Terraform Module for OpenSearch

Providers

Name	Version
aws	>= 5

Requirements

Name	Version
terraform	>= 1.0
aws	>= 5

Required Inputs

The following input variables are required:

cluster_domain

Description: The hosted zone name of the OpenSearch cluster.

Type: string

Optional Inputs

The following input variables are optional (have default values):

cluster_name

Description: The name of the OpenSearch cluster.

Type: string

Default: "opensearch"

cluster_version

Description: The version of OpenSearch to deploy.

Type: string

Default: "1.0"

cluster_domain_private

Description: Indicates whether to create records in a private (true) or public (false) zone

Type: bool

Default: false

create_service_role

Description: Indicates whether to create the service-linked role. See https://docs.aws.amazon.com/opensearch-service/latest/developerguide/slr.html

Type: bool

Default: true

master_user_name

Description: The master user of the cluster.

Type: string

Default: ""

master_user_password

Description: The master password of the cluster.

Type: string

Default: ""

master_instance_enabled

Description: Indicates whether dedicated master nodes are enabled for the cluster.

Type: bool

Default: true

master_instance_type

Description: The type of EC2 instances to run for each master node. A list of available instance types can you find at https://aws.amazon.com/en/opensearch-service/pricing/#On-Demand_instance_pricing

Type: string

Default: "r6gd.large.search"

master_instance_count

Description: The number of dedicated master nodes in the cluster.

Type: number

Default: 3

hot_instance_type

Description: The type of EC2 instances to run for each hot node. A list of available instance types can you find at https://aws.amazon.com/en/opensearch-service/pricing/#On-Demand_instance_pricing

Type: string

Default: "r6gd.4xlarge.search"

hot_instance_count

Description: The number of dedicated hot nodes in the cluster.

Type: number

Default: 3

warm_instance_enabled

Description: Indicates whether ultrawarm nodes are enabled for the cluster.

Type: bool

Default: true

warm_instance_type

Description: The type of EC2 instances to run for each warm node. A list of available instance types can you find at https://aws.amazon.com/en/elasticsearch-service/pricing/#UltraWarm_pricing

Type: string

Default: "ultrawarm1.large.search"

warm_instance_count

Description: The number of dedicated warm nodes in the cluster.

Type: number

Default: 3

availability_zones

Description: The number of availability zones for the OpenSearch cluster. Valid values: 1, 2 or 3.

Type: number

Default: 3

ebs_enabled

Description: Indicates whether attach EBS volumes to the data nodes.

Type: bool

Default: false

ebs_volume_size

Description: The size of EBS volumes attached to data nodes (in GiB).

Type: number

Default: 10

ebs_volume_type

Description: The type of EBS volumes attached to data nodes.

Type: string

Default: "gp3"

ebs_throughput

Description: The throughput (in MiB/s) of the EBS volumes attached to data nodes. Valid values are between 125 and 1000.

Type: number

Default: 125

ebs_iops

Description: The baseline input/output (I/O) performance of EBS volumes attached to data nodes.

Type: number

Default: 3000

encrypt_kms_key_id

Description: The KMS key ID to encrypt the OpenSearch cluster with. If not specified, then it defaults to using the AWS OpenSearch Service KMS key.

Type: string

Default: ""

saml_enabled

Description: Indicates whether to configure SAML for the OpenSearch dashboard.

Type: bool

Default: true

saml_subject_key

Description: Element of the SAML assertion to use for username.

Type: string

Default: ""

saml_roles_key

Description: Element of the SAML assertion to use for backend roles.

Type: string

Default: ""

saml_entity_id

Description: The unique Entity ID of the application in SAML Identity Provider.

Type: string

Default: ""

saml_metadata_content

Description: The metadata of the SAML application in xml format.

Type: string

Default: ""

saml_session_timeout

Description: Duration of a session in minutes after a user logs in. Default is 60. Maximum value is 1,440.

Type: number

Default: 60

saml_master_backend_role

Description: This backend role receives full permissions to the cluster, equivalent to a new master role, but can only use those permissions within Dashboards.

Type: string

Default: null

saml_master_user_name

Description: This username receives full permissions to the cluster, equivalent to a new master user, but can only use those permissions within Dashboards.

Type: string

Default: null

tags

Description: A map of tags to add to all resources.

Type: map(string)

Default: {}

custom_endpoint

Description: Fully qualified domain for your custom endpoint. If not specified, then it defaults to <cluster_name>.<cluster_domain>

Type: string

Default: null

custom_endpoint_certificate_arn

Description: The ARN of the custom ACM certificate.

Type: string

Default: ""

advanced_options

Description: Key-value string pairs to specify advanced configuration options.

Type: map(string)

Default: {}

advanced_security_options_enabled

Description: Whether advanced security is enabled.

Type: bool

Default: true

advanced_security_options_internal_user_database_enabled

Description: Whether to enable or not internal Kibana user database for ELK OpenDistro security plugin

Type: bool

Default: true

access_policies

Description: IAM policy document specifying the access policies for the domain.

Type: string

Default: null

Outputs

Name	Description
cluster_endpoint	The endpoint URL of the OpenSearch cluster.
cluster_name	The name of the OpenSearch cluster.
cluster_version	The version of the OpenSearch cluster.
kibana_endpoint	The endpoint URL of the OpenSearch dashboards.

License

MIT License

Copyright (c) 2022 Flaconi GmbH