Usage:
data "aws_region" "current" {}
data "aws_caller_identity" "current" {}
module "es-cluster" {
source = "git::https://github.com/egarbi/terraform-aws-es-cluster"
name = "example"
vpc_id = "vpc-xxxxx"
subnet_ids = [ "subnet-one" ]
zone_id = "ZA863HSKDDD9"
itype = "m4.large.elasticsearch"
ingress_allow_cidr_blocks = [ "10.20.0.0/16", "10.22.0.0/16" ]
access_policies = <<CONFIG
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "es:*",
"Principal": "*",
"Effect": "Allow",
"Resource": "arn:aws:es:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:domain/example/*"
}
]
}
CONFIG
}Note On Multi-AZ Support:
AWS Supports up to 3 AZ's for a multi-az configuration. Understand that if you operate in more than 3 AZ's and you choose to deploy master nodes, only 3 AZ's will be supported and any more than that may result in TF returning AWS API errors.
For more information see here
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| access_policies | IAM policy document specifying the access policies for the domain. | string | "" |
no |
| create_iam_service_linked_role | Control the creation of the default service role, set it to false if you have already created it. | bool | true | no |
| dedicated_master | Indicates whether our cluster have dedicated master nodes enabled. | string | "false" |
no |
| elasticsearch_version | Elastic Search Service cluster version number. | string | "5.5" |
no |
| encryption_enabled | Enable encription in Elastic Search. | string | "false" |
no |
| encryption_kms_key_id | Enable encription in Elastic Search. | string | "" |
no |
| icount | Elastic Search Service cluster Ec2 instance number. | string | "1" |
no |
| indices_fielddata_cache_size | Percentage of Java heap space allocated to field data. | string | "" |
no |
| indices_query_bool_max_clause_count | Maximum number of clauses allowed in a Lucene boolean query. | string | "1024" |
no |
| ingress_allow_cidr_blocks | Specifies the ingress CIDR blocks allowed. | list | <list> |
no |
| ingress_allow_security_groups | Specifies the ingress security groups allowed. | list | <list> |
no |
| itype | Elastic Search Service cluster Ec2 instance type. | string | "m4.large.elasticsearch" |
no |
| mcount | Elastic Search Service cluster dedicated master Ec2 instance number. | string | "0" |
no |
| mtype | Elastic Search Service cluster dedicated master Ec2 instance type. | string | "" |
no |
| name | Elastic Search Service cluster name. | string | n/a | yes |
| rest_action_multi_allow_explicit_index | Specifies whether explicit references to indices are allowed inside the body of HTTP requests. | string | "true" |
no |
| snapshot_start | Elastic Search Service maintenance/snapshot start time. | string | "0" |
no |
| subnet_ids | List of VPC Subnet IDs for the Elastic Search Service EndPoints will be created. | list | n/a | yes |
| volume_size | Default size of the EBS volumes. | string | "35" |
no |
| volume_type | Default type of the EBS volumes. | string | "gp2" |
no |
| vpc_id | Vpc id where the Elastic Search Service cluster will be launched. | string | n/a | yes |
| zone_awareness | Indicates whether zone awareness is enabled. | string | "false" |
no |
| zone_id | Route 53 zone id where the DNS record will be created. | string | "" |
no |
| Name | Description |
|---|---|
| es_arn | Amazon Resource Name (ARN) of the domain |
| es_availability_zones_ids | If the domain was created inside a VPC, the names of the availability zones the configured subnet_ids were created inside. |
| es_domain_id | Unique identifier for the domain. |
| es_endpoint | Domain-specific endpoint used to submit index, search, and data upload requests. |
| es_kibana_endpoint | Domain-specific endpoint for kibana without https scheme. |
| es_sg | The SG id created to allow communication with ElasticSearch cluster. |
| es_vpc_ids | The VPC ID if the domain was created inside a VPC. |