idealo/terraform-aws-opensearch

Minimal config for a new cluster

zenbones opened this issue · 6 comments

What is the absolute minimal configuration for creating a new, empty, opensearch cluster without saml, which I'm not interested in. Nothing I try seems to work.

Hey @zenbones, sorry for the really late reply!
With the latest version of this module you can disable saml authentication:

provider "elasticsearch" {
  url                   = module.opensearch.cluster_endpoint
  aws_region            = "eu-central-1"
  healthcheck           = false
}

module "opensearch" {
  source  = "idealo/opensearch/aws"
  version = "~> 1.1"

  cluster_name    = "opensearch"
  cluster_domain  = "example.com"
  cluster_version = "1.3"

  saml_enabled = false
}

PS: A hosted zone is still required, please take a look at the prerequisites.

@steveteuber the minimal config is failing with this error:

│ Error: Invalid count argument

│ on .terraform/modules/tested_module.opensearch.acm/main.tf line 46, in resource "aws_route53_record" "validation":
│ 46: count = local.create_certificate && var.validation_method == "DNS" && var.create_route53_records && var.validate_certificate ? length(local.distinct_domain_names) : 0

│ The "count" value depends on resource attributes that cannot be determined until apply, so Terraform cannot predict how many instances will be created.
│ To work around this, use the -target argument to first apply only the resources that the count depends on.

is this module can be applied as a whole, or should it be applied in parts?
also, how exactly will work the part of configuring provider inputs at higher level with outputs from the module?

####### update
This error was probably caused by using a random string as name for that module

Hi @tata2000,

I can't reproduce this error. This module should be applied as a whole, not in parts.
Could you tell me which Terraform version you are using and how your configuration looks like?

Configuring the provider with outputs from the module is just a workaround.
The problem is that provider configuration must be known and valid at plan time, see hashicorp/terraform#2430.

Basically the module outputs ${var.cluster_name}.${var.cluster_domain} as cluster_endpoint,
so you don't have to duplicate the provider and module configuration.

PS: I've also added a minimal example which hopefully helps.

@steveteuber , sorry i've missed your reply...
I just used the minimal config you suggested before , and it failed at first apply. terraform 1.3.6
already moved to using a different module, so don't have example now

@steveteuber found the root cause of the problem - I was using a random resource to generate the name of the cluster, and it causes the acm module to fail with the above error.

Thanks for the information, I will close this issue for now.