aws_kinesis_firehose_delivery_stream for cross-account ElasticSearch

[lapkritinis]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform CLI and Terraform AWS Provider Version

Affected Resource(s)

• aws_kinesis_firehose_delivery_stream

Terraform Configuration Files

# Copy-paste your Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key: https://keybase.io/hashicorp

Debug Output

Panic Output

Expected Behavior

Actual Behavior

1 error occurred:
* aws_kinesis_firehose_delivery_stream.waf-mgmt-es: 1 error occurred:
* aws_kinesis_firehose_delivery_stream.waf-mgmt-es: error creating Kinesis Firehose Delivery Stream: InvalidArgumentException: Domain not found: my-es-domain-public

Steps to Reproduce

The issue is present when I try to create a cross-account firehose delivery stream to ElasticSearch.
Reason for that I believe, that via AWS CLI when I create this delivery stream I specify an additional parameter:
ClusterEndpoint - which is not supported in terraform and I do not specify domain.

resource "aws_kinesis_firehose_delivery_stream" "waf-mgmt-es" {
destination = "elasticsearch"
name = "aws-waf-logs-mgmt-es"

elasticsearch_configuration {
domain_arn = "arn:aws:es:eu-central-1:<--accountB-->:domain/my-es-domain-public"
index_name = "waf-${var.env_name}"
role_arn = "arn:aws:iam::<--accountA-->:role/firehose_role"
}

s3_configuration {
role_arn = "arn:aws:iam::991799896228:role/firehose_temp_role"
bucket_arn = "${aws_s3_bucket.temp.arn}"
buffer_size = 10
buffer_interval = 400
compression_format = "GZIP"
}
}

1. terraform apply

Important Factoids

References

• #0000

[ewbankkit]

We need to add cluster_endpoint to the elasticsearch_configuration configuration block.

[ewbankkit]

@lapkritinis Thanks for raising this issue.
It has already been noticed in #10623 and is resolved with #12484.
I'm going to close this one as a duplicate so that we can concentrate discussion in the linked issue.
Please add any additional comments there.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!