| access_policies |
IAM policy document specifying the access policies for the domain. |
string |
null |
no |
| advanced_options |
Key-value string pairs to specify advanced configuration options. |
map(string) |
null |
no |
| advanced_security_options_enabled |
Whether advanced security is enabled. |
bool |
true |
no |
| advanced_security_options_internal_user_database_enabled |
Whether to enable or not internal Kibana user database for ELK OpenDistro security plugin |
bool |
false |
no |
| advanced_security_options_master_user_name |
Master user username (applicable if advanced_security_options_internal_user_database_enabled set to true) |
string |
null |
no |
| advanced_security_options_master_user_password |
Master user password (applicable if advanced_security_options_internal_user_database_enabled set to true) |
string |
null |
no |
| auto_tune_enabled |
Whether to enable/disable auto-tune |
bool |
true |
no |
| auto_tune_options |
Configuration block for auto-tune options. The maintenance schedule block is required if rollback_on_disable is set to DEFAULT_ROLLBACK. The start_at field must be a time and date in RFC3339 format |
object({
maintenance_schedule = optional(list(object({
start_at = string
duration = object({
value = number
})
cron_expression_for_recurrence = optional(string)
})))
rollback_on_disable = string
}) |
{
"maintenance_schedule": [],
"rollback_on_disable": "NO_ROLLBACK"
} |
no |
| availability_zones |
The number of availability zones for the OpenSearch cluster. Valid values: 1, 2 or 3. |
number |
3 |
no |
| cluster_domain |
The hosted zone name of the OpenSearch cluster. |
string |
n/a |
yes |
| cluster_domain_private |
Indicates whether to create records in a private (true) or public (false) zone |
bool |
false |
no |
| cluster_name |
The name of the OpenSearch cluster. |
string |
"opensearch" |
no |
| cluster_version |
The version of OpenSearch to deploy. |
string |
"2.11" |
no |
| cognito_options |
Configuration block for authenticating Kibana with Cognito. |
map(string) |
{} |
no |
| cognito_options_enabled |
Whether Amazon Cognito authentication with Kibana is enabled or not. |
bool |
false |
no |
| composable_index_template_files |
A set of all composable index template files to create. |
set(string) |
[] |
no |
| composable_index_templates |
A map of all composable index templates to create. |
map(any) |
{} |
no |
| create_service_role |
Indicates whether to create the service-linked role. See https://docs.aws.amazon.com/opensearch-service/latest/developerguide/slr.html |
bool |
true |
no |
| custom_endpoint |
Fully qualified domain for your custom endpoint. If not specified, then it defaults to <cluster_name>.<cluster_domain> |
string |
null |
no |
| custom_endpoint_certificate_arn |
The ARN of the custom ACM certificate. |
string |
"" |
no |
| ebs_enabled |
Indicates whether attach EBS volumes to the data nodes. |
bool |
false |
no |
| ebs_iops |
The baseline input/output (I/O) performance of EBS volumes attached to data nodes. |
number |
3000 |
no |
| ebs_throughput |
The throughput (in MiB/s) of the EBS volumes attached to data nodes. Valid values are between 125 and 1000. |
number |
125 |
no |
| ebs_volume_size |
The size of EBS volumes attached to data nodes (in GiB). |
number |
10 |
no |
| ebs_volume_type |
The type of EBS volumes attached to data nodes. |
string |
"gp3" |
no |
| encrypt_at_rest_enabled |
Configuration block for encrypt at rest options |
bool |
true |
no |
| encrypt_kms_key_id |
The KMS key ID to encrypt the OpenSearch cluster with. If not specified, then it defaults to using the AWS OpenSearch Service KMS key. |
string |
"" |
no |
| hot_instance_count |
The number of dedicated hot nodes in the cluster. |
number |
3 |
no |
| hot_instance_type |
The type of EC2 instances to run for each hot node. A list of available instance types can you find at https://aws.amazon.com/en/opensearch-service/pricing/#On-Demand_instance_pricing |
string |
"r6gd.4xlarge.elasticsearch" |
no |
| index_files |
A set of all index files to create. |
set(string) |
[] |
no |
| index_template_files |
A set of all index template files to create. |
set(string) |
[] |
no |
| index_templates |
A map of all index templates to create. |
map(any) |
{} |
no |
| indices |
A map of all indices to create. |
map(object({
number_of_shards = optional(number)
number_of_replicas = optional(number)
refresh_interval = optional(string)
mappings = optional(any, {})
aliases = optional(any, {})
analysis_analyzer = optional(string)
analysis_char_filter = optional(string)
analysis_filter = optional(string)
analysis_normalizer = optional(string)
analysis_tokenizer = optional(string)
analyze_max_token_count = optional(string)
auto_expand_replicas = optional(string)
blocks_metadata = optional(bool)
blocks_read = optional(bool)
blocks_read_only = optional(bool)
blocks_read_only_allow_delete = optional(bool)
blocks_write = optional(bool)
codec = optional(string)
default_pipeline = optional(string)
gc_deletes = optional(string)
highlight_max_analyzed_offset = optional(string)
include_type_name = optional(string)
index_similarity_default = optional(string)
indexing_slowlog_level = optional(string)
indexing_slowlog_source = optional(string)
indexing_slowlog_threshold_index_debug = optional(string)
indexing_slowlog_threshold_index_info = optional(string)
indexing_slowlog_threshold_index_trace = optional(string)
indexing_slowlog_threshold_index_warn = optional(string)
load_fixed_bitset_filters_eagerly = optional(bool)
max_docvalue_fields_search = optional(string)
max_inner_result_window = optional(string)
max_ngram_diff = optional(string)
max_refresh_listeners = optional(string)
max_regex_length = optional(string)
max_rescore_window = optional(string)
max_result_window = optional(string)
max_script_fields = optional(string)
max_shingle_diff = optional(string)
max_terms_count = optional(string)
number_of_routing_shards = optional(string)
rollover_alias = optional(string)
routing_allocation_enable = optional(string)
routing_partition_size = optional(string)
routing_rebalance_enable = optional(string)
search_idle_after = optional(string)
search_slowlog_level = optional(string)
search_slowlog_threshold_fetch_info = optional(string)
search_slowlog_threshold_fetch_debug = optional(string)
search_slowlog_threshold_fetch_trace = optional(string)
search_slowlog_threshold_fetch_warn = optional(string)
search_slowlog_threshold_query_debug = optional(string)
search_slowlog_threshold_query_info = optional(string)
search_slowlog_threshold_query_trace = optional(string)
search_slowlog_threshold_query_warn = optional(string)
shard_check_on_startup = optional(string)
sort_field = optional(string)
sort_order = optional(string)
})) |
{} |
no |
| ism_policies |
A map of all ISM policies to create. |
map(any) |
{} |
no |
| ism_policy_files |
A set of all ISM policy files to create. |
set(string) |
[] |
no |
| log_streams_enabled |
Configuration for which log streams to enable sending logs to CloudWatch. |
map(string) |
{
"AUDIT_LOGS": "false",
"ES_APPLICATION_LOGS": "false",
"INDEX_SLOW_LOGS": "false",
"SEARCH_SLOW_LOGS": "false"
} |
no |
| master_instance_count |
The number of dedicated master nodes in the cluster. |
number |
3 |
no |
| master_instance_enabled |
Indicates whether dedicated master nodes are enabled for the cluster. |
bool |
true |
no |
| master_instance_type |
The type of EC2 instances to run for each master node. A list of available instance types can you find at https://aws.amazon.com/en/opensearch-service/pricing/#On-Demand_instance_pricing |
string |
"r6gd.large.elasticsearch" |
no |
| master_user_arn |
The ARN for the master user of the cluster. If not specified, then it defaults to using the IAM user that is making the request. |
string |
"" |
no |
| node_to_node_encryption_enabled |
Configuration block for node-to-node encryption options |
bool |
true |
no |
| role_files |
A set of all role files to create. |
set(string) |
[] |
no |
| role_mapping_files |
A set of all role mapping files to create. |
set(string) |
[] |
no |
| role_mappings |
A map of all role mappings to create. |
map(any) |
{} |
no |
| roles |
A map of all roles to create. |
map(any) |
{} |
no |
| saml_enabled |
Indicates whether to configure SAML for the OpenSearch dashboard. |
bool |
true |
no |
| saml_entity_id |
The unique Entity ID of the application in SAML Identity Provider. |
string |
"" |
no |
| saml_master_backend_role |
This backend role receives full permissions to the cluster, equivalent to a new master role, but can only use those permissions within Dashboards. |
string |
null |
no |
| saml_master_user_name |
This username receives full permissions to the cluster, equivalent to a new master user, but can only use those permissions within Dashboards. |
string |
null |
no |
| saml_metadata_content |
The metadata of the SAML application in xml format. |
string |
"" |
no |
| saml_roles_key |
Element of the SAML assertion to use for backend roles. |
string |
"http://schemas.microsoft.com/ws/2008/06/identity/claims/role" |
no |
| saml_session_timeout |
Duration of a session in minutes after a user logs in. Default is 60. Maximum value is 1,440. |
number |
60 |
no |
| saml_subject_key |
Element of the SAML assertion to use for username. |
string |
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" |
no |
| security_group_ids |
The list of VPC security groups IDs to attach. |
list(string) |
[] |
no |
| subnet_ids |
The list of VPC subnet IDs to use. |
list(string) |
[] |
no |
| tags |
A map of tags to add to all resources. |
map(string) |
{} |
no |
| vpc_enabled |
Indicates whether the cluster is running inside a VPC. |
bool |
false |
no |
| warm_instance_count |
The number of dedicated warm nodes in the cluster. |
number |
3 |
no |
| warm_instance_enabled |
Indicates whether ultrawarm nodes are enabled for the cluster. |
bool |
true |
no |
| warm_instance_type |
The type of EC2 instances to run for each warm node. A list of available instance types can you find at https://aws.amazon.com/en/elasticsearch-service/pricing/#UltraWarm_pricing |
string |
"ultrawarm1.large.elasticsearch" |
no |