Merge pull request #16 from rackspace-infrastructure-automation/MPCSU…

…PENG-874 HCL2\Terraform v0.12 conversion
rackspace-infrastructure-automation · Feb 13, 2020 · 3b42f2d · 3b42f2d
2 parents 45ea05a + d0cf3d5
commit 3b42f2d
Show file tree

Hide file tree

Showing 10 changed files with 286 additions and 255 deletions.
diff --git a/.terraform-version b/.terraform-version
@@ -0,0 +1 @@
+0.12.17
diff --git a/README.md b/README.md
@@ -32,8 +32,8 @@ Full working references are available at [examples](examples)
 
 ## Limitation
 
-Terraform does not create the IAM Service Linked Role for ElasticSearch automatically.  If this role is not present on an account, the `create_service_linked_role` parameter should be set to true for the first ElasticSearch instance.  This will create the required role.  This option should not be set to true on more than a single deployment per account, or it will result in a naming conflict.  If the role is not present an error similar to the following would result:
-
+Terraform does not create the IAM Service Linked Role for ElasticSearch automatically.  If this role is not present on an account, the `create_service_linked_role` parameter should be set to true for the first ElasticSearch instance.  This will create the required role.  This option should not be set to true on more than a single deployment per account, or it will result in a naming conflict.  If the role is not present an error similar to the following would result:  
+Error creating ElasticSearch domain: ValidationException: Before you can proceed, you must enable a service-linked role to give Amazon ES permissions to access your VPC.
 ```
 1 error(s) occurred:
 
@@ -43,38 +43,44 @@ Terraform does not create the IAM Service Linked Role for ElasticSearch automati
     status code: 404, request id: 5a1614d2-1e64-11e9-a87e-3149d48d2026
 ```
 
+## Providers
+
+| Name | Version |
+|------|---------|
+| aws | >= 2.2.0 |
+
 ## Inputs
 
 | Name | Description | Type | Default | Required |
-|------|-------------|:----:|:-----:|:-----:|
-| create\_service\_linked\_role | A boolean value to determine if the ElasticSearch Service Linked Role should be created.  This should only be set to true if the Service Linked Role is not already present. | string | `"false"` | no |
-| data\_node\_count | Number of data nodes in the Elasticsearch cluster. If using Zone Awareness this must be a multiple of the number of subnets being used, e.g. 2, 4, 6, etc. for 2 subnets or 3, 6, 9, etc. for 3 subnets. | string | `"6"` | no |
-| data\_node\_instance\_type | Select data node instance type.  See https://aws.amazon.com/elasticsearch-service/pricing/ for supported instance types. | string | `"m5.large.elasticsearch"` | no |
-| ebs\_iops | The number of I/O operations per second (IOPS) that the volume supports. | string | `"0"` | no |
-| ebs\_size | The size of the EBS volume for each data node. | string | `"35"` | no |
-| ebs\_type | The EBS volume type to use with the Amazon ES domain, such as standard, gp2, or io1. | string | `"gp2"` | no |
-| elasticsearch\_version | Elasticsearch Version. | string | `"7.1"` | no |
-| encrypt\_storage\_enabled | A boolean value to determine if encryption at rest is enabled for the Elasticsearch cluster. Version must be at least 5.1. | string | `"false"` | no |
-| encrypt\_traffic\_enabled | A boolean value to determine if encryption for node-to-node traffic is enabled for the Elasticsearch cluster. Version must be at least 6.0. | string | `"false"` | no |
-| encryption\_kms\_key | The KMS key to use for encryption at rest on the Elasticsearch cluster.If omitted and encryption at rest is enabled, the aws/es KMS key is used. | string | `""` | no |
-| environment | Application environment for which this network is being created. Preferred value are Development, Integration, PreProduction, Production, QA, Staging, or Test | string | `"Development"` | no |
-| internal\_record\_name | Record Name for the new Resource Record in the Internal Hosted Zone | string | `""` | no |
-| internal\_zone\_id | The Route53 Internal Hosted Zone ID | string | `""` | no |
-| internal\_zone\_name | TLD for Internal Hosted Zone | string | `""` | no |
-| ip\_whitelist | IP Addresses allowed to access the ElasticSearch Cluster.  Should be supplied if Elasticsearch cluster is not VPC enabled. | list | `<list>` | no |
-| logging\_application\_logs | A boolean value to determine if logging is enabled for ES_APPLICATION_LOGS. | string | `"false"` | no |
-| logging\_index\_slow\_logs | A boolean value to determine if logging is enabled for INDEX_SLOW_LOGS. | string | `"false"` | no |
-| logging\_retention | The number of days to retain Cloudwatch Logs for the Elasticsearch cluster. | string | `"30"` | no |
-| logging\_search\_slow\_logs | A boolean value to determine if logging is enabled for SEARCH_SLOW_LOGS. | string | `"false"` | no |
-| master\_node\_count | Number of master nodes in the Elasticsearch cluster.  Allowed values are 0, 3 or 5. | string | `"3"` | no |
-| master\_node\_instance\_type | Select master node instance type.  See https://aws.amazon.com/elasticsearch-service/pricing/ for supported instance types. | string | `"m5.large.elasticsearch"` | no |
-| name | The desired name for the Elasticsearch domain. | string | n/a | yes |
-| security\_groups | A list of EC2 security groups to assign to the Elasticsearch cluster.  Ignored if Elasticsearch cluster is not VPC enabled. | list | `<list>` | no |
-| snapshot\_start\_hour | The hour (0-23) to issue a daily snapshot of Elasticsearch cluster. | string | `"0"` | no |
-| subnets | Subnets for Elasticsearch cluster.  Ignored if Elasticsearch cluster is not VPC enabled. If not using Zone Awareness this should be a list of one subnet. | list | `<list>` | no |
-| tags | Additional tags to be added to the Elasticsearch cluster. | map | `<map>` | no |
-| vpc\_enabled | A boolean value to determine if the Elasticsearch cluster is VPC enabled. | string | `"false"` | no |
-| zone\_awareness\_enabled | A boolean value to determine if Zone Awareness is enabled. The number of data nodes must be even if this is `true`. | string | `"true"` | no |
+|------|-------------|------|---------|:-----:|
+| create\_service\_linked\_role | A boolean value to determine if the ElasticSearch Service Linked Role should be created.  This should only be set to true if the Service Linked Role is not already present. | `bool` | `false` | no |
+| data\_node\_count | Number of data nodes in the Elasticsearch cluster. If using Zone Awareness this must be a multiple of the number of subnets being used, e.g. 2, 4, 6, etc. for 2 subnets or 3, 6, 9, etc. for 3 subnets. | `number` | `6` | no |
+| data\_node\_instance\_type | Select data node instance type.  See https://aws.amazon.com/elasticsearch-service/pricing/ for supported instance types. | `string` | `"m5.large.elasticsearch"` | no |
+| ebs\_iops | The number of I/O operations per second (IOPS) that the volume supports. | `number` | `0` | no |
+| ebs\_size | The size of the EBS volume for each data node. | `number` | `35` | no |
+| ebs\_type | The EBS volume type to use with the Amazon ES domain, such as standard, gp2, or io1. | `string` | `"gp2"` | no |
+| elasticsearch\_version | Elasticsearch Version. | `string` | `"7.1"` | no |
+| encrypt\_storage\_enabled | A boolean value to determine if encryption at rest is enabled for the Elasticsearch cluster. Version must be at least 5.1. | `bool` | `false` | no |
+| encrypt\_traffic\_enabled | A boolean value to determine if encryption for node-to-node traffic is enabled for the Elasticsearch cluster. Version must be at least 6.0. | `bool` | `false` | no |
+| encryption\_kms\_key | The KMS key to use for encryption at rest on the Elasticsearch cluster.If omitted and encryption at rest is enabled, the aws/es KMS key is used. | `string` | `""` | no |
+| environment | Application environment for which this network is being created. Preferred value are Development, Integration, PreProduction, Production, QA, Staging, or Test | `string` | `"Development"` | no |
+| internal\_record\_name | Record Name for the new Resource Record in the Internal Hosted Zone | `string` | `""` | no |
+| internal\_zone\_id | The Route53 Internal Hosted Zone ID | `string` | `""` | no |
+| internal\_zone\_name | TLD for Internal Hosted Zone | `string` | `""` | no |
+| ip\_whitelist | IP Addresses allowed to access the ElasticSearch Cluster.  Should be supplied if Elasticsearch cluster is not VPC enabled. | `list(string)` | <pre>[<br>  "127.0.0.1"<br>]</pre> | no |
+| logging\_application\_logs | A boolean value to determine if logging is enabled for ES\_APPLICATION\_LOGS. | `bool` | `false` | no |
+| logging\_index\_slow\_logs | A boolean value to determine if logging is enabled for INDEX\_SLOW\_LOGS. | `bool` | `false` | no |
+| logging\_retention | The number of days to retain Cloudwatch Logs for the Elasticsearch cluster. | `number` | `30` | no |
+| logging\_search\_slow\_logs | A boolean value to determine if logging is enabled for SEARCH\_SLOW\_LOGS. | `bool` | `false` | no |
+| master\_node\_count | Number of master nodes in the Elasticsearch cluster.  Allowed values are 0, 3 or 5. | `number` | `3` | no |
+| master\_node\_instance\_type | Select master node instance type.  See https://aws.amazon.com/elasticsearch-service/pricing/ for supported instance types. | `string` | `"m5.large.elasticsearch"` | no |
+| name | The desired name for the Elasticsearch domain. | `string` | n/a | yes |
+| security\_groups | A list of EC2 security groups to assign to the Elasticsearch cluster.  Ignored if Elasticsearch cluster is not VPC enabled. | `list(string)` | `[]` | no |
+| snapshot\_start\_hour | The hour (0-23) to issue a daily snapshot of Elasticsearch cluster. | `number` | `0` | no |
+| subnets | Subnets for Elasticsearch cluster.  Ignored if Elasticsearch cluster is not VPC enabled. If not using Zone Awareness this should be a list of one subnet. | `list(string)` | `[]` | no |
+| tags | Additional tags to be added to the Elasticsearch cluster. | `map(string)` | `{}` | no |
+| vpc\_enabled | A boolean value to determine if the Elasticsearch cluster is VPC enabled. | `bool` | `false` | no |
+| zone\_awareness\_enabled | A boolean value to determine if Zone Awareness is enabled. The number of data nodes must be even if this is `true`. | `bool` | `true` | no |
 
 ## Outputs
 

diff --git a/examples/basic_internet_endpoint.tf b/examples/basic_internet_endpoint.tf
@@ -1,10 +1,15 @@
-####################################################
-# Basic Internet accessible Elasticsearch endpoint #
-####################################################
+terraform {
+  required_version = ">= 0.12"
+}
+
+provider "aws" {
+  region  = "us-west-2"
+  version = "~> 2.2"
+}
 
 module "es_internet" {
-  source = "[email protected]:rackspace-infrastructure-automation/aws-terraform-elasticsearch//?ref=v0.0.7"
+  source = "[email protected]:rackspace-infrastructure-automation/aws-terraform-elasticsearch//?ref=v0.12.0"
 
-  name         = "es-internet-endpoint"
   ip_whitelist = ["1.2.3.4"]
+  name         = "es-internet-endpoint"
 }
diff --git a/examples/basic_vpc_endpoint.tf b/examples/basic_vpc_endpoint.tf
@@ -1,26 +1,30 @@
-###############################################
-# Basic VPC accessible Elasticsearch endpoint #
-###############################################
+terraform {
+  required_version = ">= 0.12"
+}
+
+provider "aws" {
+  region  = "us-west-2"
+  version = "~> 2.2"
+}
 
 module "vpc" {
-  source = "[email protected]:rackspace-infrastructure-automation/aws-terraform-vpc_basenetwork//?ref=v0.0.9"
+  source = "[email protected]:rackspace-infrastructure-automation/aws-terraform-vpc_basenetwork//?ref=v0.12.0"
 
-  vpc_name = "Test1VPC"
+  name = "Test1VPC"
 }
 
 module "sg" {
-  source = "[email protected]:rackspace-infrastructure-automation/aws-terraform-security_group//?ref=v0.0.5"
+  source = "[email protected]:rackspace-infrastructure-automation/aws-terraform-security_group//?ref=v0.12.0"
 
   resource_name = "Test-SG"
-  vpc_id        = "${module.vpc.vpc_id}"
+  vpc_id        = module.vpc.vpc_id
 }
 
 module "es_vpc" {
-  source = "[email protected]:rackspace-infrastructure-automation/aws-terraform-elasticsearch//?ref=v0.0.7"
-
-  name = "es-vpc-endpoint"
+  source = "[email protected]:rackspace-infrastructure-automation/aws-terraform-elasticsearch//?ref=v0.12.0"
 
+  name            = "es-vpc-endpoint"
+  security_groups = [module.sg.public_web_security_group_id]
+  subnets         = module.vpc.private_subnets
   vpc_enabled     = true
-  security_groups = ["${module.sg.public_web_security_group_id}"]
-  subnets         = ["${module.vpc.private_subnets}"]
 }
diff --git a/examples/full_example.tf b/examples/full_example.tf
@@ -1,56 +1,52 @@
-#########################################################
-# Customized Internet accessible Elasticsearch endpoint #
-#########################################################
+terraform {
+  required_version = ">= 0.12"
+}
+
+provider "aws" {
+  region  = "us-west-2"
+  version = "~> 2.2"
+}
 
 data "aws_kms_alias" "es_kms" {
   name = "alias/aws/es"
 }
 
 module "internal_zone" {
-  source = "[email protected]:rackspace-infrastructure-automation/aws-terraform-route53_internal_zone//?ref=v.0.0.3"
+  source = "[email protected]:rackspace-infrastructure-automation/aws-terraform-route53_internal_zone//?ref=v0.12.0"
 
-  zone_name     = "mycompany.local"
-  environment   = "Development"
-  target_vpc_id = "${module.vpc.vpc_id}"
+  environment = "Development"
+  name        = "mycompany.local"
+  vpc_id      = module.vpc.vpc_id
 }
 
 module "es_all_options" {
-  source = "[email protected]:rackspace-infrastructure-automation/aws-terraform-elasticsearch//?ref=v0.0.7"
-
-  name = "es-custom"
-
-  ip_whitelist = ["1.2.3.4"]
-
-  elasticsearch_version = "7.1"
-  environment           = "Production"
+  source = "[email protected]:rackspace-infrastructure-automation/aws-terraform-elasticsearch//?ref=v0.12.0"
 
-  data_node_count           = "8"
+  data_node_count           = 8
   data_node_instance_type   = "r4.large.elasticsearch"
-  master_node_count         = "5"
+  ebs_iops                  = 1000
+  ebs_size                  = 50
+  ebs_type                  = "io1"
+  elasticsearch_version     = "7.1"
+  encrypt_storage_enabled   = true
+  encrypt_traffic_enabled   = true
+  encryption_kms_key        = data.aws_kms_alias.es_kms.target_key_arn
+  environment               = "Production"
+  internal_record_name      = "es-custom"
+  internal_zone_id          = module.internal_zone.internal_hosted_name
+  internal_zone_name        = module.internal_zone.internal_hosted_name
+  ip_whitelist              = ["1.2.3.4"]
+  logging_application_logs  = true
+  logging_index_slow_logs   = true
+  logging_retention         = 14
+  logging_search_slow_logs  = true
+  master_node_count         = 5
   master_node_instance_type = "r4.large.elasticsearch"
-
-  encrypt_storage_enabled = true
-  encrypt_traffic_enabled = true
-  encryption_kms_key      = "${data.aws_kms_alias.es_kms.target_key_arn}"
-
-  ebs_iops = "1000"
-  ebs_size = "50"
-  ebs_type = "io1"
-
-  internal_record_name = "es-custom"
-  internal_zone_id     = "${module.internal_zone.internal_hosted_name}"
-  internal_zone_name   = "${module.internal_zone.internal_hosted_name}"
-
-  logging_application_logs = true
-  logging_index_slow_logs  = true
-  logging_retention        = 14
-  logging_search_slow_logs = true
-
-  snapshot_start_hour = 21
-
-  vpc_enabled     = true
-  subnets         = ["subnet-0146733139bfe351b", "subnet-04362ec0a2a4b1382"]
-  security_groups = ["sg-0024aee5bbfbaddbc", "sg-018f1576271f11f3e"]
+  name                      = "es-custom"
+  security_groups           = ["sg-0024aee5bbfbaddbc", "sg-018f1576271f11f3e"]
+  snapshot_start_hour       = 21
+  subnets                   = ["subnet-0146733139bfe351b", "subnet-04362ec0a2a4b1382"]
+  vpc_enabled               = true
 
   tags = {
     Tag1 = "Value1"