From b7ab7872ba8e4508b7e9879fe0608745ce369af0 Mon Sep 17 00:00:00 2001
From: Melissa Greenbaum <69476188+magreenbaum@users.noreply.github.com>
Date: Wed, 19 Jun 2024 17:49:17 -0400
Subject: [PATCH] feat: Opensearch Domain `ip_address_type`, Cloudwatch
`log_group_class`, and `skip_destroy` (#13)
---
README.md | 7 +++++--
examples/collection/README.md | 4 ++--
examples/collection/versions.tf | 2 +-
examples/complete/README.md | 4 ++--
examples/complete/main.tf | 7 +++++++
examples/complete/versions.tf | 2 +-
main.tf | 5 ++++-
modules/collection/README.md | 4 ++--
modules/collection/versions.tf | 2 +-
variables.tf | 18 ++++++++++++++++++
versions.tf | 2 +-
wrappers/main.tf | 5 ++++-
12 files changed, 48 insertions(+), 14 deletions(-)
diff --git a/README.md b/README.md
index f6db3fc..6c73a9a 100644
--- a/README.md
+++ b/README.md
@@ -144,13 +144,13 @@ Examples codified under the [`examples`](https://github.com/terraform-aws-module
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0 |
-| [aws](#requirement\_aws) | >= 5.40 |
+| [aws](#requirement\_aws) | >= 5.54 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.40 |
+| [aws](#provider\_aws) | >= 5.54 |
## Modules
@@ -190,8 +190,10 @@ No modules.
| [advanced\_options](#input\_advanced\_options) | Key-value string pairs to specify advanced configuration options. Note that the values for these configuration options must be strings (wrapped in quotes) or they may be wrong and cause a perpetual diff, causing Terraform to want to recreate your Elasticsearch domain on every apply | `map(string)` | `{}` | no |
| [advanced\_security\_options](#input\_advanced\_security\_options) | Configuration block for [fine-grained access control](https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/fgac.html) | `any` | {
"anonymous_auth_enabled": false,
"enabled": true
} | no |
| [auto\_tune\_options](#input\_auto\_tune\_options) | Configuration block for the Auto-Tune options of the domain | `any` | {
"desired_state": "ENABLED",
"rollback_on_disable": "NO_ROLLBACK"
} | no |
+| [cloudwatch\_log\_group\_class](#input\_cloudwatch\_log\_group\_class) | Specified the log class of the log group. Possible values are: STANDARD or INFREQUENT\_ACCESS | `string` | `null` | no |
| [cloudwatch\_log\_group\_kms\_key\_id](#input\_cloudwatch\_log\_group\_kms\_key\_id) | If a KMS Key ARN is set, this key will be used to encrypt the corresponding log group. Please be sure that the KMS Key has an appropriate key policy (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/encrypt-log-data-kms.html) | `string` | `null` | no |
| [cloudwatch\_log\_group\_retention\_in\_days](#input\_cloudwatch\_log\_group\_retention\_in\_days) | Number of days to retain log events | `number` | `60` | no |
+| [cloudwatch\_log\_group\_skip\_destroy](#input\_cloudwatch\_log\_group\_skip\_destroy) | Set to true if you do not wish the log group (and any logs it may contain) to be deleted at destroy time, and instead just remove the log group from the Terraform state | `bool` | `null` | no |
| [cloudwatch\_log\_resource\_policy\_name](#input\_cloudwatch\_log\_resource\_policy\_name) | Name of the resource policy for OpenSearch to log to CloudWatch | `string` | `null` | no |
| [cluster\_config](#input\_cluster\_config) | Configuration block for the cluster of the domain | `any` | {
"dedicated_master_enabled": true
} | no |
| [cognito\_options](#input\_cognito\_options) | Configuration block for authenticating Kibana with Cognito | `any` | `{}` | no |
@@ -207,6 +209,7 @@ No modules.
| [enable\_access\_policy](#input\_enable\_access\_policy) | Determines whether an access policy will be applied to the domain | `bool` | `true` | no |
| [encrypt\_at\_rest](#input\_encrypt\_at\_rest) | Configuration block for encrypting at rest | `any` | {
"enabled": true
} | no |
| [engine\_version](#input\_engine\_version) | Version of the OpenSearch engine to use | `string` | `null` | no |
+| [ip\_address\_type](#input\_ip\_address\_type) | The IP address type for the endpoint. Valid values are ipv4 and dualstack | `string` | `null` | no |
| [log\_publishing\_options](#input\_log\_publishing\_options) | Configuration block for publishing slow and application logs to CloudWatch Logs. This block can be declared multiple times, for each log\_type, within the same resource | `any` | [
{
"log_type": "INDEX_SLOW_LOGS"
},
{
"log_type": "SEARCH_SLOW_LOGS"
}
]
| no |
| [node\_to\_node\_encryption](#input\_node\_to\_node\_encryption) | Configuration block for node-to-node encryption options | `any` | {
"enabled": true
} | no |
| [off\_peak\_window\_options](#input\_off\_peak\_window\_options) | Configuration to add Off Peak update options | `any` | {
"enabled": true,
"off_peak_window": {
"hours": 7
}
} | no |
diff --git a/examples/collection/README.md b/examples/collection/README.md
index 4b951b2..09a4cc9 100644
--- a/examples/collection/README.md
+++ b/examples/collection/README.md
@@ -20,13 +20,13 @@ Note that this example may create resources which will incur monetary charges on
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0 |
-| [aws](#requirement\_aws) | >= 5.40 |
+| [aws](#requirement\_aws) | >= 5.54 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.40 |
+| [aws](#provider\_aws) | >= 5.54 |
## Modules
diff --git a/examples/collection/versions.tf b/examples/collection/versions.tf
index afb4445..cfe9e2d 100644
--- a/examples/collection/versions.tf
+++ b/examples/collection/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.40"
+ version = ">= 5.54"
}
}
}
diff --git a/examples/complete/README.md b/examples/complete/README.md
index 4003335..db0c583 100644
--- a/examples/complete/README.md
+++ b/examples/complete/README.md
@@ -26,13 +26,13 @@ Note that this example may create resources which will incur monetary charges on
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0 |
-| [aws](#requirement\_aws) | >= 5.40 |
+| [aws](#requirement\_aws) | >= 5.54 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.40 |
+| [aws](#provider\_aws) | >= 5.54 |
## Modules
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
index 30f5b37..1cef719 100644
--- a/examples/complete/main.tf
+++ b/examples/complete/main.tf
@@ -97,6 +97,8 @@ module "opensearch" {
{ log_type = "SEARCH_SLOW_LOGS" },
]
+ ip_address_type = "dualstack"
+
node_to_node_encryption = {
enabled = true
}
@@ -172,5 +174,10 @@ module "vpc" {
public_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k)]
private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 10)]
+ enable_ipv6 = true
+
+ public_subnet_ipv6_prefixes = [0, 1, 2]
+ private_subnet_ipv6_prefixes = [3, 4, 5]
+
tags = local.tags
}
diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf
index afb4445..cfe9e2d 100644
--- a/examples/complete/versions.tf
+++ b/examples/complete/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.40"
+ version = ">= 5.54"
}
}
}
diff --git a/main.tf b/main.tf
index a38cf36..03f443a 100644
--- a/main.tf
+++ b/main.tf
@@ -163,7 +163,8 @@ resource "aws_opensearch_domain" "this" {
}
}
- engine_version = var.engine_version
+ engine_version = var.engine_version
+ ip_address_type = var.ip_address_type
dynamic "log_publishing_options" {
for_each = { for opt in var.log_publishing_options : opt.log_type => opt }
@@ -402,6 +403,8 @@ resource "aws_cloudwatch_log_group" "this" {
name = try(each.value.log_group_name, "/aws/opensearch/${var.domain_name}/${each.key}")
retention_in_days = try(each.value.log_group_retention_in_days, var.cloudwatch_log_group_retention_in_days)
kms_key_id = try(each.value.log_group_kms_key_id, var.cloudwatch_log_group_kms_key_id)
+ skip_destroy = try(each.value.log_group_skip_destroy, var.cloudwatch_log_group_skip_destroy)
+ log_group_class = try(each.value.log_group_class, var.cloudwatch_log_group_class)
tags = merge(local.tags, try(each.value.log_group_tags, {}))
}
diff --git a/modules/collection/README.md b/modules/collection/README.md
index 803ec32..30aa0e6 100644
--- a/modules/collection/README.md
+++ b/modules/collection/README.md
@@ -42,13 +42,13 @@ Examples codified under the [`examples`](https://github.com/terraform-aws-module
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0 |
-| [aws](#requirement\_aws) | >= 5.40 |
+| [aws](#requirement\_aws) | >= 5.54 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.40 |
+| [aws](#provider\_aws) | >= 5.54 |
## Modules
diff --git a/modules/collection/versions.tf b/modules/collection/versions.tf
index afb4445..cfe9e2d 100644
--- a/modules/collection/versions.tf
+++ b/modules/collection/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.40"
+ version = ">= 5.54"
}
}
}
diff --git a/variables.tf b/variables.tf
index 3d3cced..8c87d7b 100644
--- a/variables.tf
+++ b/variables.tf
@@ -91,6 +91,12 @@ variable "engine_version" {
default = null
}
+variable "ip_address_type" {
+ description = "The IP address type for the endpoint. Valid values are ipv4 and dualstack"
+ type = string
+ default = null
+}
+
variable "log_publishing_options" {
description = "Configuration block for publishing slow and application logs to CloudWatch Logs. This block can be declared multiple times, for each log_type, within the same resource"
type = any
@@ -241,6 +247,18 @@ variable "cloudwatch_log_group_kms_key_id" {
default = null
}
+variable "cloudwatch_log_group_skip_destroy" {
+ description = "Set to true if you do not wish the log group (and any logs it may contain) to be deleted at destroy time, and instead just remove the log group from the Terraform state"
+ type = bool
+ default = null
+}
+
+variable "cloudwatch_log_group_class" {
+ description = "Specified the log class of the log group. Possible values are: STANDARD or INFREQUENT_ACCESS"
+ type = string
+ default = null
+}
+
variable "create_cloudwatch_log_resource_policy" {
description = "Determines whether a resource policy will be created for OpenSearch to log to CloudWatch"
type = bool
diff --git a/versions.tf b/versions.tf
index afb4445..cfe9e2d 100644
--- a/versions.tf
+++ b/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.40"
+ version = ">= 5.54"
}
}
}
diff --git a/wrappers/main.tf b/wrappers/main.tf
index d18293d..be59f5e 100644
--- a/wrappers/main.tf
+++ b/wrappers/main.tf
@@ -16,8 +16,10 @@ module "wrapper" {
desired_state = "ENABLED"
rollback_on_disable = "NO_ROLLBACK"
})
+ cloudwatch_log_group_class = try(each.value.cloudwatch_log_group_class, var.defaults.cloudwatch_log_group_class, null)
cloudwatch_log_group_kms_key_id = try(each.value.cloudwatch_log_group_kms_key_id, var.defaults.cloudwatch_log_group_kms_key_id, null)
cloudwatch_log_group_retention_in_days = try(each.value.cloudwatch_log_group_retention_in_days, var.defaults.cloudwatch_log_group_retention_in_days, 60)
+ cloudwatch_log_group_skip_destroy = try(each.value.cloudwatch_log_group_skip_destroy, var.defaults.cloudwatch_log_group_skip_destroy, null)
cloudwatch_log_resource_policy_name = try(each.value.cloudwatch_log_resource_policy_name, var.defaults.cloudwatch_log_resource_policy_name, null)
cluster_config = try(each.value.cluster_config, var.defaults.cluster_config, {
dedicated_master_enabled = true
@@ -43,7 +45,8 @@ module "wrapper" {
encrypt_at_rest = try(each.value.encrypt_at_rest, var.defaults.encrypt_at_rest, {
enabled = true
})
- engine_version = try(each.value.engine_version, var.defaults.engine_version, null)
+ engine_version = try(each.value.engine_version, var.defaults.engine_version, null)
+ ip_address_type = try(each.value.ip_address_type, var.defaults.ip_address_type, null)
log_publishing_options = try(each.value.log_publishing_options, var.defaults.log_publishing_options, [
{ log_type = "INDEX_SLOW_LOGS" },
{ log_type = "SEARCH_SLOW_LOGS" },