| Name | Version |
|---|---|
| terraform | >= 1.4 |
| aws | >= 5.16 |
| Name | Version |
|---|---|
| aws | >= 5.16 |
| Name | Source | Version |
|---|---|---|
| cloudwatch_alarms | terraform-aws-modules/cloudwatch/aws//wrappers/metric-alarm | ~> 5.4.0 |
| Name | Type |
|---|---|
| aws_cloudwatch_log_group.aos | resource |
| aws_cloudwatch_log_resource_policy.aos_log_publishing | resource |
| aws_iam_service_linked_role.aos | resource |
| aws_opensearch_domain.this | resource |
| aws_opensearch_domain_policy.this | resource |
| aws_opensearch_domain_saml_options.this | resource |
| aws_opensearch_vpc_endpoint.this | resource |
| aws_caller_identity.current | data source |
| aws_iam_policy_document.aos_access_policy | data source |
| aws_iam_policy_document.aos_log_publishing | data source |
| aws_iam_policy_document.combined | data source |
| aws_region.current | data source |
| aws_subnet.vpc_endpoint | data source |
| aws_vpc_endpoint.this | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| access_policies | IAM policy document specifying the access policies for the domain | string |
"" |
no |
| admin_identifiers | Admin Identifiers to be allowed in the Access Policy of Opensearch Cluster | list(string) |
[ |
no |
| advanced_options | Note that the values for these configuration options must be strings (wrapped in quotes) or they may be wrong and cause a perpetual diff, causing Terraform to want to recreate your OpenSearch domain on every apply. | map(string) |
{} |
no |
| advanced_security_options_enabled | Whether advanced security is enabled | bool |
false |
no |
| alarm_actions | The list of actions to execute when this alarm transitions into an ALARM state from any other state. Each action is specified as an Amazon Resource Name (ARN) | list(string) |
[] |
no |
| alarm_overrides | A map of overrides to apply to each alarm | any |
{} |
no |
| anonymous_auth_enabled | Whether Anonymous auth is enabled. Enables fine-grained access control on an existing domain. Ignored unless advanced_security_options are enabled. Can only be enabled on an existing domain | bool |
false |
no |
| auto_software_update_enabled | Whether automatic service software updates are enabled for the domain | bool |
false |
no |
| auto_tune_desired_state | The Auto-Tune desired state for the domain. Valid values: ENABLED or DISABLED | string |
"ENABLED" |
no |
| availability_zones | The number of availability zones for the OpenSearch cluster. Valid values: 1, 2 or 3. | number |
3 |
no |
| cloudwatch_log_group_retention_days | Cloudwatch log group retention period in days | number |
7 |
no |
| cognito_identity_pool_id | ID of the Cognito Identity Pool to use. | string |
"" |
no |
| cognito_role_arn | ARN of the IAM role that has the AmazonOpenSearchServiceCognitoAccess policy attached. | string |
"" |
no |
| cognito_user_id_pool | ID of the Cognito User Pool to use. | string |
"" |
no |
| cold_storage_enabled | Enable cold storage. Master and ultrawarm nodes must be enabled for cold storage. | bool |
false |
no |
| create_alarms | Whether to create default set of alarms | bool |
true |
no |
| create_service_role | Indicates whether to create the service-linked role. See https://docs.aws.amazon.com/opensearch-service/latest/developerguide/slr.html | bool |
false |
no |
| create_vpc_endpoint | Whether to create a VPC endpoint for the domain | bool |
false |
no |
| custom_endpoint | Custom Endpoint URL | string |
null |
no |
| custom_endpoint_certificate_arn | Custom Endpoint Certificate ARN | string |
null |
no |
| custom_endpoint_enabled | custom endpoint enabled | bool |
false |
no |
| disabled_alarms | List of IDs of alarms to disable | list(string) |
[] |
no |
| domain_name | The name of the OpenSearch cluster. | string |
n/a | yes |
| ebs_enabled | Whether EBS volumes are attached to data nodes in the domain | bool |
false |
no |
| ebs_gp3_throughput | Specifies the throughput (in MiB/s) of the EBS volumes attached to data nodes. Applicable only for the gp3 volume type. Valid values are between 125 and 1000 | number |
125 |
no |
| ebs_iops | Baseline input/output (I/O) performance of EBS volumes attached to data nodes. Applicable only for the GP3 and Provisioned IOPS EBS volume types | number |
3000 |
no |
| ebs_volume_size | Size of EBS volumes attached to data nodes (in GiB) | number |
10 |
no |
| ebs_volume_type | Type of EBS volumes attached to data nodes | string |
"gp3" |
no |
| enable_cognito | Whether Amazon Cognito authentication with Dashboard is enabled or not. | bool |
false |
no |
| enable_off_peak_window_options | Enabled disabled toggle for off-peak update window | bool |
true |
no |
| encrypt_at_rest_enabled | Enable encrypt at rest. | bool |
true |
no |
| encrypt_kms_key_id | The KMS key ID to encrypt the OpenSearch cluster with. If not specified, then it defaults to using the AWS OpenSearch Service KMS key. | string |
null |
no |
| engine_version | Specify the engine version for the Amazon OpenSearch Service domain | string |
"OpenSearch_1.3" |
no |
| instance_count | The number of dedicated hot nodes in the cluster. | number |
3 |
no |
| instance_type | The type of EC2 instances to run for each hot node. A list of available instance types can you find at https://aws.amazon.com/en/opensearch-service/pricing/#On-Demand_instance_pricing | string |
"t3.small.search" |
no |
| insufficient_data_actions | The list of actions to execute when this alarm transitions into an INSUFFICIENT_DATA state from any other state | list(string) |
[] |
no |
| internal_user_database_enabled | Whether the internal user database is enabled | bool |
false |
no |
| log_publishing_options | Configuration block for publishing slow and application logs to CloudWatch Logs. | map(object({ |
{ |
no |
| maintenance_schedule | configuration for auto tune maintenance schedule | map(any) |
{} |
no |
| master_instance_count | The number of dedicated master nodes in the cluster. | number |
3 |
no |
| master_instance_enabled | Indicates whether dedicated master nodes are enabled for the cluster. | bool |
true |
no |
| master_instance_type | The type of EC2 instances to run for each master node. A list of available instance types can you find at https://aws.amazon.com/en/opensearch-service/pricing/#On-Demand_instance_pricing | string |
"t3.small.search" |
no |
| master_user_arn | The ARN for the master user of the cluster. If not specified, then it defaults to using the IAM user that is making the request. | string |
"" |
no |
| master_user_name | Main user's username, which is stored in the Amazon OpenSearch Service domain's internal database | string |
"" |
no |
| master_user_password | Main user's password, which is stored in the Amazon OpenSearch Service domain's internal database | string |
"" |
no |
| node_to_node_encryption_enabled | Enable node-to-node encryption. | bool |
true |
no |
| off_peak_window_options | Configuration for off peak window | map(any) |
{ |
no |
| ok_actions | The list of actions to execute when this alarm transitions into an OK state from any other state | list(string) |
[] |
no |
| rollback_on_disable | whether to roll back auto tune if auto tune is disabled | string |
"NO_ROLLBACK" |
no |
| saml_enabled | Whether SAML authentication is enabled | bool |
false |
no |
| saml_entity_id | The unique Entity ID of the application in SAML Identity Provider. | string |
"" |
no |
| saml_master_backend_role | This backend role receives full permissions to the cluster, equivalent to a new master role, but can only use those permissions within Dashboards. | string |
null |
no |
| saml_master_user_name | This username receives full permissions to the cluster, equivalent to a new master user, but can only use those permissions within Dashboards. | string |
null |
no |
| saml_metadata_content | The metadata of the SAML application in xml format. | string |
"" |
no |
| saml_options_enabled | Whether SAML authentication options for an AWS OpenSearch Domain is enabled | bool |
false |
no |
| saml_roles_key | Element of the SAML assertion to use for backend roles. | string |
"" |
no |
| saml_session_timeout | Duration of a session in minutes after a user logs in. Default is 60. Maximum value is 1,440. | number |
60 |
no |
| saml_subject_key | Element of the SAML assertion to use for username. | string |
"" |
no |
| security_group_ids | List of VPC Security Group IDs to be applied to the OpenSearch domain endpoints. If omitted, the default Security Group for the VPC will be used | list(string) |
[] |
no |
| subnet_ids | List of VPC Subnet IDs for the OpenSearch domain endpoints to be created in | list(string) |
[] |
no |
| tags | A map of tags to add to all resources. | map(string) |
{} |
no |
| vpc_endpoint_security_group_ids | Security group IDs to use for VPC endpoint | list(string) |
[] |
no |
| vpc_endpoint_subnet_ids | Subnet IDs to use for VPC endpoint | list(string) |
[] |
no |
| warm_instance_count | The number of dedicated warm nodes in the cluster. | number |
3 |
no |
| warm_instance_enabled | Indicates whether ultrawarm nodes are enabled for the cluster. | bool |
false |
no |
| warm_instance_type | The type of EC2 instances to run for each warm node. A list of available instance types can you find at https://aws.amazon.com/en/elasticsearch-service/pricing/#UltraWarm_pricing | string |
"ultrawarm1.medium.search" |
no |
| whitelist_ips | Whitelisted client ip address to access. | list(string) |
[] |
no |
| Name | Description |
|---|---|
| domain_arn | ARN of the OpenSearch Cluster |
| domain_endpoint | Domain-specific endpoint used to submit index, search, and data upload requests |
| domain_id | Unique identifier for the Cluster |
| domain_name | Name of the OpenSearch Cluster |
| vpc_endpoint_dns_names | VPC endpoint DNS names |
| vpc_endpoint_endpoint | The connection endpoint ID for connecting to the domain |
| vpc_endpoint_id | The unique identifier of the endpoint |