diff --git a/examples/opensearch/direct-put-to-opensearchserverless-in-vpc/README.md b/examples/opensearch/direct-put-to-opensearchserverless-in-vpc/README.md
index ff68921..d75d510 100644
--- a/examples/opensearch/direct-put-to-opensearchserverless-in-vpc/README.md
+++ b/examples/opensearch/direct-put-to-opensearchserverless-in-vpc/README.md
@@ -37,6 +37,7 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Source | Version |
|------|--------|---------|
| [firehose](#module\_firehose) | ../../../ | n/a |
+| [opensearch\_serverless](#module\_opensearch\_serverless) | fdmsantos/opensearch-serverless/aws | 1.0.0 |
| [security\_groups](#module\_security\_groups) | ../../../ | n/a |
| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | n/a |
@@ -45,11 +46,6 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Type |
|------|------|
| [aws_kms_key.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key) | resource |
-| [aws_opensearchserverless_access_policy.policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/opensearchserverless_access_policy) | resource |
-| [aws_opensearchserverless_collection.os](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/opensearchserverless_collection) | resource |
-| [aws_opensearchserverless_security_policy.networking](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/opensearchserverless_security_policy) | resource |
-| [aws_opensearchserverless_security_policy.security_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/opensearchserverless_security_policy) | resource |
-| [aws_opensearchserverless_vpc_endpoint.vpc_endpoint](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/opensearchserverless_vpc_endpoint) | resource |
| [aws_s3_bucket.s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource |
| [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource |
diff --git a/examples/opensearch/direct-put-to-opensearchserverless-in-vpc/main.tf b/examples/opensearch/direct-put-to-opensearchserverless-in-vpc/main.tf
index 67f8519..51f3262 100644
--- a/examples/opensearch/direct-put-to-opensearchserverless-in-vpc/main.tf
+++ b/examples/opensearch/direct-put-to-opensearchserverless-in-vpc/main.tf
@@ -32,107 +32,27 @@ module "security_groups" {
vpc_security_group_destination_vpc_id = module.vpc.vpc_id
}
-resource "aws_opensearchserverless_vpc_endpoint" "vpc_endpoint" {
- name = "example-vpc-endpoint"
- vpc_id = module.vpc.vpc_id
- subnet_ids = [module.vpc.private_subnets[0]]
- security_group_ids = [module.security_groups.destination_security_group_id]
-}
-
-resource "aws_opensearchserverless_security_policy" "security_policy" {
- name = "os-security-policy"
- type = "encryption"
- policy = jsonencode({
- "Rules" = [
- {
- "Resource" = [
- "collection/${local.collection_name}"
- ],
- "ResourceType" = "collection"
- }
- ],
- "AWSOwnedKey" = true
- })
-}
-
-resource "aws_opensearchserverless_security_policy" "networking" {
- name = "networking-policy"
- type = "network"
- description = "Public access"
- policy = jsonencode([
+module "opensearch_serverless" {
+ source = "fdmsantos/opensearch-serverless/aws"
+ version = "1.0.0"
+ name = local.collection_name
+ network_policy_type = "PrivateCollectionPublicDashboard"
+ vpce_vpc_id = module.vpc.vpc_id
+ vpce_subnet_ids = [module.vpc.private_subnets[0]]
+ vpce_security_group_ids = [module.security_groups.destination_security_group_id]
+ access_policy_rules = [
{
- Description = "VPC access for collection endpoint",
- Rules = [
- {
- ResourceType = "collection",
- Resource = [
- "collection/${local.collection_name}"
- ]
- }
- ],
- AllowFromPublic = false,
- SourceVPCEs = [
- aws_opensearchserverless_vpc_endpoint.vpc_endpoint.id
- ]
+ type = "collection"
+ permissions = ["All"]
+ principals = [module.firehose.kinesis_firehose_role_arn]
},
{
- Description = "Public access for dashboards",
- Rules = [
- {
- ResourceType = "dashboard"
- Resource = [
- "collection/${local.collection_name}"
- ]
- }
- ],
- AllowFromPublic = true
+ type = "index"
+ permissions = ["All"]
+ indexes = ["*"]
+ principals = [module.firehose.kinesis_firehose_role_arn]
}
- ])
-}
-
-resource "aws_opensearchserverless_access_policy" "policy" {
- name = "data-access-policy"
- type = "data"
- description = "read and write permissions"
- policy = jsonencode([{
- Rules = [
- {
- ResourceType = "collection",
- Resource = [
- "collection/${local.collection_name}"
- ],
- Permission = [
- "aoss:CreateCollectionItems",
- "aoss:DeleteCollectionItems",
- "aoss:UpdateCollectionItems",
- "aoss:DescribeCollectionItems"
- ]
- },
- {
- ResourceType = "index",
- Resource = [
- "index/${local.collection_name}/${local.index_name}"
- ],
- Permission = [
- "aoss:CreateIndex",
- "aoss:DeleteIndex",
- "aoss:UpdateIndex",
- "aoss:DescribeIndex",
- "aoss:ReadDocument",
- "aoss:WriteDocument"
- ]
- }
- ],
- Principal = [
- module.firehose.kinesis_firehose_role_arn
- ],
- Description = "Data Access Policy"
- }])
-}
-
-resource "aws_opensearchserverless_collection" "os" {
- name = local.collection_name
- depends_on = [aws_opensearchserverless_security_policy.security_policy, aws_opensearchserverless_security_policy.networking]
+ ]
}
resource "aws_kms_key" "this" {
@@ -145,8 +65,8 @@ module "firehose" {
name = "${var.name_prefix}-delivery-stream"
destination = "opensearchserverless"
buffering_interval = 60
- opensearchserverless_collection_endpoint = aws_opensearchserverless_collection.os.collection_endpoint
- opensearchserverless_collection_arn = aws_opensearchserverless_collection.os.arn
+ opensearchserverless_collection_endpoint = module.opensearch_serverless.collection_endpoint
+ opensearchserverless_collection_arn = module.opensearch_serverless.collection_arn
opensearch_vpc_create_service_linked_role = true
opensearch_index_name = local.index_name
enable_vpc = true
diff --git a/examples/opensearch/direct-put-to-opensearchserverless-in-vpc/outputs.tf b/examples/opensearch/direct-put-to-opensearchserverless-in-vpc/outputs.tf
index 08e5c92..6dc8695 100644
--- a/examples/opensearch/direct-put-to-opensearchserverless-in-vpc/outputs.tf
+++ b/examples/opensearch/direct-put-to-opensearchserverless-in-vpc/outputs.tf
@@ -1,4 +1,4 @@
output "os_domain" {
description = "Opensearch Serverless Collection Endpoint"
- value = aws_opensearchserverless_collection.os.collection_endpoint
+ value = module.opensearch_serverless.collection_endpoint
}
diff --git a/examples/opensearch/direct-put-to-opensearchserverless/README.md b/examples/opensearch/direct-put-to-opensearchserverless/README.md
index 9440514..03ee717 100644
--- a/examples/opensearch/direct-put-to-opensearchserverless/README.md
+++ b/examples/opensearch/direct-put-to-opensearchserverless/README.md
@@ -37,16 +37,13 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Source | Version |
|------|--------|---------|
| [firehose](#module\_firehose) | ../../../ | n/a |
+| [opensearch\_serverless](#module\_opensearch\_serverless) | fdmsantos/opensearch-serverless/aws | 1.0.0 |
## Resources
| Name | Type |
|------|------|
| [aws_kms_key.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key) | resource |
-| [aws_opensearchserverless_access_policy.policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/opensearchserverless_access_policy) | resource |
-| [aws_opensearchserverless_collection.os](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/opensearchserverless_collection) | resource |
-| [aws_opensearchserverless_security_policy.networking](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/opensearchserverless_security_policy) | resource |
-| [aws_opensearchserverless_security_policy.security_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/opensearchserverless_security_policy) | resource |
| [aws_s3_bucket.s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource |
| [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource |
diff --git a/examples/opensearch/direct-put-to-opensearchserverless/main.tf b/examples/opensearch/direct-put-to-opensearchserverless/main.tf
index 8a92b3a..e864ce8 100644
--- a/examples/opensearch/direct-put-to-opensearchserverless/main.tf
+++ b/examples/opensearch/direct-put-to-opensearchserverless/main.tf
@@ -12,91 +12,23 @@ resource "aws_s3_bucket" "s3" {
force_destroy = true
}
-resource "aws_opensearchserverless_security_policy" "security_policy" {
- name = "os-security-policy"
- type = "encryption"
- policy = jsonencode({
- "Rules" = [
- {
- "Resource" = [
- "collection/${local.collection_name}"
- ],
- "ResourceType" = "collection"
- }
- ],
- "AWSOwnedKey" = true
- })
-}
-
-resource "aws_opensearchserverless_security_policy" "networking" {
- name = "networking-policy"
- type = "network"
- description = "Public access"
- policy = jsonencode([
+module "opensearch_serverless" {
+ source = "fdmsantos/opensearch-serverless/aws"
+ version = "1.0.0"
+ name = local.collection_name
+ access_policy_rules = [
{
- Description = "Public access to collection and Dashboards endpoint for example collection",
- Rules = [
- {
- ResourceType = "collection",
- Resource = [
- "collection/${local.collection_name}"
- ]
- },
- {
- ResourceType = "dashboard"
- Resource = [
- "collection/${local.collection_name}"
- ]
- }
- ],
- AllowFromPublic = true
+ type = "collection"
+ permissions = ["All"]
+ principals = [module.firehose.kinesis_firehose_role_arn]
+ },
+ {
+ type = "index"
+ permissions = ["All"]
+ indexes = ["*"]
+ principals = [module.firehose.kinesis_firehose_role_arn]
}
- ])
-}
-
-resource "aws_opensearchserverless_access_policy" "policy" {
- name = "data-access-policy"
- type = "data"
- description = "read and write permissions"
- policy = jsonencode([{
- Rules = [
- {
- ResourceType = "collection",
- Resource = [
- "collection/${local.collection_name}"
- ],
- Permission = [
- "aoss:CreateCollectionItems",
- "aoss:DeleteCollectionItems",
- "aoss:UpdateCollectionItems",
- "aoss:DescribeCollectionItems"
- ]
- },
- {
- ResourceType = "index",
- Resource = [
- "index/${local.collection_name}/${local.index_name}"
- ],
- Permission = [
- "aoss:CreateIndex",
- "aoss:DeleteIndex",
- "aoss:UpdateIndex",
- "aoss:DescribeIndex",
- "aoss:ReadDocument",
- "aoss:WriteDocument"
- ]
- }
- ],
- Principal = [
- module.firehose.kinesis_firehose_role_arn
- ],
- Description = "Data Access Policy"
- }])
-}
-
-resource "aws_opensearchserverless_collection" "os" {
- name = local.collection_name
- depends_on = [aws_opensearchserverless_security_policy.security_policy, aws_opensearchserverless_security_policy.networking]
+ ]
}
resource "aws_kms_key" "this" {
@@ -109,8 +41,8 @@ module "firehose" {
name = "${var.name_prefix}-delivery-stream"
destination = "opensearchserverless"
buffering_interval = 60
- opensearchserverless_collection_endpoint = aws_opensearchserverless_collection.os.collection_endpoint
- opensearchserverless_collection_arn = aws_opensearchserverless_collection.os.arn
+ opensearchserverless_collection_endpoint = module.opensearch_serverless.collection_endpoint
+ opensearchserverless_collection_arn = module.opensearch_serverless.collection_arn
opensearch_vpc_create_service_linked_role = true
opensearch_index_name = local.index_name
s3_backup_mode = "All"
diff --git a/examples/opensearch/direct-put-to-opensearchserverless/outputs.tf b/examples/opensearch/direct-put-to-opensearchserverless/outputs.tf
index 08e5c92..6dc8695 100644
--- a/examples/opensearch/direct-put-to-opensearchserverless/outputs.tf
+++ b/examples/opensearch/direct-put-to-opensearchserverless/outputs.tf
@@ -1,4 +1,4 @@
output "os_domain" {
description = "Opensearch Serverless Collection Endpoint"
- value = aws_opensearchserverless_collection.os.collection_endpoint
+ value = module.opensearch_serverless.collection_endpoint
}