You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Note: There are some type of instances which not support encryption and EBS option, Please read about this [here](https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/aes-supported-instance-types.html). Also, there are some limitation for instance type, Please read [here](https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/aes-limits.html)
133
302
134
303
@@ -141,11 +310,20 @@ Note: There are some type of instances which not support encryption and EBS opti
141
310
| Name | Description | Type | Default | Required |
| advanced\_options | Key-value string pairs to specify advanced configuration options. |`map(string)`|`{}`| no |
313
+
| advanced\_security\_options\_enabled | AWS Elasticsearch Kibana enchanced security plugin enabling (forces new resource) |`bool`|`false`| no |
314
+
| advanced\_security\_options\_internal\_user\_database\_enabled | Whether to enable or not internal Kibana user database for ELK OpenDistro security plugin |`bool`|`false`| no |
315
+
| advanced\_security\_options\_master\_user\_arn | ARN of IAM user who is to be mapped to be Kibana master user (applicable if advanced\_security\_options\_internal\_user\_database\_enabled set to false) |`string`|`""`| no |
316
+
| advanced\_security\_options\_master\_user\_name | Master user username (applicable if advanced\_security\_options\_internal\_user\_database\_enabled set to true) |`string`|`""`| no |
317
+
| advanced\_security\_options\_master\_user\_password | Master user password (applicable if advanced\_security\_options\_internal\_user\_database\_enabled set to true) |`string`|`""`| no |
318
+
| allowed\_cidr\_blocks | List of CIDR blocks to be allowed to connect to the cluster |`list(string)`|`[]`| no |
144
319
| attributes | Additional attributes (e.g. `1`). |`list(any)`|`[]`| no |
145
320
| automated\_snapshot\_start\_hour | Hour at which automated snapshots are taken, in UTC. |`number`|`0`| no |
146
321
| availability\_zone\_count | Number of Availability Zones for the domain to use. |`number`|`2`| no |
147
322
| cloudwatch\_kms\_key\_id | The KMS key ID to encrypt the Cloudwatch logs. |`string`|`""`| no |
148
323
| cognito\_enabled | Set to false to prevent enable cognito. |`bool`|`true`| no |
324
+
| custom\_endpoint | Fully qualified domain for custom endpoint. |`string`|`""`| no |
325
+
| custom\_endpoint\_certificate\_arn | ACM certificate ARN for custom endpoint. |`string`|`""`| no |
326
+
| custom\_endpoint\_enabled | Whether to enable custom endpoint for the Elasticsearch domain. |`bool`|`false`| no |
149
327
| dedicated\_master\_count | Number of dedicated master nodes in the cluster. |`number`|`0`| no |
150
328
| dedicated\_master\_enabled | Indicates whether dedicated master nodes are enabled for the cluster. |`bool`|`false`| no |
151
329
| dedicated\_master\_type | Instance type of the dedicated master nodes in the cluster. |`string`|`"t2.small.elasticsearch"`| no |
@@ -158,29 +336,24 @@ Note: There are some type of instances which not support encryption and EBS opti
158
336
| enable\_logs | enable logs |`bool`|`true`| no |
159
337
| enabled | Set to false to prevent the module from creating any resources. |`bool`|`true`| no |
160
338
| encrypt\_at\_rest\_enabled | Whether to enable encryption at rest. |`bool`|`true`| no |
161
-
| encryption\_enabled | Whether to enable node-to-node encryption. |`bool`|`false`| no |
339
+
| encryption\_enabled | Whether to enable node-to-node encryption. |`bool`|`true`| no |
162
340
| enforce\_https | Whether or not to require HTTPS. |`bool`|`true`| no |
| es\_hostname | The Host name of elasticserch. |`string`|`""`| no |
165
343
| iam\_actions | List of actions to allow for the IAM roles, _e.g._`es:ESHttpGet`, `es:ESHttpPut`, `es:ESHttpPost`. |`list(string)`|`[]`| no |
166
-
| iam\_authorizing\_role\_arns | List of IAM role ARNs to permit to assume the Elasticsearch user role. |`list(string)`|`[]`| no |
167
-
| iam\_role\_arns | List of IAM role ARNs to permit access to the Elasticsearch domain. |`list(string)`|`[]`| no |
168
344
| identity\_pool\_id | ID of the Cognito Identity Pool to use. |`string`|`""`| no |
169
345
| instance\_count | Number of data nodes in the cluster. |`number`|`4`| no |
170
346
| instance\_type | Elasticsearch instance type for data nodes in the cluster. |`string`|`"t2.small.elasticsearch"`| no |
171
347
| iops | The baseline input/output (I/O) performance of EBS volumes attached to data nodes. Applicable only for the Provisioned IOPS EBS volume type. |`number`|`0`| no |
172
348
| kibana\_hostname | The Host name of kibana. |`string`|`""`| no |
173
349
| kms\_key\_id | The KMS key ID to encrypt the Elasticsearch domain with. If not specified, then it defaults to using the AWS/Elasticsearch service KMS key. |`string`|`""`| no |
174
350
| label\_order | Label order, e.g. `name`,`application`. |`list(any)`|`[]`| no |
175
-
| log\_publishing\_application\_cloudwatch\_log\_group\_arn | ARN of the CloudWatch log group to which log for ES\_APPLICATION\_LOGS needs to be published. |`string`|`""`| no |
176
351
| log\_publishing\_application\_enabled | Specifies whether log publishing option for ES\_APPLICATION\_LOGS is enabled or not. |`bool`|`false`| no |
177
-
| log\_publishing\_index\_cloudwatch\_log\_group\_arn|ARN of the CloudWatch log group to which log for INDEX\_SLOW\_LOGS needs to be published. |`string`|`""`| no |
352
+
| log\_publishing\_audit\_enabled|Specifies whether log publishing option for AUDIT\_LOGS is enabled or not. |`bool`|`false`| no |
178
353
| log\_publishing\_index\_enabled | Specifies whether log publishing option for INDEX\_SLOW\_LOGS is enabled or not. |`bool`|`false`| no |
179
-
| log\_publishing\_search\_cloudwatch\_log\_group\_arn | ARN of the CloudWatch log group to which log for SEARCH\_SLOW\_LOGS needs to be published. |`string`|`""`| no |
180
354
| log\_publishing\_search\_enabled | Specifies whether log publishing option for SEARCH\_SLOW\_LOGS is enabled or not. |`bool`|`false`| no |
181
355
| managedby | ManagedBy, eg 'CloudDrove'. |`string`|`"hello@clouddrove.com"`| no |
182
356
| name | Name (e.g. `app` or `cluster`). |`string`|`""`| no |
183
-
| public\_enabled | Enable Elasticsearch cluster is public or not. |`bool`|`false`| no |
184
357
| repository | Terraform current module repo |`string`|`"https://github.com/clouddrove/terraform-aws-elasticsearch"`| no |
185
358
| retention\_in\_days | Days of retention of cloudwatch. |`number`|`90`| no |
186
359
| security\_group\_ids | Security Group IDs. |`list(string)`|`[]`| no |
@@ -192,6 +365,10 @@ Note: There are some type of instances which not support encryption and EBS opti
192
365
| user\_pool\_id | ID of the Cognito User Pool to use. |`string`|`""`| no |
193
366
| volume\_size | EBS volumes for data storage in GB. |`number`|`0`| no |
194
367
| volume\_type | Storage type of EBS volumes. |`string`|`"gp2"`| no |
368
+
| vpc\_enabled | Set to false if ES should be deployed outside of VPC. |`bool`|`true`| no |
369
+
| warm\_count | Number of UltraWarm nodes |`number`|`2`| no |
370
+
| warm\_enabled | Whether AWS UltraWarm is enabled |`bool`|`false`| no |
371
+
| warm\_type | Type of UltraWarm nodes |`string`|`"ultrawarm1.medium.elasticsearch"`| no |
195
372
| zone\_awareness\_enabled | Enable zone awareness for Elasticsearch cluster. |`bool`|`false`| no |
0 commit comments