| Name | Version |
|---|---|
| aws | n/a |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| access_policies | IAM policy document specifying the access policies for the domain. Required if create_access_policy is false |
string |
null |
no |
| access_policy_override_policy_documents | List of IAM policy documents that are merged together into the exported document. In merging, statements with non-blank sids will override statements with the same sid |
list(string) |
[] |
no |
| access_policy_source_policy_documents | List of IAM policy documents that are merged together into the exported document. Statements must have unique sids |
list(string) |
[] |
no |
| access_policy_statements | A map of IAM policy statements for custom permission usage | any |
{} |
no |
| advanced_options | Key-value string pairs to specify advanced configuration options. Note that the values for these configuration options must be strings (wrapped in quotes) or they may be wrong and cause a perpetual diff, causing Terraform to want to recreate your Elasticsearch domain on every apply | map(string) |
{} |
no |
| advanced_security_options | Configuration block for fine-grained access control | any |
{ |
no |
| alias | The display name of the alias. The name must start with the word alias followed by a forward slash. |
string |
"alias/opensearch" |
no |
| auto_tune_options | Configuration block for the Auto-Tune options of the domain | any |
{ |
no |
| cloudwatch_log_group_kms_key_id | If a KMS Key ARN is set, this key will be used to encrypt the corresponding log group. Please be sure that the KMS Key has an appropriate key policy (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/encrypt-log-data-kms.html) | string |
null |
no |
| cloudwatch_log_group_retention_in_days | Number of days to retain log events | number |
60 |
no |
| cloudwatch_log_resource_policy_name | Name of the resource policy for OpenSearch to log to CloudWatch | string |
null |
no |
| cluster_config | Configuration block for the cluster of the domain | any |
{ |
no |
| cognito_options | Configuration block for authenticating Kibana with Cognito | any |
{} |
no |
| create | Determines whether resources will be created (affects all resources) | bool |
true |
no |
| create_access_policy | Determines whether an access policy will be created | bool |
true |
no |
| create_cloudwatch_log_groups | Determines whether log groups are created | bool |
true |
no |
| create_cloudwatch_log_resource_policy | Determines whether a resource policy will be created for OpenSearch to log to CloudWatch | bool |
true |
no |
| create_saml_options | Determines whether SAML options will be created | bool |
false |
no |
| create_security_group | Determines if a security group is created | bool |
true |
no |
| customer_master_key_spec | Specifies whether the key contains a symmetric key or an asymmetric key pair and the encryption algorithms or signing algorithms that the key supports. Valid values: SYMMETRIC_DEFAULT, RSA_2048, RSA_3072, RSA_4096, ECC_NIST_P256, ECC_NIST_P384, ECC_NIST_P521, or ECC_SECG_P256K1. Defaults to SYMMETRIC_DEFAULT. | string |
"SYMMETRIC_DEFAULT" |
no |
| deletion_window_in_days | Duration in days after which the key is deleted after destruction of the resource. | number |
7 |
no |
| domain_endpoint_options | Configuration block for domain endpoint HTTP(S) related options | any |
{ |
no |
| domain_name | Name of the domain | string |
"" |
no |
| ebs_options | Configuration block for EBS related options, may be required based on chosen instance size | any |
{ |
no |
| enable | Flag to control module creation. | bool |
true |
no |
| enable_access_policy | Determines whether an access policy will be applied to the domain | bool |
true |
no |
| enable_key_rotation | Specifies whether key rotation is enabled. | string |
true |
no |
| encrypt_at_rest | Configuration block for encrypting at rest | any |
{ |
no |
| engine_version | Version of the OpenSearch engine to use | string |
null |
no |
| is_enabled | Specifies whether the key is enabled. | bool |
true |
no |
| key_usage | Specifies the intended use of the key. Defaults to ENCRYPT_DECRYPT, and only symmetric encryption and decryption are supported. | string |
"ENCRYPT_DECRYPT" |
no |
| kms_description | The description of the key as viewed in AWS console. | string |
"Parameter Store KMS master key" |
no |
| kms_key_enabled | Specifies whether the kms is enabled or disabled. | bool |
true |
no |
| kms_key_id | The ARN of the key that you wish to use if encrypting at rest. If not supplied, uses service managed encryption. Can be specified only if at_rest_encryption_enabled = true. | string |
"" |
no |
| kms_multi_region | Indicates whether the KMS key is a multi-Region (true) or regional (false) key. | bool |
false |
no |
| log_publishing_options | Configuration block for publishing slow and application logs to CloudWatch Logs. This block can be declared multiple times, for each log_type, within the same resource | any |
[ |
no |
| node_to_node_encryption | Configuration block for node-to-node encryption options | any |
{ |
no |
| off_peak_window_options | Configuration to add Off Peak update options | any |
{ |
no |
| outbound_connections | Map of AWS OpenSearch outbound connections to create | any |
{} |
no |
| package_associations | Map of package association IDs to associate with the domain | map(string) |
{} |
no |
| saml_options | SAML authentication options for an AWS OpenSearch Domain | any |
{} |
no |
| security_group_description | Description of the security group created | string |
null |
no |
| security_group_name | Name to use on security group created | string |
null |
no |
| security_group_rules | Security group ingress and egress rules to add to the security group created | any |
{} |
no |
| security_group_tags | A map of additional tags to add to the security group created | map(string) |
{} |
no |
| security_group_use_name_prefix | Determines whether the security group name (security_group_name) is used as a prefix |
bool |
true |
no |
| software_update_options | Software update options for the domain | any |
{ |
no |
| tags | A map of tags to add to all resources | map(string) |
{} |
no |
| vpc_endpoints | Map of VPC endpoints to create for the domain | any |
{} |
no |
| vpc_options | Configuration block for VPC related options. Adding or removing this configuration forces a new resource (documentation) | any |
{} |
no |
| Name | Type |
|---|---|
| aws_cloudwatch_log_group.this | resource |
| aws_cloudwatch_log_resource_policy.this | resource |
| aws_kms_alias.default | resource |
| aws_kms_key.default | resource |
| aws_opensearch_domain.this | resource |
| aws_opensearch_domain_policy.this | resource |
| aws_opensearch_domain_saml_options.this | resource |
| aws_opensearch_outbound_connection.this | resource |
| aws_opensearch_package_association.this | resource |
| aws_opensearch_vpc_endpoint.this | resource |
| aws_security_group.this | resource |
| aws_vpc_security_group_egress_rule.this | resource |
| aws_vpc_security_group_ingress_rule.this | resource |
| aws_caller_identity.current | data source |
| aws_iam_policy_document.cloudwatch | data source |
| aws_iam_policy_document.kms | data source |
| aws_iam_policy_document.this | data source |
| aws_iam_session_context.current | data source |
| aws_partition.current | data source |
| aws_region.current | data source |
| aws_subnet.this | data source |
| Name | Description |
|---|---|
| cloudwatch_logs | Map of CloudWatch log groups created and their attributes |
| domain_arn | The Amazon Resource Name (ARN) of the domain |
| domain_dashboard_endpoint | Domain-specific endpoint for Dashboard without https scheme |
| domain_endpoint | Domain-specific endpoint used to submit index, search, and data upload requests |
| domain_id | The unique identifier for the domain |
| master_user_name | The master user name for the AWS OpenSearch domain. |
| master_user_password | The master user password for the AWS OpenSearch domain. |
| outbound_connections | Map of outbound connections created and their attributes |
| package_associations | Map of package associations created and their attributes |
| security_group_arn | Amazon Resource Name (ARN) of the security group |
| security_group_id | ID of the security group |
| vpc_endpoints | Map of VPC endpoints created and their attributes |
Since 2016 opsZero has been providing Kubernetes expertise to companies of all sizes on any Cloud. With a focus on AI and Compliance we can say we seen it all whether SOC2, HIPAA, PCI-DSS, ITAR, FedRAMP, CMMC we have you and your customers covered.
We provide support to organizations in the following ways:
- Modernize or Migrate to Kubernetes
- Cloud Infrastructure with Kubernetes on AWS, Azure, Google Cloud, or Bare Metal
- Building AI and Data Pipelines on Kubernetes
- Optimizing Existing Kubernetes Workloads
We do this with a high-touch support model where you:
- Get access to us on Slack, Microsoft Teams or Email
- Get 24/7 coverage of your infrastructure
- Get an accelerated migration to Kubernetes
Please schedule a call if you need support.
