elasticsearch
cloudposse/elasticsearch/aws
Terraform module to provision an Elasticsearch cluster with built-in integrations with Kibana and Logstash.
Terraform module to provision an Elasticsearch cluster with built-in integrations with Kibana and Logstash. > [!TIP] > #### 👽 Use Atmos with Terraform > Cloud Posse uses atmos to easily orchestrate multiple environments using Terraform. > Works with Github Actions, Atlantis, or Spacelift. > > > Watch demo of using Atmos with Terraform > > Example of running atmos to manage infrastructure from our Quick Start tutorial. > Introduction This module will create: - Elasticsearch cluster with the specified node count in the provided subnets in a VPC - Elasticsearch domain policy that accepts a list of IAM role ARNs from which to permit management traffic to the cluster - Security Group to control access to the Elasticsearch domain (inputs to the Security Group are other Security Groups or CIDRs b
| Name | Type | Description | Default |
|---|---|---|---|
| iam_role_permissions_boundary | string | The ARN of the permissions boundary policy which will be attached to the Elastic | null |
| iam_irsa_service_accounts | list(string) | Kubernetes ServiceAccounts to allow to access the Elastic Domain via IRSA | [] |
| zone_awareness_enabled | bool | Enable zone awareness for Elasticsearch cluster | true |
| availability_zone_count | number | Number of Availability Zones for the domain to use. | 2 |
| cognito_identity_pool_id | string | The ID of the Cognito Identity Pool to use | "" |
| iam_actions | list(string) | List of actions to allow for the user IAM roles, _e.g._ `es:ESHttpGet`, `es:ESHt | [] |
| log_publishing_search_enabled | bool | Specifies whether log publishing option for SEARCH_SLOW_LOGS is enabled or not | false |
| elasticsearch_subdomain_name | string | The name of the subdomain for Elasticsearch in the DNS zone (_e.g._ `elasticsear | "" |
| label_order | list(string) | The order in which the labels (ID elements) appear in the `id`. Defaults to ["na | null |
| environment | string | ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'st | null |
| create_elasticsearch_user_role | bool | Whether to create an IAM role for Users/EC2 to assume to access the Elasticsearc | true |
| ingress_port_range_start | number | Start number for allowed port range. (e.g. `443`) | 0 |
| vpc_enabled | bool | Set to false if ES should be deployed outside of VPC. | true |
| iam_irsa_openid_connect_provider_url | string | URL of the OpenID connect provider to allow usage of IRSA | "" |
| dedicated_master_count | number | Number of dedicated master nodes in the cluster | 0 |
| create_security_group | bool | Whether to create a dedicated security group for the Elasticsearch domain. Set i | true |
| ebs_iops | number | The baseline input/output (I/O) performance of EBS volumes attached to data node | 0 |
| log_publishing_audit_cloudwatch_log_group_arn | string | ARN of the CloudWatch log group to which log for AUDIT_LOGS needs to be publishe | "" |
| advanced_security_options_master_user_arn | string | ARN of IAM user who is to be mapped to be Kibana master user (applicable if adva | "" |
| labels_as_tags | set(string) | Set of labels (ID elements) to include as tags in the `tags` output. Default is | [
"default"
] |
| … and 10 more inputs | |||
domain_arn — ARN of the Elasticsearch domaindomain_id — Unique identifier for the Elasticsearch domaindomain_endpoint — Domain-specific endpoint used to submit index, search, and data upload requestskibana_endpoint — Domain-specific endpoint for Kibana without https schemeelasticsearch_user_iam_role_arn — The ARN of the IAM role to allow access to Elasticsearch clustersecurity_group_id — Security Group ID to control access to the Elasticsearch domaindomain_name — Name of the Elasticsearch domaindomain_hostname — Elasticsearch domain hostname to submit index, search, and data upload requestskibana_hostname — Kibana hostnameelasticsearch_user_iam_role_name — The name of the IAM role to allow access to Elasticsearch clusterAzure landing zones Terraform module
Terraform supermodule for the Terraform platform engineering for Azure
Terraform module to deploy landing zone subscriptions (and much more) in Azure
Terraform Module to define a consistent naming convention by (namespace, stage,