diff --git a/docs/arc-iac-docs/modules/terraform-aws-arc-opensearch/README.md b/docs/arc-iac-docs/modules/terraform-aws-arc-opensearch/README.md
index 11cda4aba..1a542f393 100644
--- a/docs/arc-iac-docs/modules/terraform-aws-arc-opensearch/README.md
+++ b/docs/arc-iac-docs/modules/terraform-aws-arc-opensearch/README.md
@@ -1,3 +1,5 @@
+
+
# [terraform-aws-arc-opensearch](https://github.com/sourcefuse/terraform-aws-arc-opensearch)
 
@@ -10,7 +12,7 @@ Terraform module for supporting AWS OpenSearch. Creates an admin role and output
## Usage
-See the `example` folder for a working module example.
+See the `example/vpc` folder for a working module example.
```hcl
################################################################################
@@ -29,6 +31,30 @@ module "opensearch" {
tags = module.tags.tags
}
+```
+See the `example/non-vpc` folder if you want your os to be public
+
+```hcl
+################################################################################
+## opensearch
+################################################################################
+module "opensearch" {
+ source = "sourcefuse/arc-opensearch/aws"
+ version = "1.0.3"
+ environment = var.environment
+ namespace = var.namespace
+ create_iam_service_linked_role = false # set to false if a cluster already exists
+ instance_count = var.instance_count
+ instance_type = var.instance_type
+ ebs_volume_size = var.ebs_volume_size
+ vpc_enabled = false
+ allowed_cidr_blocks = [""] // non VPC ES to allow anonymous access from whitelisted IP ranges without requests signing
+ anonymous_iam_actions = ["es:ESHttpGet", "es:ESHttpPut", "es:ESHttpPost"] // Actions for anonymous user
+ iam_actions = ["es:ESHttpGet", "es:ESHttpPut", "es:ESHttpPost"] // Actions for user
+
+ tags = module.tags.tags
+}
+
```
@@ -36,8 +62,8 @@ module "opensearch" {
| Name | Version |
|------|---------|
-| [terraform](#requirement\_terraform) | ~> 1.3 |
-| [aws](#requirement\_aws) | ~> 4.0 |
+| [terraform](#requirement\_terraform) | >= 1.5, < 2.0.0 |
+| [aws](#requirement\_aws) | >= 4.0, < 6.0 |
| [null](#requirement\_null) | >= 3.2 |
| [random](#requirement\_random) | >= 3.4 |
@@ -52,7 +78,7 @@ module "opensearch" {
| Name | Source | Version |
|------|--------|---------|
-| [opensearch](#module\_opensearch) | git::https://github.com/cloudposse/terraform-aws-elasticsearch | 0.44.0 |
+| [opensearch](#module\_opensearch) | cloudposse/elasticsearch/aws | 0.47.0 |
## Resources
@@ -74,6 +100,8 @@ module "opensearch" {
| [advanced\_options](#input\_advanced\_options) | Key-value string pairs to specify advanced configuration options | `map(any)` | {
"override_main_response_version": false,
"rest.action.multi.allow_explicit_index": "true"
} | no |
| [advanced\_security\_options\_enabled](#input\_advanced\_security\_options\_enabled) | AWS Elasticsearch Kibana enchanced security plugin enabling (forces new resource) | `bool` | `true` | no |
| [advanced\_security\_options\_internal\_user\_database\_enabled](#input\_advanced\_security\_options\_internal\_user\_database\_enabled) | Whether to enable or not internal Kibana user database for ELK OpenDistro security plugin | `bool` | `true` | no |
+| [allowed\_cidr\_blocks](#input\_allowed\_cidr\_blocks) | List of CIDR blocks to be allowed to connect to the cluster | `list(string)` | `[]` | no |
+| [anonymous\_iam\_actions](#input\_anonymous\_iam\_actions) | List of actions to allow for the anonymous (`*`) IAM roles, _e.g._ `es:ESHttpGet`, `es:ESHttpPut`, `es:ESHttpPost` | `list(string)` | `[]` | no |
| [availability\_zones](#input\_availability\_zones) | List of availability zones to deploy the cluster in. | `list(string)` | [
"us-east-1a",
"us-east-1b"
]
| no |
| [cognito\_authentication\_enabled](#input\_cognito\_authentication\_enabled) | Whether to enable Amazon Cognito authentication with Kibana | `bool` | `false` | no |
| [cognito\_iam\_role\_arn](#input\_cognito\_iam\_role\_arn) | ARN of the IAM role that has the AmazonESCognitoAccess policy attached | `string` | `""` | no |
@@ -86,6 +114,7 @@ module "opensearch" {
| [custom\_opensearch\_password](#input\_custom\_opensearch\_password) | Custom Administrator password to be assigned to `var.admin_username`. If undefined, it will be a randomly generated password. Does not work if `var.generate_random_password` is `true`. | `string` | `""` | no |
| [ebs\_volume\_size](#input\_ebs\_volume\_size) | EBS volumes for data storage in GB | `number` | `10` | no |
| [elasticsearch\_version](#input\_elasticsearch\_version) | Version of ElasticSearch or OpenSearch to deploy (\_e.g.\_ OpenSearch\_2.3, OpenSearch\_1.3, OpenSearch\_1.2, OpenSearch\_1.1, OpenSearch\_1.0, 7.4, 7.1, etc. | `string` | `"OpenSearch_2.3"` | no |
+| [enable\_public\_access](#input\_enable\_public\_access) | Set to false if ES should be deployed outside of VPC. | `bool` | `false` | no |
| [encrypt\_at\_rest\_enabled](#input\_encrypt\_at\_rest\_enabled) | Whether to enable encryption at rest | `bool` | `true` | no |
| [environment](#input\_environment) | Name of the environment, i.e. dev, stage, prod | `string` | n/a | yes |
| [generate\_random\_password](#input\_generate\_random\_password) | Generate a random password for the OpenSearch Administrator.
If this value is `true` and `var.custom_opensearch_password` is defined, `var.custom_opensearch_password` will be ignored. | `bool` | `true` | no |
@@ -97,9 +126,9 @@ module "opensearch" {
| [namespace](#input\_namespace) | Namespace of the project, i.e. arc | `string` | n/a | yes |
| [node\_to\_node\_encryption\_enabled](#input\_node\_to\_node\_encryption\_enabled) | Whether to enable node-to-node encryption | `bool` | `true` | no |
| [security\_group\_ids](#input\_security\_group\_ids) | List of security groups to assign OpenSearch | `list(string)` | `[]` | no |
-| [subnet\_ids](#input\_subnet\_ids) | List of Subnet IDs to assign OpenSearch | `list(string)` | n/a | yes |
+| [subnet\_ids](#input\_subnet\_ids) | List of Subnet IDs to assign OpenSearch | `list(string)` | `[]` | no |
| [tags](#input\_tags) | Default tags to apply to every resource | `map(string)` | n/a | yes |
-| [vpc\_id](#input\_vpc\_id) | ID of the VPC where resources will be deployed to | `string` | n/a | yes |
+| [vpc\_id](#input\_vpc\_id) | ID of the VPC where resources will be deployed to | `string` | `null` | no |
| [zone\_awareness\_enabled](#input\_zone\_awareness\_enabled) | Enable zone awareness for Elasticsearch cluster | `bool` | `true` | no |
## Outputs