| access_policies |
IAM policy document specifying the access policies for the domain |
string |
"" |
no |
| admin_identifiers |
Admin Identifiers to be allowed in the Access Policy of Opensearch Cluster |
list(string) |
[
"*"
] |
no |
| advanced_options |
Note that the values for these configuration options must be strings (wrapped in quotes) or they may be wrong and cause a perpetual diff, causing Terraform to want to recreate your OpenSearch domain on every apply. |
map(string) |
{} |
no |
| advanced_security_options_enabled |
Whether advanced security is enabled |
bool |
false |
no |
| alarm_actions |
The list of actions to execute when this alarm transitions into an ALARM state from any other state. Each action is specified as an Amazon Resource Name (ARN) |
list(string) |
[] |
no |
| alarm_overrides |
A map of overrides to apply to each alarm |
any |
{} |
no |
| anonymous_auth_enabled |
Whether Anonymous auth is enabled. Enables fine-grained access control on an existing domain. Ignored unless advanced_security_options are enabled. Can only be enabled on an existing domain |
bool |
false |
no |
| auto_software_update_enabled |
Whether automatic service software updates are enabled for the domain |
bool |
false |
no |
| auto_tune_desired_state |
The Auto-Tune desired state for the domain. Valid values: ENABLED or DISABLED |
string |
"ENABLED" |
no |
| availability_zones |
The number of availability zones for the OpenSearch cluster. Valid values: 1, 2 or 3. |
number |
3 |
no |
| cloudwatch_log_group_retention_days |
Cloudwatch log group retention period in days |
number |
7 |
no |
| cognito_identity_pool_id |
ID of the Cognito Identity Pool to use. |
string |
"" |
no |
| cognito_role_arn |
ARN of the IAM role that has the AmazonOpenSearchServiceCognitoAccess policy attached. |
string |
"" |
no |
| cognito_user_id_pool |
ID of the Cognito User Pool to use. |
string |
"" |
no |
| cold_storage_enabled |
Enable cold storage. Master and ultrawarm nodes must be enabled for cold storage. |
bool |
false |
no |
| coordinator_instance_count |
The number of coordinator nodes in the cluster. |
number |
3 |
no |
| coordinator_instance_enabled |
Indicates whether coordinator nodes are enabled for the cluster. |
bool |
false |
no |
| coordinator_instance_type |
The type of EC2 instances to run for each coordinator node. |
string |
"" |
no |
| create_alarms |
Whether to create default set of alarms |
bool |
true |
no |
| create_service_role |
Indicates whether to create the service-linked role. See https://docs.aws.amazon.com/opensearch-service/latest/developerguide/slr.html |
bool |
false |
no |
| create_vpc_endpoint |
Whether to create a VPC endpoint for the domain |
bool |
false |
no |
| custom_endpoint |
Custom Endpoint URL |
string |
null |
no |
| custom_endpoint_certificate_arn |
Custom Endpoint Certificate ARN |
string |
null |
no |
| custom_endpoint_enabled |
custom endpoint enabled |
bool |
false |
no |
| disabled_alarms |
List of IDs of alarms to disable |
list(string) |
[] |
no |
| domain_name |
The name of the OpenSearch cluster. |
string |
n/a |
yes |
| ebs_enabled |
Whether EBS volumes are attached to data nodes in the domain |
bool |
false |
no |
| ebs_gp3_throughput |
Specifies the throughput (in MiB/s) of the EBS volumes attached to data nodes. Applicable only for the gp3 volume type. Valid values are between 125 and 1000 |
number |
125 |
no |
| ebs_iops |
Baseline input/output (I/O) performance of EBS volumes attached to data nodes. Applicable only for the GP3 and Provisioned IOPS EBS volume types |
number |
3000 |
no |
| ebs_volume_size |
Size of EBS volumes attached to data nodes (in GiB) |
number |
10 |
no |
| ebs_volume_type |
Type of EBS volumes attached to data nodes |
string |
"gp3" |
no |
| enable_cognito |
Whether Amazon Cognito authentication with Dashboard is enabled or not. |
bool |
false |
no |
| enable_off_peak_window_options |
Enabled disabled toggle for off-peak update window |
bool |
true |
no |
| encrypt_at_rest_enabled |
Enable encrypt at rest. |
bool |
true |
no |
| encrypt_kms_key_id |
The KMS key ID to encrypt the OpenSearch cluster with. If not specified, then it defaults to using the AWS OpenSearch Service KMS key. |
string |
null |
no |
| engine_version |
Specify the engine version for the Amazon OpenSearch Service domain |
string |
"OpenSearch_1.3" |
no |
| instance_count |
The number of dedicated hot nodes in the cluster. |
number |
3 |
no |
| instance_type |
The type of EC2 instances to run for each hot node. A list of available instance types can you find at https://aws.amazon.com/en/opensearch-service/pricing/#On-Demand_instance_pricing |
string |
"t3.small.search" |
no |
| insufficient_data_actions |
The list of actions to execute when this alarm transitions into an INSUFFICIENT_DATA state from any other state |
list(string) |
[] |
no |
| internal_user_database_enabled |
Whether the internal user database is enabled |
bool |
false |
no |
| log_publishing_options |
Configuration block for publishing slow and application logs to CloudWatch Logs. |
map(object({
enabled = optional(bool, true)
cloudwatch_log_group_arn = optional(string, "")
})) |
{
"audit_logs": {
"enabled": false
},
"index_slow_logs": {
"enabled": true
}
} |
no |
| maintenance_schedule |
configuration for auto tune maintenance schedule |
map(any) |
{} |
no |
| master_instance_count |
The number of dedicated master nodes in the cluster. |
number |
3 |
no |
| master_instance_enabled |
Indicates whether dedicated master nodes are enabled for the cluster. |
bool |
true |
no |
| master_instance_type |
The type of EC2 instances to run for each master node. A list of available instance types can you find at https://aws.amazon.com/en/opensearch-service/pricing/#On-Demand_instance_pricing |
string |
"t3.small.search" |
no |
| master_user_arn |
The ARN for the master user of the cluster. If not specified, then it defaults to using the IAM user that is making the request. |
string |
"" |
no |
| master_user_name |
Main user's username, which is stored in the Amazon OpenSearch Service domain's internal database |
string |
"" |
no |
| master_user_password |
Main user's password, which is stored in the Amazon OpenSearch Service domain's internal database |
string |
"" |
no |
| multi_az_with_standby_enabled |
Indicates whether multi-AZ with standy is enabled for the cluster. |
bool |
false |
no |
| node_to_node_encryption_enabled |
Enable node-to-node encryption. |
bool |
true |
no |
| off_peak_window_options |
Configuration for off peak window |
map(any) |
{
"hours": 14,
"minutes": 0
} |
no |
| ok_actions |
The list of actions to execute when this alarm transitions into an OK state from any other state |
list(string) |
[] |
no |
| rollback_on_disable |
whether to roll back auto tune if auto tune is disabled |
string |
"NO_ROLLBACK" |
no |
| saml_enabled |
Whether SAML authentication is enabled |
bool |
false |
no |
| saml_entity_id |
The unique Entity ID of the application in SAML Identity Provider. |
string |
"" |
no |
| saml_master_backend_role |
This backend role receives full permissions to the cluster, equivalent to a new master role, but can only use those permissions within Dashboards. |
string |
null |
no |
| saml_master_user_name |
This username receives full permissions to the cluster, equivalent to a new master user, but can only use those permissions within Dashboards. |
string |
null |
no |
| saml_metadata_content |
The metadata of the SAML application in xml format. |
string |
"" |
no |
| saml_options_enabled |
Whether SAML authentication options for an AWS OpenSearch Domain is enabled |
bool |
false |
no |
| saml_roles_key |
Element of the SAML assertion to use for backend roles. |
string |
"" |
no |
| saml_session_timeout |
Duration of a session in minutes after a user logs in. Default is 60. Maximum value is 1,440. |
number |
60 |
no |
| saml_subject_key |
Element of the SAML assertion to use for username. |
string |
"" |
no |
| security_group_ids |
List of VPC Security Group IDs to be applied to the OpenSearch domain endpoints. If omitted, the default Security Group for the VPC will be used |
list(string) |
[] |
no |
| subnet_ids |
List of VPC Subnet IDs for the OpenSearch domain endpoints to be created in |
list(string) |
[] |
no |
| tags |
A map of tags to add to all resources. |
map(string) |
{} |
no |
| vpc_endpoint_security_group_ids |
Security group IDs to use for VPC endpoint |
list(string) |
[] |
no |
| vpc_endpoint_subnet_ids |
Subnet IDs to use for VPC endpoint |
list(string) |
[] |
no |
| warm_instance_count |
The number of dedicated warm nodes in the cluster. |
number |
3 |
no |
| warm_instance_enabled |
Indicates whether ultrawarm nodes are enabled for the cluster. |
bool |
false |
no |
| warm_instance_type |
The type of EC2 instances to run for each warm node. A list of available instance types can you find at https://aws.amazon.com/en/elasticsearch-service/pricing/#UltraWarm_pricing |
string |
"ultrawarm1.medium.search" |
no |
| whitelist_ips |
Whitelisted client ip address to access. |
list(string) |
[] |
no |