Support for Opensearch VPC Endpoint.

[amal-v]

Amazon OpenSearch Service now supports managed VPC endpoints (powered by AWS PrivateLink) to connect to your Amazon OpenSearch Service VPC-enabled domain in a Virtual Private Cloud (VPC).

https://docs.aws.amazon.com/opensearch-service/latest/developerguide/vpc-interface-endpoints.html

It would be great if we can support this feature through the provider.

[phillbaker]

Hi @amal-v, I'm not quite understanding what would need to be implemented. Can you include an example of what is not working currently with the provider or how this function would work differently?

[mikekinlock]

Hey there, maybe I can help out a little bit. In general it would be great to have a resource with that you're able to create a OpenSearch Service-Managed VPC Endpoint and a resource Authorize Vpc Endpoint Access for other accounts. That's how we're able to give multiple accounts the rights to access a Openearch-Cluster without worrying about things like, vpc peering, role permissions, NAT, traffic going through the interne ect.

Following is the API documentation to: Create Opensearch VCP Endpoint Authorize VPC Endpoint Access Delete VPC Endpoint Access

Example vpc-endpoint:

aws_opensearch_service_managed_vpc_endpoint {
  domain_arn = string
  ...
}

Example vpc-endpoint-access

aws_opensearch_service_managed_authorize_vpc_endpoint {
  domain_name = string
  account_id = string
}

[phillbaker]

Unfortunately these resources would need to be added to the AWS provider, as the endpoints live on AWS apis, not on opensearch/elasticsearch itself. See https://github.com/hashicorp/terraform-provider-aws/issues/29912 for a similar feature request.

[mikekinlock]

thanks for the feedback