Skip to content

Latest commit

 

History

History
94 lines (82 loc) · 12.3 KB

README.md

File metadata and controls

94 lines (82 loc) · 12.3 KB

Terraform Modules Template

Requirements

Name Version
terraform >= 1.0
aws >= 4.0

Providers

Name Version
aws 4.31.0

Modules

No modules.

Resources

Name Type
aws_cloudwatch_metric_alarm.red_cluster_status resource
aws_iam_service_linked_role.opensearch resource
aws_opensearch_domain.this resource
aws_opensearch_domain_saml_options.this resource
aws_caller_identity.current data source
aws_partition.current data source
aws_region.current data source

Inputs

Name Description Type Default Required
access_policies IAM policy document specifying the access policies for the domain string "" no
advanced_security_options_enabled Whether advanced security is enabled bool false no
alarm_actions The list of actions to execute when this alarm transitions into an ALARM state from any other state. Each action is specified as an Amazon Resource Name (ARN) list(string) [] no
anonymous_auth_enabled Whether Anonymous auth is enabled. Enables fine-grained access control on an existing domain. Ignored unless advanced_security_options are enabled. Can only be enabled on an existing domain bool false no
availability_zones The number of availability zones for the OpenSearch cluster. Valid values: 1, 2 or 3. number 2 no
cluster_name The name of the OpenSearch cluster. string "opensearch" no
cluster_version The version of OpenSearch to deploy. string "1.0" no
create_service_role Indicates whether to create the service-linked role. See https://docs.aws.amazon.com/opensearch-service/latest/developerguide/slr.html bool true no
custom_endpoint Custom Endpoint URL string null no
custom_endpoint_certificate_arn Custom Endpoint Certificate ARN string null no
custom_endpoint_enabled custom endpoint enabled bool false no
ebs_enabled Whether EBS volumes are attached to data nodes in the domain bool false no
ebs_gp3_throughput Specifies the throughput (in MiB/s) of the EBS volumes attached to data nodes. Applicable only for the gp3 volume type. Valid values are between 125 and 1000 number 125 no
ebs_iops Baseline input/output (I/O) performance of EBS volumes attached to data nodes. Applicable only for the GP3 and Provisioned IOPS EBS volume types number 10000 no
ebs_volume_size Size of EBS volumes attached to data nodes (in GiB) number 10 no
ebs_volume_type Type of EBS volumes attached to data nodes string "gp3" no
encrypt_at_rest_enabled Whether to enable encryption at rest. If the encrypt_at_rest block is not provided then this defaults to false bool false no
encrypt_kms_key_id The KMS key ID to encrypt the OpenSearch cluster with. If not specified, then it defaults to using the AWS OpenSearch Service KMS key. string "" no
engine_version Specify the engine version for the Amazon OpenSearch Service domain string "OpenSearch_1.3" no
instance_count The number of dedicated hot nodes in the cluster. number 3 no
instance_type The type of EC2 instances to run for each hot node. A list of available instance types can you find at https://aws.amazon.com/en/opensearch-service/pricing/#On-Demand_instance_pricing string "t3.small.search" no
internal_user_database_enabled Whether the internal user database is enabled bool false no
master_instance_count The number of dedicated master nodes in the cluster. number 1 no
master_instance_enabled Indicates whether dedicated master nodes are enabled for the cluster. bool true no
master_instance_type The type of EC2 instances to run for each master node. A list of available instance types can you find at https://aws.amazon.com/en/opensearch-service/pricing/#On-Demand_instance_pricing string "t3.small.search" no
master_user_arn The ARN for the master user of the cluster. If not specified, then it defaults to using the IAM user that is making the request. string "" no
master_user_name Main user's username, which is stored in the Amazon OpenSearch Service domain's internal database string "" no
master_user_password Main user's password, which is stored in the Amazon OpenSearch Service domain's internal database string "" no
node_to_node_encryption_enabled Whether to enable node-to-node encryption. If the node_to_node_encryption block is not provided then this defaults to false bool false no
ok_actions The list of actions to execute when this alarm transitions into an OK state from any other state. Each action is specified as an Amazon Resource Name (ARN) list(string) [] no
red_cluster_status_evaluation_periods The number of periods over which data is compared to the specified threshold number 1 no
red_cluster_status_period The period in seconds over which the specified statistic is applied number 60 no
red_cluster_status_threshold The value against which the specified statistic is compared. This parameter is required for alarms based on static thresholds, but should not be used for alarms based on anomaly detection models number 1 no
saml_enabled Whether SAML authentication is enabled bool false no
saml_entity_id The unique Entity ID of the application in SAML Identity Provider. string n/a yes
saml_master_backend_role This backend role receives full permissions to the cluster, equivalent to a new master role, but can only use those permissions within Dashboards. string null no
saml_master_user_name This username receives full permissions to the cluster, equivalent to a new master user, but can only use those permissions within Dashboards. string null no
saml_metadata_content The metadata of the SAML application in xml format. string n/a yes
saml_roles_key Element of the SAML assertion to use for backend roles. string "" no
saml_session_timeout Duration of a session in minutes after a user logs in. Default is 60. Maximum value is 1,440. number 60 no
saml_subject_key Element of the SAML assertion to use for username. string "" no
security_group_ids List of VPC Security Group IDs to be applied to the OpenSearch domain endpoints. If omitted, the default Security Group for the VPC will be used list(string) [] no
subnet_ids List of VPC Subnet IDs for the OpenSearch domain endpoints to be created in list(string) [] no
tags A map of tags to add to all resources. map(string) {} no
warm_instance_count The number of dedicated warm nodes in the cluster. number 2 no
warm_instance_enabled Indicates whether ultrawarm nodes are enabled for the cluster. bool false no
warm_instance_type The type of EC2 instances to run for each warm node. A list of available instance types can you find at https://aws.amazon.com/en/elasticsearch-service/pricing/#UltraWarm_pricing string "ultrawarm1.medium.search" no

Outputs

Name Description
cluster_arn ARN of the OpenSearch Cluster
cluster_endpoint Domain-specific endpoint used to submit index, search, and data upload requests
cluster_id Unique identifier for the Cluster
cluster_name Name of the OpenSearch Cluster
kibana_endpoint Domain-specific endpoint for kibana without https scheme.