page_title | description |
---|---|
Provider: Elasticsearch |
The Elasticsearch provider is used to interact with the resources supported by Elasticsearch. The provider needs to be configured with an endpoint URL before it can be used. |
The Elasticsearch provider is used to interact with the resources supported by Elasticsearch. The provider needs to be configured with an endpoint URL before it can be used.
AWS Elasticsearch Service domains are supported.
Use the navigation to the left to read about the available resources.
# Configure the Elasticsearch provider
provider "elasticsearch" {
url = "http://127.0.0.1:9200"
}
# Create an index template
resource "elasticsearch_index_template" "template_1" {
name = "template_1"
body = <<EOF
{
"template": "te*",
"settings": {
"number_of_shards": 1
},
"mappings": {
"type1": {
"_source": {
"enabled": false
},
"properties": {
"host_name": {
"type": "keyword"
},
"created_at": {
"type": "date",
"format": "EEE MMM dd HH:mm:ss Z YYYY"
}
}
}
}
}
EOF
}
The following arguments are supported:
url
(Required) - Elasticsearch URL. Defaults toELASTICSEARCH_URL
from the environment.sniff
(Optional) - Set the node sniffing option for the elastic client. Client won't work with sniffing if nodes are not routable. Defaults toELASTICSEARCH_SNIFF
from the environment or true.healthcheck
(Optional) - Set the client healthcheck option for the elastic client. Healthchecking is designed for direct access to the cluster. Defaults toELASTICSEARCH_HEALTH
from the environment, or true.username
(Optional) - Username to use to connect to elasticsearch using basic auth. Defaults toELASTICSEARCH_USERNAME
from the environmentpassword
(Optional) - Password to use to connect to elasticsearch using basic auth. Defaults toELASTICSEARCH_PASSWORD
from the environmentaws_assume_role_arn
(Optional) - ARN of role to assume when using AWS Elasticsearch Service domains.aws_access_key
(Optional) - The access key for use with AWS Elasticsearch Service domains. It can also be sourced from theAWS_ACCESS_KEY_ID
environment variable.aws_secret_key
(Optional) - The secret key for use with AWS Elasticsearch Service domains. It can also be sourced from theAWS_SECRET_ACCESS_KEY
environment variable.aws_token
(Optional) - The session token for use with AWS Elasticsearch Service domains. It can also be sourced from theAWS_SESSION_TOKEN
environment variable.aws_profile
(Optional) - The AWS profile for use with AWS Elasticsearch Service domainsaws_region
(Optional) - The AWS region for use in signing of AWS elasticsearch requests. Must be specified in order to use AWS URL signing with AWS ElasticSearch endpoint exposed on a custom DNS domain.token
(Optional) - A bearer token or ApiKey for an Authorization header, e.g. Active Directory API key. See the docs. Defaults toELASTICSEARCH_TOKEN
from the environmenttoken_name
(Optional) - The type of token, usually ApiKey or Bearer. Defaults to ApiKey.cacert_file
(Optional) - a custom CA certificate when communicating over SSL. You can specify either a path to the file or the contents of the certificate.insecure
(Optional) - Disable SSL verification of API calls (defaults tofalse
)client_cert_path
(Optional) - A X509 certificate to connect to elasticsearch. Defaults toES_CLIENT_CERTIFICATE_PATH
from the environmentclient_key_path
(Optional) - A X509 key to connect to elasticsearch. Defaults toES_CLIENT_KEY_PATH
sign_aws_requests
(Optional) - Enable signing of AWS elasticsearch requests (defauls totrue
). Theurl
must refer to AWS ES domain (*.<region>.es.amazonaws.com
), oraws_region
must be specified explicitly.elasticsearch_version
(Optional) - ElasticSearch Version, if set, skips the version detection at provider start.
The Elasticsearch provider is flexible in the means of providing credentials for authentication with AWS Elasticsearch domains. The following methods are supported, in this order, and explained below:
- Static credentials
- Assume role configuration
- Environment variables
- Shared credentials file
If a custom domain is being used (instead of the default, of the form https://search-mydomain-1a2a3a4a5a6a7a8a9a0a9a8a7a.us-east-1.es.amazonaws.com
), please make sure to set aws_region
in the provider configuration.
Static credentials can be provided by adding an aws_access_key
and aws_secret_key
in-line in the Elasticsearch provider block. If applicable, you may also specify a aws_token
value.
Example usage:
provider "elasticsearch" {
url = "https://search-foo-bar-pqrhr4w3u4dzervg41frow4mmy.us-east-1.es.amazonaws.com"
aws_access_key = "anaccesskey"
aws_secret_key = "asecretkey"
aws_token = "" # if necessary
}
#### Assume role configuration
You can instruct the provider to assume a role in AWS before interacting with Elasticsearch by setting the aws_assume_role_arn
variable.
Example usage:
provider "elasticsearch" {
url = "https://search-foo-bar-pqrhr4w3u4dzervg41frow4mmy.us-east-1.es.amazonaws.com"
aws_assume_role_arn = "arn:aws:iam::012345678901:role/rolename`
}
You can provide your credentials via the AWS_ACCESS_KEY_ID
and AWS_SECRET_ACCESS_KEY
, environment variables, representing your AWS Access Key and AWS Secret Key. If applicable, the AWS_SESSION_TOKEN
environment variables is also supported.
Example usage:
$ export AWS_ACCESS_KEY_ID="anaccesskey"
$ export AWS_SECRET_ACCESS_KEY="asecretkey"
$ terraform plan
You can specify a named profile that will be used for credentials (either static, or sts assumed role creds). eg:
provider "elasticsearch" {
url = "https://search-foo-bar-pqrhr4w3u4dzervg41frow4mmy.us-east-1.es.amazonaws.com"
aws_profile = "profilename"
}
You can use an AWS credentials file to specify your credentials. The default location is $HOME/.aws/credentials
on Linux and macOS, or %USERPROFILE%\.aws\credentials
for Windows users.
Please refer to the official userguide for instructions on how to create the credentials file.