add new example, revert to join("" to avoid type changes during this …

…update.

elasticsearch_domain.tf

@@ -5,7 +5,7 @@
 resource "aws_elasticsearch_domain_policy" "default" {
   count           = local.elasticsearch_enabled && (length(var.iam_authorizing_role_arns) > 0 || length(var.iam_role_arns) > 0) ? 1 : 0
   domain_name     = module.this.id
-  access_policies = one(data.aws_iam_policy_document.default[*].json)
+  access_policies = join("", data.aws_iam_policy_document.default[*].json)
 }
 
 resource "aws_elasticsearch_domain" "default" {
@@ -97,7 +97,7 @@ resource "aws_elasticsearch_domain" "default" {
     for_each = var.vpc_enabled ? [true] : []
 
     content {
-      security_group_ids = var.create_security_group ? [one(aws_security_group.default[*].id)] : var.security_groups
+      security_group_ids = var.create_security_group ? [ join("", aws_security_group.default[*].id)] : var.security_groups
       subnet_ids         = var.subnet_ids
     }
   }

examples/opensearch_basic/main.tf

@@ -0,0 +1,28 @@
+provider "aws" {
+  region = "us-east-2"
+}
+
+module "opensearch" {
+  source                  = "../../"
+  namespace               = "eg"
+  stage                   = "dev"
+  name                    = "es"
+  dns_zone_id             = "Z14EN2YD427LRQ"
+  security_groups         = ["sg-XXXXXXXXX", "sg-YYYYYYYY"]
+  vpc_id                  = "vpc-XXXXXXXXX"
+  subnet_ids              = ["subnet-XXXXXXXXX", "subnet-YYYYYYYY"]
+  zone_awareness_enabled  = "true"
+  aws_service_type        = "opensearch"
+  elasticsearch_version   = "OpenSearch_2.9"
+  instance_type           = "t3.small.search"
+  instance_count          = 4
+  ebs_volume_size         = 10
+  iam_role_arns           = ["arn:aws:iam::XXXXXXXXX:role/ops", "arn:aws:iam::XXXXXXXXX:role/dev"]
+  iam_actions             = ["es:ESHttpGet", "es:ESHttpPut", "es:ESHttpPost"]
+  encrypt_at_rest_enabled = "true"
+  kibana_subdomain_name   = "kibana-es"
+
+  advanced_options = {
+    "rest.action.multi.allow_explicit_index" = "true"
+  }
+}

examples/opensearch_basic/versions.tf

@@ -0,0 +1,10 @@
+terraform {
+  required_version = ">= 1.3"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 4.0"
+    }
+  }
+}

main.tf

@@ -4,11 +4,11 @@ locals {
 
   service_linked_role_name = local.elasticsearch_enabled ? "AWSServiceRoleForAmazonElasticsearchService" : "AWSServiceRoleForAmazonOpenSearchService"
 
-  aws_service_domain_arn             = coalesce(one(aws_elasticsearch_domain.default[*].arn), one(aws_opensearch_domain.default[*].arn))
-  aws_service_domain_endpoint        = coalesce(one(aws_elasticsearch_domain.default[*].endpoint), one(aws_opensearch_domain.default[*].endpoint))
-  aws_service_domain_id              = coalesce(one(aws_elasticsearch_domain.default[*].domain_id), one(aws_opensearch_domain.default[*].domain_id))
-  aws_service_domain_name            = coalesce(one(aws_elasticsearch_domain.default[*].domain_name), one(aws_opensearch_domain.default[*].domain_name))
-  aws_service_domain_kibana_endpoint = coalesce(one(aws_elasticsearch_domain.default[*].kibana_endpoint), one(aws_opensearch_domain.default[*].kibana_endpoint))
+  aws_service_domain_arn             = coalesce(join("", aws_elasticsearch_domain.default[*].arn), join("", aws_opensearch_domain.default[*].arn))
+  aws_service_domain_endpoint        = coalesce(join("", aws_elasticsearch_domain.default[*].endpoint), join("", aws_opensearch_domain.default[*].endpoint))
+  aws_service_domain_id              = coalesce(join("", aws_elasticsearch_domain.default[*].domain_id), join("", aws_opensearch_domain.default[*].domain_id))
+  aws_service_domain_name            = coalesce(join("", aws_elasticsearch_domain.default[*].domain_name), join("", aws_opensearch_domain.default[*].domain_name))
+  aws_service_domain_kibana_endpoint = coalesce(join("", aws_elasticsearch_domain.default[*].kibana_endpoint), join("", aws_opensearch_domain.default[*].kibana_endpoint))
 }
 
 module "user_label" {
@@ -49,7 +49,7 @@ resource "aws_security_group_rule" "ingress_security_groups" {
   to_port                  = var.ingress_port_range_end
   protocol                 = "tcp"
   source_security_group_id = var.security_groups[count.index]
-  security_group_id        = one(aws_security_group.default[*].id)
+  security_group_id        = join("", aws_security_group.default[*].id)
 }
 
 resource "aws_security_group_rule" "ingress_cidr_blocks" {
@@ -60,7 +60,7 @@ resource "aws_security_group_rule" "ingress_cidr_blocks" {
   to_port           = var.ingress_port_range_end
   protocol          = "tcp"
   cidr_blocks       = var.allowed_cidr_blocks
-  security_group_id = one(aws_security_group.default[*].id)
+  security_group_id = join("", aws_security_group.default[*].id)
 }
 
 resource "aws_security_group_rule" "egress" {
@@ -71,7 +71,7 @@ resource "aws_security_group_rule" "egress" {
   to_port           = 65535
   protocol          = "tcp"
   cidr_blocks       = ["0.0.0.0/0"]
-  security_group_id = one(aws_security_group.default[*].id)
+  security_group_id = join("", aws_security_group.default[*].id)
 }
 
 # https://github.com/terraform-providers/terraform-provider-aws/issues/5218
@@ -85,7 +85,7 @@ resource "aws_iam_service_linked_role" "default" {
 resource "aws_iam_role" "elasticsearch_user" {
   count              = module.this.enabled && var.create_elasticsearch_user_role && (length(var.iam_authorizing_role_arns) > 0 || length(var.iam_role_arns) > 0) ? 1 : 0
   name               = module.user_label.id
-  assume_role_policy = one(data.aws_iam_policy_document.assume_role[*].json)
+  assume_role_policy = join("", data.aws_iam_policy_document.assume_role[*].json)
   description        = "IAM Role to assume to access the Elasticsearch ${module.this.id} cluster"
   tags               = module.user_label.tags