forked from SPHTech-Platform/terraform-aws-opensearch
-
Notifications
You must be signed in to change notification settings - Fork 0
/
variables.tf
344 lines (287 loc) · 10.6 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
variable "cluster_name" {
description = "The name of the OpenSearch cluster."
type = string
}
variable "engine_version" {
description = "Specify the engine version for the Amazon OpenSearch Service domain"
type = string
default = "OpenSearch_1.3"
validation {
condition = can(regex("^OpenSearch", var.engine_version))
error_message = "Incorrect engine version for the OpenSearch."
}
}
variable "access_policies" {
description = "IAM policy document specifying the access policies for the domain"
type = string
default = ""
}
variable "cluster_version" {
description = "The version of OpenSearch to deploy."
type = string
default = "1.0"
}
variable "create_service_role" {
description = "Indicates whether to create the service-linked role. See https://docs.aws.amazon.com/opensearch-service/latest/developerguide/slr.html"
type = bool
default = false
}
variable "master_user_arn" {
description = "The ARN for the master user of the cluster. If not specified, then it defaults to using the IAM user that is making the request."
type = string
default = ""
}
variable "master_user_name" {
description = "Main user's username, which is stored in the Amazon OpenSearch Service domain's internal database"
type = string
default = ""
}
variable "master_user_password" {
description = "Main user's password, which is stored in the Amazon OpenSearch Service domain's internal database"
type = string
default = ""
}
variable "master_instance_enabled" {
description = "Indicates whether dedicated master nodes are enabled for the cluster."
type = bool
default = true
}
variable "master_instance_type" {
description = "The type of EC2 instances to run for each master node. A list of available instance types can you find at https://aws.amazon.com/en/opensearch-service/pricing/#On-Demand_instance_pricing"
type = string
default = "t3.small.search"
validation {
condition = can(regex("^[t3|m5|m6g|r5|r6g|r6gd|i3|c5|c6g]", var.master_instance_type))
error_message = "The EC2 master_instance_type must provide a SSD or NVMe-based local storage."
}
}
variable "master_instance_count" {
description = "The number of dedicated master nodes in the cluster."
type = number
default = 3
}
variable "instance_type" {
description = "The type of EC2 instances to run for each hot node. A list of available instance types can you find at https://aws.amazon.com/en/opensearch-service/pricing/#On-Demand_instance_pricing"
type = string
default = "t3.small.search"
validation {
condition = can(regex("^[t3|m5|m6g|r5|r6g|r6gd|i3|c5|c6g]", var.instance_type))
error_message = "The EC2 instance_type must provide a SSD or NVMe-based local storage."
}
}
variable "instance_count" {
description = "The number of dedicated hot nodes in the cluster."
type = number
default = 3
}
variable "warm_instance_enabled" {
description = "Indicates whether ultrawarm nodes are enabled for the cluster."
type = bool
default = false
}
variable "warm_instance_type" {
description = "The type of EC2 instances to run for each warm node. A list of available instance types can you find at https://aws.amazon.com/en/elasticsearch-service/pricing/#UltraWarm_pricing"
type = string
default = "ultrawarm1.medium.search"
validation {
condition = can(regex("ultrawarm1.medium.search|ultrawarm1.large.search|ultrawarm1.xlarge.search", var.warm_instance_type))
error_message = "Warm Instance Type is not matching with ultrawarm1.medium.search, ultrawarm1.large.search, ultrawarm1.xlarge.search."
}
}
variable "warm_instance_count" {
description = "The number of dedicated warm nodes in the cluster."
type = number
default = 2
}
variable "availability_zones" {
description = "The number of availability zones for the OpenSearch cluster. Valid values: 1, 2 or 3."
type = number
default = 2
}
variable "encrypt_at_rest_enabled" {
description = " Whether to enable encryption at rest. If the encrypt_at_rest block is not provided then this defaults to false"
type = bool
default = false
}
variable "encrypt_kms_key_id" {
description = "The KMS key ID to encrypt the OpenSearch cluster with. If not specified, then it defaults to using the AWS OpenSearch Service KMS key."
type = string
default = ""
}
variable "node_to_node_encryption_enabled" {
description = "Whether to enable node-to-node encryption. If the node_to_node_encryption block is not provided then this defaults to false"
type = bool
default = false
}
variable "tags" {
description = "A map of tags to add to all resources."
type = map(string)
default = {}
}
variable "ebs_enabled" {
description = "Whether EBS volumes are attached to data nodes in the domain"
type = bool
default = false
}
variable "ebs_volume_type" {
description = "Type of EBS volumes attached to data nodes"
type = string
default = "gp3"
}
variable "ebs_volume_size" {
description = "Size of EBS volumes attached to data nodes (in GiB)"
type = number
default = 10
}
variable "ebs_gp3_throughput" {
description = "Specifies the throughput (in MiB/s) of the EBS volumes attached to data nodes. Applicable only for the gp3 volume type. Valid values are between 125 and 1000"
type = number
default = 125
validation {
condition = (
var.ebs_gp3_throughput >= 125 &&
var.ebs_gp3_throughput <= 1000
)
error_message = "Must be between 125 and 1000 MiB/s."
}
}
variable "ebs_iops" {
description = "Baseline input/output (I/O) performance of EBS volumes attached to data nodes. Applicable only for the GP3 and Provisioned IOPS EBS volume types"
type = number
default = 10000
}
variable "custom_endpoint_enabled" {
description = "custom endpoint enabled"
type = bool
default = false
}
variable "custom_endpoint" {
description = "Custom Endpoint URL"
type = string
default = null
}
variable "custom_endpoint_certificate_arn" {
description = "Custom Endpoint Certificate ARN"
type = string
default = null
}
variable "subnet_ids" {
description = "List of VPC Subnet IDs for the OpenSearch domain endpoints to be created in"
type = list(string)
default = []
}
variable "security_group_ids" {
description = "List of VPC Security Group IDs to be applied to the OpenSearch domain endpoints. If omitted, the default Security Group for the VPC will be used"
type = list(string)
default = []
}
variable "advanced_security_options_enabled" {
description = "Whether advanced security is enabled"
type = bool
default = false
}
variable "anonymous_auth_enabled" {
description = "Whether Anonymous auth is enabled. Enables fine-grained access control on an existing domain. Ignored unless advanced_security_options are enabled. Can only be enabled on an existing domain"
type = bool
default = false
}
variable "internal_user_database_enabled" {
description = "Whether the internal user database is enabled"
type = bool
default = false
}
##########
## SAML ##
##########
variable "saml_enabled" {
description = "Whether SAML authentication is enabled"
type = bool
default = false
}
variable "saml_options_enabled" {
description = "Whether SAML authentication options for an AWS OpenSearch Domain is enabled"
type = bool
default = false
}
variable "saml_subject_key" {
description = "Element of the SAML assertion to use for username."
type = string
default = ""
}
variable "saml_roles_key" {
description = "Element of the SAML assertion to use for backend roles."
type = string
default = ""
}
variable "saml_entity_id" {
description = "The unique Entity ID of the application in SAML Identity Provider."
type = string
default = ""
}
variable "saml_metadata_content" {
description = "The metadata of the SAML application in xml format."
type = string
default = ""
}
variable "saml_session_timeout" {
description = "Duration of a session in minutes after a user logs in. Default is 60. Maximum value is 1,440."
type = number
default = 60
}
variable "saml_master_backend_role" {
description = "This backend role receives full permissions to the cluster, equivalent to a new master role, but can only use those permissions within Dashboards."
type = string
default = null
}
variable "saml_master_user_name" {
description = "This username receives full permissions to the cluster, equivalent to a new master user, but can only use those permissions within Dashboards."
type = string
default = null
}
variable "log_publishing_enabled" {
description = "Whether given log publishing option is enabled or not."
type = bool
default = false
}
variable "log_type" {
description = "Type of OpenSearch log"
type = string
default = "INDEX_SLOW_LOGS"
validation {
condition = can(regex("INDEX_SLOW_LOGS|SEARCH_SLOW_LOGS|ES_APPLICATION_LOGS|AUDIT_LOGS", var.log_type))
error_message = "Valid values: INDEX_SLOW_LOGS, SEARCH_SLOW_LOGS, ES_APPLICATION_LOGS, AUDIT_LOGS."
}
}
variable "cloudwatch_log_group_arn" {
description = "ARN of the Cloudwatch log group to which log needs to be published"
type = string
default = ""
}
############
## Alerts ##
############
variable "red_cluster_status_evaluation_periods" {
description = "The number of periods over which data is compared to the specified threshold"
type = number
default = 1
}
variable "red_cluster_status_period" {
description = "The period in seconds over which the specified statistic is applied"
type = number
default = 60
}
variable "red_cluster_status_threshold" {
description = "The value against which the specified statistic is compared. This parameter is required for alarms based on static thresholds, but should not be used for alarms based on anomaly detection models"
type = number
default = 1
}
variable "alarm_actions" {
description = "The list of actions to execute when this alarm transitions into an ALARM state from any other state. Each action is specified as an Amazon Resource Name (ARN)"
type = list(string)
default = []
}
variable "ok_actions" {
description = "The list of actions to execute when this alarm transitions into an OK state from any other state. Each action is specified as an Amazon Resource Name (ARN)"
type = list(string)
default = []
}