Open digitalkaoz opened 6 months ago
Terraform will perform the following actions: # module.elasticsearch.aws_elasticsearch_domain_policy.default[0] will be updated in-place ~ resource "aws_elasticsearch_domain_policy" "default" { ~ access_policies = jsonencode( ~ { ~ Statement = [ ~ { + Sid = "User" # (4 unchanged attributes hidden) }, ] # (1 unchanged attribute hidden) } ) id = "esd-policy-REDACTED-objects" # (1 unchanged attribute hidden) } Plan: 0 to add, 1 to change, 0 to destroy.
when i apply this change, and plan again, i will see this this change above again.
no stack changes are detected
simply use this module with an iam_role_arn :
iam_role_arn
module "elasticsearch" { source = "cloudposse/elasticsearch/aws" namespace = var.project stage = var.environment name = var.name #environment = var.environment security_groups = [] vpc_enabled = var.use_vpc vpc_id = var.use_vpc ? data.aws_vpc.env.id : null subnet_ids = var.use_vpc ? [one(data.aws_subnets.private.ids)] : [one(data.aws_subnets.public.ids)] zone_awareness_enabled = false elasticsearch_version = "OpenSearch_2.11" instance_type = var.es["type"] instance_count = var.es["instances"] ebs_volume_size = var.es["volume"] iam_role_arns = ["arn:aws:iam::${data.aws_caller_identity.self.account_id}:root"] iam_actions = ["es:*"] aws_ec2_service_name = ["ec2.amazonaws.com", "lambda.amazonaws.com"] encrypt_at_rest_enabled = true node_to_node_encryption_enabled = true dns_zone_id = data.aws_route53_zone.base.id kibana_hostname_enabled = var.es["kibana"] != "" kibana_subdomain_name = var.es["kibana"] != "" ? var.es["kibana"] : null custom_endpoint_enabled = var.es["domain"] != "" custom_endpoint = "${var.es["domain"]}.${var.domain}" custom_endpoint_certificate_arn = data.aws_acm_certificate.cert.arn domain_endpoint_options_enforce_https = true domain_endpoint_options_tls_security_policy = "Policy-Min-TLS-1-2-2019-07" cognito_authentication_enabled = true cognito_iam_role_arn = aws_iam_role.es_service_role.arn cognito_identity_pool_id = var.cognito["identity_pool_id"] cognito_user_pool_id = var.cognito["user_pool_id"] #advanced_security_options_enabled = true # would force a destroy but is required for audit_logs log_publishing_application_enabled = true log_publishing_application_cloudwatch_log_group_arn = aws_cloudwatch_log_group.app_logs.arn log_publishing_search_enabled = true log_publishing_search_cloudwatch_log_group_arn = aws_cloudwatch_log_group.slow_logs.arn #log_publishing_audit_enabled = true #log_publishing_audit_cloudwatch_log_group_arn = aws_cloudwatch_log_group.audit_logs.arn log_publishing_index_enabled = true log_publishing_index_cloudwatch_log_group_arn = aws_cloudwatch_log_group.slow_logs.arn advanced_options = { "rest.action.multi.allow_explicit_index" = "true" "override_main_response_version" = "true" } tags = local.tags }
No response
❯ terraform --version Terraform v1.6.4 on darwin_arm64
Describe the Bug
when i apply this change, and plan again, i will see this this change above again.
Expected Behavior
no stack changes are detected
Steps to Reproduce
simply use this module with an
iam_role_arn
:Screenshots
No response
Environment
Additional Context
No response