-
Notifications
You must be signed in to change notification settings - Fork 56
/
Copy pathvariables.tf
444 lines (383 loc) · 14.5 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
variable "cluster_name" {
description = "The name of the OpenSearch cluster."
type = string
default = "opensearch"
}
variable "cluster_version" {
description = "The version of OpenSearch to deploy."
type = string
default = "2.11"
}
variable "cluster_domain" {
description = "The hosted zone name of the OpenSearch cluster."
type = string
}
variable "cluster_domain_private" {
description = "Indicates whether to create records in a private (true) or public (false) zone"
type = bool
default = false
}
variable "create_service_role" {
description = "Indicates whether to create the service-linked role. See https://docs.aws.amazon.com/opensearch-service/latest/developerguide/slr.html"
type = bool
default = true
}
variable "master_user_arn" {
description = "The ARN for the master user of the cluster. If not specified, then it defaults to using the IAM user that is making the request."
type = string
default = ""
}
variable "master_instance_enabled" {
description = "Indicates whether dedicated master nodes are enabled for the cluster."
type = bool
default = true
}
variable "master_instance_type" {
description = "The type of EC2 instances to run for each master node. A list of available instance types can you find at https://aws.amazon.com/en/opensearch-service/pricing/#On-Demand_instance_pricing"
type = string
default = "r6gd.large.elasticsearch"
validation {
condition = can(regex("^[t3|m3|r3|i3|i2|r6gd|c6g]", var.master_instance_type))
error_message = "The EC2 master_instance_type must provide a SSD or NVMe-based local storage."
}
}
variable "master_instance_count" {
description = "The number of dedicated master nodes in the cluster."
type = number
default = 3
}
variable "hot_instance_type" {
description = "The type of EC2 instances to run for each hot node. A list of available instance types can you find at https://aws.amazon.com/en/opensearch-service/pricing/#On-Demand_instance_pricing"
type = string
default = "r6gd.4xlarge.elasticsearch"
validation {
condition = can(regex("^[t3|m3|r3|i3|i2|r6gd|c6g|or1]", var.hot_instance_type))
error_message = "The EC2 hot_instance_type must provide a SSD or NVMe-based local storage."
}
}
variable "hot_instance_count" {
description = "The number of dedicated hot nodes in the cluster."
type = number
default = 3
}
variable "warm_instance_enabled" {
description = "Indicates whether ultrawarm nodes are enabled for the cluster."
type = bool
default = true
}
variable "warm_instance_type" {
description = "The type of EC2 instances to run for each warm node. A list of available instance types can you find at https://aws.amazon.com/en/elasticsearch-service/pricing/#UltraWarm_pricing"
type = string
default = "ultrawarm1.large.elasticsearch"
}
variable "warm_instance_count" {
description = "The number of dedicated warm nodes in the cluster."
type = number
default = 3
}
variable "availability_zones" {
description = "The number of availability zones for the OpenSearch cluster. Valid values: 1, 2 or 3."
type = number
default = 3
}
variable "vpc_enabled" {
description = "Indicates whether the cluster is running inside a VPC."
type = bool
default = false
}
variable "subnet_ids" {
description = "The list of VPC subnet IDs to use."
type = list(string)
default = []
}
variable "security_group_ids" {
description = "The list of VPC security groups IDs to attach."
type = list(string)
default = []
}
variable "ebs_enabled" {
description = "Indicates whether attach EBS volumes to the data nodes."
type = bool
default = false
}
variable "ebs_volume_size" {
description = "The size of EBS volumes attached to data nodes (in GiB)."
type = number
default = 10
}
variable "ebs_volume_type" {
description = "The type of EBS volumes attached to data nodes."
type = string
default = "gp3"
}
variable "ebs_throughput" {
description = "The throughput (in MiB/s) of the EBS volumes attached to data nodes. Valid values are between 125 and 1000."
type = number
default = 125
}
variable "ebs_iops" {
description = "The baseline input/output (I/O) performance of EBS volumes attached to data nodes."
type = number
default = 3000
}
variable "encrypt_kms_key_id" {
description = "The KMS key ID to encrypt the OpenSearch cluster with. If not specified, then it defaults to using the AWS OpenSearch Service KMS key."
type = string
default = ""
}
variable "saml_enabled" {
description = "Indicates whether to configure SAML for the OpenSearch dashboard."
type = bool
default = true
}
variable "saml_subject_key" {
description = "Element of the SAML assertion to use for username."
type = string
default = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"
}
variable "saml_roles_key" {
description = "Element of the SAML assertion to use for backend roles."
type = string
default = "http://schemas.microsoft.com/ws/2008/06/identity/claims/role"
}
variable "saml_entity_id" {
description = "The unique Entity ID of the application in SAML Identity Provider."
type = string
default = ""
}
variable "saml_metadata_content" {
description = "The metadata of the SAML application in xml format."
type = string
default = ""
}
variable "saml_session_timeout" {
description = "Duration of a session in minutes after a user logs in. Default is 60. Maximum value is 1,440."
type = number
default = 60
}
variable "saml_master_backend_role" {
description = "This backend role receives full permissions to the cluster, equivalent to a new master role, but can only use those permissions within Dashboards."
type = string
default = null
}
variable "saml_master_user_name" {
description = "This username receives full permissions to the cluster, equivalent to a new master user, but can only use those permissions within Dashboards."
type = string
default = null
}
variable "composable_index_templates" {
description = "A map of all composable index templates to create."
type = map(any)
default = {}
}
variable "composable_index_template_files" {
description = "A set of all composable index template files to create."
type = set(string)
default = []
}
variable "index_templates" {
description = "A map of all index templates to create."
type = map(any)
default = {}
}
variable "index_template_files" {
description = "A set of all index template files to create."
type = set(string)
default = []
}
variable "ism_policies" {
description = "A map of all ISM policies to create."
type = map(any)
default = {}
}
variable "ism_policy_files" {
description = "A set of all ISM policy files to create."
type = set(string)
default = []
}
variable "indices" {
description = "A map of all indices to create."
type = map(object({
number_of_shards = optional(number)
number_of_replicas = optional(number)
refresh_interval = optional(string)
mappings = optional(any, {})
aliases = optional(any, {})
analysis_analyzer = optional(string)
analysis_char_filter = optional(string)
analysis_filter = optional(string)
analysis_normalizer = optional(string)
analysis_tokenizer = optional(string)
analyze_max_token_count = optional(string)
auto_expand_replicas = optional(string)
blocks_metadata = optional(bool)
blocks_read = optional(bool)
blocks_read_only = optional(bool)
blocks_read_only_allow_delete = optional(bool)
blocks_write = optional(bool)
codec = optional(string)
default_pipeline = optional(string)
gc_deletes = optional(string)
highlight_max_analyzed_offset = optional(string)
include_type_name = optional(string)
index_similarity_default = optional(string)
indexing_slowlog_level = optional(string)
indexing_slowlog_source = optional(string)
indexing_slowlog_threshold_index_debug = optional(string)
indexing_slowlog_threshold_index_info = optional(string)
indexing_slowlog_threshold_index_trace = optional(string)
indexing_slowlog_threshold_index_warn = optional(string)
load_fixed_bitset_filters_eagerly = optional(bool)
max_docvalue_fields_search = optional(string)
max_inner_result_window = optional(string)
max_ngram_diff = optional(string)
max_refresh_listeners = optional(string)
max_regex_length = optional(string)
max_rescore_window = optional(string)
max_result_window = optional(string)
max_script_fields = optional(string)
max_shingle_diff = optional(string)
max_terms_count = optional(string)
number_of_routing_shards = optional(string)
rollover_alias = optional(string)
routing_allocation_enable = optional(string)
routing_partition_size = optional(string)
routing_rebalance_enable = optional(string)
search_idle_after = optional(string)
search_slowlog_level = optional(string)
search_slowlog_threshold_fetch_info = optional(string)
search_slowlog_threshold_fetch_debug = optional(string)
search_slowlog_threshold_fetch_trace = optional(string)
search_slowlog_threshold_fetch_warn = optional(string)
search_slowlog_threshold_query_debug = optional(string)
search_slowlog_threshold_query_info = optional(string)
search_slowlog_threshold_query_trace = optional(string)
search_slowlog_threshold_query_warn = optional(string)
shard_check_on_startup = optional(string)
sort_field = optional(string)
sort_order = optional(string)
}))
default = {}
}
variable "index_files" {
description = "A set of all index files to create."
type = set(string)
default = []
}
variable "roles" {
description = "A map of all roles to create."
type = map(any)
default = {}
}
variable "role_files" {
description = "A set of all role files to create."
type = set(string)
default = []
}
variable "role_mappings" {
description = "A map of all role mappings to create."
type = map(any)
default = {}
}
variable "role_mapping_files" {
description = "A set of all role mapping files to create."
type = set(string)
default = []
}
variable "tags" {
description = "A map of tags to add to all resources."
type = map(string)
default = {}
}
variable "custom_endpoint" {
description = "Fully qualified domain for your custom endpoint. If not specified, then it defaults to <cluster_name>.<cluster_domain>"
type = string
default = null
}
variable "custom_endpoint_certificate_arn" {
description = "The ARN of the custom ACM certificate."
type = string
default = ""
}
variable "advanced_options" {
description = "Key-value string pairs to specify advanced configuration options."
type = map(string)
default = null
}
variable "advanced_security_options_enabled" {
description = "Whether advanced security is enabled."
type = bool
default = true
}
variable "cognito_options_enabled" {
description = "Whether Amazon Cognito authentication with Kibana is enabled or not."
type = bool
default = false
}
variable "cognito_options" {
description = "Configuration block for authenticating Kibana with Cognito."
type = map(string)
default = {}
}
variable "access_policies" {
description = "IAM policy document specifying the access policies for the domain."
type = string
default = null
}
variable "advanced_security_options_internal_user_database_enabled" {
description = "Whether to enable or not internal Kibana user database for ELK OpenDistro security plugin"
type = bool
default = false
}
variable "advanced_security_options_master_user_name" {
description = "Master user username (applicable if advanced_security_options_internal_user_database_enabled set to true)"
type = string
default = null
}
variable "advanced_security_options_master_user_password" {
description = "Master user password (applicable if advanced_security_options_internal_user_database_enabled set to true)"
type = string
default = null
}
variable "node_to_node_encryption_enabled" {
description = "Configuration block for node-to-node encryption options"
type = bool
default = true
}
variable "encrypt_at_rest_enabled" {
description = "Configuration block for encrypt at rest options"
type = bool
default = true
}
variable "auto_tune_enabled" {
description = "Whether to enable/disable auto-tune"
type = bool
default = true
}
variable "auto_tune_options" {
description = "Configuration block for auto-tune options. The maintenance schedule block is required if rollback_on_disable is set to DEFAULT_ROLLBACK. The start_at field must be a time and date in RFC3339 format"
type = object({
maintenance_schedule = optional(list(object({
start_at = string
duration = object({
value = number
})
cron_expression_for_recurrence = optional(string)
})))
rollback_on_disable = string
})
default = {
rollback_on_disable = "NO_ROLLBACK"
maintenance_schedule = []
}
}
variable "log_streams_enabled" {
description = "Configuration for which log streams to enable sending logs to CloudWatch."
type = map(string)
default = {
"INDEX_SLOW_LOGS" = "false"
"SEARCH_SLOW_LOGS" = "false"
"ES_APPLICATION_LOGS" = "false"
"AUDIT_LOGS" = "false"
}
}