This module is used to created an AWS Elasticsearch Domain per environment (workspace).
A default read and write policy are created and the ARN of each is outputted. When possible, create more restrictive policies (per index) for security.
IAM roles and users are not created by this module like many other similar modules. All IAM access should be assigned to users (separately outside of the module), not via the ES domain.
Note: Name must start with a lowercase alphabet and be at least 3 and no more than 28 characters long. Valid characters are a-z (lowercase letters), 0-9, and - (hyphen).
| Name | Source | Version |
|---|---|---|
| label | github.com/mitlibraries/tf-mod-name | 0.13 |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| advanced_options | Key-value string pairs to specify advanced configuration options | map | <map> |
no |
| dedicated_master_type | ES instance type to be used for dedicated masters (default same as instance_type) | string | false |
no |
| ebs_volume_size | Optionally use EBS volumes for data storage by specifying volume size in GB (default 10) | string | 10 |
no |
| ebs_volume_type | Storage type of EBS volumes, if used (default gp2) | string | gp2 |
no |
| encrypt_at_rest | Enable encrption at rest (only specific instance family types support it: m4, c4, r4, i2, i3 default: false) | string | false |
no |
| es_version | Version of Elasticsearch to deploy (default 6.3) | string | 6.3 |
no |
| es_zone_awareness | Enable zone awareness for Elasticsearch cluster (default false) | string | false |
no |
| instance_count | Number of data nodes in the cluster (default 3) | string | 3 |
no |
| instance_type | ES instance type for data nodes in the cluster (default t2.small.elasticsearch) | string | t2.small.elasticsearch |
no |
| kms_key_id | KMS key used for elasticsearch | string | `` | no |
| log_publishing_application_enabled | Specifies whether log publishing option for ES_APPLICATION_LOGS is enabled or not | string | false |
no |
| log_publishing_index_enabled | Specifies whether log publishing option for INDEX_SLOW_LOGS is enabled or not | string | false |
no |
| log_publishing_search_enabled | Specifies whether log publishing option for SEARCH_SLOW_LOGS is enabled or not | string | false |
no |
| name | Solution name, e.g. 'app' or 'jenkins' | string | app |
no |
| node_to_node_encryption_enabled | Whether to enable node-to-node encryption | string | true |
no |
| snapshot_start_hour | Hour at which automated snapshots are taken, in UTC (default 0) | string | 0 |
no |
| tags | tags to apply to all resources | map | <map> |
no |
| Name | Description |
|---|---|
| arn | Amazon Resource Name (ARN) of the domain |
| domain_hostname | Elasticsearch domain hostname to submit index, search, and data upload requests |
| domain_id | Unique identifier for the domain |
| domain_name | Domain name of cluster |
| endpoint | Domain-specific endpoint used to submit index, search, and data upload requests |
| read_policy_arn | Default domain read only policy ARN |
| write_policy_arn | Default domain write policy ARN |