" {
type = bool
description = "Enable autotune options"
default = false
}
variable "autotune_options" {
type = object({
desired_state = string
rollback_on_disable = string
maintenance_schedule = object({
cron_expression = string
duration = number
start_at = string
})
})
default = {
desired_state = "ENABLED"
rollback_on_disable = "NO_ROLLBACK"
maintenance_schedule = {
cron_expression = "cron(0 0 ? * 1 *)"
duration = 1
start_at = "2000-01-01T00:00:00.00Z"
}
}
validation {
condition = can(regex("^DEFAULT_ROLLBACK|NO_ROLLBACK$", var.autotune_options.rollback_on_disable))
error_message = "Autotune rollback_on_disable should be 'DEFAULT_ROLLBACK' or 'NO_ROLLBACK'."
}
validation {
condition = can(regex("^ENABLED|DISABLED$", var.autotune_options.desired_state))
error_message = "Autotune desired_state should be 'ENABLED' or 'DISABLED'."
}
}
variable "tags" {
type = map(string)
description = "A mapping of tags to assign to the OpenSearch cluster."
default = {}
}