From 536b4c67ef10b06d71fbb1f14e3895889eb57e9a Mon Sep 17 00:00:00 2001 From: "Fleming, Michael (NIH/NCI) [C]" Date: Fri, 14 Jun 2024 13:22:32 -0400 Subject: [PATCH 01/35] commented access policy count --- terraform/modules/opensearch/data.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/modules/opensearch/data.tf b/terraform/modules/opensearch/data.tf index ba4711ac..fb0d2572 100644 --- a/terraform/modules/opensearch/data.tf +++ b/terraform/modules/opensearch/data.tf @@ -21,7 +21,7 @@ data "aws_iam_policy_document" "logs" { } data "aws_iam_policy_document" "access_policy" { - count = var.create_access_policies ? 1 : 0 + #count = var.create_access_policies ? 1 : 0 statement { effect = "Allow" From e61198c5e76a0d5a49331470e87fcd7f49a8272b Mon Sep 17 00:00:00 2001 From: "Fleming, Michael (NIH/NCI) [C]" Date: Fri, 14 Jun 2024 13:30:03 -0400 Subject: [PATCH 02/35] updated policy reference --- terraform/modules/opensearch/locals.tf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/terraform/modules/opensearch/locals.tf b/terraform/modules/opensearch/locals.tf index fba9f9f7..911e402a 100644 --- a/terraform/modules/opensearch/locals.tf +++ b/terraform/modules/opensearch/locals.tf @@ -1,5 +1,6 @@ locals { - access_policies = var.create_access_policies ? data.aws_iam_policy_document.access_policy[0].json : var.access_policies + #access_policies = var.create_access_policies ? data.aws_iam_policy_document.access_policy[0].json : var.access_policies + access_policies = var.create_access_policies ? data.aws_iam_policy_document.access_policy.json : var.access_policies permissions_boundary = var.attach_permissions_boundary ? "arn:aws:iam::${data.aws_caller_identity.current.account_id}:policy/PermissionBoundary_PowerUser" : null security_group_ids = var.create_security_group ? aws_security_group.this[0].id : var.security_group_ids custom_instance_type = var.instance_type == null && var.cluster_tshirt_size != null ? lookup(local.instance_type_lookup, var.cluster_tshirt_size, null) : var.instance_type From 33c048823c6d6dca1c77afea61f276c7e288abf0 Mon Sep 17 00:00:00 2001 From: "Fleming, Michael (NIH/NCI) [C]" Date: Fri, 14 Jun 2024 13:42:46 -0400 Subject: [PATCH 03/35] updated arns in data --- terraform/modules/opensearch/data.tf | 13 +++++++++---- terraform/modules/opensearch/locals.tf | 3 +-- 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/terraform/modules/opensearch/data.tf b/terraform/modules/opensearch/data.tf index fb0d2572..443f5109 100644 --- a/terraform/modules/opensearch/data.tf +++ b/terraform/modules/opensearch/data.tf @@ -1,3 +1,5 @@ +data "aws_region" "current" {} + data "aws_caller_identity" "current" {} data "aws_iam_policy_document" "logs" { @@ -21,7 +23,7 @@ data "aws_iam_policy_document" "logs" { } data "aws_iam_policy_document" "access_policy" { - #count = var.create_access_policies ? 1 : 0 + count = var.create_access_policies ? 1 : 0 statement { effect = "Allow" @@ -37,7 +39,8 @@ data "aws_iam_policy_document" "access_policy" { type = "AWS" identifiers = ["*"] } - resources = ["${aws_opensearch_domain.this.arn}/*"] + #resources = ["${aws_opensearch_domain.this.arn}/*"] + resources = ["arn:aws:es:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:domain/${var.resource_prefix}-opensearch/*"] } } @@ -87,8 +90,10 @@ data "aws_iam_policy_document" "snapshot" { effect = "Allow" actions = ["es:ESHttpPut"] resources = [ - "${aws_opensearch_domain.this.arn}/*", - "${aws_opensearch_domain.this.arn}/*/*" + #"${aws_opensearch_domain.this.arn}/*", + "arn:aws:es:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:domain/${var.resource_prefix}-opensearch/*", + #"${aws_opensearch_domain.this.arn}/*/*" + "arn:aws:es:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:domain/${var.resource_prefix}-opensearch/*/*" ] } } diff --git a/terraform/modules/opensearch/locals.tf b/terraform/modules/opensearch/locals.tf index 911e402a..fba9f9f7 100644 --- a/terraform/modules/opensearch/locals.tf +++ b/terraform/modules/opensearch/locals.tf @@ -1,6 +1,5 @@ locals { - #access_policies = var.create_access_policies ? data.aws_iam_policy_document.access_policy[0].json : var.access_policies - access_policies = var.create_access_policies ? data.aws_iam_policy_document.access_policy.json : var.access_policies + access_policies = var.create_access_policies ? data.aws_iam_policy_document.access_policy[0].json : var.access_policies permissions_boundary = var.attach_permissions_boundary ? "arn:aws:iam::${data.aws_caller_identity.current.account_id}:policy/PermissionBoundary_PowerUser" : null security_group_ids = var.create_security_group ? aws_security_group.this[0].id : var.security_group_ids custom_instance_type = var.instance_type == null && var.cluster_tshirt_size != null ? lookup(local.instance_type_lookup, var.cluster_tshirt_size, null) : var.instance_type From c57f0968fb6e679006e67c9e7426a210595d00fd Mon Sep 17 00:00:00 2001 From: "Fleming, Michael (NIH/NCI) [C]" Date: Fri, 14 Jun 2024 13:44:50 -0400 Subject: [PATCH 04/35] debug --- terraform/modules/opensearch/data.tf | 2 +- terraform/modules/opensearch/locals.tf | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/terraform/modules/opensearch/data.tf b/terraform/modules/opensearch/data.tf index 443f5109..939e5640 100644 --- a/terraform/modules/opensearch/data.tf +++ b/terraform/modules/opensearch/data.tf @@ -23,7 +23,7 @@ data "aws_iam_policy_document" "logs" { } data "aws_iam_policy_document" "access_policy" { - count = var.create_access_policies ? 1 : 0 + #count = var.create_access_policies ? 1 : 0 statement { effect = "Allow" diff --git a/terraform/modules/opensearch/locals.tf b/terraform/modules/opensearch/locals.tf index fba9f9f7..911e402a 100644 --- a/terraform/modules/opensearch/locals.tf +++ b/terraform/modules/opensearch/locals.tf @@ -1,5 +1,6 @@ locals { - access_policies = var.create_access_policies ? data.aws_iam_policy_document.access_policy[0].json : var.access_policies + #access_policies = var.create_access_policies ? data.aws_iam_policy_document.access_policy[0].json : var.access_policies + access_policies = var.create_access_policies ? data.aws_iam_policy_document.access_policy.json : var.access_policies permissions_boundary = var.attach_permissions_boundary ? "arn:aws:iam::${data.aws_caller_identity.current.account_id}:policy/PermissionBoundary_PowerUser" : null security_group_ids = var.create_security_group ? aws_security_group.this[0].id : var.security_group_ids custom_instance_type = var.instance_type == null && var.cluster_tshirt_size != null ? lookup(local.instance_type_lookup, var.cluster_tshirt_size, null) : var.instance_type From 8c7c9dc67f449aa2b664c3275fb87c93a8792fd8 Mon Sep 17 00:00:00 2001 From: "Fleming, Michael (NIH/NCI) [C]" Date: Fri, 14 Jun 2024 13:48:02 -0400 Subject: [PATCH 05/35] debug --- terraform/modules/opensearch/data.tf | 2 +- terraform/modules/opensearch/locals.tf | 4 ++-- terraform/modules/opensearch/main.tf | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/terraform/modules/opensearch/data.tf b/terraform/modules/opensearch/data.tf index 939e5640..443f5109 100644 --- a/terraform/modules/opensearch/data.tf +++ b/terraform/modules/opensearch/data.tf @@ -23,7 +23,7 @@ data "aws_iam_policy_document" "logs" { } data "aws_iam_policy_document" "access_policy" { - #count = var.create_access_policies ? 1 : 0 + count = var.create_access_policies ? 1 : 0 statement { effect = "Allow" diff --git a/terraform/modules/opensearch/locals.tf b/terraform/modules/opensearch/locals.tf index 911e402a..24595cf4 100644 --- a/terraform/modules/opensearch/locals.tf +++ b/terraform/modules/opensearch/locals.tf @@ -1,6 +1,6 @@ locals { - #access_policies = var.create_access_policies ? data.aws_iam_policy_document.access_policy[0].json : var.access_policies - access_policies = var.create_access_policies ? data.aws_iam_policy_document.access_policy.json : var.access_policies + access_policies = var.create_access_policies ? data.aws_iam_policy_document.access_policy[0].json : var.access_policies + #access_policies = var.create_access_policies ? data.aws_iam_policy_document.access_policy.json : var.access_policies permissions_boundary = var.attach_permissions_boundary ? "arn:aws:iam::${data.aws_caller_identity.current.account_id}:policy/PermissionBoundary_PowerUser" : null security_group_ids = var.create_security_group ? aws_security_group.this[0].id : var.security_group_ids custom_instance_type = var.instance_type == null && var.cluster_tshirt_size != null ? lookup(local.instance_type_lookup, var.cluster_tshirt_size, null) : var.instance_type diff --git a/terraform/modules/opensearch/main.tf b/terraform/modules/opensearch/main.tf index 773dc433..2304a4d4 100644 --- a/terraform/modules/opensearch/main.tf +++ b/terraform/modules/opensearch/main.tf @@ -109,7 +109,7 @@ resource "aws_cloudwatch_log_resource_policy" "this" { count = var.create_cloudwatch_log_policy ? 1 : 0 policy_name = "${var.resource_prefix}-opensearch-log-policy" - policy_document = data.aws_iam_policy_document.logs.json + policy_document = data.aws_iam_policy_document.logs[0].json } resource "aws_iam_role" "snapshot" { From 47af9f2a70669c773a931511f396b5330488d46c Mon Sep 17 00:00:00 2001 From: "Fleming, Michael (NIH/NCI) [C]" Date: Fri, 14 Jun 2024 14:02:59 -0400 Subject: [PATCH 06/35] commented update options --- terraform/modules/opensearch/main.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/terraform/modules/opensearch/main.tf b/terraform/modules/opensearch/main.tf index 2304a4d4..4f08c61a 100644 --- a/terraform/modules/opensearch/main.tf +++ b/terraform/modules/opensearch/main.tf @@ -64,9 +64,9 @@ resource "aws_opensearch_domain" "this" { automated_snapshot_start_hour = var.automated_snapshot_start_hour } - software_update_options { - auto_software_update_enabled = var.auto_software_update_enabled - } + # software_update_options { + # auto_software_update_enabled = var.auto_software_update_enabled + # } vpc_options { subnet_ids = var.subnet_ids From 8bb55d7d8d16d2df388b8b283a54a96178871adc Mon Sep 17 00:00:00 2001 From: "Fleming, Michael (NIH/NCI) [C]" Date: Mon, 17 Jun 2024 13:13:32 -0400 Subject: [PATCH 07/35] commented dashboard endpoint --- terraform/modules/opensearch/outputs.tf | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/terraform/modules/opensearch/outputs.tf b/terraform/modules/opensearch/outputs.tf index a297a4d7..63bab5e4 100644 --- a/terraform/modules/opensearch/outputs.tf +++ b/terraform/modules/opensearch/outputs.tf @@ -4,11 +4,11 @@ output "arn" { sensitive = false } -output "dashboard_endpoint" { - value = aws_opensearch_domain.this.dashboard_endpoint - description = "The endpoint of the OpenSearch domain dashboard" - sensitive = false -} +# output "dashboard_endpoint" { +# value = aws_opensearch_domain.this.dashboard_endpoint +# description = "The endpoint of the OpenSearch domain dashboard" +# sensitive = false +# } output "domain_id" { value = aws_opensearch_domain.this.domain_id From 06d88c9fad0f8cc52db34efb67db40284ef2d647 Mon Sep 17 00:00:00 2001 From: "Fleming, Michael (NIH/NCI) [C]" Date: Mon, 17 Jun 2024 13:35:50 -0400 Subject: [PATCH 08/35] fixed sg error --- terraform/modules/opensearch/locals.tf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/terraform/modules/opensearch/locals.tf b/terraform/modules/opensearch/locals.tf index 24595cf4..2b0589a5 100644 --- a/terraform/modules/opensearch/locals.tf +++ b/terraform/modules/opensearch/locals.tf @@ -2,7 +2,8 @@ locals { access_policies = var.create_access_policies ? data.aws_iam_policy_document.access_policy[0].json : var.access_policies #access_policies = var.create_access_policies ? data.aws_iam_policy_document.access_policy.json : var.access_policies permissions_boundary = var.attach_permissions_boundary ? "arn:aws:iam::${data.aws_caller_identity.current.account_id}:policy/PermissionBoundary_PowerUser" : null - security_group_ids = var.create_security_group ? aws_security_group.this[0].id : var.security_group_ids + #security_group_ids = var.create_security_group ? aws_security_group.this[0].id : var.security_group_ids + security_group_ids = var.create_security_group ? aws_security_group.this.id : var.security_group_ids custom_instance_type = var.instance_type == null && var.cluster_tshirt_size != null ? lookup(local.instance_type_lookup, var.cluster_tshirt_size, null) : var.instance_type custom_instance_count = var.instance_count == null ? 1 : var.instance_count custom_volume_size = var.volume_size == null && var.cluster_tshirt_size != null ? lookup(local.volume_size_lookup, var.cluster_tshirt_size, null) : var.volume_size From 34eed0f182cc75e8b1df9ae17a45b4ba6fb056b5 Mon Sep 17 00:00:00 2001 From: "Fleming, Michael (NIH/NCI) [C]" Date: Mon, 17 Jun 2024 13:37:57 -0400 Subject: [PATCH 09/35] debug --- terraform/modules/opensearch/locals.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/modules/opensearch/locals.tf b/terraform/modules/opensearch/locals.tf index 2b0589a5..9bc745da 100644 --- a/terraform/modules/opensearch/locals.tf +++ b/terraform/modules/opensearch/locals.tf @@ -3,7 +3,7 @@ locals { #access_policies = var.create_access_policies ? data.aws_iam_policy_document.access_policy.json : var.access_policies permissions_boundary = var.attach_permissions_boundary ? "arn:aws:iam::${data.aws_caller_identity.current.account_id}:policy/PermissionBoundary_PowerUser" : null #security_group_ids = var.create_security_group ? aws_security_group.this[0].id : var.security_group_ids - security_group_ids = var.create_security_group ? aws_security_group.this.id : var.security_group_ids + security_group_ids = var.create_security_group ? aws_security_group.this[count.index].id : var.security_group_ids custom_instance_type = var.instance_type == null && var.cluster_tshirt_size != null ? lookup(local.instance_type_lookup, var.cluster_tshirt_size, null) : var.instance_type custom_instance_count = var.instance_count == null ? 1 : var.instance_count custom_volume_size = var.volume_size == null && var.cluster_tshirt_size != null ? lookup(local.volume_size_lookup, var.cluster_tshirt_size, null) : var.volume_size From 781842e02d507dd90a4ab14c887fbd95d96e5ddb Mon Sep 17 00:00:00 2001 From: "Fleming, Michael (NIH/NCI) [C]" Date: Mon, 17 Jun 2024 13:40:29 -0400 Subject: [PATCH 10/35] debug --- terraform/modules/opensearch/locals.tf | 2 +- terraform/modules/opensearch/variables.tf | 15 +++++++++++---- 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/terraform/modules/opensearch/locals.tf b/terraform/modules/opensearch/locals.tf index 9bc745da..7d400c24 100644 --- a/terraform/modules/opensearch/locals.tf +++ b/terraform/modules/opensearch/locals.tf @@ -3,7 +3,7 @@ locals { #access_policies = var.create_access_policies ? data.aws_iam_policy_document.access_policy.json : var.access_policies permissions_boundary = var.attach_permissions_boundary ? "arn:aws:iam::${data.aws_caller_identity.current.account_id}:policy/PermissionBoundary_PowerUser" : null #security_group_ids = var.create_security_group ? aws_security_group.this[0].id : var.security_group_ids - security_group_ids = var.create_security_group ? aws_security_group.this[count.index].id : var.security_group_ids + security_group_ids = var.create_security_group ? aws_security_group.this[0].id : var.security_group_id custom_instance_type = var.instance_type == null && var.cluster_tshirt_size != null ? lookup(local.instance_type_lookup, var.cluster_tshirt_size, null) : var.instance_type custom_instance_count = var.instance_count == null ? 1 : var.instance_count custom_volume_size = var.volume_size == null && var.cluster_tshirt_size != null ? lookup(local.volume_size_lookup, var.cluster_tshirt_size, null) : var.volume_size diff --git a/terraform/modules/opensearch/variables.tf b/terraform/modules/opensearch/variables.tf index 077e3ab5..cdcc46c0 100644 --- a/terraform/modules/opensearch/variables.tf +++ b/terraform/modules/opensearch/variables.tf @@ -168,10 +168,17 @@ variable "s3_snapshot_bucket_arn" { sensitive = false } -variable "security_group_ids" { - type = set(string) - description = "A set of one or more Security Group IDs to associate with the cluster" - default = [] +# variable "security_group_ids" { +# type = set(string) +# description = "A set of one or more Security Group IDs to associate with the cluster" +# default = [] +# sensitive = false +# } + +variable "security_group_id" { + type = string + description = "A Security Group ID to associate with the cluster" + default = "" sensitive = false } From 1216a7cf0650ee0eaf770611b94d0c769573dcd7 Mon Sep 17 00:00:00 2001 From: "Fleming, Michael (NIH/NCI) [C]" Date: Mon, 17 Jun 2024 14:00:59 -0400 Subject: [PATCH 11/35] debug --- terraform/modules/opensearch/main.tf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/terraform/modules/opensearch/main.tf b/terraform/modules/opensearch/main.tf index 4f08c61a..2e5a56ca 100644 --- a/terraform/modules/opensearch/main.tf +++ b/terraform/modules/opensearch/main.tf @@ -52,7 +52,8 @@ resource "aws_opensearch_domain" "this" { content { enabled = true cloudwatch_log_group_arn = aws_cloudwatch_log_group.this[0].arn - log_type = each.value + #log_type = each.value + log_type = log_publishing_options.value } } From a2de5910abfdba4c94feb18dab312c2087b98b4a Mon Sep 17 00:00:00 2001 From: "Fleming, Michael (NIH/NCI) [C]" Date: Mon, 17 Jun 2024 14:03:26 -0400 Subject: [PATCH 12/35] debug --- terraform/modules/opensearch/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/modules/opensearch/main.tf b/terraform/modules/opensearch/main.tf index 2e5a56ca..acebdad3 100644 --- a/terraform/modules/opensearch/main.tf +++ b/terraform/modules/opensearch/main.tf @@ -71,7 +71,7 @@ resource "aws_opensearch_domain" "this" { vpc_options { subnet_ids = var.subnet_ids - security_group_ids = local.security_group_ids + security_group_ids = [local.security_group_ids] } } From 3a0b64f8756e1e34cfc7d392b203f105907881ed Mon Sep 17 00:00:00 2001 From: "Fleming, Michael (NIH/NCI) [C]" Date: Mon, 17 Jun 2024 14:04:36 -0400 Subject: [PATCH 13/35] debug --- terraform/modules/opensearch/locals.tf | 4 ++-- terraform/modules/opensearch/variables.tf | 22 +++++++++++----------- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/terraform/modules/opensearch/locals.tf b/terraform/modules/opensearch/locals.tf index 7d400c24..e271ecf6 100644 --- a/terraform/modules/opensearch/locals.tf +++ b/terraform/modules/opensearch/locals.tf @@ -2,8 +2,8 @@ locals { access_policies = var.create_access_policies ? data.aws_iam_policy_document.access_policy[0].json : var.access_policies #access_policies = var.create_access_policies ? data.aws_iam_policy_document.access_policy.json : var.access_policies permissions_boundary = var.attach_permissions_boundary ? "arn:aws:iam::${data.aws_caller_identity.current.account_id}:policy/PermissionBoundary_PowerUser" : null - #security_group_ids = var.create_security_group ? aws_security_group.this[0].id : var.security_group_ids - security_group_ids = var.create_security_group ? aws_security_group.this[0].id : var.security_group_id + security_group_ids = var.create_security_group ? [aws_security_group.this[0].id] : var.security_group_ids + #security_group_ids = var.create_security_group ? aws_security_group.this[0].id : var.security_group_id custom_instance_type = var.instance_type == null && var.cluster_tshirt_size != null ? lookup(local.instance_type_lookup, var.cluster_tshirt_size, null) : var.instance_type custom_instance_count = var.instance_count == null ? 1 : var.instance_count custom_volume_size = var.volume_size == null && var.cluster_tshirt_size != null ? lookup(local.volume_size_lookup, var.cluster_tshirt_size, null) : var.volume_size diff --git a/terraform/modules/opensearch/variables.tf b/terraform/modules/opensearch/variables.tf index cdcc46c0..9be5f46d 100644 --- a/terraform/modules/opensearch/variables.tf +++ b/terraform/modules/opensearch/variables.tf @@ -168,20 +168,20 @@ variable "s3_snapshot_bucket_arn" { sensitive = false } -# variable "security_group_ids" { -# type = set(string) -# description = "A set of one or more Security Group IDs to associate with the cluster" -# default = [] -# sensitive = false -# } - -variable "security_group_id" { - type = string - description = "A Security Group ID to associate with the cluster" - default = "" +variable "security_group_ids" { + type = set(string) + description = "A set of one or more Security Group IDs to associate with the cluster" + default = [] sensitive = false } +# variable "security_group_id" { +# type = string +# description = "A Security Group ID to associate with the cluster" +# default = "" +# sensitive = false +# } + variable "subnet_ids" { type = set(string) description = "A set of one or more Private Subnet IDs to associate with the cluster" From 69edc53fe802e20e5415344cd913ddf7cbcb36db Mon Sep 17 00:00:00 2001 From: "Fleming, Michael (NIH/NCI) [C]" Date: Mon, 17 Jun 2024 14:05:52 -0400 Subject: [PATCH 14/35] debug --- terraform/modules/opensearch/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/modules/opensearch/main.tf b/terraform/modules/opensearch/main.tf index acebdad3..2e5a56ca 100644 --- a/terraform/modules/opensearch/main.tf +++ b/terraform/modules/opensearch/main.tf @@ -71,7 +71,7 @@ resource "aws_opensearch_domain" "this" { vpc_options { subnet_ids = var.subnet_ids - security_group_ids = [local.security_group_ids] + security_group_ids = local.security_group_ids } } From 6609bb3eb03e9e2e77ad91b0d15c9e1b9aa7e2dd Mon Sep 17 00:00:00 2001 From: "Fleming, Michael (NIH/NCI) [C]" Date: Mon, 17 Jun 2024 14:42:04 -0400 Subject: [PATCH 15/35] updates for aws 5.x provider --- terraform/modules/cloudfront/kinesis.tf | 8 ++++---- .../kinesis-firehose-datastream/main.tf | 18 +++++++++--------- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/terraform/modules/cloudfront/kinesis.tf b/terraform/modules/cloudfront/kinesis.tf index 62e25488..ecf7ac00 100644 --- a/terraform/modules/cloudfront/kinesis.tf +++ b/terraform/modules/cloudfront/kinesis.tf @@ -23,8 +23,8 @@ resource "aws_iam_role_policy_attachment" "firehose_policy_attachment" { resource "aws_kinesis_firehose_delivery_stream" "firehose_stream" { name = "aws-waf-logs-${var.resource_prefix}-kinesis-firehose-stream" destination = "s3" - s3_configuration { - role_arn = aws_iam_role.firehose_role.arn - bucket_arn = aws_s3_bucket.kinesis_log.arn - } + # s3_configuration { + # role_arn = aws_iam_role.firehose_role.arn + # bucket_arn = aws_s3_bucket.kinesis_log.arn + # } } diff --git a/terraform/modules/firehose-metrics/modules/kinesis-firehose-datastream/main.tf b/terraform/modules/firehose-metrics/modules/kinesis-firehose-datastream/main.tf index f7228acd..a8856050 100644 --- a/terraform/modules/firehose-metrics/modules/kinesis-firehose-datastream/main.tf +++ b/terraform/modules/firehose-metrics/modules/kinesis-firehose-datastream/main.tf @@ -14,16 +14,16 @@ resource "aws_kinesis_firehose_delivery_stream" "kinesis" { request_configuration { content_encoding = var.content_encoding } - } - s3_configuration { - role_arn = var.role_arn - bucket_arn = var.s3_bucket_arn - prefix = var.s3_object_prefix - error_output_prefix = var.s3_error_output_prefix - buffer_size = var.buffer_size - buffer_interval = var.buffer_interval - compression_format = var.s3_compression_format + s3_configuration { + role_arn = var.role_arn + bucket_arn = var.s3_bucket_arn + prefix = var.s3_object_prefix + error_output_prefix = var.s3_error_output_prefix + #buffer_size = var.buffer_size + #buffer_interval = var.buffer_interval + compression_format = var.s3_compression_format + } } } From 0545cd095c04459f66dcf384f65d54c36ec790da Mon Sep 17 00:00:00 2001 From: "Fleming, Michael (NIH/NCI) [C]" Date: Mon, 17 Jun 2024 14:54:26 -0400 Subject: [PATCH 16/35] debug --- terraform/modules/cloudfront/kinesis.tf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/terraform/modules/cloudfront/kinesis.tf b/terraform/modules/cloudfront/kinesis.tf index ecf7ac00..e253af63 100644 --- a/terraform/modules/cloudfront/kinesis.tf +++ b/terraform/modules/cloudfront/kinesis.tf @@ -22,7 +22,8 @@ resource "aws_iam_role_policy_attachment" "firehose_policy_attachment" { resource "aws_kinesis_firehose_delivery_stream" "firehose_stream" { name = "aws-waf-logs-${var.resource_prefix}-kinesis-firehose-stream" - destination = "s3" + #destination = "s3" + destination = "extended_s3" # s3_configuration { # role_arn = aws_iam_role.firehose_role.arn # bucket_arn = aws_s3_bucket.kinesis_log.arn From 576cfbb7a1805b927130a854996c664a76a805cd Mon Sep 17 00:00:00 2001 From: "Fleming, Michael (NIH/NCI) [C]" Date: Mon, 17 Jun 2024 15:05:47 -0400 Subject: [PATCH 17/35] debug --- terraform/modules/opensearch/main.tf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/terraform/modules/opensearch/main.tf b/terraform/modules/opensearch/main.tf index 2e5a56ca..09b898f9 100644 --- a/terraform/modules/opensearch/main.tf +++ b/terraform/modules/opensearch/main.tf @@ -19,7 +19,8 @@ resource "aws_opensearch_domain" "this" { dedicated_master_type = var.dedicated_master_enabled ? local.custom_instance_type : null warm_enabled = var.warm_enabled - warm_count = var.warm_enabled ? 2 : 0 + #warm_count = var.warm_enabled ? 2 : 0 + warm_count = var.warm_enabled ? 2 : null warm_type = var.warm_enabled ? local.custom_instance_type : null cold_storage_options { From f46f28eb8f0f6241d1b134d338a28aeacdf2d54a Mon Sep 17 00:00:00 2001 From: "Fleming, Michael (NIH/NCI) [C]" Date: Tue, 18 Jun 2024 12:00:07 -0400 Subject: [PATCH 18/35] updated node count --- terraform/modules/opensearch/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/modules/opensearch/main.tf b/terraform/modules/opensearch/main.tf index 09b898f9..7b39dd1f 100644 --- a/terraform/modules/opensearch/main.tf +++ b/terraform/modules/opensearch/main.tf @@ -6,7 +6,7 @@ resource "aws_opensearch_domain" "this" { cluster_config { instance_type = local.custom_instance_type - instance_count = var.zone_awareness_enabled ? local.custom_instance_count : (local.custom_instance_count * 2) + instance_count = var.zone_awareness_enabled ? (local.custom_instance_count * 2) : local.custom_instance_count zone_awareness_enabled = var.zone_awareness_enabled From 20bad8d37372739a0a9c35d36ffc3bd1c58a5f3b Mon Sep 17 00:00:00 2001 From: "Fleming, Michael (NIH/NCI) [C]" Date: Tue, 18 Jun 2024 12:06:49 -0400 Subject: [PATCH 19/35] uncommented update block --- terraform/modules/opensearch/main.tf | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/terraform/modules/opensearch/main.tf b/terraform/modules/opensearch/main.tf index 7b39dd1f..e44b02cc 100644 --- a/terraform/modules/opensearch/main.tf +++ b/terraform/modules/opensearch/main.tf @@ -19,7 +19,6 @@ resource "aws_opensearch_domain" "this" { dedicated_master_type = var.dedicated_master_enabled ? local.custom_instance_type : null warm_enabled = var.warm_enabled - #warm_count = var.warm_enabled ? 2 : 0 warm_count = var.warm_enabled ? 2 : null warm_type = var.warm_enabled ? local.custom_instance_type : null @@ -53,7 +52,6 @@ resource "aws_opensearch_domain" "this" { content { enabled = true cloudwatch_log_group_arn = aws_cloudwatch_log_group.this[0].arn - #log_type = each.value log_type = log_publishing_options.value } } @@ -66,9 +64,9 @@ resource "aws_opensearch_domain" "this" { automated_snapshot_start_hour = var.automated_snapshot_start_hour } - # software_update_options { - # auto_software_update_enabled = var.auto_software_update_enabled - # } + software_update_options { + auto_software_update_enabled = var.auto_software_update_enabled + } vpc_options { subnet_ids = var.subnet_ids From a2f561421ad04f3771ca4e2b91bef3230d0066ab Mon Sep 17 00:00:00 2001 From: "Fleming, Michael (NIH/NCI) [C]" Date: Thu, 20 Jun 2024 07:27:30 -0400 Subject: [PATCH 20/35] added local for subnet ids --- terraform/modules/opensearch/locals.tf | 1 + terraform/modules/opensearch/main.tf | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/terraform/modules/opensearch/locals.tf b/terraform/modules/opensearch/locals.tf index e271ecf6..4b7bf892 100644 --- a/terraform/modules/opensearch/locals.tf +++ b/terraform/modules/opensearch/locals.tf @@ -7,6 +7,7 @@ locals { custom_instance_type = var.instance_type == null && var.cluster_tshirt_size != null ? lookup(local.instance_type_lookup, var.cluster_tshirt_size, null) : var.instance_type custom_instance_count = var.instance_count == null ? 1 : var.instance_count custom_volume_size = var.volume_size == null && var.cluster_tshirt_size != null ? lookup(local.volume_size_lookup, var.cluster_tshirt_size, null) : var.volume_size + cluster_subnet_ids = local.custom_instance_count == 1 ? var.subnet_ids[0] : var.subnet_ids instance_type_lookup = { diff --git a/terraform/modules/opensearch/main.tf b/terraform/modules/opensearch/main.tf index e44b02cc..0ddb36b9 100644 --- a/terraform/modules/opensearch/main.tf +++ b/terraform/modules/opensearch/main.tf @@ -69,7 +69,8 @@ resource "aws_opensearch_domain" "this" { } vpc_options { - subnet_ids = var.subnet_ids + #subnet_ids = var.subnet_ids + subnet_ids = local.cluster_subnet_ids security_group_ids = local.security_group_ids } } From 2c8c4d007a48b1b599ad5ec00e735e4057d70135 Mon Sep 17 00:00:00 2001 From: "Fleming, Michael (NIH/NCI) [C]" Date: Thu, 20 Jun 2024 07:34:06 -0400 Subject: [PATCH 21/35] updated locals --- terraform/modules/opensearch/locals.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/modules/opensearch/locals.tf b/terraform/modules/opensearch/locals.tf index 4b7bf892..96b3a814 100644 --- a/terraform/modules/opensearch/locals.tf +++ b/terraform/modules/opensearch/locals.tf @@ -7,7 +7,7 @@ locals { custom_instance_type = var.instance_type == null && var.cluster_tshirt_size != null ? lookup(local.instance_type_lookup, var.cluster_tshirt_size, null) : var.instance_type custom_instance_count = var.instance_count == null ? 1 : var.instance_count custom_volume_size = var.volume_size == null && var.cluster_tshirt_size != null ? lookup(local.volume_size_lookup, var.cluster_tshirt_size, null) : var.volume_size - cluster_subnet_ids = local.custom_instance_count == 1 ? var.subnet_ids[0] : var.subnet_ids + cluster_subnet_ids = local.custom_instance_count == 1 ? tolist(var.subnet_ids)[0] : var.subnet_ids instance_type_lookup = { From 106960c64734fce7b95f36ca0e14a34436f0482b Mon Sep 17 00:00:00 2001 From: "Fleming, Michael (NIH/NCI) [C]" Date: Thu, 20 Jun 2024 07:35:46 -0400 Subject: [PATCH 22/35] updated to list --- terraform/modules/opensearch/locals.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/modules/opensearch/locals.tf b/terraform/modules/opensearch/locals.tf index 96b3a814..a2d1c60f 100644 --- a/terraform/modules/opensearch/locals.tf +++ b/terraform/modules/opensearch/locals.tf @@ -7,7 +7,7 @@ locals { custom_instance_type = var.instance_type == null && var.cluster_tshirt_size != null ? lookup(local.instance_type_lookup, var.cluster_tshirt_size, null) : var.instance_type custom_instance_count = var.instance_count == null ? 1 : var.instance_count custom_volume_size = var.volume_size == null && var.cluster_tshirt_size != null ? lookup(local.volume_size_lookup, var.cluster_tshirt_size, null) : var.volume_size - cluster_subnet_ids = local.custom_instance_count == 1 ? tolist(var.subnet_ids)[0] : var.subnet_ids + cluster_subnet_ids = local.custom_instance_count == 1 ? [tolist(var.subnet_ids)[0]] : var.subnet_ids instance_type_lookup = { From 0e2e021b4a81e8d11082cb59b4c5accc4f92fa54 Mon Sep 17 00:00:00 2001 From: "Fleming, Michael (NIH/NCI) [C]" Date: Thu, 20 Jun 2024 07:47:57 -0400 Subject: [PATCH 23/35] updated auto tune options --- terraform/modules/opensearch/locals.tf | 1 + terraform/modules/opensearch/main.tf | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/terraform/modules/opensearch/locals.tf b/terraform/modules/opensearch/locals.tf index a2d1c60f..0acfbe4c 100644 --- a/terraform/modules/opensearch/locals.tf +++ b/terraform/modules/opensearch/locals.tf @@ -5,6 +5,7 @@ locals { security_group_ids = var.create_security_group ? [aws_security_group.this[0].id] : var.security_group_ids #security_group_ids = var.create_security_group ? aws_security_group.this[0].id : var.security_group_id custom_instance_type = var.instance_type == null && var.cluster_tshirt_size != null ? lookup(local.instance_type_lookup, var.cluster_tshirt_size, null) : var.instance_type + auto_tune_enabled = var.auto_tune_enabled && (!contains(local.custom_instance_type, "t2") || !contains(local.custom_instance_type, "t3")) ? "ENABLED" : "DISABLED" custom_instance_count = var.instance_count == null ? 1 : var.instance_count custom_volume_size = var.volume_size == null && var.cluster_tshirt_size != null ? lookup(local.volume_size_lookup, var.cluster_tshirt_size, null) : var.volume_size cluster_subnet_ids = local.custom_instance_count == 1 ? [tolist(var.subnet_ids)[0]] : var.subnet_ids diff --git a/terraform/modules/opensearch/main.tf b/terraform/modules/opensearch/main.tf index 0ddb36b9..b7c4e5df 100644 --- a/terraform/modules/opensearch/main.tf +++ b/terraform/modules/opensearch/main.tf @@ -28,7 +28,7 @@ resource "aws_opensearch_domain" "this" { } auto_tune_options { - desired_state = var.auto_tune_enabled ? "ENABLED" : "DISABLED" + desired_state = local.auto_tune_enabled } domain_endpoint_options { From e6b2b6c36c9d11bec63ffecd04523ff0e2474353 Mon Sep 17 00:00:00 2001 From: "Fleming, Michael (NIH/NCI) [C]" Date: Thu, 20 Jun 2024 07:51:03 -0400 Subject: [PATCH 24/35] updated function --- terraform/modules/opensearch/locals.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/modules/opensearch/locals.tf b/terraform/modules/opensearch/locals.tf index 0acfbe4c..c21ae5fa 100644 --- a/terraform/modules/opensearch/locals.tf +++ b/terraform/modules/opensearch/locals.tf @@ -5,7 +5,7 @@ locals { security_group_ids = var.create_security_group ? [aws_security_group.this[0].id] : var.security_group_ids #security_group_ids = var.create_security_group ? aws_security_group.this[0].id : var.security_group_id custom_instance_type = var.instance_type == null && var.cluster_tshirt_size != null ? lookup(local.instance_type_lookup, var.cluster_tshirt_size, null) : var.instance_type - auto_tune_enabled = var.auto_tune_enabled && (!contains(local.custom_instance_type, "t2") || !contains(local.custom_instance_type, "t3")) ? "ENABLED" : "DISABLED" + auto_tune_enabled = var.auto_tune_enabled && (!strcontains(local.custom_instance_type, "t2") || !strcontains(local.custom_instance_type, "t3")) ? "ENABLED" : "DISABLED" custom_instance_count = var.instance_count == null ? 1 : var.instance_count custom_volume_size = var.volume_size == null && var.cluster_tshirt_size != null ? lookup(local.volume_size_lookup, var.cluster_tshirt_size, null) : var.volume_size cluster_subnet_ids = local.custom_instance_count == 1 ? [tolist(var.subnet_ids)[0]] : var.subnet_ids From 9e4cbcb1c13a67b46def621d454d86b9788f3604 Mon Sep 17 00:00:00 2001 From: "Fleming, Michael (NIH/NCI) [C]" Date: Thu, 20 Jun 2024 08:00:09 -0400 Subject: [PATCH 25/35] updated local for autotune --- terraform/modules/opensearch/locals.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/modules/opensearch/locals.tf b/terraform/modules/opensearch/locals.tf index c21ae5fa..e52fa44f 100644 --- a/terraform/modules/opensearch/locals.tf +++ b/terraform/modules/opensearch/locals.tf @@ -5,7 +5,7 @@ locals { security_group_ids = var.create_security_group ? [aws_security_group.this[0].id] : var.security_group_ids #security_group_ids = var.create_security_group ? aws_security_group.this[0].id : var.security_group_id custom_instance_type = var.instance_type == null && var.cluster_tshirt_size != null ? lookup(local.instance_type_lookup, var.cluster_tshirt_size, null) : var.instance_type - auto_tune_enabled = var.auto_tune_enabled && (!strcontains(local.custom_instance_type, "t2") || !strcontains(local.custom_instance_type, "t3")) ? "ENABLED" : "DISABLED" + auto_tune_enabled = var.auto_tune_enabled && !strcontains(local.custom_instance_type, "t2") && !strcontains(local.custom_instance_type, "t3") ? "ENABLED" : "DISABLED" custom_instance_count = var.instance_count == null ? 1 : var.instance_count custom_volume_size = var.volume_size == null && var.cluster_tshirt_size != null ? lookup(local.volume_size_lookup, var.cluster_tshirt_size, null) : var.volume_size cluster_subnet_ids = local.custom_instance_count == 1 ? [tolist(var.subnet_ids)[0]] : var.subnet_ids From 0233d5995d461d43227e43aae712a5b9e4cbd045 Mon Sep 17 00:00:00 2001 From: "Fleming, Michael (NIH/NCI) [C]" Date: Thu, 20 Jun 2024 10:33:14 -0400 Subject: [PATCH 26/35] updated zone awareness --- terraform/modules/opensearch/main.tf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/terraform/modules/opensearch/main.tf b/terraform/modules/opensearch/main.tf index b7c4e5df..e454ca53 100644 --- a/terraform/modules/opensearch/main.tf +++ b/terraform/modules/opensearch/main.tf @@ -11,7 +11,8 @@ resource "aws_opensearch_domain" "this" { zone_awareness_enabled = var.zone_awareness_enabled zone_awareness_config { - availability_zone_count = var.zone_awareness_enabled ? 2 : null + #availability_zone_count = var.zone_awareness_enabled ? 2 : null + availability_zone_count = var.zone_awareness_enabled ? 2 : 1 } dedicated_master_enabled = var.dedicated_master_enabled From 3294a6f97d17a2ff69066d13f04c4f1c33876857 Mon Sep 17 00:00:00 2001 From: "Fleming, Michael (NIH/NCI) [C]" Date: Thu, 20 Jun 2024 10:40:34 -0400 Subject: [PATCH 27/35] reverted zone awareness --- terraform/modules/opensearch/main.tf | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/terraform/modules/opensearch/main.tf b/terraform/modules/opensearch/main.tf index e454ca53..b7c4e5df 100644 --- a/terraform/modules/opensearch/main.tf +++ b/terraform/modules/opensearch/main.tf @@ -11,8 +11,7 @@ resource "aws_opensearch_domain" "this" { zone_awareness_enabled = var.zone_awareness_enabled zone_awareness_config { - #availability_zone_count = var.zone_awareness_enabled ? 2 : null - availability_zone_count = var.zone_awareness_enabled ? 2 : 1 + availability_zone_count = var.zone_awareness_enabled ? 2 : null } dedicated_master_enabled = var.dedicated_master_enabled From 43cee758afc8cda922bf3be1b1b312fe3b024561 Mon Sep 17 00:00:00 2001 From: "Fleming, Michael (NIH/NCI) [C]" Date: Thu, 20 Jun 2024 14:43:47 -0400 Subject: [PATCH 28/35] removed debug --- terraform/modules/opensearch/locals.tf | 2 -- terraform/modules/opensearch/main.tf | 1 - terraform/modules/opensearch/variables.tf | 7 ------- 3 files changed, 10 deletions(-) diff --git a/terraform/modules/opensearch/locals.tf b/terraform/modules/opensearch/locals.tf index e52fa44f..7f067132 100644 --- a/terraform/modules/opensearch/locals.tf +++ b/terraform/modules/opensearch/locals.tf @@ -1,9 +1,7 @@ locals { access_policies = var.create_access_policies ? data.aws_iam_policy_document.access_policy[0].json : var.access_policies - #access_policies = var.create_access_policies ? data.aws_iam_policy_document.access_policy.json : var.access_policies permissions_boundary = var.attach_permissions_boundary ? "arn:aws:iam::${data.aws_caller_identity.current.account_id}:policy/PermissionBoundary_PowerUser" : null security_group_ids = var.create_security_group ? [aws_security_group.this[0].id] : var.security_group_ids - #security_group_ids = var.create_security_group ? aws_security_group.this[0].id : var.security_group_id custom_instance_type = var.instance_type == null && var.cluster_tshirt_size != null ? lookup(local.instance_type_lookup, var.cluster_tshirt_size, null) : var.instance_type auto_tune_enabled = var.auto_tune_enabled && !strcontains(local.custom_instance_type, "t2") && !strcontains(local.custom_instance_type, "t3") ? "ENABLED" : "DISABLED" custom_instance_count = var.instance_count == null ? 1 : var.instance_count diff --git a/terraform/modules/opensearch/main.tf b/terraform/modules/opensearch/main.tf index b7c4e5df..dfa4d7ed 100644 --- a/terraform/modules/opensearch/main.tf +++ b/terraform/modules/opensearch/main.tf @@ -69,7 +69,6 @@ resource "aws_opensearch_domain" "this" { } vpc_options { - #subnet_ids = var.subnet_ids subnet_ids = local.cluster_subnet_ids security_group_ids = local.security_group_ids } diff --git a/terraform/modules/opensearch/variables.tf b/terraform/modules/opensearch/variables.tf index 9be5f46d..077e3ab5 100644 --- a/terraform/modules/opensearch/variables.tf +++ b/terraform/modules/opensearch/variables.tf @@ -175,13 +175,6 @@ variable "security_group_ids" { sensitive = false } -# variable "security_group_id" { -# type = string -# description = "A Security Group ID to associate with the cluster" -# default = "" -# sensitive = false -# } - variable "subnet_ids" { type = set(string) description = "A set of one or more Private Subnet IDs to associate with the cluster" From 57e6e7fa50d32983030111002deb050bf9c7fe46 Mon Sep 17 00:00:00 2001 From: "Fleming, Michael (NIH/NCI) [C]" Date: Thu, 20 Jun 2024 14:58:48 -0400 Subject: [PATCH 29/35] updated s3 policy --- terraform/modules/cloudfront/kinesis.tf | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/terraform/modules/cloudfront/kinesis.tf b/terraform/modules/cloudfront/kinesis.tf index e253af63..3f93df3d 100644 --- a/terraform/modules/cloudfront/kinesis.tf +++ b/terraform/modules/cloudfront/kinesis.tf @@ -22,10 +22,10 @@ resource "aws_iam_role_policy_attachment" "firehose_policy_attachment" { resource "aws_kinesis_firehose_delivery_stream" "firehose_stream" { name = "aws-waf-logs-${var.resource_prefix}-kinesis-firehose-stream" - #destination = "s3" destination = "extended_s3" - # s3_configuration { - # role_arn = aws_iam_role.firehose_role.arn - # bucket_arn = aws_s3_bucket.kinesis_log.arn - # } + + extended_s3_configuration { + role_arn = aws_iam_role.firehose_role.arn + bucket_arn = aws_s3_bucket.kinesis_log.arn + } } From 332f0e975e58c4b5d1132b14d0123f2e5cef22af Mon Sep 17 00:00:00 2001 From: "Fleming, Michael (NIH/NCI) [C]" Date: Thu, 20 Jun 2024 15:10:36 -0400 Subject: [PATCH 30/35] reverted debug --- terraform/modules/opensearch/data.tf | 3 --- terraform/modules/opensearch/outputs.tf | 10 +++++----- 2 files changed, 5 insertions(+), 8 deletions(-) diff --git a/terraform/modules/opensearch/data.tf b/terraform/modules/opensearch/data.tf index 443f5109..4bf43786 100644 --- a/terraform/modules/opensearch/data.tf +++ b/terraform/modules/opensearch/data.tf @@ -39,7 +39,6 @@ data "aws_iam_policy_document" "access_policy" { type = "AWS" identifiers = ["*"] } - #resources = ["${aws_opensearch_domain.this.arn}/*"] resources = ["arn:aws:es:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:domain/${var.resource_prefix}-opensearch/*"] } } @@ -90,9 +89,7 @@ data "aws_iam_policy_document" "snapshot" { effect = "Allow" actions = ["es:ESHttpPut"] resources = [ - #"${aws_opensearch_domain.this.arn}/*", "arn:aws:es:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:domain/${var.resource_prefix}-opensearch/*", - #"${aws_opensearch_domain.this.arn}/*/*" "arn:aws:es:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:domain/${var.resource_prefix}-opensearch/*/*" ] } diff --git a/terraform/modules/opensearch/outputs.tf b/terraform/modules/opensearch/outputs.tf index 63bab5e4..a297a4d7 100644 --- a/terraform/modules/opensearch/outputs.tf +++ b/terraform/modules/opensearch/outputs.tf @@ -4,11 +4,11 @@ output "arn" { sensitive = false } -# output "dashboard_endpoint" { -# value = aws_opensearch_domain.this.dashboard_endpoint -# description = "The endpoint of the OpenSearch domain dashboard" -# sensitive = false -# } +output "dashboard_endpoint" { + value = aws_opensearch_domain.this.dashboard_endpoint + description = "The endpoint of the OpenSearch domain dashboard" + sensitive = false +} output "domain_id" { value = aws_opensearch_domain.this.domain_id From fba5be41fe49dd338b83895dc2f0c895ce47c0f6 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Mon, 24 Jun 2024 17:26:24 +0000 Subject: [PATCH 31/35] terraform-docs: automated action --- terraform/modules/opensearch/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/terraform/modules/opensearch/README.md b/terraform/modules/opensearch/README.md index 50c02f49..92e734fb 100644 --- a/terraform/modules/opensearch/README.md +++ b/terraform/modules/opensearch/README.md @@ -48,6 +48,7 @@ No modules. | [aws_iam_policy_document.logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | | [aws_iam_policy_document.snapshot](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | | [aws_iam_policy_document.trust](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | ## Inputs From 5aeb91734b61ff37e499209b3487f4008010f7a9 Mon Sep 17 00:00:00 2001 From: "Fleming, Michael (NIH/NCI) [C]" Date: Tue, 25 Jun 2024 16:59:43 -0400 Subject: [PATCH 32/35] added aws provider version --- terraform/modules/opensearch/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/modules/opensearch/README.md b/terraform/modules/opensearch/README.md index 92e734fb..3c67b5f4 100644 --- a/terraform/modules/opensearch/README.md +++ b/terraform/modules/opensearch/README.md @@ -25,7 +25,7 @@ No requirements. | Name | Version | |------|---------| -| [aws](#provider\_aws) | n/a | +| [aws](#provider\_aws) | >=5.16.0 | ## Modules From 601d916c536e413add12f66d643d4b9fc170b8b6 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Tue, 25 Jun 2024 21:00:09 +0000 Subject: [PATCH 33/35] terraform-docs: automated action --- terraform/modules/opensearch/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/modules/opensearch/README.md b/terraform/modules/opensearch/README.md index 3c67b5f4..92e734fb 100644 --- a/terraform/modules/opensearch/README.md +++ b/terraform/modules/opensearch/README.md @@ -25,7 +25,7 @@ No requirements. | Name | Version | |------|---------| -| [aws](#provider\_aws) | >=5.16.0 | +| [aws](#provider\_aws) | n/a | ## Modules From b9c1603f493dee4a0c6f09484bdbdc15c31f69b0 Mon Sep 17 00:00:00 2001 From: "Fleming, Michael (NIH/NCI) [C]" Date: Wed, 26 Jun 2024 07:57:17 -0400 Subject: [PATCH 34/35] updated required AWS provider version --- terraform/modules/opensearch/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/modules/opensearch/README.md b/terraform/modules/opensearch/README.md index 92e734fb..3c67b5f4 100644 --- a/terraform/modules/opensearch/README.md +++ b/terraform/modules/opensearch/README.md @@ -25,7 +25,7 @@ No requirements. | Name | Version | |------|---------| -| [aws](#provider\_aws) | n/a | +| [aws](#provider\_aws) | >=5.16.0 | ## Modules From 0ba467ccb38653ae487a63dde76d0ef54f2e76fe Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Wed, 26 Jun 2024 11:57:43 +0000 Subject: [PATCH 35/35] terraform-docs: automated action --- terraform/modules/opensearch/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/modules/opensearch/README.md b/terraform/modules/opensearch/README.md index 3c67b5f4..92e734fb 100644 --- a/terraform/modules/opensearch/README.md +++ b/terraform/modules/opensearch/README.md @@ -25,7 +25,7 @@ No requirements. | Name | Version | |------|---------| -| [aws](#provider\_aws) | >=5.16.0 | +| [aws](#provider\_aws) | n/a | ## Modules