feat(DMVP-elasticsearch): enable encryption

dasmeta · Oct 2, 2023 · 36e2059 · 36e2059
1 parent ea637fe
commit 36e2059
Show file tree

Hide file tree

Showing 4 changed files with 14 additions and 6 deletions.
diff --git a/modules/elastic-search/README.md b/modules/elastic-search/README.md
@@ -55,6 +55,7 @@ module "elastic-search" {
 | <a name="input_create_random_master_password"></a> [create\_random\_master\_password](#input\_create\_random\_master\_password) | Whether to create random master password for Elasticsearch master user | `bool` | `false` | no |
 | <a name="input_create_service_link_role"></a> [create\_service\_link\_role](#input\_create\_service\_link\_role) | Create service link role for AWS Elasticsearch Service | `bool` | `true` | no |
 | <a name="input_dedicated_master_enabled"></a> [dedicated\_master\_enabled](#input\_dedicated\_master\_enabled) | Have dedicated master or not for ES | `bool` | `false` | no |
+| <a name="input_domain_endpoint_options_enforce_https"></a> [domain\_endpoint\_options\_enforce\_https](#input\_domain\_endpoint\_options\_enforce\_https) | Whether or not to require HTTPS | `bool` | `false` | no |
 | <a name="input_domain_name"></a> [domain\_name](#input\_domain\_name) | The domain name of ES | `string` | n/a | yes |
 | <a name="input_ebs_options_ebs_enabled"></a> [ebs\_options\_ebs\_enabled](#input\_ebs\_options\_ebs\_enabled) | Whether enable EBS for ES | `bool` | `true` | no |
 | <a name="input_ebs_options_volume_size"></a> [ebs\_options\_volume\_size](#input\_ebs\_options\_volume\_size) | Storage volume size in GB | `number` | `10` | no |

diff --git a/modules/elastic-search/main.tf b/modules/elastic-search/main.tf
@@ -48,7 +48,7 @@ module "elastic_search" {
   advanced_security_options_master_user_password           = var.master_user_password
   advanced_security_options_create_random_master_password  = var.create_random_master_password
   advanced_security_options_random_master_password_length  = var.random_master_password_length
-
+  domain_endpoint_options_enforce_https                    = var.domain_endpoint_options_enforce_https
 }
 
 

diff --git a/modules/elastic-search/tests/basic/1-example.tf b/modules/elastic-search/tests/basic/1-example.tf
@@ -7,10 +7,11 @@ module "this" {
   vpc_options_security_group_whitelist_cidr = ["10.16.0.0/16"]
   ebs_options_volume_size                   = 10
 
-  encrypt_at_rest_enabled           = true
-  advanced_security_options_enabled = true
-  internal_user_database_enabled    = true
-  master_user_username              = "admin"
-  create_random_master_password     = true
+  encrypt_at_rest_enabled               = true
+  advanced_security_options_enabled     = true
+  internal_user_database_enabled        = true
+  master_user_username                  = "admin"
+  create_random_master_password         = true
+  domain_endpoint_options_enforce_https = true
   // Or you can use master_user_password variable
 }
diff --git a/modules/elastic-search/variables.tf b/modules/elastic-search/variables.tf
@@ -129,6 +129,12 @@ variable "master_user_arn" {
   default     = null
 }
 
+variable "domain_endpoint_options_enforce_https" {
+  description = "Whether or not to require HTTPS"
+  type        = bool
+  default     = false
+}
+
 variable "master_user_username" {
   description = "The master user's username, which is stored in the Amazon Elasticsearch Service domain's internal database. Only specify if `internal_user_database_enabled` is set to `true`."
   type        = string