Terraform module with create OpenSearch resources on AWS.
module "opensearch" {
source = "git@github.com:oozou/terraform-aws-opensearch.git?ref=develop"
cluster_name = "opensearch"
cluster_domain = "aws.waruwat.work" # route53 hostzone domain
cluster_version = "OpenSearch_1.1"
# subnets_ids = ["subnet-xxx"]
# vpc_id = "vpc-xxx"
prefix = "oozou"
environment = "dev"
hot_instance_count = 1
availability_zones = 1
is_master_instance_enabled = false
is_warm_instance_enabled = false
master_user_name = "admin"
master_user_password = "AdminOpenSearch1@" #must be sensitive value
acm_arn = "arn:aws:acm:ap-southeast-1:xxxx"
bootstrap_config = {
vpc_id = "vpc-xxx"
subnet_id = "subnet-xxx"
}
additional_iam_roles = [aws_iam_role.test_role.arn]
tags = {
"terraform" = "true",
"workspace" = "local"
}
}| Name | Version |
|---|---|
| terraform | >= 1.0.0 |
| aws | >= 4.9.0 |
| Name | Version |
|---|---|
| aws | >= 4.9.0 |
| Name | Source | Version |
|---|---|---|
| bootstrap | ./modules/bootstrap | n/a |
| cloudwatch_log_group_kms | oozou/kms-key/aws | 1.0.0 |
| custom_opensearch_alarms | oozou/cloudwatch-alarm/aws | 1.0.0 |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| acm_arn | ACM certificate ARN for custom endpoint. | string |
"" |
no |
| additional_allow_cidr | cidr for allow connect to opensearch | list(string) |
[] |
no |
| additional_iam_roles | aws iam roles for access to opensearch. | list(string) |
[] |
no |
| additional_opensearch_client_security_group_egress_rules | Additional egress rule for opensearch client security group. | list(object({ |
[] |
no |
| additional_opensearch_client_security_group_ingress_rules | Additional ingress rule for opensearch client security group. | list(object({ |
[] |
no |
| additional_opensearch_security_group_ingress_rules | Additional ingress rule for opensearch security group. | list(object({ |
[] |
no |
| availability_zones | The number of availability zones for the OpenSearch cluster. Valid values: 1, 2 or 3. | number |
3 |
no |
| bootstrap_config | config for bootstrap module require if not set the var.vpc_id and var.subnet_ids | object({ |
null |
no |
| cloudwatch_log_retention_in_days | Retention day for cloudwatch log group | number |
90 |
no |
| cluster_domain | The hosted zone name of the OpenSearch cluster. | string |
n/a | yes |
| cluster_name | The name of the OpenSearch cluster. | string |
"opensearch" |
no |
| cluster_version | The version of OpenSearch or Elasticsearch to deploy. | string |
"" |
no |
| custom_opensearch_alarms_configure | custom_opensearch_alarms_configure = { cpu_utilization_too_high = { metric_name = "CPUUtilization" statistic = "Average" comparison_operator = ">=" threshold = "85" period = "300" evaluation_periods = "1" alarm_actions = [sns_topic_arn] ok_actions = [sns_topic_arn] } } |
any |
{} |
no |
| default_alarm_actions | The list of actions to execute when this alarm transitions into an ALARM state from any other state. Each action is specified as an Amazon Resource Name (ARN). | list(string) |
[] |
no |
| default_ok_actions | The list of actions to execute when this alarm transitions into an OK state from any other state. Each action is specified as an Amazon Resource Name (ARN). | list(string) |
[] |
no |
| enabled_cloudwatch_logs_exports | List of log types to enable for exporting to CloudWatch logs. If omitted, no logs will be exported. Valid values INDEX_SLOW_LOGS, SEARCH_SLOW_LOGS, ES_APPLICATION_LOGS, AUDIT_LOGS | list(string) |
[] |
no |
| encrypt_kms_key_id | The KMS key ID to encrypt the OpenSearch cluster with. If not specified, then it defaults to using the AWS OpenSearch Service KMS key. | string |
"" |
no |
| environment | To manage a resources with tags | string |
n/a | yes |
| hot_instance_count | The number of dedicated hot nodes in the cluster. | number |
1 |
no |
| hot_instance_type | The type of EC2 instances to run for each hot node. A list of available instance types can you find at https://aws.amazon.com/en/opensearch-service/pricing/#On-Demand_instance_pricing | string |
"m6g.large.search" |
no |
| iops | Baseline input/output (I/O) performance of EBS volumes attached to data nodes. Applicable only for the GP3 and Provisioned IOPS EBS volume types. | number |
"3000" |
no |
| is_create_default_kms | Whether to create cloudwatch log group kms or not | bool |
true |
no |
| is_create_security_group | if true will create security group for opensearch | bool |
true |
no |
| is_create_service_role | Indicates whether to create the service-linked role. See https://docs.aws.amazon.com/opensearch-service/latest/developerguide/slr.html | bool |
true |
no |
| is_custom_endpoint_enabled | Whether to enable custom endpoint for the OpenSearch domain. | bool |
false |
no |
| is_ebs_enabled | if true will add ebs | bool |
false |
no |
| is_enable_default_alarms | if enable the default alarms | bool |
false |
no |
| is_enable_internet_access | Determines whether to enable the outbound internet access | bool |
false |
no |
| is_internal_user_database_enabled | Whether the internal user database is enabled | bool |
true |
no |
| is_master_instance_enabled | Indicates whether dedicated master nodes are enabled for the cluster. | bool |
false |
no |
| is_warm_instance_enabled | Indicates whether ultrawarm nodes are enabled for the cluster. | bool |
true |
no |
| master_instance_count | The number of dedicated master nodes in the cluster. | number |
3 |
no |
| master_instance_type | The type of EC2 instances to run for each master node. A list of available instance types can you find at https://aws.amazon.com/en/opensearch-service/pricing/#On-Demand_instance_pricing | string |
"c6g.large.search" |
no |
| master_role_arn | The ARN for the master user of the cluster. leave it null if dont want to change the flow for authentication | string |
null |
no |
| master_user_name | Main user's username, which is stored in the Amazon OpenSearch Service domain's internal database. Only specify if is_internal_user_database_enabled is set to true. | string |
null |
no |
| master_user_password | Main user's password, which is stored in the Amazon OpenSearch Service domain's internal database. Only specify if is_internal_user_database_enabled is set to true | string |
null |
no |
| prefix | The prefix name of customer to be displayed in AWS console and resource | string |
n/a | yes |
| subnets_ids | List of IDs of subnets for create opensearch cluster | list(string) |
null |
no |
| tags | A map of tags to add to all resources. | map(string) |
{} |
no |
| throughput | Type of EBS volumes attached to data nodes. | number |
"125" |
no |
| volume_size | Required if ebs_enabled is set to true. Size of EBS volumes attached to data nodes (in GiB) | number |
20 |
no |
| volume_type | Type of EBS volumes attached to data nodes. | string |
"gp3" |
no |
| vpc_id | The ID of the VPC for create security group | string |
null |
no |
| warm_instance_count | The number of dedicated warm nodes in the cluster. Valid values are between 2 and 150 | number |
3 |
no |
| warm_instance_type | The type of EC2 instances to run for each warm node. A list of available instance types can you find at https://aws.amazon.com/en/elasticsearch-service/pricing/#UltraWarm_pricing | string |
"ultrawarm1.medium.search" |
no |
| Name | Description |
|---|---|
| client_security_group_id | Security group id for the opensearch client. |
| custom_domain_endpoint | custom domain for opensearch |
| endpoint | endpoint for opensearch |
| security_group_id | Security group id for the opensearch. |