access_policies |
IAM policy document specifying the access policies for the domain |
string |
"" |
no |
advanced_security_options_enabled |
Whether advanced security is enabled |
bool |
false |
no |
alarm_actions |
The list of actions to execute when this alarm transitions into an ALARM state from any other state. Each action is specified as an Amazon Resource Name (ARN) |
list(string) |
[] |
no |
anonymous_auth_enabled |
Whether Anonymous auth is enabled. Enables fine-grained access control on an existing domain. Ignored unless advanced_security_options are enabled. Can only be enabled on an existing domain |
bool |
false |
no |
availability_zones |
The number of availability zones for the OpenSearch cluster. Valid values: 1, 2 or 3. |
number |
2 |
no |
cluster_name |
The name of the OpenSearch cluster. |
string |
"opensearch" |
no |
cluster_version |
The version of OpenSearch to deploy. |
string |
"1.0" |
no |
create_service_role |
Indicates whether to create the service-linked role. See https://docs.aws.amazon.com/opensearch-service/latest/developerguide/slr.html |
bool |
true |
no |
custom_endpoint |
Custom Endpoint URL |
string |
null |
no |
custom_endpoint_certificate_arn |
Custom Endpoint Certificate ARN |
string |
null |
no |
custom_endpoint_enabled |
custom endpoint enabled |
bool |
false |
no |
ebs_enabled |
Whether EBS volumes are attached to data nodes in the domain |
bool |
false |
no |
ebs_gp3_throughput |
Specifies the throughput (in MiB/s) of the EBS volumes attached to data nodes. Applicable only for the gp3 volume type. Valid values are between 125 and 1000 |
number |
125 |
no |
ebs_iops |
Baseline input/output (I/O) performance of EBS volumes attached to data nodes. Applicable only for the GP3 and Provisioned IOPS EBS volume types |
number |
10000 |
no |
ebs_volume_size |
Size of EBS volumes attached to data nodes (in GiB) |
number |
10 |
no |
ebs_volume_type |
Type of EBS volumes attached to data nodes |
string |
"gp3" |
no |
encrypt_at_rest_enabled |
Whether to enable encryption at rest. If the encrypt_at_rest block is not provided then this defaults to false |
bool |
false |
no |
encrypt_kms_key_id |
The KMS key ID to encrypt the OpenSearch cluster with. If not specified, then it defaults to using the AWS OpenSearch Service KMS key. |
string |
"" |
no |
engine_version |
Specify the engine version for the Amazon OpenSearch Service domain |
string |
"OpenSearch_1.3" |
no |
instance_count |
The number of dedicated hot nodes in the cluster. |
number |
3 |
no |
instance_type |
The type of EC2 instances to run for each hot node. A list of available instance types can you find at https://aws.amazon.com/en/opensearch-service/pricing/#On-Demand_instance_pricing |
string |
"t3.small.search" |
no |
internal_user_database_enabled |
Whether the internal user database is enabled |
bool |
false |
no |
master_instance_count |
The number of dedicated master nodes in the cluster. |
number |
1 |
no |
master_instance_enabled |
Indicates whether dedicated master nodes are enabled for the cluster. |
bool |
true |
no |
master_instance_type |
The type of EC2 instances to run for each master node. A list of available instance types can you find at https://aws.amazon.com/en/opensearch-service/pricing/#On-Demand_instance_pricing |
string |
"t3.small.search" |
no |
master_user_arn |
The ARN for the master user of the cluster. If not specified, then it defaults to using the IAM user that is making the request. |
string |
"" |
no |
master_user_name |
Main user's username, which is stored in the Amazon OpenSearch Service domain's internal database |
string |
"" |
no |
master_user_password |
Main user's password, which is stored in the Amazon OpenSearch Service domain's internal database |
string |
"" |
no |
node_to_node_encryption_enabled |
Whether to enable node-to-node encryption. If the node_to_node_encryption block is not provided then this defaults to false |
bool |
false |
no |
ok_actions |
The list of actions to execute when this alarm transitions into an OK state from any other state. Each action is specified as an Amazon Resource Name (ARN) |
list(string) |
[] |
no |
red_cluster_status_evaluation_periods |
The number of periods over which data is compared to the specified threshold |
number |
1 |
no |
red_cluster_status_period |
The period in seconds over which the specified statistic is applied |
number |
60 |
no |
red_cluster_status_threshold |
The value against which the specified statistic is compared. This parameter is required for alarms based on static thresholds, but should not be used for alarms based on anomaly detection models |
number |
1 |
no |
saml_enabled |
Whether SAML authentication is enabled |
bool |
false |
no |
saml_entity_id |
The unique Entity ID of the application in SAML Identity Provider. |
string |
n/a |
yes |
saml_master_backend_role |
This backend role receives full permissions to the cluster, equivalent to a new master role, but can only use those permissions within Dashboards. |
string |
null |
no |
saml_master_user_name |
This username receives full permissions to the cluster, equivalent to a new master user, but can only use those permissions within Dashboards. |
string |
null |
no |
saml_metadata_content |
The metadata of the SAML application in xml format. |
string |
n/a |
yes |
saml_roles_key |
Element of the SAML assertion to use for backend roles. |
string |
"" |
no |
saml_session_timeout |
Duration of a session in minutes after a user logs in. Default is 60. Maximum value is 1,440. |
number |
60 |
no |
saml_subject_key |
Element of the SAML assertion to use for username. |
string |
"" |
no |
security_group_ids |
List of VPC Security Group IDs to be applied to the OpenSearch domain endpoints. If omitted, the default Security Group for the VPC will be used |
list(string) |
[] |
no |
subnet_ids |
List of VPC Subnet IDs for the OpenSearch domain endpoints to be created in |
list(string) |
[] |
no |
tags |
A map of tags to add to all resources. |
map(string) |
{} |
no |
warm_instance_count |
The number of dedicated warm nodes in the cluster. |
number |
2 |
no |
warm_instance_enabled |
Indicates whether ultrawarm nodes are enabled for the cluster. |
bool |
false |
no |
warm_instance_type |
The type of EC2 instances to run for each warm node. A list of available instance types can you find at https://aws.amazon.com/en/elasticsearch-service/pricing/#UltraWarm_pricing |
string |
"ultrawarm1.medium.search" |
no |