AWS OpenSearch Terraform module

Upstream version 2.9.0

0 controls from Registry requirements

Terraform Module Source

registry.compliance.tf/terraform-aws-modules/opensearch/aws

Compliance Inputs Outputs Resources Diff (0)README

47 unique

Name	Type	Default	Description
Optional
access_policies	string	null	IAM policy document specifying the access policies for the domain. Required if `create_access_policy` is `false`
access_policy_override_policy_documents	list(string)	[]	List of IAM policy documents that are merged together into the exported document. In merging, statements with non-blank `sid`s will override statements with the same `sid`
access_policy_source_policy_documents	list(string)	[]	List of IAM policy documents that are merged together into the exported document. Statements must have unique `sid`s
access_policy_statements	any	{}	A map of IAM policy [statements](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document#statement) for custom permission usage
advanced_options	map(string)	{}	Key-value string pairs to specify advanced configuration options. Note that the values for these configuration options must be strings (wrapped in quotes) or they may be wrong and cause a perpetual diff, causing Terraform to want to recreate your Elasticsearch domain on every apply
advanced_security_options	any	{...}	Configuration block for [fine-grained access control](https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/fgac.html)
aiml_options	object({...})	null	Configuration block for AI/ML options including Natural Language Query Generation, S3 Vectors, and Serverless Vector Acceleration
auto_tune_options	any	{...}	Configuration block for the Auto-Tune options of the domain
cloudwatch_log_group_class	string	null	Specified the log class of the log group. Possible values are: STANDARD or INFREQUENT_ACCESS
cloudwatch_log_group_kms_key_id	string	null	If a KMS Key ARN is set, this key will be used to encrypt the corresponding log group. Please be sure that the KMS Key has an appropriate key policy (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/encrypt-log-data-kms.html)
cloudwatch_log_group_retention_in_days	number	60	Number of days to retain log events
cloudwatch_log_group_skip_destroy	bool	null	Set to true if you do not wish the log group (and any logs it may contain) to be deleted at destroy time, and instead just remove the log group from the Terraform state
cloudwatch_log_resource_policy_name	string	null	Name of the resource policy for OpenSearch to log to CloudWatch
cluster_config	any	{...}	Configuration block for the cluster of the domain
cognito_options	any	{}	Configuration block for authenticating Kibana with Cognito
create	bool	true	Determines whether resources will be created (affects all resources)
create_access_policy	bool	true	Determines whether an access policy will be created
create_cloudwatch_log_groups	bool	true	Determines whether log groups are created
create_cloudwatch_log_resource_policy	bool	true	Determines whether a resource policy will be created for OpenSearch to log to CloudWatch
create_saml_options	bool	false	Determines whether SAML options will be created
create_security_group	bool	true	Determines if a security group is created
deployment_strategy_options	object({...})	null	Configuration block for deployment strategy options
domain_endpoint_options	any	{...}	Configuration block for domain endpoint HTTP(S) related options
domain_name	string	""	Name of the domain
ebs_options	any	{...}	Configuration block for EBS related options, may be required based on chosen [instance size](https://aws.amazon.com/elasticsearch-service/pricing/)
enable_access_policy	bool	true	Determines whether an access policy will be applied to the domain
encrypt_at_rest	any	{"enabled":true}	Configuration block for encrypting at rest
engine_version	string	null	Version of the OpenSearch engine to use. Must follow format 'OpenSearch_X.Y' (e.g., 'OpenSearch_2.11')
identity_center_options	object({...})	null	Configuration block for enabling and managing IAM Identity Center integration within a domain
ip_address_type	string	null	The IP address type for the endpoint. Valid values are ipv4 and dualstack
log_publishing_options	any	[...]	Configuration block for publishing slow and application logs to CloudWatch Logs. This block can be declared multiple times, for each log_type, within the same resource
node_to_node_encryption	any	{"enabled":true}	Configuration block for node-to-node encryption options
off_peak_window_options	any	{...}	Configuration to add Off Peak update options
outbound_connections	any	{}	Map of AWS OpenSearch outbound connections to create
package_associations	map(string)	{}	Map of package association IDs to associate with the domain
region	string	null	Region where this resource will be managed. Defaults to the Region set in the provider configuration
saml_options	any	{}	SAML authentication options for an AWS OpenSearch Domain
security_group_description	string	null	Description of the security group created
security_group_name	string	null	Name to use on security group created
security_group_rules	any	{}	Security group ingress and egress rules to add to the security group created
security_group_tags	map(string)	{}	A map of additional tags to add to the security group created
security_group_use_name_prefix	bool	true	Determines whether the security group name (`security_group_name`) is used as a prefix
software_update_options	any	{...}	Software update options for the domain
tags	map(string)	{}	A map of tags to add to all resources
timeouts	map(string)	{}	Create and delete timeout configurations for the domain
vpc_endpoints	any	{}	Map of VPC endpoints to create for the domain
vpc_options	any	{}	Configuration block for VPC related options. Adding or removing this configuration forces a new resource ([documentation](https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/es-vpc.html#es-vpc-limitations))