Module elasticsearch
@pulumi/aws > elasticsearch
Index ▹
class Domain
extends CustomResource
Manages an AWS Elasticsearch Domain.
Example Usage
Basic Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.elasticsearch.Domain("example", {
clusterConfig: {
instanceType: "r4.large.elasticsearch",
},
domainName: "example",
elasticsearchVersion: "1.5",
snapshotOptions: {
automatedSnapshotStartHour: 23,
},
tags: {
Domain: "TestDomain",
},
});
Access Policy
See also:
aws_elasticsearch_domain_policy
resource
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const config = new pulumi.Config();
const domain = config.get("domain") || "tf-test";
const currentCallerIdentity = pulumi.output(aws.getCallerIdentity({}));
const currentRegion = pulumi.output(aws.getRegion({}));
const example = new aws.elasticsearch.Domain("example", {
accessPolicies: pulumi.all([currentRegion, currentCallerIdentity]).apply(([currentRegion, currentCallerIdentity]) => `{
"Version": "2012-10-17",
"Statement": [
{
"Action": "es:*",
"Principal": "*",
"Effect": "Allow",
"Resource": "arn:aws:es:${currentRegion.name}:${currentCallerIdentity.accountId}:domain/${domain}/*",
"Condition": {
"IpAddress": {"aws:SourceIp": ["66.193.100.22/32"]}
}
}
]
}
`),
domainName: domain,
});
Log Publishing to CloudWatch Logs
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const exampleLogGroup = new aws.cloudwatch.LogGroup("example", {});
const exampleLogResourcePolicy = new aws.cloudwatch.LogResourcePolicy("example", {
policyDocument: `{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "es.amazonaws.com"
},
"Action": [
"logs:PutLogEvents",
"logs:PutLogEventsBatch",
"logs:CreateLogStream"
],
"Resource": "arn:aws:logs:*"
}
]
}
`,
policyName: "example",
});
const exampleDomain = new aws.elasticsearch.Domain("example", {
logPublishingOptions: [{
cloudwatchLogGroupArn: exampleLogGroup.arn,
logType: "INDEX_SLOW_LOGS",
}],
});
VPC based ES
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const config = new pulumi.Config();
const domain = config.get("domain") || "tf-test";
const vpc = config.require("vpc");
const esServiceLinkedRole = new aws.iam.ServiceLinkedRole("es", {
awsServiceName: "es.amazonaws.com",
});
const currentCallerIdentity = pulumi.output(aws.getCallerIdentity({}));
const currentRegion = pulumi.output(aws.getRegion({}));
const selectedVpc = pulumi.output(aws.ec2.getVpc({
tags: {
Name: vpc,
},
}));
const selectedSubnetIds = pulumi.output(aws.ec2.getSubnetIds({
tags: {
Tier: "private",
},
vpcId: selectedVpc.apply(selectedVpc => selectedVpc.id),
}));
const esDomain = new aws.elasticsearch.Domain("es", {
accessPolicies: pulumi.all([currentRegion, currentCallerIdentity]).apply(([currentRegion, currentCallerIdentity]) => `{
"Version": "2012-10-17",
"Statement": [
{
"Action": "es:*",
"Principal": "*",
"Effect": "Allow",
"Resource": "arn:aws:es:${currentRegion.name}:${currentCallerIdentity.accountId}:domain/${domain}/*"
}
]
}
`),
advancedOptions: {
"rest.action.multi.allow_explicit_index": "true",
},
clusterConfig: {
instanceType: "m4.large.elasticsearch",
},
domainName: domain,
elasticsearchVersion: "6.3",
snapshotOptions: {
automatedSnapshotStartHour: 23,
},
tags: {
Domain: "TestDomain",
},
vpcOptions: {
securityGroupIds: [aws_security_group_elasticsearch.id],
subnetIds: [
selectedSubnetIds.apply(selectedSubnetIds => selectedSubnetIds.ids[0]),
selectedSubnetIds.apply(selectedSubnetIds => selectedSubnetIds.ids[1]),
],
},
}, {dependsOn: [esServiceLinkedRole]});
const esSecurityGroup = new aws.ec2.SecurityGroup("es", {
description: "Managed by Terraform",
ingress: [{
cidrBlocks: [selectedVpc.apply(selectedVpc => selectedVpc.cidrBlocks)],
fromPort: 443,
protocol: "tcp",
toPort: 443,
}],
vpcId: selectedVpc.apply(selectedVpc => selectedVpc.id),
});
constructor
new Domain(name: string, args?: DomainArgs, opts?: pulumi.CustomResourceOptions)
Create a Domain resource with the given unique name, arguments, and options.
name
The unique name of the resource.args
The arguments to use to populate this resource's properties.opts
A bag of options that control this resource's behavior.
method get
public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: DomainState, opts?: pulumi.CustomResourceOptions): Domain
Get an existing Domain resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
method getProvider
method isInstance
static isInstance(obj: any): boolean
Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.
property accessPolicies
public accessPolicies: pulumi.Output<string>;
IAM policy document specifying the access policies for the domain
property advancedOptions
public advancedOptions: pulumi.Output<{[key: string]: any}>;
Key-value string pairs to specify advanced configuration options. Note that the values for these configuration options must be strings (wrapped in quotes) or they may be wrong and cause a perpetual diff, causing Terraform to want to recreate your Elasticsearch domain on every apply.
property arn
public arn: pulumi.Output<string>;
Amazon Resource Name (ARN) of the domain.
property clusterConfig
public clusterConfig: pulumi.Output<{ dedicatedMasterCount: number; dedicatedMasterEnabled: boolean; dedicatedMasterType: string; instanceCount: number; instanceType: string; zoneAwarenessEnabled: boolean; }>;
Cluster configuration of the domain, see below.
property cognitoOptions
public cognitoOptions: pulumi.Output<{ enabled: boolean; identityPoolId: string; roleArn: string; userPoolId: string; } | undefined>;
property domainId
public domainId: pulumi.Output<string>;
Unique identifier for the domain.
property domainName
public domainName: pulumi.Output<string>;
Name of the domain.
property ebsOptions
public ebsOptions: pulumi.Output<{ ebsEnabled: boolean; iops: number; volumeSize: number; volumeType: string; }>;
EBS related options, may be required based on chosen instance size. See below.
property elasticsearchVersion
public elasticsearchVersion: pulumi.Output<string | undefined>;
The version of Elasticsearch to deploy. Defaults to 1.5
property encryptAtRest
public encryptAtRest: pulumi.Output<{ enabled: boolean; kmsKeyId: string; }>;
Encrypt at rest options. Only available for certain instance types. See below.
property endpoint
public endpoint: pulumi.Output<string>;
Domain-specific endpoint used to submit index, search, and data upload requests.
property id
id: Output<ID>;
id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.
property kibanaEndpoint
public kibanaEndpoint: pulumi.Output<string>;
Domain-specific endpoint for kibana without https scheme.
vpc_options.0.availability_zones
- If the domain was created inside a VPC, the names of the availability zones the configuredsubnet_ids
were created inside.vpc_options.0.vpc_id
- If the domain was created inside a VPC, the ID of the VPC.
property logPublishingOptions
public logPublishingOptions: pulumi.Output<{ cloudwatchLogGroupArn: string; enabled: boolean; logType: string; }[] | undefined>;
Options for publishing slow logs to CloudWatch Logs.
property nodeToNodeEncryption
public nodeToNodeEncryption: pulumi.Output<{ enabled: boolean; }>;
Node-to-node encryption options. See below.
property snapshotOptions
public snapshotOptions: pulumi.Output<{ automatedSnapshotStartHour: number; } | undefined>;
Snapshot related options, see below.
property tags
public tags: pulumi.Output<{[key: string]: any} | undefined>;
A mapping of tags to assign to the resource
property urn
urn: Output<URN>;
urn is the stable logical URN used to distinctly address a resource, both before and after deployments.
property vpcOptions
public vpcOptions: pulumi.Output<{ availabilityZones: string[]; securityGroupIds: string[]; subnetIds: string[]; vpcId: string; } | undefined>;
VPC related options, see below. Adding or removing this configuration forces a new resource (documentation).
class DomainPolicy
extends CustomResource
Allows setting policy to an Elasticsearch domain while referencing domain attributes (e.g. ARN)
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.elasticsearch.Domain("example", {
domainName: "tf-test",
elasticsearchVersion: "2.3",
});
const main = new aws.elasticsearch.DomainPolicy("main", {
accessPolicies: example.arn.apply(arn => `{
"Version": "2012-10-17",
"Statement": [
{
"Action": "es:*",
"Principal": "*",
"Effect": "Allow",
"Condition": {
"IpAddress": {"aws:SourceIp": "127.0.0.1/32"}
},
"Resource": "${arn}/*"
}
]
}
`),
domainName: example.domainName,
});
constructor
new DomainPolicy(name: string, args: DomainPolicyArgs, opts?: pulumi.CustomResourceOptions)
Create a DomainPolicy resource with the given unique name, arguments, and options.
name
The unique name of the resource.args
The arguments to use to populate this resource's properties.opts
A bag of options that control this resource's behavior.
method get
public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: DomainPolicyState, opts?: pulumi.CustomResourceOptions): DomainPolicy
Get an existing DomainPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
method getProvider
method isInstance
static isInstance(obj: any): boolean
Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.
property accessPolicies
public accessPolicies: pulumi.Output<string>;
IAM policy document specifying the access policies for the domain
property domainName
public domainName: pulumi.Output<string>;
Name of the domain.
property id
id: Output<ID>;
id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.
property urn
interface DomainArgs
The set of arguments for constructing a Domain resource.
property accessPolicies
accessPolicies?: pulumi.Input<string>;
IAM policy document specifying the access policies for the domain
property advancedOptions
advancedOptions?: pulumi.Input<{[key: string]: any}>;
Key-value string pairs to specify advanced configuration options. Note that the values for these configuration options must be strings (wrapped in quotes) or they may be wrong and cause a perpetual diff, causing Terraform to want to recreate your Elasticsearch domain on every apply.
property clusterConfig
clusterConfig?: pulumi.Input<{ dedicatedMasterCount: pulumi.Input<number>; dedicatedMasterEnabled: pulumi.Input<boolean>; dedicatedMasterType: pulumi.Input<string>; instanceCount: pulumi.Input<number>; instanceType: pulumi.Input<string>; zoneAwarenessEnabled: pulumi.Input<boolean>; }>;
Cluster configuration of the domain, see below.
property cognitoOptions
cognitoOptions?: pulumi.Input<{ enabled: pulumi.Input<boolean>; identityPoolId: pulumi.Input<string>; roleArn: pulumi.Input<string>; userPoolId: pulumi.Input<string>; }>;
property domainName
domainName?: pulumi.Input<string>;
Name of the domain.
property ebsOptions
ebsOptions?: pulumi.Input<{ ebsEnabled: pulumi.Input<boolean>; iops: pulumi.Input<number>; volumeSize: pulumi.Input<number>; volumeType: pulumi.Input<string>; }>;
EBS related options, may be required based on chosen instance size. See below.
property elasticsearchVersion
elasticsearchVersion?: pulumi.Input<string>;
The version of Elasticsearch to deploy. Defaults to 1.5
property encryptAtRest
encryptAtRest?: pulumi.Input<{ enabled: pulumi.Input<boolean>; kmsKeyId: pulumi.Input<string>; }>;
Encrypt at rest options. Only available for certain instance types. See below.
property logPublishingOptions
logPublishingOptions?: pulumi.Input<pulumi.Input<{ cloudwatchLogGroupArn: pulumi.Input<string>; enabled: pulumi.Input<boolean>; logType: pulumi.Input<string>; }>[]>;
Options for publishing slow logs to CloudWatch Logs.
property nodeToNodeEncryption
nodeToNodeEncryption?: pulumi.Input<{ enabled: pulumi.Input<boolean>; }>;
Node-to-node encryption options. See below.
property snapshotOptions
snapshotOptions?: pulumi.Input<{ automatedSnapshotStartHour: pulumi.Input<number>; }>;
Snapshot related options, see below.
property tags
tags?: pulumi.Input<{[key: string]: any}>;
A mapping of tags to assign to the resource
property vpcOptions
vpcOptions?: pulumi.Input<{ availabilityZones: pulumi.Input<pulumi.Input<string>[]>; securityGroupIds: pulumi.Input<pulumi.Input<string>[]>; subnetIds: pulumi.Input<pulumi.Input<string>[]>; vpcId: pulumi.Input<string>; }>;
VPC related options, see below. Adding or removing this configuration forces a new resource (documentation).
interface DomainPolicyArgs
The set of arguments for constructing a DomainPolicy resource.
property accessPolicies
accessPolicies: pulumi.Input<string>;
IAM policy document specifying the access policies for the domain
property domainName
domainName: pulumi.Input<string>;
Name of the domain.
interface DomainPolicyState
Input properties used for looking up and filtering DomainPolicy resources.
property accessPolicies
accessPolicies?: pulumi.Input<string>;
IAM policy document specifying the access policies for the domain
property domainName
domainName?: pulumi.Input<string>;
Name of the domain.
interface DomainState
Input properties used for looking up and filtering Domain resources.
property accessPolicies
accessPolicies?: pulumi.Input<string>;
IAM policy document specifying the access policies for the domain
property advancedOptions
advancedOptions?: pulumi.Input<{[key: string]: any}>;
Key-value string pairs to specify advanced configuration options. Note that the values for these configuration options must be strings (wrapped in quotes) or they may be wrong and cause a perpetual diff, causing Terraform to want to recreate your Elasticsearch domain on every apply.
property arn
arn?: pulumi.Input<string>;
Amazon Resource Name (ARN) of the domain.
property clusterConfig
clusterConfig?: pulumi.Input<{ dedicatedMasterCount: pulumi.Input<number>; dedicatedMasterEnabled: pulumi.Input<boolean>; dedicatedMasterType: pulumi.Input<string>; instanceCount: pulumi.Input<number>; instanceType: pulumi.Input<string>; zoneAwarenessEnabled: pulumi.Input<boolean>; }>;
Cluster configuration of the domain, see below.
property cognitoOptions
cognitoOptions?: pulumi.Input<{ enabled: pulumi.Input<boolean>; identityPoolId: pulumi.Input<string>; roleArn: pulumi.Input<string>; userPoolId: pulumi.Input<string>; }>;
property domainId
domainId?: pulumi.Input<string>;
Unique identifier for the domain.
property domainName
domainName?: pulumi.Input<string>;
Name of the domain.
property ebsOptions
ebsOptions?: pulumi.Input<{ ebsEnabled: pulumi.Input<boolean>; iops: pulumi.Input<number>; volumeSize: pulumi.Input<number>; volumeType: pulumi.Input<string>; }>;
EBS related options, may be required based on chosen instance size. See below.
property elasticsearchVersion
elasticsearchVersion?: pulumi.Input<string>;
The version of Elasticsearch to deploy. Defaults to 1.5
property encryptAtRest
encryptAtRest?: pulumi.Input<{ enabled: pulumi.Input<boolean>; kmsKeyId: pulumi.Input<string>; }>;
Encrypt at rest options. Only available for certain instance types. See below.
property endpoint
endpoint?: pulumi.Input<string>;
Domain-specific endpoint used to submit index, search, and data upload requests.
property kibanaEndpoint
kibanaEndpoint?: pulumi.Input<string>;
Domain-specific endpoint for kibana without https scheme.
vpc_options.0.availability_zones
- If the domain was created inside a VPC, the names of the availability zones the configuredsubnet_ids
were created inside.vpc_options.0.vpc_id
- If the domain was created inside a VPC, the ID of the VPC.
property logPublishingOptions
logPublishingOptions?: pulumi.Input<pulumi.Input<{ cloudwatchLogGroupArn: pulumi.Input<string>; enabled: pulumi.Input<boolean>; logType: pulumi.Input<string>; }>[]>;
Options for publishing slow logs to CloudWatch Logs.
property nodeToNodeEncryption
nodeToNodeEncryption?: pulumi.Input<{ enabled: pulumi.Input<boolean>; }>;
Node-to-node encryption options. See below.
property snapshotOptions
snapshotOptions?: pulumi.Input<{ automatedSnapshotStartHour: pulumi.Input<number>; }>;
Snapshot related options, see below.
property tags
tags?: pulumi.Input<{[key: string]: any}>;
A mapping of tags to assign to the resource
property vpcOptions
vpcOptions?: pulumi.Input<{ availabilityZones: pulumi.Input<pulumi.Input<string>[]>; securityGroupIds: pulumi.Input<pulumi.Input<string>[]>; subnetIds: pulumi.Input<pulumi.Input<string>[]>; vpcId: pulumi.Input<string>; }>;
VPC related options, see below. Adding or removing this configuration forces a new resource (documentation).