Terraform-provider-aws: Add support for Fine-Grained (aws_elasticsearch_domain)

Created on 14 Feb 2020  ·  6Comments  ·  Source: hashicorp/terraform-provider-aws

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

AWS released a new feature for AWS ES Domain. You can now have fine-grained security, which is a great feature, specially for Kibana access.
https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/fgac.html

New or Affected Resource(s)

  • aws_elasticsearch_domain

Potential Terraform Configuration

Could be the same as the cognito_options:

resource "aws_elasticsearch_domain" "example" {
  # .. other configuration ...
  fine_grained_options {
    enabled = true
   # 
    master_user = "admin"
    master_password = "secret"
  }
}

resource "aws_elasticsearch_domain" "example" {
  # .. other configuration ...
  fine_grained_options {
    enabled = true
    iam_arn = "arn:xxxxx::role/aws-es-admin-role"
  }
}

References

  • #0000
enhancement servicelasticsearch
Source
picture jujugrrr
👍65

Most helpful comment

This feature has been merged and will release with v2.69.0 of the Terraform AWS Provider, expected later this week.

picture anGie44 on 30 Jun 2020
🎉5 😄1

All 6 comments

I think this is configured at the Elasticsearch level (eg via the UI or the Elasticsearch API) rather than at the AWS Elasticsearch service level so I don't think this provider can help here.

https://opendistro.github.io/for-elasticsearch-docs/docs/security-access-control/ shows how to configure it but that's just general Open Distro for Elasticsearch stuff.

tomelliff picture tomelliff on 18 Feb 2020

Hi Tom, it's definetly an option you can tick through the AWS console, so
are the master user details. I haven't look at AWS API support for it
though

On Tue, 18 Feb 2020, 09:07 Tom Elliff, notifications@github.com wrote:

I think this is configured at the Elasticsearch level (eg via the UI or
the Elasticsearch API) rather than at the AWS Elasticsearch service level
so I don't think this provider can help here.

https://opendistro.github.io/for-elasticsearch-docs/docs/security-access-control/
shows how to configure it but that's just general Open Distro for
Elasticsearch stuff.


You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
https://github.com/terraform-providers/terraform-provider-aws/issues/12054?email_source=notifications&email_token=AA6ICL3CDXDF23EUJCLQYDDRDOQOJA5CNFSM4KVFPJF2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEMBE4MA#issuecomment-587353648,
or unsubscribe
https://github.com/notifications/unsubscribe-auth/AA6ICL2BZFBZO6KGG53YBGTRDOQOJANCNFSM4KVFPJFQ
.

jujugrrr picture jujugrrr on 18 Feb 2020

The AWS Elasticsearch API Reference contains a new AdvancedSecurityOptions structure, which looks like it would be the relevant piece for the Terraform resource. My suggestion for anyone potentially implementing this would be to follow the API structure, e.g. in Terraform configuration

resource "aws_elasticsearch_domain" "example" {
  # ... other configuration ...

  advanced_security_options {
    enabled = true
    internal_user_database_enabled = true

    master_user_options {
      master_user_arn = ""
      master_user_name = ""
      master_user_password = ""
    }
  }
}
bflad picture bflad on 18 Feb 2020
👀1

This feature has been merged and will release with v2.69.0 of the Terraform AWS Provider, expected later this week.

anGie44 picture anGie44 on 30 Jun 2020
🎉5 😄1

This has been released in version 2.69.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks!

hashibot[bot] picture hashibot[bot] on 3 Jul 2020

I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!

hashibot[bot] picture hashibot[bot] on 30 Jul 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

hashibot picture hashibot  ·  3Comments
EmmN picture EmmN  ·  3Comments
reedloden picture reedloden  ·  3Comments
hashibot picture hashibot  ·  3Comments
joelittlejohn picture joelittlejohn  ·  3Comments