Skip to content

avidhara/terraform-aws-elasticsearch

Repository files navigation

Static security analysis for Terraform terraform module for AWS Elasticsearch Service

Examples

Check the examples folder

Requirements

Name Version
terraform >= 0.12.7, < 0.14
aws >= 2.68, < 4.0

Providers

Name Version
aws >= 2.68, < 4.0

Inputs

Name Description Type Default Required
access_policies (Optional) IAM policy document specifying the access policies for the domain string null no
advanced_options (Optional) Key-value string pairs to specify advanced configuration options. Note that the values for these configuration options must be strings (wrapped in quotes) or they may be wrong and cause a perpetual diff, causing Terraform to want to recreate your Elasticsearch domain on every apply. map(string) {} no
advanced_security_options (Optional) Options for fine-grained access control. map {} no
cloudwatch_log_group_arn (Optional) ARN of the Cloudwatch log group to which log needs to be published. string "" no
cloudwatch_log_kms_key_id (Optional) The ARN of the KMS Key to use when encrypting log data. Please note, after the AWS KMS CMK is disassociated from the log group, AWS CloudWatch Logs stops encrypting newly ingested data for the log group. string null no
cloudwatch_log_retention_in_days (Optional) Specifies the number of days you want to retain log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, 3653, and 0. If you select 0, the events in the log group are always retained and never expire. number 0 no
cluster_config (Optional) Cluster configuration of the domain map
{
"dedicated_master_count": 3,
"dedicated_master_enabled": true,
"dedicated_master_type": "r5.large.elasticsearch",
"instance_count": 3,
"instance_type": "r5.large.elasticsearch",
"zone_awareness_enabled": false
}
no
cognito_options (Optional) Options for Amazon Cognito Authentication for Kibana map
{
"enabled": false
}
no
create Do you want to create ES Cluster bool true no
create_service_link_role Create service link role for AWS Elasticsearch Service bool true no
domain_endpoint_options (Optional) Domain endpoint HTTP(S) related options. any
{
"enforce_https": true,
"tls_security_policy": "Policy-Min-TLS-1-2-2019-07"
}
no
domain_name (Required) Name of the domain. string n/a yes
ebs_options (Optional) EBS related options, may be required based on chosen instance size. map
{
"ebs_enabled": true,
"volume_size": 20,
"volume_type": "gp2"
}
no
elasticsearch_version (Optional) The version of Elasticsearch to deploy. Defaults to 1.5 string "1.5" no
encrypt_at_rest Optional) Encrypt at rest options. Only available for certain instance types. map
{
"enabled": true
}
no
log_publishing_options (Optional) Options for publishing slow and application logs to CloudWatch Logs. This block can be declared multiple times, for each log_type, within the same resource. any
[
{
"log_type": "AUDIT_LOGS"
},
{
"log_type": "INDEX_SLOW_LOGS"
},
{
"log_type": "SEARCH_SLOW_LOGS"
},
{
"log_type": "ES_APPLICATION_LOGS"
}
]
no
node_to_node_encryption (Optional) Node-to-node encryption options. map
{
"enabled": false
}
no
snapshot_options (Optional) Snapshot related options map {} no
tags (Optional) A map of tags to assign to the resource map {} no
timeouts Timeouts map. map {} no
vpc_options (Optional) VPC related options, Adding or removing this configuration forces a new resource map {} no

Outputs

Name Description
arn Amazon Resource Name (ARN) of the domain
domain_id Unique identifier for the domain
endpoint Domain-specific endpoint used to submit index, search, and data upload requests
kibana_endpoint Domain-specific endpoint for kibana without https scheme

License

Apache 2 Licensed. See LICENSE for full details.