Skip to content

Commit

Permalink
Merge pull request #317 from dasmeta/DMVP-elasticsearch
Browse files Browse the repository at this point in the history
feat(DMVP-elasticsearch): Added Advance Security Option
  • Loading branch information
aghamyan44 authored Oct 2, 2023
2 parents 07ecf03 + 36e2059 commit fedcd36
Show file tree
Hide file tree
Showing 7 changed files with 144 additions and 0 deletions.
8 changes: 8 additions & 0 deletions modules/elastic-search/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -50,9 +50,12 @@ module "elastic-search" {
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| <a name="input_access_policies"></a> [access\_policies](#input\_access\_policies) | Custom access policies, if not provided one being generated automatically | `string` | `""` | no |
| <a name="input_advanced_security_options_enabled"></a> [advanced\_security\_options\_enabled](#input\_advanced\_security\_options\_enabled) | Whether advanced security is enabled (Forces new resource) | `bool` | `false` | no |
| <a name="input_availability_zone_count"></a> [availability\_zone\_count](#input\_availability\_zone\_count) | The number of availability zones of ES | `number` | `2` | no |
| <a name="input_create_random_master_password"></a> [create\_random\_master\_password](#input\_create\_random\_master\_password) | Whether to create random master password for Elasticsearch master user | `bool` | `false` | no |
| <a name="input_create_service_link_role"></a> [create\_service\_link\_role](#input\_create\_service\_link\_role) | Create service link role for AWS Elasticsearch Service | `bool` | `true` | no |
| <a name="input_dedicated_master_enabled"></a> [dedicated\_master\_enabled](#input\_dedicated\_master\_enabled) | Have dedicated master or not for ES | `bool` | `false` | no |
| <a name="input_domain_endpoint_options_enforce_https"></a> [domain\_endpoint\_options\_enforce\_https](#input\_domain\_endpoint\_options\_enforce\_https) | Whether or not to require HTTPS | `bool` | `false` | no |
| <a name="input_domain_name"></a> [domain\_name](#input\_domain\_name) | The domain name of ES | `string` | n/a | yes |
| <a name="input_ebs_options_ebs_enabled"></a> [ebs\_options\_ebs\_enabled](#input\_ebs\_options\_ebs\_enabled) | Whether enable EBS for ES | `bool` | `true` | no |
| <a name="input_ebs_options_volume_size"></a> [ebs\_options\_volume\_size](#input\_ebs\_options\_volume\_size) | Storage volume size in GB | `number` | `10` | no |
Expand All @@ -61,7 +64,12 @@ module "elastic-search" {
| <a name="input_es_version"></a> [es\_version](#input\_es\_version) | The version of ES | `string` | `"7.1"` | no |
| <a name="input_instance_count"></a> [instance\_count](#input\_instance\_count) | The number of ES node instances | `number` | `2` | no |
| <a name="input_instance_type"></a> [instance\_type](#input\_instance\_type) | The node instance types of ES | `string` | `"t3.small.elasticsearch"` | no |
| <a name="input_internal_user_database_enabled"></a> [internal\_user\_database\_enabled](#input\_internal\_user\_database\_enabled) | Whether the internal user database is enabled. If not set, defaults to false by the AWS API. | `bool` | `false` | no |
| <a name="input_master_user_arn"></a> [master\_user\_arn](#input\_master\_user\_arn) | ARN for the master user. Only specify if `internal_user_database_enabled` is not set or set to `false`) | `string` | `null` | no |
| <a name="input_master_user_password"></a> [master\_user\_password](#input\_master\_user\_password) | The master user's password, which is stored in the Amazon Elasticsearch Service domain's internal database. Only specify if `internal_user_database_enabled` is set to `true`. | `string` | `null` | no |
| <a name="input_master_user_username"></a> [master\_user\_username](#input\_master\_user\_username) | The master user's username, which is stored in the Amazon Elasticsearch Service domain's internal database. Only specify if `internal_user_database_enabled` is set to `true`. | `string` | `null` | no |
| <a name="input_node_to_node_encryption_enabled"></a> [node\_to\_node\_encryption\_enabled](#input\_node\_to\_node\_encryption\_enabled) | Whether to enable node to node encryption | `bool` | `true` | no |
| <a name="input_random_master_password_length"></a> [random\_master\_password\_length](#input\_random\_master\_password\_length) | Length of random master password to create | `number` | `16` | no |
| <a name="input_snapshot_options_automated_snapshot_start_hour"></a> [snapshot\_options\_automated\_snapshot\_start\_hour](#input\_snapshot\_options\_automated\_snapshot\_start\_hour) | The amount of ours to wait to snapshot of ES db | `number` | `0` | no |
| <a name="input_timeouts_update"></a> [timeouts\_update](#input\_timeouts\_update) | The timeout update of ES | `string` | `null` | no |
| <a name="input_vpc_options_security_group_whitelist_cidr"></a> [vpc\_options\_security\_group\_whitelist\_cidr](#input\_vpc\_options\_security\_group\_whitelist\_cidr) | The list of security group cidr blocks to whitelist in ingress | `list(string)` | <pre>[<br> "0.0.0.0/0"<br>]</pre> | no |
Expand Down
10 changes: 10 additions & 0 deletions modules/elastic-search/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,16 @@ module "elastic_search" {

timeouts_update = var.timeouts_update
create_service_link_role = var.create_service_link_role


advanced_security_options_enabled = var.advanced_security_options_enabled
advanced_security_options_internal_user_database_enabled = var.internal_user_database_enabled
advanced_security_options_master_user_arn = var.master_user_arn
advanced_security_options_master_user_username = var.master_user_username
advanced_security_options_master_user_password = var.master_user_password
advanced_security_options_create_random_master_password = var.create_random_master_password
advanced_security_options_random_master_password_length = var.random_master_password_length
domain_endpoint_options_enforce_https = var.domain_endpoint_options_enforce_https
}


Expand Down
16 changes: 16 additions & 0 deletions modules/elastic-search/tests/basic/0-setup.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
terraform {
required_providers {
test = {
source = "terraform.io/builtin/test"
}

aws = {
source = "hashicorp/aws"
version = "~> 4.33"
}
}
}

provider "aws" {
region = "eu-central-1"
}
17 changes: 17 additions & 0 deletions modules/elastic-search/tests/basic/1-example.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
module "this" {
source = "../../"


domain_name = "dev"
vpc_options_subnet_ids = ["subnet-id1", "subnet-id2"]
vpc_options_security_group_whitelist_cidr = ["10.16.0.0/16"]
ebs_options_volume_size = 10

encrypt_at_rest_enabled = true
advanced_security_options_enabled = true
internal_user_database_enabled = true
master_user_username = "admin"
create_random_master_password = true
domain_endpoint_options_enforce_https = true
// Or you can use master_user_password variable
}
9 changes: 9 additions & 0 deletions modules/elastic-search/tests/basic/2-assert.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
resource "test_assertions" "dummy" {
component = "monitoring-modules-cloudwatch-alarm-actions"

equal "scheme" {
description = "As module does not have any output and data just make sure the case runs. Probably can be thrown away."
got = "all good"
want = "all good"
}
}
35 changes: 35 additions & 0 deletions modules/elastic-search/tests/basic/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
# basic

<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
## Requirements

| Name | Version |
|------|---------|
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | ~> 4.33 |

## Providers

| Name | Version |
|------|---------|
| <a name="provider_test"></a> [test](#provider\_test) | n/a |

## Modules

| Name | Source | Version |
|------|--------|---------|
| <a name="module_this"></a> [this](#module\_this) | ../../ | n/a |

## Resources

| Name | Type |
|------|------|
| test_assertions.dummy | resource |

## Inputs

No inputs.

## Outputs

No outputs.
<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
49 changes: 49 additions & 0 deletions modules/elastic-search/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -109,3 +109,52 @@ variable "create_service_link_role" {
type = bool
default = true
}


variable "advanced_security_options_enabled" {
description = "Whether advanced security is enabled (Forces new resource)"
type = bool
default = false
}

variable "internal_user_database_enabled" {
description = "Whether the internal user database is enabled. If not set, defaults to false by the AWS API."
type = bool
default = false
}

variable "master_user_arn" {
description = "ARN for the master user. Only specify if `internal_user_database_enabled` is not set or set to `false`)"
type = string
default = null
}

variable "domain_endpoint_options_enforce_https" {
description = "Whether or not to require HTTPS"
type = bool
default = false
}

variable "master_user_username" {
description = "The master user's username, which is stored in the Amazon Elasticsearch Service domain's internal database. Only specify if `internal_user_database_enabled` is set to `true`."
type = string
default = null
}

variable "master_user_password" {
description = "The master user's password, which is stored in the Amazon Elasticsearch Service domain's internal database. Only specify if `internal_user_database_enabled` is set to `true`."
type = string
default = null
}

variable "create_random_master_password" {
description = "Whether to create random master password for Elasticsearch master user"
type = bool
default = false
}

variable "random_master_password_length" {
description = "Length of random master password to create"
type = number
default = 16
}

0 comments on commit fedcd36

Please sign in to comment.