-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #8 from pogosoftware/develop
Initial merge
- Loading branch information
Showing
16 changed files
with
743 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,4 +1,58 @@ | ||
| # terraform-aws-elasticsearch | ||
|
|
||
| <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK --> | ||
| ## Requirements | ||
|
|
||
| | Name | Version | | ||
| |------|---------| | ||
| | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | ~> 1.0 | | ||
|
|
||
| ## Providers | ||
|
|
||
| No providers. | ||
|
|
||
| ## Modules | ||
|
|
||
| | Name | Source | Version | | ||
| |------|--------|---------| | ||
| | <a name="module_elasticsearch_domain"></a> [elasticsearch\_domain](#module\_elasticsearch\_domain) | ./modules/elasticsearch_domain | n/a | | ||
| | <a name="module_iam_service_linked_role"></a> [iam\_service\_linked\_role](#module\_iam\_service\_linked\_role) | ./modules/iam_service_linked_role | n/a | | ||
|
|
||
| ## Resources | ||
|
|
||
| No resources. | ||
|
|
||
| ## Inputs | ||
|
|
||
| | Name | Description | Type | Default | Required | | ||
| |------|-------------|------|---------|:--------:| | ||
| | <a name="input_create_elasticsearch_domain"></a> [create\_elasticsearch\_domain](#input\_create\_elasticsearch\_domain) | Determinator to create `elasticseach_domain` resources or not | `bool` | `true` | no | | ||
| | <a name="input_elasticsearch_domain_access_policies"></a> [elasticsearch\_domain\_access\_policies](#input\_elasticsearch\_domain\_access\_policies) | IAM policy document specifying the access policies for the domain | `string` | `null` | no | | ||
| | <a name="input_elasticsearch_domain_advanced_options"></a> [elasticsearch\_domain\_advanced\_options](#input\_elasticsearch\_domain\_advanced\_options) | Key-value string pairs to specify advanced configuration options | `map(string)` | `{}` | no | | ||
| | <a name="input_elasticsearch_domain_advanced_security_options"></a> [elasticsearch\_domain\_advanced\_security\_options](#input\_elasticsearch\_domain\_advanced\_security\_options) | Configuration block for fine-grained access control | `any` | `{}` | no | | ||
| | <a name="input_elasticsearch_domain_auto_tune_options"></a> [elasticsearch\_domain\_auto\_tune\_options](#input\_elasticsearch\_domain\_auto\_tune\_options) | Configuration block for the Auto-Tune options of the domain | `any` | `{}` | no | | ||
| | <a name="input_elasticsearch_domain_cluster_config"></a> [elasticsearch\_domain\_cluster\_config](#input\_elasticsearch\_domain\_cluster\_config) | Configuration block for the cluster of the domain | `any` | `{}` | no | | ||
| | <a name="input_elasticsearch_domain_cognito_options"></a> [elasticsearch\_domain\_cognito\_options](#input\_elasticsearch\_domain\_cognito\_options) | Configuration block for authenticating Kibana with Cognito | `any` | `{}` | no | | ||
| | <a name="input_elasticsearch_domain_ebs_options"></a> [elasticsearch\_domain\_ebs\_options](#input\_elasticsearch\_domain\_ebs\_options) | Configuration block for EBS related options, may be required based on chosen instance size | `any` | `{}` | no | | ||
| | <a name="input_elasticsearch_domain_encrypt_at_rest"></a> [elasticsearch\_domain\_encrypt\_at\_rest](#input\_elasticsearch\_domain\_encrypt\_at\_rest) | Configuration block for encrypt at rest options. Only available for certain instance types | `any` | `{}` | no | | ||
| | <a name="input_elasticsearch_domain_endpoint_options"></a> [elasticsearch\_domain\_endpoint\_options](#input\_elasticsearch\_domain\_endpoint\_options) | Configuration block for domain endpoint HTTP(S) related options | `any` | `{}` | no | | ||
| | <a name="input_elasticsearch_domain_log_publishing_options"></a> [elasticsearch\_domain\_log\_publishing\_options](#input\_elasticsearch\_domain\_log\_publishing\_options) | Configuration block for publishing slow and application logs to CloudWatch Logs | `any` | `{}` | no | | ||
| | <a name="input_elasticsearch_domain_name"></a> [elasticsearch\_domain\_name](#input\_elasticsearch\_domain\_name) | Required if `create_elasticsearch_domain` is set to `true`. Name of the domain | `string` | `null` | no | | ||
| | <a name="input_elasticsearch_domain_node_to_node_encryption"></a> [elasticsearch\_domain\_node\_to\_node\_encryption](#input\_elasticsearch\_domain\_node\_to\_node\_encryption) | Configuration block for node-to-node encryption options | `any` | `{}` | no | | ||
| | <a name="input_elasticsearch_domain_snapshot_options"></a> [elasticsearch\_domain\_snapshot\_options](#input\_elasticsearch\_domain\_snapshot\_options) | Configuration block for snapshot related options | `any` | `{}` | no | | ||
| | <a name="input_elasticsearch_domain_tags"></a> [elasticsearch\_domain\_tags](#input\_elasticsearch\_domain\_tags) | Map of tags to assign to the resource | `map(string)` | `{}` | no | | ||
| | <a name="input_elasticsearch_domain_version"></a> [elasticsearch\_domain\_version](#input\_elasticsearch\_domain\_version) | Version of Elasticsearch to deploy. Defaults to `1.5` | `string` | `"1.5"` | no | | ||
| | <a name="input_elasticsearch_domain_vpc_options"></a> [elasticsearch\_domain\_vpc\_options](#input\_elasticsearch\_domain\_vpc\_options) | Configuration block for VPC related options | `any` | `{}` | no | | ||
| | <a name="input_iam_service_linked_roles"></a> [iam\_service\_linked\_roles](#input\_iam\_service\_linked\_roles) | The IAM Service linked roles where `aws_service_name` is a key | `any` | `{}` | no | | ||
|
|
||
| ## Outputs | ||
|
|
||
| | Name | Description | | ||
| |------|-------------| | ||
| | <a name="output_elasticsearch_domain_arn"></a> [elasticsearch\_domain\_arn](#output\_elasticsearch\_domain\_arn) | ARN of the domain | | ||
| | <a name="output_elasticsearch_domain_endpoint"></a> [elasticsearch\_domain\_endpoint](#output\_elasticsearch\_domain\_endpoint) | Domain-specific endpoint used to submit index, search, and data upload requests | | ||
| | <a name="output_elasticsearch_domain_id"></a> [elasticsearch\_domain\_id](#output\_elasticsearch\_domain\_id) | Unique identifier for the domain | | ||
| | <a name="output_elasticsearch_domain_kibana_endpoint"></a> [elasticsearch\_domain\_kibana\_endpoint](#output\_elasticsearch\_domain\_kibana\_endpoint) | Domain-specific endpoint for kibana without https scheme | | ||
| | <a name="output_elasticsearch_domain_name"></a> [elasticsearch\_domain\_name](#output\_elasticsearch\_domain\_name) | Name of the Elasticsearch domain | | ||
| | <a name="output_iam_service_linked_roles"></a> [iam\_service\_linked\_roles](#output\_iam\_service\_linked\_roles) | The IAM service linked roles | | ||
| <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK --> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,33 @@ | ||
| module "iam_service_linked_role" { | ||
| source = "./modules/iam_service_linked_role" | ||
|
|
||
| for_each = var.iam_service_linked_roles | ||
|
|
||
| aws_service_name = each.key | ||
| custom_suffix = lookup(each.value, "custom_suffix", null) | ||
| description = lookup(each.value, "description", null) | ||
| tags = lookup(each.value, "tags", null) | ||
| } | ||
|
|
||
| module "elasticsearch_domain" { | ||
| source = "./modules/elasticsearch_domain" | ||
|
|
||
| count = var.create_elasticsearch_domain ? 1 : 0 | ||
|
|
||
| domain_name = var.elasticsearch_domain_name | ||
| access_policies = var.elasticsearch_domain_access_policies | ||
| advanced_options = var.elasticsearch_domain_advanced_options | ||
| elasticsearch_version = var.elasticsearch_domain_version | ||
| tags = var.elasticsearch_domain_tags | ||
| advanced_security_options = var.elasticsearch_domain_advanced_security_options | ||
| auto_tune_options = var.elasticsearch_domain_auto_tune_options | ||
| cluster_config = var.elasticsearch_domain_cluster_config | ||
| cognito_options = var.elasticsearch_domain_cognito_options | ||
| domain_endpoint_options = var.elasticsearch_domain_endpoint_options | ||
| ebs_options = var.elasticsearch_domain_ebs_options | ||
| encrypt_at_rest = var.elasticsearch_domain_encrypt_at_rest | ||
| log_publishing_options = var.elasticsearch_domain_log_publishing_options | ||
| node_to_node_encryption = var.elasticsearch_domain_node_to_node_encryption | ||
| snapshot_options = var.elasticsearch_domain_snapshot_options | ||
| vpc_options = var.elasticsearch_domain_vpc_options | ||
| } |
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,59 @@ | ||
| # Module: aws_elasticsearch_domain | ||
|
|
||
| Manages an AWS Elasticsearch Domain. | ||
|
|
||
| <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK --> | ||
| ## Requirements | ||
|
|
||
| | Name | Version | | ||
| |------|---------| | ||
| | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | ~> 1.0 | | ||
| | <a name="requirement_aws"></a> [aws](#requirement\_aws) | ~> 4.10 | | ||
|
|
||
| ## Providers | ||
|
|
||
| | Name | Version | | ||
| |------|---------| | ||
| | <a name="provider_aws"></a> [aws](#provider\_aws) | 4.14.0 | | ||
|
|
||
| ## Modules | ||
|
|
||
| No modules. | ||
|
|
||
| ## Resources | ||
|
|
||
| | Name | Type | | ||
| |------|------| | ||
| | [aws_elasticsearch_domain.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticsearch_domain) | resource | | ||
|
|
||
| ## Inputs | ||
|
|
||
| | Name | Description | Type | Default | Required | | ||
| |------|-------------|------|---------|:--------:| | ||
| | <a name="input_access_policies"></a> [access\_policies](#input\_access\_policies) | IAM policy document specifying the access policies for the domain | `string` | `null` | no | | ||
| | <a name="input_advanced_options"></a> [advanced\_options](#input\_advanced\_options) | Key-value string pairs to specify advanced configuration options | `map(string)` | `{}` | no | | ||
| | <a name="input_advanced_security_options"></a> [advanced\_security\_options](#input\_advanced\_security\_options) | Configuration block for fine-grained access control | `any` | `{}` | no | | ||
| | <a name="input_auto_tune_options"></a> [auto\_tune\_options](#input\_auto\_tune\_options) | Configuration block for the Auto-Tune options of the domain | `any` | `{}` | no | | ||
| | <a name="input_cluster_config"></a> [cluster\_config](#input\_cluster\_config) | Configuration block for the cluster of the domain | `any` | `{}` | no | | ||
| | <a name="input_cognito_options"></a> [cognito\_options](#input\_cognito\_options) | Configuration block for authenticating Kibana with Cognito | `any` | `{}` | no | | ||
| | <a name="input_domain_endpoint_options"></a> [domain\_endpoint\_options](#input\_domain\_endpoint\_options) | Configuration block for domain endpoint HTTP(S) related options | `any` | `{}` | no | | ||
| | <a name="input_domain_name"></a> [domain\_name](#input\_domain\_name) | Name of the domain | `string` | n/a | yes | | ||
| | <a name="input_ebs_options"></a> [ebs\_options](#input\_ebs\_options) | Configuration block for EBS related options, may be required based on chosen instance size | `any` | `{}` | no | | ||
| | <a name="input_elasticsearch_version"></a> [elasticsearch\_version](#input\_elasticsearch\_version) | Version of Elasticsearch to deploy. Defaults to `1.5` | `string` | `"1.5"` | no | | ||
| | <a name="input_encrypt_at_rest"></a> [encrypt\_at\_rest](#input\_encrypt\_at\_rest) | Configuration block for encrypt at rest options. Only available for certain instance types | `any` | `{}` | no | | ||
| | <a name="input_log_publishing_options"></a> [log\_publishing\_options](#input\_log\_publishing\_options) | Configuration block for publishing slow and application logs to CloudWatch Logs | `any` | `{}` | no | | ||
| | <a name="input_node_to_node_encryption"></a> [node\_to\_node\_encryption](#input\_node\_to\_node\_encryption) | Configuration block for node-to-node encryption options | `any` | `{}` | no | | ||
| | <a name="input_snapshot_options"></a> [snapshot\_options](#input\_snapshot\_options) | Configuration block for snapshot related options | `any` | `{}` | no | | ||
| | <a name="input_tags"></a> [tags](#input\_tags) | Map of tags to assign to the resource | `map(string)` | `{}` | no | | ||
| | <a name="input_vpc_options"></a> [vpc\_options](#input\_vpc\_options) | Configuration block for VPC related options | `any` | `{}` | no | | ||
|
|
||
| ## Outputs | ||
|
|
||
| | Name | Description | | ||
| |------|-------------| | ||
| | <a name="output_arn"></a> [arn](#output\_arn) | ARN of the domain | | ||
| | <a name="output_domain_id"></a> [domain\_id](#output\_domain\_id) | Unique identifier for the domain | | ||
| | <a name="output_domain_name"></a> [domain\_name](#output\_domain\_name) | Name of the Elasticsearch domain | | ||
| | <a name="output_endpoint"></a> [endpoint](#output\_endpoint) | Domain-specific endpoint used to submit index, search, and data upload requests | | ||
| | <a name="output_kibana_endpoint"></a> [kibana\_endpoint](#output\_kibana\_endpoint) | Domain-specific endpoint for kibana without https scheme | | ||
| <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK --> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,164 @@ | ||
| resource "aws_elasticsearch_domain" "this" { | ||
| domain_name = var.domain_name | ||
| access_policies = var.access_policies | ||
| advanced_options = var.advanced_options | ||
| elasticsearch_version = var.elasticsearch_version | ||
| tags = var.tags | ||
|
|
||
| dynamic "advanced_security_options" { | ||
| for_each = var.advanced_security_options != {} ? [var.advanced_security_options] : [] | ||
|
|
||
| content { | ||
| enabled = advanced_security_options.value["enabled"] | ||
| internal_user_database_enabled = try(advanced_security_options.value["internal_user_database_enabled"], false) | ||
|
|
||
| dynamic "master_user_options" { | ||
| for_each = try(advanced_security_options.value["master_user_options"], {}) != {} ? [advanced_security_options.value["master_user_options"]] : [] | ||
|
|
||
| content { | ||
| master_user_arn = try(master_user_options.value["master_user_arn"], null) | ||
| master_user_name = try(master_user_options.value["master_user_name"], null) | ||
| master_user_password = try(master_user_options.value["master_user_password"], null) | ||
| } | ||
| } | ||
| } | ||
| } | ||
|
|
||
| dynamic "auto_tune_options" { | ||
| for_each = var.auto_tune_options != {} ? [var.auto_tune_options] : [] | ||
|
|
||
| content { | ||
| desired_state = auto_tune_options.value["desired_state"] | ||
| rollback_on_disable = try(auto_tune_options.value["rollback_on_disable"], null) | ||
|
|
||
| dynamic "maintenance_schedule" { | ||
| for_each = try(auto_tune_options.value["maintenance_schedule"], {}) != {} ? [auto_tune_options.value["maintenance_schedule"]] : [] | ||
|
|
||
| content { | ||
| start_at = maintenance_schedule.value["start_at"] | ||
| cron_expression_for_recurrence = maintenance_schedule.value["cron_expression_for_recurrence"] | ||
|
|
||
| dynamic "duration" { | ||
| for_each = [maintenance_schedule.value["duration"]] | ||
|
|
||
| content { | ||
| value = duration.value["value"] | ||
| unit = duration.value["unit"] | ||
| } | ||
| } | ||
| } | ||
| } | ||
| } | ||
| } | ||
|
|
||
| dynamic "cluster_config" { | ||
| for_each = var.cluster_config != {} ? [var.cluster_config] : [] | ||
|
|
||
| content { | ||
| dedicated_master_count = try(cluster_config.value["dedicated_master_count"], null) | ||
| dedicated_master_enabled = try(cluster_config.value["dedicated_master_enabled"], null) | ||
| dedicated_master_type = try(cluster_config.value["dedicated_master_type"], null) | ||
| instance_count = try(cluster_config.value["instance_count"], null) | ||
| instance_type = try(cluster_config.value["instance_type"], null) | ||
| warm_count = try(cluster_config.value["warm_count"], null) | ||
| warm_enabled = try(cluster_config.value["warm_enabled"], null) | ||
| warm_type = try(cluster_config.value["warm_type"], null) | ||
| zone_awareness_enabled = try(cluster_config.value["zone_awareness_enabled"], null) | ||
|
|
||
| dynamic "cold_storage_options" { | ||
| for_each = try(cluster_config.value["cold_storage_options"], {}) != {} ? [cluster_config.value["cold_storage_options"]] : [] | ||
|
|
||
| content { | ||
| enabled = try(cold_storage_options.value["enabled"], false) | ||
| } | ||
| } | ||
|
|
||
| dynamic "zone_awareness_config" { | ||
| for_each = try(cluster_config.value["zone_awareness_config"], {}) != {} ? [cluster_config.value["zone_awareness_config"]] : [] | ||
|
|
||
| content { | ||
| availability_zone_count = try(zone_awareness_config.value["availability_zone_count"], 2) | ||
| } | ||
| } | ||
|
|
||
| } | ||
| } | ||
|
|
||
| dynamic "cognito_options" { | ||
| for_each = var.cognito_options != {} ? [var.cognito_options] : [] | ||
|
|
||
| content { | ||
| identity_pool_id = cognito_options.value["identity_pool_id"] | ||
| role_arn = cognito_options.value["role_arn"] | ||
| user_pool_id = cognito_options.value["user_pool_id"] | ||
| enabled = try(cognito_options.value["enabled"], false) | ||
| } | ||
| } | ||
|
|
||
| dynamic "domain_endpoint_options" { | ||
| for_each = var.domain_endpoint_options != {} ? [var.domain_endpoint_options] : [] | ||
|
|
||
| content { | ||
| custom_endpoint_certificate_arn = try(domain_endpoint_options.value["custom_endpoint_certificate_arn"], null) | ||
| custom_endpoint_enabled = try(domain_endpoint_options.value["custom_endpoint_enabled"], null) | ||
| custom_endpoint = try(domain_endpoint_options.value["custom_endpoint"], null) | ||
| enforce_https = try(domain_endpoint_options.value["enforce_https"], true) | ||
| tls_security_policy = try(domain_endpoint_options.value["tls_security_policy"], null) | ||
| } | ||
| } | ||
|
|
||
| dynamic "ebs_options" { | ||
| for_each = var.ebs_options != {} ? [var.ebs_options] : [] | ||
|
|
||
| content { | ||
| ebs_enabled = ebs_options.value["ebs_enabled"] | ||
| iops = try(ebs_options.value["iops"], null) | ||
| volume_size = try(ebs_options.value["volume_size"], null) | ||
| volume_type = try(ebs_options.value["volume_type"], null) | ||
| } | ||
| } | ||
|
|
||
| dynamic "encrypt_at_rest" { | ||
| for_each = var.encrypt_at_rest != {} ? [var.encrypt_at_rest] : [] | ||
|
|
||
| content { | ||
| enabled = encrypt_at_rest.value["enabled"] | ||
| kms_key_id = try(encrypt_at_rest.value["kms_key_id"], null) | ||
| } | ||
| } | ||
|
|
||
| dynamic "log_publishing_options" { | ||
| for_each = var.log_publishing_options #!= {} ? [var.log_publishing_options] : [] | ||
|
|
||
| content { | ||
| log_type = log_publishing_options.key | ||
| cloudwatch_log_group_arn = log_publishing_options.value["cloudwatch_log_group_arn"] | ||
| enabled = try(log_publishing_options.value["enabled"], true) | ||
| } | ||
| } | ||
|
|
||
| dynamic "node_to_node_encryption" { | ||
| for_each = var.node_to_node_encryption != {} ? [var.node_to_node_encryption] : [] | ||
|
|
||
| content { | ||
| enabled = node_to_node_encryption.value["enabled"] | ||
| } | ||
| } | ||
|
|
||
| dynamic "snapshot_options" { | ||
| for_each = var.snapshot_options != {} ? [var.snapshot_options] : [] | ||
|
|
||
| content { | ||
| automated_snapshot_start_hour = snapshot_options.value["automated_snapshot_start_hour"] | ||
| } | ||
| } | ||
|
|
||
| dynamic "vpc_options" { | ||
| for_each = var.vpc_options != {} ? [var.vpc_options] : [] | ||
|
|
||
| content { | ||
| subnet_ids = vpc_options.value["subnet_ids"] | ||
| security_group_ids = try(vpc_options.value["security_group_ids"], null) | ||
| } | ||
| } | ||
| } |
Oops, something went wrong.