Git Product home page Git Product logo

opensearch's Introduction

AWS OpenSearch Terraform Module

Terraform module to provision an OpenSearch cluster with SAML authentication.

Prerequisites

Features

Usage

This example is using Azure AD as SAML identity provider.

locals {
  cluster_name      = "opensearch"
  cluster_domain    = "example.com"
  saml_entity_id    = "https://sts.windows.net/XXX-XXX-XXX-XXX-XXX/"
  saml_metadata_url = "https://login.microsoftonline.com/XXX-XXX-XXX-XXX-XXX/federationmetadata/2007-06/federationmetadata.xml?appid=YYY-YYY-YYY-YYY-YYY"
}

data "aws_region" "current" {}

data "http" "saml_metadata" {
  url = local.saml_metadata_url
}

provider "elasticsearch" {
  url                   = "https://${local.cluster_name}.${local.cluster_domain}"
  aws_region            = data.aws_region.current.name
  elasticsearch_version = "7.10.2"
  healthcheck           = false
}

module "opensearch" {
  source = "idealo/opensearch/aws"

  cluster_name    = local.cluster_name
  cluster_domain  = local.cluster_domain
  cluster_version = "1.0"

  saml_entity_id        = local.saml_entity_id
  saml_metadata_content = data.http.saml_metadata.body

  indices = {
    example-index = {
      number_of_shards   = 2
      number_of_replicas = 1
    }
  }
}

Examples

Here is a working example of using this Terraform module:

  • Complete - Create an AWS OpenSearch cluster with all necessary resources.

Requirements

Name Version
terraform >= 1.0.0
aws >= 3.65
elasticsearch >= 1.6.0

Modules

Name Source Version
acm terraform-aws-modules/acm/aws ~> 3.2.0

Resources

Name Type
aws_elasticsearch_domain.opensearch resource
aws_elasticsearch_domain_saml_options.opensearch resource
aws_iam_service_linked_role.es resource
aws_route53_record.opensearch resource
elasticsearch_index.index resource
elasticsearch_index_template.index_template resource
elasticsearch_opendistro_ism_policy.ism_policy resource
elasticsearch_opendistro_role.role resource
elasticsearch_opendistro_roles_mapping.master_user_arn resource
elasticsearch_opendistro_roles_mapping.role_mapping resource
aws_caller_identity.current data source
aws_iam_policy_document.access_policy data source
aws_region.current data source
aws_route53_zone.opensearch data source

Inputs

Name Description Type Default Required
availability_zones The number of availability zones for the OpenSearch cluster. Valid values: 1, 2 or 3. number 3 no
cluster_domain The hosted zone name of the OpenSearch cluster. string n/a yes
cluster_name The name of the OpenSearch cluster. string "opensearch" no
cluster_version The version of OpenSearch to deploy. string "1.0" no
create_service_role Indicates whether to create the service-linked role. See https://docs.aws.amazon.com/opensearch-service/latest/developerguide/slr.html bool true no
encrypt_kms_key_id The KMS key ID to encrypt the OpenSearch cluster with. If not specified, then it defaults to using the AWS OpenSearch Service KMS key. string "" no
hot_instance_count The number of dedicated hot nodes in the cluster. number 3 no
hot_instance_type The type of EC2 instances to run for each hot node. A list of available instance types can you find at https://aws.amazon.com/en/opensearch-service/pricing/#On-Demand_instance_pricing string "r6gd.4xlarge.elasticsearch" no
index_files A set of all index files to create. set(string) [] no
index_template_files A set of all index template files to create. set(string) [] no
index_templates A map of all index templates to create. map(any) {} no
indices A map of all indices to create. map(any) {} no
ism_policies A map of all ISM policies to create. map(any) {} no
ism_policy_files A set of all ISM policy files to create. set(string) [] no
master_instance_count The number of dedicated master nodes in the cluster. number 3 no
master_instance_enabled Indicates whether dedicated master nodes are enabled for the cluster. bool true no
master_instance_type The type of EC2 instances to run for each master node. A list of available instance types can you find at https://aws.amazon.com/en/opensearch-service/pricing/#On-Demand_instance_pricing string "r6gd.large.elasticsearch" no
master_user_arn The ARN for the master user of the cluster. If not specified, then it defaults to using the IAM user that is making the request. string "" no
role_files A set of all role files to create. set(string) [] no
role_mapping_files A set of all role mapping files to create. set(string) [] no
role_mappings A map of all role mappings to create. map(any) {} no
roles A map of all roles to create. map(any) {} no
saml_entity_id The unique Entity ID of the application in SAML Identity Provider. string n/a yes
saml_metadata_content The metadata of the SAML application in xml format. string n/a yes
saml_roles_key Element of the SAML assertion to use for backend roles. string "http://schemas.microsoft.com/ws/2008/06/identity/claims/role" no
saml_session_timeout Duration of a session in minutes after a user logs in. Default is 60. Maximum value is 1,440. number 60 no
saml_subject_key Element of the SAML assertion to use for username. string "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" no
tags A map of tags to add to all resources. map(string) {} no
warm_instance_count The number of dedicated warm nodes in the cluster. number 3 no
warm_instance_enabled Indicates whether ultrawarm nodes are enabled for the cluster. bool true no
warm_instance_type The type of EC2 instances to run for each warm node. A list of available instance types can you find at https://aws.amazon.com/en/elasticsearch-service/pricing/#UltraWarm_pricing string "ultrawarm1.large.elasticsearch" no

Outputs

Name Description
cluster_endpoint The endpoint URL of the OpenSearch cluster.
cluster_name The name of the OpenSearch cluster.
cluster_version The version of the OpenSearch cluster.
kibana_endpoint The endpoint URL of Kibana.

License

Apache 2 Licensed. See LICENSE for full details.

opensearch's People

Contributors

daniaernest avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.