search

cloudposse / terraform-aws-elasticsearch

Terraform module to provision an Elasticsearch cluster with built-in integrations with Kibana and Logstash.
https://cloudposse.com/accelerate
Apache License 2.0
218 stars 231 forks source link

Allow authenticated access from anywhere #75

Closed Nuru closed 4 years ago

Nuru commented 4 years ago

what

  1. Allow authenticated access from anywhere
  2. Avoid specifying warm_count and warm_type when warm_enabled == false
  3. Revert PR #66
  4. Minor cleanups

why

  1. PR #58 allowed unauthenticated access from whitelisted CIDRs, but in the process restricted authenticated access to those IPs as well. This PR make authenticated access not subject to the CIDR restriction.

  2. PR #74 introduced support for UltraWarm clusters, but always set warm_count and warm_type, eve when warm_enabled == false. This caused Terraform to always see the state as needing updating, since the detected state when warm_enabled == false is warm_count = 0 and warm_type unset. The PR leaves them unset to avoid apparent drift.

  3. The kibana_endpoint is not just a domain name, it includes a path component, the end result being something like esdomain-ntzuxwxpuxm7dmxcbpy4slbc4u.us-west-1.es.amazonaws.com/_plugin/kibana/. As such, is not suitable for a DNS record. The plain endpoint is the hostname portion and should be used for DNS. The previous code was correct but misunderstood.

  4. Some working code was nevertheless not the best style, and to the extent this serves as an example, we want the code to be in our preferred style.

Nuru commented 4 years ago

/test all

Nuru commented 4 years ago

/test all