Skip to content

Latest commit

 

History

History
155 lines (123 loc) · 8.75 KB

README.md

File metadata and controls

155 lines (123 loc) · 8.75 KB

terraform-aws-opensearch

Lint Status LICENSE

AWS OpenSearch Terraform Module

Terraform module to provision an OpenSearch cluster with SAML authentication.

Prerequisites

Features

Usage

This example is using Azure AD as SAML identity provider.

locals {
  cluster_name      = "opensearch"
  cluster_domain    = "example.com"
  saml_entity_id    = "https://sts.windows.net/XXX-XXX-XXX-XXX-XXX/"
  saml_metadata_url = "https://login.microsoftonline.com/XXX-XXX-XXX-XXX-XXX/federationmetadata/2007-06/federationmetadata.xml?appid=YYY-YYY-YYY-YYY-YYY"
}

data "aws_region" "current" {}

data "http" "saml_metadata" {
  url = local.saml_metadata_url
}

provider "elasticsearch" {
  url                   = "https://${local.cluster_name}.${local.cluster_domain}"
  aws_region            = data.aws_region.current.name
  elasticsearch_version = "7.10.2"
  healthcheck           = false
}

module "opensearch" {
  source = "idealo/opensearch/aws"

  cluster_name    = local.cluster_name
  cluster_domain  = local.cluster_domain
  cluster_version = "1.0"

  saml_entity_id        = local.saml_entity_id
  saml_metadata_content = data.http.saml_metadata.body

  indices = {
    example-index = {
      number_of_shards   = 2
      number_of_replicas = 1
    }
  }
}

Examples

Here is a working example of using this Terraform module:

  • Complete - Create an AWS OpenSearch cluster with all necessary resources.

Requirements

Name Version
terraform >= 1.0.0
aws > 4.0

Providers

Name Version
aws > 4.0
random n/a

Inputs

Name Description Type Default Required
advanced_options Key-value string pairs to specify advanced configuration options. map(string) null no
advanced_security_options_enabled Indicates whether advanced security is enabled. bool false no
advanced_security_options_internal_user_db Indicates whether the internal user database is enabled. bool false no
allow_cidrs List of CIDR to allow connection to this Cluster
list(object({
name = string
description = string
cidr = list(string)
from_port = number
to_port = number
protocol = string
}))
[] no
allow_security_group_ids List of Security Group IDs to allow connection to this Cluster
list(object({
name = string
description = string
security_group_id = string
from_port = number
to_port = number
protocol = string
}))
[] no
availability_zones The number of availability zones for the OpenSearch cluster. Valid values: 1, 2 or 3. number 1 no
cluster_domain The hosted zone name of the OpenSearch cluster. string n/a yes
cluster_hostname The hostname name of the OpenSearch cluster. string n/a yes
cluster_name The name of the OpenSearch cluster. string "opensearch" no
cluster_version The version of OpenSearch to deploy. string "1.1" no
create_custom_endpoint n/a bool true no
create_service_role Indicates whether to create the service-linked role. See https://docs.aws.amazon.com/opensearch-service/latest/developerguide/slr.html bool true no
ebs_enabled n/a bool true no
ebs_iops n/a number null no
ebs_volume_size n/a number 10 no
ebs_volume_type n/a string null no
enable_saml_options Enable or not saml options string true no
encrypt_kms_key_id The KMS key ID to encrypt the OpenSearch cluster with. If not specified, then it defaults to using the AWS OpenSearch Service KMS key. string "" no
hot_instance_count The number of dedicated hot nodes in the cluster. number 1 no
hot_instance_type The type of EC2 instances to run for each hot node. A list of available instance types can you find at https://aws.amazon.com/en/opensearch-service/pricing/#On-Demand_instance_pricing string "r6gd.large.elasticsearch" no
log_publishing_options A list of maps containing log publishing options.
list(object({
enable = bool
cloudwatch_log_group_arn = string
log_type = string
}))
[] no
log_publishing_options_cloudwatch_log_group_arn n/a string null no
log_publishing_options_enable n/a bool null no
log_publishing_options_log_type n/a string null no
master_instance_count The number of dedicated master nodes in the cluster. number 1 no
master_instance_enabled Indicates whether dedicated master nodes are enabled for the cluster. bool true no
master_instance_type The type of EC2 instances to run for each master node. A list of available instance types can you find at https://aws.amazon.com/en/opensearch-service/pricing/#On-Demand_instance_pricing string "r6gd.large.elasticsearch" no
master_user_arn The ARN for the master user of the cluster. If not specified, then it defaults to using the IAM user that is making the request. string "" no
master_user_name enable user auth string "test" no
master_user_password enable pass auth string "" no
saml_entity_id The unique Entity ID of the application in SAML Identity Provider. string n/a yes
saml_master_backend_role SAML Master backend role. string "" no
saml_master_user_name SAML master user name string "" no
saml_metadata_content The metadata of the SAML application in xml format. string n/a yes
saml_roles_key Element of the SAML assertion to use for backend roles. string "" no
saml_session_timeout Duration of a session in minutes after a user logs in. Default is 60. Maximum value is 1,440. number 60 no
saml_subject_key Element of the SAML assertion to use for username. string "" no
secret_method Use ssm or secretsmangaer string "ssm" no
subnets_id Subnets list(string) n/a yes
tags A map of tags to add to all resources. map(string) {} no
vpc_id VPC string n/a yes
warm_instance_count The number of dedicated warm nodes in the cluster. number 1 no
warm_instance_enabled Indicates whether ultrawarm nodes are enabled for the cluster. bool false no
warm_instance_type The type of EC2 instances to run for each warm node. A list of available instance types can you find at https://aws.amazon.com/en/elasticsearch-service/pricing/#UltraWarm_pricing string "ultrawarm1.large.elasticsearch" no

Outputs

Name Description
cluster_endpoint The endpoint URL of the OpenSearch cluster.
cluster_name The name of the OpenSearch cluster.
cluster_version The version of the OpenSearch cluster.
cluster_vpc_endpoint The VPC endpoint URL of the OpenSearch cluster.
kibana_endpoint The endpoint URL of Kibana.

License

Apache 2 Licensed. See LICENSE for full details.