From cd699941e1f08a98693bf6e6215d51b8cf0baf34 Mon Sep 17 00:00:00 2001 From: magreenbaum Date: Wed, 12 Nov 2025 20:51:24 -0700 Subject: [PATCH 1/3] support identity_center_options --- README.md | 5 +++-- examples/collection/README.md | 4 ++-- examples/collection/versions.tf | 2 +- examples/complete/README.md | 4 ++-- examples/complete/versions.tf | 2 +- main.tf | 11 +++++++++++ modules/collection/README.md | 4 ++-- modules/collection/versions.tf | 2 +- variables.tf | 11 +++++++++++ versions.tf | 2 +- wrappers/collection/versions.tf | 2 +- wrappers/main.tf | 5 +++-- wrappers/versions.tf | 2 +- 13 files changed, 40 insertions(+), 16 deletions(-) diff --git a/README.md b/README.md index b0d1eee..d2edc4d 100644 --- a/README.md +++ b/README.md @@ -144,13 +144,13 @@ Examples codified under the [`examples`](https://github.com/terraform-aws-module | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.5.7 | -| [aws](#requirement\_aws) | >= 6.15 | +| [aws](#requirement\_aws) | >= 6.20 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 6.15 | +| [aws](#provider\_aws) | >= 6.20 | ## Modules @@ -210,6 +210,7 @@ No modules. | [enable\_access\_policy](#input\_enable\_access\_policy) | Determines whether an access policy will be applied to the domain | `bool` | `true` | no | | [encrypt\_at\_rest](#input\_encrypt\_at\_rest) | Configuration block for encrypting at rest | `any` | 
{
  "enabled": true
}
| no | | [engine\_version](#input\_engine\_version) | Version of the OpenSearch engine to use. Must follow format 'OpenSearch\_X.Y' (e.g., 'OpenSearch\_2.11') | `string` | `null` | no | +| [identity\_center\_options](#input\_identity\_center\_options) | Configuration block for enabling and managing IAM Identity Center integration within a domain. | 
object({
    enabled_api_access           = optional(bool)
    identity_center_instance_arn = optional(string)
    roles_key                    = optional(string)
    subject_key                  = optional(string)
  })
| `null` | no | | [ip\_address\_type](#input\_ip\_address\_type) | The IP address type for the endpoint. Valid values are ipv4 and dualstack | `string` | `null` | no | | [log\_publishing\_options](#input\_log\_publishing\_options) | Configuration block for publishing slow and application logs to CloudWatch Logs. This block can be declared multiple times, for each log\_type, within the same resource | `any` | 
[
  {
    "log_type": "INDEX_SLOW_LOGS"
  },
  {
    "log_type": "SEARCH_SLOW_LOGS"
  }
]
| no | | [node\_to\_node\_encryption](#input\_node\_to\_node\_encryption) | Configuration block for node-to-node encryption options | `any` | 
{
  "enabled": true
}
| no | diff --git a/examples/collection/README.md b/examples/collection/README.md index f8faae5..2ae9bf6 100644 --- a/examples/collection/README.md +++ b/examples/collection/README.md @@ -20,13 +20,13 @@ Note that this example may create resources which will incur monetary charges on | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.5.7 | -| [aws](#requirement\_aws) | >= 6.15 | +| [aws](#requirement\_aws) | >= 6.20 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 6.15 | +| [aws](#provider\_aws) | >= 6.20 | ## Modules diff --git a/examples/collection/versions.tf b/examples/collection/versions.tf index e1ac31c..d39a842 100644 --- a/examples/collection/versions.tf +++ b/examples/collection/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 6.15" + version = ">= 6.20" } } } diff --git a/examples/complete/README.md b/examples/complete/README.md index 2b33bc3..7e5ff1f 100644 --- a/examples/complete/README.md +++ b/examples/complete/README.md @@ -26,13 +26,13 @@ Note that this example may create resources which will incur monetary charges on | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.5.7 | -| [aws](#requirement\_aws) | >= 6.15 | +| [aws](#requirement\_aws) | >= 6.20 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 6.15 | +| [aws](#provider\_aws) | >= 6.20 | ## Modules diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf index e1ac31c..d39a842 100644 --- a/examples/complete/versions.tf +++ b/examples/complete/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 6.15" + version = ">= 6.20" } } } diff --git a/main.tf b/main.tf index 963e007..4e783da 100644 --- a/main.tf +++ b/main.tf @@ -209,6 +209,17 @@ resource "aws_opensearch_domain" "this" { engine_version = var.engine_version ip_address_type = var.ip_address_type + dynamic "identity_center_options" { + for_each = var.identity_center_options != null ? [var.identity_center_options] : [] + + content { + enabled_api_access = identity_center_options.value.enabled_api_access + identity_center_instance_arn = identity_center_options.value.identity_center_instance_arn + roles_key = identity_center_options.value.roles_key + subject_key = identity_center_options.value.subject_key + } + } + dynamic "log_publishing_options" { for_each = { for opt in var.log_publishing_options : opt.log_type => opt } diff --git a/modules/collection/README.md b/modules/collection/README.md index 77c1379..939d7b8 100644 --- a/modules/collection/README.md +++ b/modules/collection/README.md @@ -42,13 +42,13 @@ Examples codified under the [`examples`](https://github.com/terraform-aws-module | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.5.7 | -| [aws](#requirement\_aws) | >= 6.15 | +| [aws](#requirement\_aws) | >= 6.20 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 6.15 | +| [aws](#provider\_aws) | >= 6.20 | ## Modules diff --git a/modules/collection/versions.tf b/modules/collection/versions.tf index e1ac31c..d39a842 100644 --- a/modules/collection/versions.tf +++ b/modules/collection/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 6.15" + version = ">= 6.20" } } } diff --git a/variables.tf b/variables.tf index 3471c80..dbc0ba8 100644 --- a/variables.tf +++ b/variables.tf @@ -124,6 +124,17 @@ variable "ip_address_type" { default = null } +variable "identity_center_options" { + description = "Configuration block for enabling and managing IAM Identity Center integration within a domain. " + type = object({ + enabled_api_access = optional(bool) + identity_center_instance_arn = optional(string) + roles_key = optional(string) + subject_key = optional(string) + }) + default = null +} + variable "log_publishing_options" { description = "Configuration block for publishing slow and application logs to CloudWatch Logs. This block can be declared multiple times, for each log_type, within the same resource" type = any diff --git a/versions.tf b/versions.tf index e1ac31c..d39a842 100644 --- a/versions.tf +++ b/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 6.15" + version = ">= 6.20" } } } diff --git a/wrappers/collection/versions.tf b/wrappers/collection/versions.tf index e1ac31c..d39a842 100644 --- a/wrappers/collection/versions.tf +++ b/wrappers/collection/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 6.15" + version = ">= 6.20" } } } diff --git a/wrappers/main.tf b/wrappers/main.tf index 0f01f9f..b293c87 100644 --- a/wrappers/main.tf +++ b/wrappers/main.tf @@ -46,8 +46,9 @@ module "wrapper" { encrypt_at_rest = try(each.value.encrypt_at_rest, var.defaults.encrypt_at_rest, { enabled = true }) - engine_version = try(each.value.engine_version, var.defaults.engine_version, null) - ip_address_type = try(each.value.ip_address_type, var.defaults.ip_address_type, null) + engine_version = try(each.value.engine_version, var.defaults.engine_version, null) + identity_center_options = try(each.value.identity_center_options, var.defaults.identity_center_options, null) + ip_address_type = try(each.value.ip_address_type, var.defaults.ip_address_type, null) log_publishing_options = try(each.value.log_publishing_options, var.defaults.log_publishing_options, [ { log_type = "INDEX_SLOW_LOGS" }, { log_type = "SEARCH_SLOW_LOGS" }, diff --git a/wrappers/versions.tf b/wrappers/versions.tf index e1ac31c..d39a842 100644 --- a/wrappers/versions.tf +++ b/wrappers/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 6.15" + version = ">= 6.20" } } } From ba4cb4c91b7050b58fa4bb5814c1162dcfbb4bab Mon Sep 17 00:00:00 2001 From: magreenbaum Date: Sat, 15 Nov 2025 21:54:29 -0700 Subject: [PATCH 2/3] spacing --- variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/variables.tf b/variables.tf index dbc0ba8..f51f999 100644 --- a/variables.tf +++ b/variables.tf @@ -125,7 +125,7 @@ variable "ip_address_type" { } variable "identity_center_options" { - description = "Configuration block for enabling and managing IAM Identity Center integration within a domain. " + description = "Configuration block for enabling and managing IAM Identity Center integration within a domain" type = object({ enabled_api_access = optional(bool) identity_center_instance_arn = optional(string) From 6423994411b3ae36e501422c60a38b27fac09a2e Mon Sep 17 00:00:00 2001 From: magreenbaum Date: Sat, 15 Nov 2025 22:15:35 -0700 Subject: [PATCH 3/3] readme --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index d2edc4d..068ddb3 100644 --- a/README.md +++ b/README.md @@ -210,7 +210,7 @@ No modules. | [enable\_access\_policy](#input\_enable\_access\_policy) | Determines whether an access policy will be applied to the domain | `bool` | `true` | no | | [encrypt\_at\_rest](#input\_encrypt\_at\_rest) | Configuration block for encrypting at rest | `any` | 
{
  "enabled": true
}
| no | | [engine\_version](#input\_engine\_version) | Version of the OpenSearch engine to use. Must follow format 'OpenSearch\_X.Y' (e.g., 'OpenSearch\_2.11') | `string` | `null` | no | -| [identity\_center\_options](#input\_identity\_center\_options) | Configuration block for enabling and managing IAM Identity Center integration within a domain. | 
object({
    enabled_api_access           = optional(bool)
    identity_center_instance_arn = optional(string)
    roles_key                    = optional(string)
    subject_key                  = optional(string)
  })
| `null` | no | +| [identity\_center\_options](#input\_identity\_center\_options) | Configuration block for enabling and managing IAM Identity Center integration within a domain | 
object({
    enabled_api_access           = optional(bool)
    identity_center_instance_arn = optional(string)
    roles_key                    = optional(string)
    subject_key                  = optional(string)
  })
| `null` | no | | [ip\_address\_type](#input\_ip\_address\_type) | The IP address type for the endpoint. Valid values are ipv4 and dualstack | `string` | `null` | no | | [log\_publishing\_options](#input\_log\_publishing\_options) | Configuration block for publishing slow and application logs to CloudWatch Logs. This block can be declared multiple times, for each log\_type, within the same resource | `any` | 
[
  {
    "log_type": "INDEX_SLOW_LOGS"
  },
  {
    "log_type": "SEARCH_SLOW_LOGS"
  }
]
| no | | [node\_to\_node\_encryption](#input\_node\_to\_node\_encryption) | Configuration block for node-to-node encryption options | `any` | 
{
  "enabled": true
}
| no |