Add support for ultraWarm and advanced security (#74)

* Add support for ultraWarm and advanced security * Updated README.md Co-authored-by: actions-bot <58130806+actions-bot@users.noreply.github.com>
cloudposse · Sep 20, 2020 · b30e765 · b30e765
1 parent 4335e96
commit b30e765
Show file tree

Hide file tree

Showing 4 changed files with 77 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -154,6 +154,11 @@ Available targets:
 |------|-------------|------|---------|:--------:|
 | additional\_tag\_map | Additional tags for appending to tags\_as\_list\_of\_maps. Not added to `tags`. | `map(string)` | `{}` | no |
 | advanced\_options | Key-value string pairs to specify advanced configuration options | `map(string)` | `{}` | no |
+| advanced\_security\_options\_enabled | AWS Elasticsearch Kibana enchanced security plugin enabling (forces new resource) | `bool` | `false` | no |
+| advanced\_security\_options\_internal\_user\_database\_enabled | Whether to enable or not internal Kibana user database for ELK OpenDistro security plugin | `bool` | `false` | no |
+| advanced\_security\_options\_master\_user\_arn | ARN of IAM user who is to be mapped to be Kibana master user (applicable if advanced\_security\_options\_internal\_user\_database\_enabled set to false) | `string` | `""` | no |
+| advanced\_security\_options\_master\_user\_name | Master user username (applicable if advanced\_security\_options\_internal\_user\_database\_enabled set to true) | `string` | `""` | no |
+| advanced\_security\_options\_master\_user\_password | Master user password (applicable if advanced\_security\_options\_internal\_user\_database\_enabled set to true) | `string` | `""` | no |
 | allowed\_cidr\_blocks | List of CIDR blocks to be allowed to connect to the cluster | `list(string)` | `[]` | no |
 | attributes | Additional attributes (e.g. `1`) | `list(string)` | `[]` | no |
 | automated\_snapshot\_start\_hour | Hour at which automated snapshots are taken, in UTC | `number` | `0` | no |
@@ -210,6 +215,9 @@ Available targets:
 | tags | Additional tags (e.g. `map('BusinessUnit','XYZ')` | `map(string)` | `{}` | no |
 | vpc\_enabled | Set to false if ES should be deployed outside of VPC. | `bool` | `true` | no |
 | vpc\_id | VPC ID | `string` | `null` | no |
+| warm\_count | Number of UltraWarm nodes | `number` | `2` | no |
+| warm\_enabled | Whether AWS UltraWarm is enabled | `bool` | `false` | no |
+| warm\_type | Type of UltraWarm nodes | `string` | `"ultrawarm1.medium.elasticsearch"` | no |
 | zone\_awareness\_enabled | Enable zone awareness for Elasticsearch cluster | `bool` | `true` | no |
 
 ## Outputs

diff --git a/docs/terraform.md b/docs/terraform.md
@@ -21,6 +21,11 @@
 |------|-------------|------|---------|:--------:|
 | additional\_tag\_map | Additional tags for appending to tags\_as\_list\_of\_maps. Not added to `tags`. | `map(string)` | `{}` | no |
 | advanced\_options | Key-value string pairs to specify advanced configuration options | `map(string)` | `{}` | no |
+| advanced\_security\_options\_enabled | AWS Elasticsearch Kibana enchanced security plugin enabling (forces new resource) | `bool` | `false` | no |
+| advanced\_security\_options\_internal\_user\_database\_enabled | Whether to enable or not internal Kibana user database for ELK OpenDistro security plugin | `bool` | `false` | no |
+| advanced\_security\_options\_master\_user\_arn | ARN of IAM user who is to be mapped to be Kibana master user (applicable if advanced\_security\_options\_internal\_user\_database\_enabled set to false) | `string` | `""` | no |
+| advanced\_security\_options\_master\_user\_name | Master user username (applicable if advanced\_security\_options\_internal\_user\_database\_enabled set to true) | `string` | `""` | no |
+| advanced\_security\_options\_master\_user\_password | Master user password (applicable if advanced\_security\_options\_internal\_user\_database\_enabled set to true) | `string` | `""` | no |
 | allowed\_cidr\_blocks | List of CIDR blocks to be allowed to connect to the cluster | `list(string)` | `[]` | no |
 | attributes | Additional attributes (e.g. `1`) | `list(string)` | `[]` | no |
 | automated\_snapshot\_start\_hour | Hour at which automated snapshots are taken, in UTC | `number` | `0` | no |
@@ -77,6 +82,9 @@
 | tags | Additional tags (e.g. `map('BusinessUnit','XYZ')` | `map(string)` | `{}` | no |
 | vpc\_enabled | Set to false if ES should be deployed outside of VPC. | `bool` | `true` | no |
 | vpc\_id | VPC ID | `string` | `null` | no |
+| warm\_count | Number of UltraWarm nodes | `number` | `2` | no |
+| warm\_enabled | Whether AWS UltraWarm is enabled | `bool` | `false` | no |
+| warm\_type | Type of UltraWarm nodes | `string` | `"ultrawarm1.medium.elasticsearch"` | no |
 | zone\_awareness\_enabled | Enable zone awareness for Elasticsearch cluster | `bool` | `true` | no |
 
 ## Outputs

diff --git a/main.tf b/main.tf
@@ -118,6 +118,16 @@ resource "aws_elasticsearch_domain" "default" {
 
   advanced_options = var.advanced_options
 
+  advanced_security_options {
+    enabled                        = var.advanced_security_options_enabled
+    internal_user_database_enabled = var.advanced_security_options_internal_user_database_enabled
+    master_user_options {
+      master_user_arn      = var.advanced_security_options_master_user_arn
+      master_user_name     = var.advanced_security_options_master_user_name
+      master_user_password = var.advanced_security_options_master_user_password
+    }
+  }
+
   ebs_options {
     ebs_enabled = var.ebs_volume_size > 0 ? true : false
     volume_size = var.ebs_volume_size
@@ -142,6 +152,9 @@ resource "aws_elasticsearch_domain" "default" {
     dedicated_master_count   = var.dedicated_master_count
     dedicated_master_type    = var.dedicated_master_type
     zone_awareness_enabled   = var.zone_awareness_enabled
+    warm_enabled             = var.warm_enabled
+    warm_count               = var.warm_count
+    warm_type                = var.warm_type
 
     dynamic "zone_awareness_config" {
       for_each = null_resource.azs[*].triggers

diff --git a/variables.tf b/variables.tf
@@ -64,6 +64,24 @@ variable "instance_count" {
   default     = 4
 }
 
+variable "warm_enabled" {
+  type        = bool
+  default     = false
+  description = "Whether AWS UltraWarm is enabled"
+}
+
+variable "warm_count" {
+  type        = number
+  default     = 2
+  description = "Number of UltraWarm nodes"
+}
+
+variable "warm_type" {
+  type        = string
+  default     = "ultrawarm1.medium.elasticsearch"
+  description = "Type of UltraWarm nodes"
+}
+
 variable "iam_role_arns" {
   type        = list(string)
   default     = []
@@ -273,3 +291,33 @@ variable "kibana_hostname_enabled" {
   description = "Explicit flag to enable creating a DNS hostname for Kibana. If `true`, then `var.dns_zone_id` is required."
   default     = false
 }
+
+variable "advanced_security_options_enabled" {
+  type        = bool
+  default     = false
+  description = "AWS Elasticsearch Kibana enchanced security plugin enabling (forces new resource)"
+}
+
+variable "advanced_security_options_internal_user_database_enabled" {
+  type        = bool
+  default     = false
+  description = "Whether to enable or not internal Kibana user database for ELK OpenDistro security plugin"
+}
+
+variable "advanced_security_options_master_user_arn" {
+  type        = string
+  default     = ""
+  description = "ARN of IAM user who is to be mapped to be Kibana master user (applicable if advanced_security_options_internal_user_database_enabled set to false)"
+}
+
+variable "advanced_security_options_master_user_name" {
+  type        = string
+  default     = ""
+  description = "Master user username (applicable if advanced_security_options_internal_user_database_enabled set to true)"
+}
+
+variable "advanced_security_options_master_user_password" {
+  type        = string
+  default     = ""
+  description = "Master user password (applicable if advanced_security_options_internal_user_database_enabled set to true)"
+}