From 36e20591d6f1ca12aa0c458782642a5b87356599 Mon Sep 17 00:00:00 2001 From: Julieta Aghamyan Date: Mon, 2 Oct 2023 16:09:10 +0400 Subject: [PATCH] feat(DMVP-elasticsearch): enable encryption --- modules/elastic-search/README.md | 1 + modules/elastic-search/main.tf | 2 +- modules/elastic-search/tests/basic/1-example.tf | 11 ++++++----- modules/elastic-search/variables.tf | 6 ++++++ 4 files changed, 14 insertions(+), 6 deletions(-) diff --git a/modules/elastic-search/README.md b/modules/elastic-search/README.md index 08cfb5ec..25bcea90 100644 --- a/modules/elastic-search/README.md +++ b/modules/elastic-search/README.md @@ -55,6 +55,7 @@ module "elastic-search" { | [create\_random\_master\_password](#input\_create\_random\_master\_password) | Whether to create random master password for Elasticsearch master user | `bool` | `false` | no | | [create\_service\_link\_role](#input\_create\_service\_link\_role) | Create service link role for AWS Elasticsearch Service | `bool` | `true` | no | | [dedicated\_master\_enabled](#input\_dedicated\_master\_enabled) | Have dedicated master or not for ES | `bool` | `false` | no | +| [domain\_endpoint\_options\_enforce\_https](#input\_domain\_endpoint\_options\_enforce\_https) | Whether or not to require HTTPS | `bool` | `false` | no | | [domain\_name](#input\_domain\_name) | The domain name of ES | `string` | n/a | yes | | [ebs\_options\_ebs\_enabled](#input\_ebs\_options\_ebs\_enabled) | Whether enable EBS for ES | `bool` | `true` | no | | [ebs\_options\_volume\_size](#input\_ebs\_options\_volume\_size) | Storage volume size in GB | `number` | `10` | no | diff --git a/modules/elastic-search/main.tf b/modules/elastic-search/main.tf index 981c949a..8e97a87a 100644 --- a/modules/elastic-search/main.tf +++ b/modules/elastic-search/main.tf @@ -48,7 +48,7 @@ module "elastic_search" { advanced_security_options_master_user_password = var.master_user_password advanced_security_options_create_random_master_password = var.create_random_master_password advanced_security_options_random_master_password_length = var.random_master_password_length - + domain_endpoint_options_enforce_https = var.domain_endpoint_options_enforce_https } diff --git a/modules/elastic-search/tests/basic/1-example.tf b/modules/elastic-search/tests/basic/1-example.tf index 0f73feac..54ec99dd 100644 --- a/modules/elastic-search/tests/basic/1-example.tf +++ b/modules/elastic-search/tests/basic/1-example.tf @@ -7,10 +7,11 @@ module "this" { vpc_options_security_group_whitelist_cidr = ["10.16.0.0/16"] ebs_options_volume_size = 10 - encrypt_at_rest_enabled = true - advanced_security_options_enabled = true - internal_user_database_enabled = true - master_user_username = "admin" - create_random_master_password = true + encrypt_at_rest_enabled = true + advanced_security_options_enabled = true + internal_user_database_enabled = true + master_user_username = "admin" + create_random_master_password = true + domain_endpoint_options_enforce_https = true // Or you can use master_user_password variable } diff --git a/modules/elastic-search/variables.tf b/modules/elastic-search/variables.tf index 6963a768..04225e0a 100644 --- a/modules/elastic-search/variables.tf +++ b/modules/elastic-search/variables.tf @@ -129,6 +129,12 @@ variable "master_user_arn" { default = null } +variable "domain_endpoint_options_enforce_https" { + description = "Whether or not to require HTTPS" + type = bool + default = false +} + variable "master_user_username" { description = "The master user's username, which is stored in the Amazon Elasticsearch Service domain's internal database. Only specify if `internal_user_database_enabled` is set to `true`." type = string