From b30e765b427a6fcdedc73fd9e92b4cc45edb8074 Mon Sep 17 00:00:00 2001 From: Maciej Sobkowiak Date: Sun, 20 Sep 2020 18:41:58 +0200 Subject: [PATCH] Add support for ultraWarm and advanced security (#74) * Add support for ultraWarm and advanced security * Updated README.md Co-authored-by: actions-bot <58130806+actions-bot@users.noreply.github.com> --- README.md | 8 ++++++++ docs/terraform.md | 8 ++++++++ main.tf | 13 +++++++++++++ variables.tf | 48 +++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 77 insertions(+) diff --git a/README.md b/README.md index bfa406b..dbf847a 100644 --- a/README.md +++ b/README.md @@ -154,6 +154,11 @@ Available targets: |------|-------------|------|---------|:--------:| | additional\_tag\_map | Additional tags for appending to tags\_as\_list\_of\_maps. Not added to `tags`. | `map(string)` | `{}` | no | | advanced\_options | Key-value string pairs to specify advanced configuration options | `map(string)` | `{}` | no | +| advanced\_security\_options\_enabled | AWS Elasticsearch Kibana enchanced security plugin enabling (forces new resource) | `bool` | `false` | no | +| advanced\_security\_options\_internal\_user\_database\_enabled | Whether to enable or not internal Kibana user database for ELK OpenDistro security plugin | `bool` | `false` | no | +| advanced\_security\_options\_master\_user\_arn | ARN of IAM user who is to be mapped to be Kibana master user (applicable if advanced\_security\_options\_internal\_user\_database\_enabled set to false) | `string` | `""` | no | +| advanced\_security\_options\_master\_user\_name | Master user username (applicable if advanced\_security\_options\_internal\_user\_database\_enabled set to true) | `string` | `""` | no | +| advanced\_security\_options\_master\_user\_password | Master user password (applicable if advanced\_security\_options\_internal\_user\_database\_enabled set to true) | `string` | `""` | no | | allowed\_cidr\_blocks | List of CIDR blocks to be allowed to connect to the cluster | `list(string)` | `[]` | no | | attributes | Additional attributes (e.g. `1`) | `list(string)` | `[]` | no | | automated\_snapshot\_start\_hour | Hour at which automated snapshots are taken, in UTC | `number` | `0` | no | @@ -210,6 +215,9 @@ Available targets: | tags | Additional tags (e.g. `map('BusinessUnit','XYZ')` | `map(string)` | `{}` | no | | vpc\_enabled | Set to false if ES should be deployed outside of VPC. | `bool` | `true` | no | | vpc\_id | VPC ID | `string` | `null` | no | +| warm\_count | Number of UltraWarm nodes | `number` | `2` | no | +| warm\_enabled | Whether AWS UltraWarm is enabled | `bool` | `false` | no | +| warm\_type | Type of UltraWarm nodes | `string` | `"ultrawarm1.medium.elasticsearch"` | no | | zone\_awareness\_enabled | Enable zone awareness for Elasticsearch cluster | `bool` | `true` | no | ## Outputs diff --git a/docs/terraform.md b/docs/terraform.md index 5158ed0..a4ef8c6 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -21,6 +21,11 @@ |------|-------------|------|---------|:--------:| | additional\_tag\_map | Additional tags for appending to tags\_as\_list\_of\_maps. Not added to `tags`. | `map(string)` | `{}` | no | | advanced\_options | Key-value string pairs to specify advanced configuration options | `map(string)` | `{}` | no | +| advanced\_security\_options\_enabled | AWS Elasticsearch Kibana enchanced security plugin enabling (forces new resource) | `bool` | `false` | no | +| advanced\_security\_options\_internal\_user\_database\_enabled | Whether to enable or not internal Kibana user database for ELK OpenDistro security plugin | `bool` | `false` | no | +| advanced\_security\_options\_master\_user\_arn | ARN of IAM user who is to be mapped to be Kibana master user (applicable if advanced\_security\_options\_internal\_user\_database\_enabled set to false) | `string` | `""` | no | +| advanced\_security\_options\_master\_user\_name | Master user username (applicable if advanced\_security\_options\_internal\_user\_database\_enabled set to true) | `string` | `""` | no | +| advanced\_security\_options\_master\_user\_password | Master user password (applicable if advanced\_security\_options\_internal\_user\_database\_enabled set to true) | `string` | `""` | no | | allowed\_cidr\_blocks | List of CIDR blocks to be allowed to connect to the cluster | `list(string)` | `[]` | no | | attributes | Additional attributes (e.g. `1`) | `list(string)` | `[]` | no | | automated\_snapshot\_start\_hour | Hour at which automated snapshots are taken, in UTC | `number` | `0` | no | @@ -77,6 +82,9 @@ | tags | Additional tags (e.g. `map('BusinessUnit','XYZ')` | `map(string)` | `{}` | no | | vpc\_enabled | Set to false if ES should be deployed outside of VPC. | `bool` | `true` | no | | vpc\_id | VPC ID | `string` | `null` | no | +| warm\_count | Number of UltraWarm nodes | `number` | `2` | no | +| warm\_enabled | Whether AWS UltraWarm is enabled | `bool` | `false` | no | +| warm\_type | Type of UltraWarm nodes | `string` | `"ultrawarm1.medium.elasticsearch"` | no | | zone\_awareness\_enabled | Enable zone awareness for Elasticsearch cluster | `bool` | `true` | no | ## Outputs diff --git a/main.tf b/main.tf index e21281f..bfff213 100644 --- a/main.tf +++ b/main.tf @@ -118,6 +118,16 @@ resource "aws_elasticsearch_domain" "default" { advanced_options = var.advanced_options + advanced_security_options { + enabled = var.advanced_security_options_enabled + internal_user_database_enabled = var.advanced_security_options_internal_user_database_enabled + master_user_options { + master_user_arn = var.advanced_security_options_master_user_arn + master_user_name = var.advanced_security_options_master_user_name + master_user_password = var.advanced_security_options_master_user_password + } + } + ebs_options { ebs_enabled = var.ebs_volume_size > 0 ? true : false volume_size = var.ebs_volume_size @@ -142,6 +152,9 @@ resource "aws_elasticsearch_domain" "default" { dedicated_master_count = var.dedicated_master_count dedicated_master_type = var.dedicated_master_type zone_awareness_enabled = var.zone_awareness_enabled + warm_enabled = var.warm_enabled + warm_count = var.warm_count + warm_type = var.warm_type dynamic "zone_awareness_config" { for_each = null_resource.azs[*].triggers diff --git a/variables.tf b/variables.tf index 8676011..722cd23 100644 --- a/variables.tf +++ b/variables.tf @@ -64,6 +64,24 @@ variable "instance_count" { default = 4 } +variable "warm_enabled" { + type = bool + default = false + description = "Whether AWS UltraWarm is enabled" +} + +variable "warm_count" { + type = number + default = 2 + description = "Number of UltraWarm nodes" +} + +variable "warm_type" { + type = string + default = "ultrawarm1.medium.elasticsearch" + description = "Type of UltraWarm nodes" +} + variable "iam_role_arns" { type = list(string) default = [] @@ -273,3 +291,33 @@ variable "kibana_hostname_enabled" { description = "Explicit flag to enable creating a DNS hostname for Kibana. If `true`, then `var.dns_zone_id` is required." default = false } + +variable "advanced_security_options_enabled" { + type = bool + default = false + description = "AWS Elasticsearch Kibana enchanced security plugin enabling (forces new resource)" +} + +variable "advanced_security_options_internal_user_database_enabled" { + type = bool + default = false + description = "Whether to enable or not internal Kibana user database for ELK OpenDistro security plugin" +} + +variable "advanced_security_options_master_user_arn" { + type = string + default = "" + description = "ARN of IAM user who is to be mapped to be Kibana master user (applicable if advanced_security_options_internal_user_database_enabled set to false)" +} + +variable "advanced_security_options_master_user_name" { + type = string + default = "" + description = "Master user username (applicable if advanced_security_options_internal_user_database_enabled set to true)" +} + +variable "advanced_security_options_master_user_password" { + type = string + default = "" + description = "Master user password (applicable if advanced_security_options_internal_user_database_enabled set to true)" +}