This repository was archived by the owner on Dec 28, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathelasticsearch.ts
More file actions
68 lines (62 loc) · 2.16 KB
/
elasticsearch.ts
File metadata and controls
68 lines (62 loc) · 2.16 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
import * as aws from "@pulumi/aws"
import * as pulumi from "@pulumi/pulumi"
import * as config from "./config"
import * as iam from "./iam"
import * as vpc from "./vpc"
export let searchDomain: aws.elasticsearch.Domain | undefined
if (config.services.aws.elasticsearch.enabled) {
let elasticsearchConf = config.services.aws.elasticsearch
searchDomain = new aws.elasticsearch.Domain("codeocean", {
elasticsearchVersion: "6.8",
encryptAtRest: { enabled: true },
nodeToNodeEncryption: { enabled: true },
vpcOptions: {
securityGroupIds: [
vpc.sgElasticsearch!.id,
],
subnetIds: elasticsearchConf.multiAZ
? pulumi.output(vpc.vpc.privateSubnetIds).apply(v => v)
: pulumi.output(vpc.vpc.privateSubnetIds).apply(v => [v[0]])
,
},
clusterConfig: {
instanceCount: elasticsearchConf.multiAZ ? 2 : 1,
instanceType: elasticsearchConf.instanceType,
zoneAwarenessConfig: {
availabilityZoneCount: elasticsearchConf.multiAZ ? 2 : undefined,
},
zoneAwarenessEnabled: elasticsearchConf.multiAZ,
},
domainEndpointOptions: {
enforceHttps: true,
tlsSecurityPolicy: "Policy-Min-TLS-1-2-2019-07",
},
ebsOptions: {
ebsEnabled: true,
volumeSize: 20,
},
})
new aws.elasticsearch.DomainPolicy("policy" ,{
domainName: searchDomain.domainName,
accessPolicies: {
Version: "2012-10-17",
Statement: [{
Effect: "Allow",
Principal: {
AWS: [
iam.servicesInstanceRole.arn,
],
},
Action: [
"es:ESHttpDelete",
"es:ESHttpGet",
"es:ESHttpHead",
"es:ESHttpPost",
"es:ESHttpPut",
"es:ESHttpPatch",
],
Resource: pulumi.output(searchDomain.arn).apply(v => `${v}/*`),
}],
},
})
}