feat(DMVP-elasticsearch): enable encryption

dasmeta · Oct 2, 2023 · ea637fe · ea637fe
1 parent e87f716
commit ea637fe
Show file tree

Hide file tree

Showing 4 changed files with 24 additions and 24 deletions.
diff --git a/modules/elastic-search/README.md b/modules/elastic-search/README.md
@@ -50,14 +50,9 @@ module "elastic-search" {
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_access_policies"></a> [access\_policies](#input\_access\_policies) | Custom access policies, if not provided one being generated automatically | `string` | `""` | no |
-| <a name="input_advanced_security_options_create_random_master_password"></a> [advanced\_security\_options\_create\_random\_master\_password](#input\_advanced\_security\_options\_create\_random\_master\_password) | Whether to create random master password for Elasticsearch master user | `bool` | `false` | no |
 | <a name="input_advanced_security_options_enabled"></a> [advanced\_security\_options\_enabled](#input\_advanced\_security\_options\_enabled) | Whether advanced security is enabled (Forces new resource) | `bool` | `false` | no |
-| <a name="input_advanced_security_options_internal_user_database_enabled"></a> [advanced\_security\_options\_internal\_user\_database\_enabled](#input\_advanced\_security\_options\_internal\_user\_database\_enabled) | Whether the internal user database is enabled. If not set, defaults to false by the AWS API. | `bool` | `false` | no |
-| <a name="input_advanced_security_options_master_user_arn"></a> [advanced\_security\_options\_master\_user\_arn](#input\_advanced\_security\_options\_master\_user\_arn) | ARN for the master user. Only specify if `internal_user_database_enabled` is not set or set to `false`) | `string` | `null` | no |
-| <a name="input_advanced_security_options_master_user_password"></a> [advanced\_security\_options\_master\_user\_password](#input\_advanced\_security\_options\_master\_user\_password) | The master user's password, which is stored in the Amazon Elasticsearch Service domain's internal database. Only specify if `internal_user_database_enabled` is set to `true`. | `string` | `null` | no |
-| <a name="input_advanced_security_options_master_user_username"></a> [advanced\_security\_options\_master\_user\_username](#input\_advanced\_security\_options\_master\_user\_username) | The master user's username, which is stored in the Amazon Elasticsearch Service domain's internal database. Only specify if `internal_user_database_enabled` is set to `true`. | `string` | `null` | no |
-| <a name="input_advanced_security_options_random_master_password_length"></a> [advanced\_security\_options\_random\_master\_password\_length](#input\_advanced\_security\_options\_random\_master\_password\_length) | Length of random master password to create | `number` | `16` | no |
 | <a name="input_availability_zone_count"></a> [availability\_zone\_count](#input\_availability\_zone\_count) | The number of availability zones of ES | `number` | `2` | no |
+| <a name="input_create_random_master_password"></a> [create\_random\_master\_password](#input\_create\_random\_master\_password) | Whether to create random master password for Elasticsearch master user | `bool` | `false` | no |
 | <a name="input_create_service_link_role"></a> [create\_service\_link\_role](#input\_create\_service\_link\_role) | Create service link role for AWS Elasticsearch Service | `bool` | `true` | no |
 | <a name="input_dedicated_master_enabled"></a> [dedicated\_master\_enabled](#input\_dedicated\_master\_enabled) | Have dedicated master or not for ES | `bool` | `false` | no |
 | <a name="input_domain_name"></a> [domain\_name](#input\_domain\_name) | The domain name of ES | `string` | n/a | yes |
@@ -68,7 +63,12 @@ module "elastic-search" {
 | <a name="input_es_version"></a> [es\_version](#input\_es\_version) | The version of ES | `string` | `"7.1"` | no |
 | <a name="input_instance_count"></a> [instance\_count](#input\_instance\_count) | The number of ES node instances | `number` | `2` | no |
 | <a name="input_instance_type"></a> [instance\_type](#input\_instance\_type) | The node instance types of ES | `string` | `"t3.small.elasticsearch"` | no |
+| <a name="input_internal_user_database_enabled"></a> [internal\_user\_database\_enabled](#input\_internal\_user\_database\_enabled) | Whether the internal user database is enabled. If not set, defaults to false by the AWS API. | `bool` | `false` | no |
+| <a name="input_master_user_arn"></a> [master\_user\_arn](#input\_master\_user\_arn) | ARN for the master user. Only specify if `internal_user_database_enabled` is not set or set to `false`) | `string` | `null` | no |
+| <a name="input_master_user_password"></a> [master\_user\_password](#input\_master\_user\_password) | The master user's password, which is stored in the Amazon Elasticsearch Service domain's internal database. Only specify if `internal_user_database_enabled` is set to `true`. | `string` | `null` | no |
+| <a name="input_master_user_username"></a> [master\_user\_username](#input\_master\_user\_username) | The master user's username, which is stored in the Amazon Elasticsearch Service domain's internal database. Only specify if `internal_user_database_enabled` is set to `true`. | `string` | `null` | no |
 | <a name="input_node_to_node_encryption_enabled"></a> [node\_to\_node\_encryption\_enabled](#input\_node\_to\_node\_encryption\_enabled) | Whether to enable node to node encryption | `bool` | `true` | no |
+| <a name="input_random_master_password_length"></a> [random\_master\_password\_length](#input\_random\_master\_password\_length) | Length of random master password to create | `number` | `16` | no |
 | <a name="input_snapshot_options_automated_snapshot_start_hour"></a> [snapshot\_options\_automated\_snapshot\_start\_hour](#input\_snapshot\_options\_automated\_snapshot\_start\_hour) | The amount of ours to wait to snapshot of ES db | `number` | `0` | no |
 | <a name="input_timeouts_update"></a> [timeouts\_update](#input\_timeouts\_update) | The timeout update of ES | `string` | `null` | no |
 | <a name="input_vpc_options_security_group_whitelist_cidr"></a> [vpc\_options\_security\_group\_whitelist\_cidr](#input\_vpc\_options\_security\_group\_whitelist\_cidr) | The list of security group cidr blocks to whitelist in ingress | `list(string)` | <pre>[<br>  "0.0.0.0/0"<br>]</pre> | no |

diff --git a/modules/elastic-search/main.tf b/modules/elastic-search/main.tf
@@ -42,12 +42,12 @@ module "elastic_search" {
 
 
   advanced_security_options_enabled                        = var.advanced_security_options_enabled
-  advanced_security_options_internal_user_database_enabled = var.advanced_security_options_internal_user_database_enabled
-  advanced_security_options_master_user_arn                = var.advanced_security_options_master_user_arn
-  advanced_security_options_master_user_username           = var.advanced_security_options_master_user_username
-  advanced_security_options_master_user_password           = var.advanced_security_options_master_user_password
-  advanced_security_options_create_random_master_password  = var.advanced_security_options_create_random_master_password
-  advanced_security_options_random_master_password_length  = var.advanced_security_options_random_master_password_length
+  advanced_security_options_internal_user_database_enabled = var.internal_user_database_enabled
+  advanced_security_options_master_user_arn                = var.master_user_arn
+  advanced_security_options_master_user_username           = var.master_user_username
+  advanced_security_options_master_user_password           = var.master_user_password
+  advanced_security_options_create_random_master_password  = var.create_random_master_password
+  advanced_security_options_random_master_password_length  = var.random_master_password_length
 
 }
 

diff --git a/modules/elastic-search/tests/basic/1-example.tf b/modules/elastic-search/tests/basic/1-example.tf
@@ -7,10 +7,10 @@ module "this" {
   vpc_options_security_group_whitelist_cidr = ["10.16.0.0/16"]
   ebs_options_volume_size                   = 10
 
-  encrypt_at_rest_enabled                                  = true
-  advanced_security_options_enabled                        = true
-  advanced_security_options_internal_user_database_enabled = true
-  advanced_security_options_master_user_username           = "admin"
-  advanced_security_options_create_random_master_password  = true
-  // Or you can use advanced_security_options_master_user_password variable
+  encrypt_at_rest_enabled           = true
+  advanced_security_options_enabled = true
+  internal_user_database_enabled    = true
+  master_user_username              = "admin"
+  create_random_master_password     = true
+  // Or you can use master_user_password variable
 }
diff --git a/modules/elastic-search/variables.tf b/modules/elastic-search/variables.tf
@@ -117,37 +117,37 @@ variable "advanced_security_options_enabled" {
   default     = false
 }
 
-variable "advanced_security_options_internal_user_database_enabled" {
+variable "internal_user_database_enabled" {
   description = "Whether the internal user database is enabled. If not set, defaults to false by the AWS API."
   type        = bool
   default     = false
 }
 
-variable "advanced_security_options_master_user_arn" {
+variable "master_user_arn" {
   description = "ARN for the master user. Only specify if `internal_user_database_enabled` is not set or set to `false`)"
   type        = string
   default     = null
 }
 
-variable "advanced_security_options_master_user_username" {
+variable "master_user_username" {
   description = "The master user's username, which is stored in the Amazon Elasticsearch Service domain's internal database. Only specify if `internal_user_database_enabled` is set to `true`."
   type        = string
   default     = null
 }
 
-variable "advanced_security_options_master_user_password" {
+variable "master_user_password" {
   description = "The master user's password, which is stored in the Amazon Elasticsearch Service domain's internal database. Only specify if `internal_user_database_enabled` is set to `true`."
   type        = string
   default     = null
 }
 
-variable "advanced_security_options_create_random_master_password" {
+variable "create_random_master_password" {
   description = "Whether to create random master password for Elasticsearch master user"
   type        = bool
   default     = false
 }
 
-variable "advanced_security_options_random_master_password_length" {
+variable "random_master_password_length" {
   description = "Length of random master password to create"
   type        = number
   default     = 16