Created
November 4, 2021 16:33
-
-
Save junaid18183/6b4146ead8b46582dee9ca3a344596ac to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| provider "aws" { | |
| region = "us-east-2" | |
| } | |
| terraform { | |
| required_version = "1.0.7" | |
| required_providers { | |
| aws = { | |
| source = "hashicorp/aws" | |
| version = "3.63.0" | |
| } | |
| } | |
| } | |
| variable "management_iam_roles" { | |
| description = "List of IAM role ARNs from which to permit management traffic (default ['*']). Note that a client must match both the IP address and the IAM role patterns in order to be permitted access." | |
| type = list(string) | |
| default = ["*"] | |
| } | |
| variable "management_public_ip_addresses" { | |
| description = "List of IP addresses from which to permit management traffic (default []). Note that a client must match both the IP address and the IAM role patterns in order to be permitted access." | |
| type = list(string) | |
| default = ["10.0.0.0/16", "103.226.30.190/32"] | |
| } | |
| resource "aws_elasticsearch_domain" "opensearch" { | |
| domain_name = "comet-es" | |
| elasticsearch_version = "OpenSearch_1.0" | |
| cluster_config { | |
| instance_type = "t3.medium.elasticsearch" | |
| instance_count = 1 | |
| dedicated_master_enabled = false | |
| zone_awareness_enabled = false | |
| } | |
| ebs_options { | |
| volume_size = 50 | |
| volume_type = "gp2" | |
| ebs_enabled = true | |
| } | |
| snapshot_options { | |
| automated_snapshot_start_hour = 23 | |
| } | |
| } | |
| data "aws_iam_policy_document" "es_management_access" { | |
| statement { | |
| actions = [ | |
| "es:*", | |
| ] | |
| resources = [ | |
| aws_elasticsearch_domain.opensearch.arn, | |
| "${aws_elasticsearch_domain.opensearch.arn}/*", | |
| ] | |
| principals { | |
| // type = "AWS" | |
| // identifiers = distinct(compact(var.management_iam_roles)) | |
| type = "*" | |
| identifiers = ["*"] | |
| } | |
| condition { | |
| test = "IpAddress" | |
| variable = "aws:SourceIp" | |
| values = distinct(compact(var.management_public_ip_addresses)) | |
| } | |
| } | |
| } | |
| resource "aws_elasticsearch_domain_policy" "es_management_access" { | |
| domain_name = aws_elasticsearch_domain.opensearch.domain_name | |
| access_policies = data.aws_iam_policy_document.es_management_access.json | |
| } | |
| output "Domain_ARN" { | |
| value = aws_elasticsearch_domain.opensearch.arn | |
| } | |
| output "Kibana_EndPoint" { | |
| value = aws_elasticsearch_domain.opensearch.kibana_endpoint | |
| } | |
| output "Domain_EndPoint" { | |
| value = aws_elasticsearch_domain.opensearch.endpoint | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
You need to provide the management_public_ip_addresses so that you can access the ES and kibana.
curl search-comet-es-jzxspkvdpjtn7sjh4m7gj4a24u.us-east-2.es.amazonaws.com { "name" : "6e40279f65ccc89c3f039a9311c6beaf", "cluster_name" : "795461177457:comet-es", "cluster_uuid" : "tkOTrxQNQHCH2b5Im79fdg", "version" : { "number" : "7.10.2", "build_type" : "tar", "build_hash" : "unknown", "build_date" : "2021-09-21T11:27:10.894287Z", "build_snapshot" : false, "lucene_version" : "8.8.2", "minimum_wire_compatibility_version" : "6.8.0", "minimum_index_compatibility_version" : "6.0.0-beta1" }, "tagline" : "The OpenSearch Project: https://opensearch.org/" }curl -I search-comet-es-jzxspkvdpjtn7sjh4m7gj4a24u.us-east-2.es.amazonaws.com/_plugin/kibana/ HTTP/1.1 302 Found Date: Thu, 04 Nov 2021 16:34:59 GMT Content-Type: application/json Content-Length: 0 Connection: keep-alive x-amzn-RequestId: c69b6219-fd93-4743-8f3c-1fed3e7f986e Cache-Control: private, no-cache, no-store, must-revalidate Location: /_dashboards/app/home osd-name: ip-10-212-51-235.us-east-2.compute.internal