Generic repository for a terraform module for AWS ElasticSearch encrypted database using KMS key
Module that creates:
- AWS security group and egress rule for a given parameterized CIDR
- AWS Elasticsearch policy
- AWS Elasticsearch domain inside a given VPC id
Optionally encrypts at rest data in Elasticsearch using an externally created KMS key. Please inject those with variables:
- encrypt_at_rest_kms_key_id = "kms-key-id"
- encrypt_at_rest_enabled = true
Example usage:
module "elasticsearch" {
source = "github.com/diogoaurelio/terraform-module-aws-storage-elasticsearch-encrypted"
version = "v0.0.1"
domain_name = "search"
vpc_id = "vpc-123"
aws_region = "eu-west-1"
environment = "dev"
project = "relevance"
instance_count = 1
instance_type = "t2.medium.elasticsearch"
ebs_volume_size = 20
# Note: You must specify exactly one subnet (with one node at least)
subnet_ids = ["subnet-123"]
aws_elasticsearch_domain_policy_enabled = true
iam_actions = ["es:*"]
iam_role_arns = ["*"]
}
Whenever you bump this module's version, please add a summary description of the changes performed, so that collaboration across developers becomes easier.
- version v0.0.1 - first module release
To update this module please follow the following proceedure:
- make your changes following the normal git workflow
- after merging the your changes to master, comes the most important part, namely versioning using tags:
git tag v0.0.2- push the tag to the remote git repository:
git push origin master tag v0.0.2brew install terraform- In order to automatic format terraform code (and have it cleaner), we use pre-commit hook. To install pre-commit.
- Run pre-commit install to setup locally hook for terraform code cleanup.
pre-commit installSee the list of contributors who participated in this project.