Page MenuHomePhorge
Files F33533056

D9875.1769077599.diff
No OneTemporary
Actions

Size
3 KB
Referenced Files
None
Subscribers
None

D9875.1769077599.diff
View Options

diff --git a/services/terraform/dev/main.tf b/services/terraform/dev/main.tf
--- a/services/terraform/dev/main.tf
+++ b/services/terraform/dev/main.tf
@@ -31,6 +31,7 @@
dynamic "endpoints" {
for_each = local.aws_settings.override_endpoint[*]
content {
+ opensearch = endpoints.value
dynamodb = endpoints.value
s3 = endpoints.value
secretsmanager = endpoints.value
@@ -44,4 +45,8 @@
module "shared" {
source = "../modules/shared"
is_dev = true
+
+ vpc_id = null
+ cidr_block = null
+ subnet_ids = []
}
diff --git a/services/terraform/modules/shared/opensearch.tf b/services/terraform/modules/shared/opensearch.tf
new file mode 100644
--- /dev/null
+++ b/services/terraform/modules/shared/opensearch.tf
@@ -0,0 +1,54 @@
+variable "domain" {
+ default = "identity-search-domain"
+}
+
+resource "aws_security_group" "identity-search" {
+ count = var.is_dev ? 0 : 1
+ name = "${var.vpc_id}-opensearch-service-${var.domain}"
+ description = "Managed by Terraform"
+ vpc_id = var.is_dev ? null : var.vpc_id
+
+ ingress {
+ from_port = 443
+ to_port = 443
+ protocol = "tcp"
+
+ cidr_blocks = [
+ var.cidr_block
+ ]
+ }
+
+ tags = {
+ Name = "${var.vpc_id}-opensearch-service-${var.domain}"
+ Environment = var.is_dev ? "development" : "production"
+ }
+}
+
+resource "aws_opensearch_domain" "identity-search" {
+ domain_name = var.domain
+ engine_version = "OpenSearch_1.0"
+
+ cluster_config {
+ instance_type = "t3.medium.search"
+ }
+
+ vpc_options {
+ subnet_ids = var.subnet_ids
+
+ security_group_ids = var.is_dev ? [] : [aws_security_group.identity-search[0].id]
+ }
+
+ advanced_options = {
+ "rest.action.multi.allow_explicit_index" = "true"
+ }
+
+ ebs_options {
+ ebs_enabled = true
+ volume_size = 10
+ }
+
+ tags = {
+ Name = var.domain
+ Environment = var.is_dev ? "development" : "production"
+ }
+}
diff --git a/services/terraform/modules/shared/outputs.tf b/services/terraform/modules/shared/outputs.tf
--- a/services/terraform/modules/shared/outputs.tf
+++ b/services/terraform/modules/shared/outputs.tf
@@ -14,3 +14,8 @@
table.name => table
}
}
+
+
+output "opensearch_domain_identity" {
+ value = aws_opensearch_domain.identity-search
+}
diff --git a/services/terraform/modules/shared/variables.tf b/services/terraform/modules/shared/variables.tf
--- a/services/terraform/modules/shared/variables.tf
+++ b/services/terraform/modules/shared/variables.tf
@@ -8,3 +8,9 @@
default = ""
description = "Suffix added to all bucket names"
}
+
+variable "vpc_id" {}
+
+variable "cidr_block" {}
+
+variable "subnet_ids" {}
diff --git a/services/terraform/remote/aws_iam.tf b/services/terraform/remote/aws_iam.tf
--- a/services/terraform/remote/aws_iam.tf
+++ b/services/terraform/remote/aws_iam.tf
@@ -194,3 +194,25 @@
aws_iam_policy.manage_reports_ddb.arn
]
}
+
+data "aws_iam_policy_document" "opensearch_domain_access" {
+ statement {
+ effect = "Allow"
+
+ actions = [
+ "es:ESHttpHead",
+ "es:ESHttpPost",
+ "es:ESHttpGet",
+ "es:ESHttpDelete",
+ "es:ESHttpPut",
+ ]
+ resources = ["${module.shared.opensearch_domain_identity.arn}/*"]
+ }
+}
+
+resource "aws_iam_policy" "opensearch_domain_access" {
+ name = "opensearch-domain-access"
+ path = "/"
+ description = "IAM policy for accessing opensearch domain"
+ policy = data.aws_iam_policy_document.opensearch_domain_access.json
+}
diff --git a/services/terraform/remote/main.tf b/services/terraform/remote/main.tf
--- a/services/terraform/remote/main.tf
+++ b/services/terraform/remote/main.tf
@@ -51,6 +51,12 @@
module "shared" {
source = "../modules/shared"
bucket_name_suffix = local.s3_bucket_name_suffix
+
+ vpc_id = aws_vpc.default.id
+ cidr_block = aws_vpc.default.cidr_block
+ subnet_ids = [
+ aws_subnet.public_a.id,
+ ]
}
check "workspace_check" {

File Metadata

Mime Type
text/plain
Expires
Thu, Jan 22, 10:26 AM (18 h, 34 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
5976377
Default Alt Text
D9875.1769077599.diff (3 KB)

Event Timeline