diff --git a/.github/workflows/pr-title.yml b/.github/workflows/pr-title.yml
index 3973df4..1e50760 100644
--- a/.github/workflows/pr-title.yml
+++ b/.github/workflows/pr-title.yml
@@ -14,7 +14,7 @@ jobs:
steps:
# Please look up the latest version from
# https://github.com/amannn/action-semantic-pull-request/releases
- - uses: amannn/action-semantic-pull-request@v5.4.0
+ - uses: amannn/action-semantic-pull-request@v5.5.3
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml
index c2632d1..a19ff83 100644
--- a/.github/workflows/pre-commit.yml
+++ b/.github/workflows/pre-commit.yml
@@ -7,8 +7,8 @@ on:
- master
env:
- TERRAFORM_DOCS_VERSION: v0.16.0
- TFLINT_VERSION: v0.50.3
+ TERRAFORM_DOCS_VERSION: v0.19.0
+ TFLINT_VERSION: v0.53.0
jobs:
collectInputs:
@@ -45,14 +45,14 @@ jobs:
- name: Terraform min/max versions
id: minMax
- uses: clowdhaus/terraform-min-max@v1.3.0
+ uses: clowdhaus/terraform-min-max@v1.3.1
with:
directory: ${{ matrix.directory }}
- name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }}
# Run only validate pre-commit check on min version supported
if: ${{ matrix.directory != '.' }}
- uses: clowdhaus/terraform-composite-actions/pre-commit@v1.9.0
+ uses: clowdhaus/terraform-composite-actions/pre-commit@v1.11.1
with:
terraform-version: ${{ steps.minMax.outputs.minVersion }}
tflint-version: ${{ env.TFLINT_VERSION }}
@@ -61,7 +61,7 @@ jobs:
- name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }}
# Run only validate pre-commit check on min version supported
if: ${{ matrix.directory == '.' }}
- uses: clowdhaus/terraform-composite-actions/pre-commit@v1.9.0
+ uses: clowdhaus/terraform-composite-actions/pre-commit@v1.11.1
with:
terraform-version: ${{ steps.minMax.outputs.minVersion }}
tflint-version: ${{ env.TFLINT_VERSION }}
@@ -88,10 +88,10 @@ jobs:
- name: Terraform min/max versions
id: minMax
- uses: clowdhaus/terraform-min-max@v1.3.0
+ uses: clowdhaus/terraform-min-max@v1.3.1
- name: Pre-commit Terraform ${{ steps.minMax.outputs.maxVersion }}
- uses: clowdhaus/terraform-composite-actions/pre-commit@v1.9.0
+ uses: clowdhaus/terraform-composite-actions/pre-commit@v1.11.1
with:
terraform-version: ${{ steps.minMax.outputs.maxVersion }}
tflint-version: ${{ env.TFLINT_VERSION }}
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index b567c52..7e4e7da 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,6 +1,6 @@
repos:
- repo: https://github.com/antonbabenko/pre-commit-terraform
- rev: v1.92.0
+ rev: v1.96.1
hooks:
- id: terraform_fmt
- id: terraform_wrapper_module_for_each
@@ -24,7 +24,7 @@ repos:
- '--args=--only=terraform_workspace_remote'
- id: terraform_validate
- repo: https://github.com/pre-commit/pre-commit-hooks
- rev: v4.6.0
+ rev: v5.0.0
hooks:
- id: check-merge-conflict
- id: end-of-file-fixer
diff --git a/README.md b/README.md
index 5077b3d..6afbeea 100644
--- a/README.md
+++ b/README.md
@@ -138,7 +138,7 @@ Examples codified under the [`examples`](https://github.com/terraform-aws-module
- [Complete](https://github.com/terraform-aws-modules/terraform-aws-opensearch/tree/master/examples/complete)
- [Serverless](https://github.com/terraform-aws-modules/terraform-aws-opensearch/tree/master/examples/collection)
-
+
## Requirements
| Name | Version |
@@ -188,14 +188,14 @@ No modules.
| [access\_policy\_source\_policy\_documents](#input\_access\_policy\_source\_policy\_documents) | List of IAM policy documents that are merged together into the exported document. Statements must have unique `sid`s | `list(string)` | `[]` | no |
| [access\_policy\_statements](#input\_access\_policy\_statements) | A map of IAM policy [statements](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document#statement) for custom permission usage | `any` | `{}` | no |
| [advanced\_options](#input\_advanced\_options) | Key-value string pairs to specify advanced configuration options. Note that the values for these configuration options must be strings (wrapped in quotes) or they may be wrong and cause a perpetual diff, causing Terraform to want to recreate your Elasticsearch domain on every apply | `map(string)` | `{}` | no |
-| [advanced\_security\_options](#input\_advanced\_security\_options) | Configuration block for [fine-grained access control](https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/fgac.html) | `any` | {
"anonymous_auth_enabled": false,
"enabled": true
} | no |
-| [auto\_tune\_options](#input\_auto\_tune\_options) | Configuration block for the Auto-Tune options of the domain | `any` | {
"desired_state": "ENABLED",
"rollback_on_disable": "NO_ROLLBACK"
} | no |
+| [advanced\_security\_options](#input\_advanced\_security\_options) | Configuration block for [fine-grained access control](https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/fgac.html) | `any` | {
"anonymous_auth_enabled": false,
"enabled": true
} | no |
+| [auto\_tune\_options](#input\_auto\_tune\_options) | Configuration block for the Auto-Tune options of the domain | `any` | {
"desired_state": "ENABLED",
"rollback_on_disable": "NO_ROLLBACK"
} | no |
| [cloudwatch\_log\_group\_class](#input\_cloudwatch\_log\_group\_class) | Specified the log class of the log group. Possible values are: STANDARD or INFREQUENT\_ACCESS | `string` | `null` | no |
| [cloudwatch\_log\_group\_kms\_key\_id](#input\_cloudwatch\_log\_group\_kms\_key\_id) | If a KMS Key ARN is set, this key will be used to encrypt the corresponding log group. Please be sure that the KMS Key has an appropriate key policy (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/encrypt-log-data-kms.html) | `string` | `null` | no |
| [cloudwatch\_log\_group\_retention\_in\_days](#input\_cloudwatch\_log\_group\_retention\_in\_days) | Number of days to retain log events | `number` | `60` | no |
| [cloudwatch\_log\_group\_skip\_destroy](#input\_cloudwatch\_log\_group\_skip\_destroy) | Set to true if you do not wish the log group (and any logs it may contain) to be deleted at destroy time, and instead just remove the log group from the Terraform state | `bool` | `null` | no |
| [cloudwatch\_log\_resource\_policy\_name](#input\_cloudwatch\_log\_resource\_policy\_name) | Name of the resource policy for OpenSearch to log to CloudWatch | `string` | `null` | no |
-| [cluster\_config](#input\_cluster\_config) | Configuration block for the cluster of the domain | `any` | {
"dedicated_master_enabled": true
} | no |
+| [cluster\_config](#input\_cluster\_config) | Configuration block for the cluster of the domain | `any` | {
"dedicated_master_enabled": true
} | no |
| [cognito\_options](#input\_cognito\_options) | Configuration block for authenticating Kibana with Cognito | `any` | `{}` | no |
| [create](#input\_create) | Determines whether resources will be created (affects all resources) | `bool` | `true` | no |
| [create\_access\_policy](#input\_create\_access\_policy) | Determines whether an access policy will be created | `bool` | `true` | no |
@@ -203,16 +203,16 @@ No modules.
| [create\_cloudwatch\_log\_resource\_policy](#input\_create\_cloudwatch\_log\_resource\_policy) | Determines whether a resource policy will be created for OpenSearch to log to CloudWatch | `bool` | `true` | no |
| [create\_saml\_options](#input\_create\_saml\_options) | Determines whether SAML options will be created | `bool` | `false` | no |
| [create\_security\_group](#input\_create\_security\_group) | Determines if a security group is created | `bool` | `true` | no |
-| [domain\_endpoint\_options](#input\_domain\_endpoint\_options) | Configuration block for domain endpoint HTTP(S) related options | `any` | {
"enforce_https": true,
"tls_security_policy": "Policy-Min-TLS-1-2-2019-07"
} | no |
+| [domain\_endpoint\_options](#input\_domain\_endpoint\_options) | Configuration block for domain endpoint HTTP(S) related options | `any` | {
"enforce_https": true,
"tls_security_policy": "Policy-Min-TLS-1-2-2019-07"
} | no |
| [domain\_name](#input\_domain\_name) | Name of the domain | `string` | `""` | no |
-| [ebs\_options](#input\_ebs\_options) | Configuration block for EBS related options, may be required based on chosen [instance size](https://aws.amazon.com/elasticsearch-service/pricing/) | `any` | {
"ebs_enabled": true,
"volume_size": 64,
"volume_type": "gp3"
} | no |
+| [ebs\_options](#input\_ebs\_options) | Configuration block for EBS related options, may be required based on chosen [instance size](https://aws.amazon.com/elasticsearch-service/pricing/) | `any` | {
"ebs_enabled": true,
"volume_size": 64,
"volume_type": "gp3"
} | no |
| [enable\_access\_policy](#input\_enable\_access\_policy) | Determines whether an access policy will be applied to the domain | `bool` | `true` | no |
-| [encrypt\_at\_rest](#input\_encrypt\_at\_rest) | Configuration block for encrypting at rest | `any` | {
"enabled": true
} | no |
+| [encrypt\_at\_rest](#input\_encrypt\_at\_rest) | Configuration block for encrypting at rest | `any` | {
"enabled": true
} | no |
| [engine\_version](#input\_engine\_version) | Version of the OpenSearch engine to use | `string` | `null` | no |
| [ip\_address\_type](#input\_ip\_address\_type) | The IP address type for the endpoint. Valid values are ipv4 and dualstack | `string` | `null` | no |
-| [log\_publishing\_options](#input\_log\_publishing\_options) | Configuration block for publishing slow and application logs to CloudWatch Logs. This block can be declared multiple times, for each log\_type, within the same resource | `any` | [
{
"log_type": "INDEX_SLOW_LOGS"
},
{
"log_type": "SEARCH_SLOW_LOGS"
}
]
| no |
-| [node\_to\_node\_encryption](#input\_node\_to\_node\_encryption) | Configuration block for node-to-node encryption options | `any` | {
"enabled": true
} | no |
-| [off\_peak\_window\_options](#input\_off\_peak\_window\_options) | Configuration to add Off Peak update options | `any` | {
"enabled": true,
"off_peak_window": {
"hours": 7
}
} | no |
+| [log\_publishing\_options](#input\_log\_publishing\_options) | Configuration block for publishing slow and application logs to CloudWatch Logs. This block can be declared multiple times, for each log\_type, within the same resource | `any` | [
{
"log_type": "INDEX_SLOW_LOGS"
},
{
"log_type": "SEARCH_SLOW_LOGS"
}
]
| no |
+| [node\_to\_node\_encryption](#input\_node\_to\_node\_encryption) | Configuration block for node-to-node encryption options | `any` | {
"enabled": true
} | no |
+| [off\_peak\_window\_options](#input\_off\_peak\_window\_options) | Configuration to add Off Peak update options | `any` | {
"enabled": true,
"off_peak_window": {
"hours": 7
}
} | no |
| [outbound\_connections](#input\_outbound\_connections) | Map of AWS OpenSearch outbound connections to create | `any` | `{}` | no |
| [package\_associations](#input\_package\_associations) | Map of package association IDs to associate with the domain | `map(string)` | `{}` | no |
| [saml\_options](#input\_saml\_options) | SAML authentication options for an AWS OpenSearch Domain | `any` | `{}` | no |
@@ -221,7 +221,7 @@ No modules.
| [security\_group\_rules](#input\_security\_group\_rules) | Security group ingress and egress rules to add to the security group created | `any` | `{}` | no |
| [security\_group\_tags](#input\_security\_group\_tags) | A map of additional tags to add to the security group created | `map(string)` | `{}` | no |
| [security\_group\_use\_name\_prefix](#input\_security\_group\_use\_name\_prefix) | Determines whether the security group name (`security_group_name`) is used as a prefix | `bool` | `true` | no |
-| [software\_update\_options](#input\_software\_update\_options) | Software update options for the domain | `any` | {
"auto_software_update_enabled": true
} | no |
+| [software\_update\_options](#input\_software\_update\_options) | Software update options for the domain | `any` | {
"auto_software_update_enabled": true
} | no |
| [tags](#input\_tags) | A map of tags to add to all resources | `map(string)` | `{}` | no |
| [timeouts](#input\_timeouts) | Create and delete timeout configurations for the domain | `map(string)` | `{}` | no |
| [vpc\_endpoints](#input\_vpc\_endpoints) | Map of VPC endpoints to create for the domain | `any` | `{}` | no |
@@ -243,7 +243,7 @@ No modules.
| [security\_group\_arn](#output\_security\_group\_arn) | Amazon Resource Name (ARN) of the security group |
| [security\_group\_id](#output\_security\_group\_id) | ID of the security group |
| [vpc\_endpoints](#output\_vpc\_endpoints) | Map of VPC endpoints created and their attributes |
-
+
## License
diff --git a/examples/collection/README.md b/examples/collection/README.md
index 09a4cc9..dcd7747 100644
--- a/examples/collection/README.md
+++ b/examples/collection/README.md
@@ -14,7 +14,7 @@ $ terraform apply
Note that this example may create resources which will incur monetary charges on your AWS bill. Run `terraform destroy` when you no longer need these resources.
-
+
## Requirements
| Name | Version |
@@ -78,6 +78,6 @@ No inputs.
| [opensearch\_collection\_public\_lifecycle\_policy\_version](#output\_opensearch\_collection\_public\_lifecycle\_policy\_version) | The version of the lifecycle policy |
| [opensearch\_collection\_public\_network\_policy](#output\_opensearch\_collection\_public\_network\_policy) | The JSON policy document of the network policy |
| [opensearch\_collection\_public\_network\_policy\_version](#output\_opensearch\_collection\_public\_network\_policy\_version) | The version of the network policy |
-
+
Apache-2.0 Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-aws-opensearch/blob/master/LICENSE).
diff --git a/examples/complete/README.md b/examples/complete/README.md
index db0c583..316041c 100644
--- a/examples/complete/README.md
+++ b/examples/complete/README.md
@@ -20,7 +20,7 @@ $ terraform apply
Note that this example may create resources which will incur monetary charges on your AWS bill. Run `terraform destroy` when you no longer need these resources.
-
+
## Requirements
| Name | Version |
@@ -66,6 +66,6 @@ No inputs.
| [security\_group\_arn](#output\_security\_group\_arn) | Amazon Resource Name (ARN) of the security group |
| [security\_group\_id](#output\_security\_group\_id) | ID of the security group |
| [vpc\_endpoints](#output\_vpc\_endpoints) | Map of VPC endpoints created and their attributes |
-
+
Apache-2.0 Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-aws-opensearch/blob/master/LICENSE).
diff --git a/modules/collection/README.md b/modules/collection/README.md
index 30aa0e6..dbabd26 100644
--- a/modules/collection/README.md
+++ b/modules/collection/README.md
@@ -36,7 +36,7 @@ Examples codified under the [`examples`](https://github.com/terraform-aws-module
- [Complete](https://github.com/terraform-aws-modules/terraform-aws-opensearch/tree/master/examples/complete)
- [Serverless](https://github.com/terraform-aws-modules/terraform-aws-opensearch/tree/master/examples/collection)
-
+
## Requirements
| Name | Version |
@@ -70,9 +70,9 @@ No modules.
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [access\_policy](#input\_access\_policy) | Access policy to apply to the collection | `any` | `{}` | no |
-| [access\_policy\_collection\_permissions](#input\_access\_policy\_collection\_permissions) | Access policy permissions for the collection | `list(string)` | [
"aoss:*"
]
| no |
+| [access\_policy\_collection\_permissions](#input\_access\_policy\_collection\_permissions) | Access policy permissions for the collection | `list(string)` | [
"aoss:*"
]
| no |
| [access\_policy\_description](#input\_access\_policy\_description) | Description of the access policy | `string` | `null` | no |
-| [access\_policy\_index\_permissions](#input\_access\_policy\_index\_permissions) | Access policy permissions for the collection index | `list(string)` | [
"aoss:*"
]
| no |
+| [access\_policy\_index\_permissions](#input\_access\_policy\_index\_permissions) | Access policy permissions for the collection index | `list(string)` | [
"aoss:*"
]
| no |
| [access\_policy\_name](#input\_access\_policy\_name) | Name of the access policy | `string` | `null` | no |
| [access\_policy\_principals](#input\_access\_policy\_principals) | Access policy principals | `list(string)` | `[]` | no |
| [create](#input\_create) | Determines whether resources will be created (affects all resources) | `bool` | `true` | no |
@@ -114,7 +114,7 @@ No modules.
| [lifecycle\_policy\_version](#output\_lifecycle\_policy\_version) | The version of the lifecycle policy |
| [network\_policy](#output\_network\_policy) | The JSON policy document of the network policy |
| [network\_policy\_version](#output\_network\_policy\_version) | The version of the network policy |
-
+
## License