add variables for security options (#18)

* add variables for security options

* lint

* terraform-docs: automated update action

---------

Co-authored-by: Rasmnev <Rasmnev@users.noreply.github.com>

README.md

@@ -93,15 +93,16 @@ Here is a working example of using this Terraform module:
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | advanced\_options | Key-value string pairs to specify advanced configuration options. | `map(string)` | `null` | no |
-| advanced\_security\_options\_enabled | n/a | `bool` | `true` | no |
-| advanced\_security\_options\_internal\_user\_db | n/a | `bool` | `false` | no |
+| advanced\_security\_options\_enabled | Indicates whether advanced security is enabled. | `bool` | `false` | no |
+| advanced\_security\_options\_internal\_user\_db | Indicates whether the internal user database is enabled. | `bool` | `false` | no |
 | allow\_cidrs | List of CIDR to allow connection to this Cluster | <pre>list(object({<br>    name        = string<br>    description = string<br>    cidr        = list(string)<br>    from_port   = number<br>    to_port     = number<br>    protocol    = string<br>  }))</pre> | `[]` | no |
 | allow\_security\_group\_ids | List of Security Group IDs to allow connection to this Cluster | <pre>list(object({<br>    name              = string<br>    description       = string<br>    security_group_id = string<br>    from_port         = number<br>    to_port           = number<br>    protocol          = string<br>  }))</pre> | `[]` | no |
 | availability\_zones | The number of availability zones for the OpenSearch cluster. Valid values: 1, 2 or 3. | `number` | `1` | no |
 | cluster\_domain | The hosted zone name of the OpenSearch cluster. | `string` | n/a | yes |
 | cluster\_hostname | The hostname name of the OpenSearch cluster. | `string` | n/a | yes |
 | cluster\_name | The name of the OpenSearch cluster. | `string` | `"opensearch"` | no |
 | cluster\_version | The version of OpenSearch to deploy. | `string` | `"1.1"` | no |
+| create\_custom\_endpoint | n/a | `bool` | `true` | no |
 | create\_service\_role | Indicates whether to create the service-linked role. See https://docs.aws.amazon.com/opensearch-service/latest/developerguide/slr.html | `bool` | `true` | no |
 | ebs\_enabled | n/a | `bool` | `true` | no |
 | ebs\_iops | n/a | `number` | `null` | no |

_variables.tf

@@ -234,11 +234,17 @@ variable "log_publishing_options" {
 }
 
 variable "advanced_security_options_enabled" {
-  type    = bool
-  default = true
+  description = "Indicates whether advanced security is enabled."
+  type        = bool
+  default     = false
 }
 
 variable "advanced_security_options_internal_user_db" {
-  type    = bool
-  default = false
+  description = "Indicates whether the internal user database is enabled."
+  type        = bool
+  default     = false
+}
+
+variable "create_custom_endpoint" {
+  default = true
 }

main.tf

@@ -6,10 +6,9 @@ resource "aws_iam_service_linked_role" "es" {
 }
 
 
-
 resource "aws_elasticsearch_domain" "opensearch" {
   domain_name           = var.cluster_name
-  elasticsearch_version = "OpenSearch_${var.cluster_version}"
+  elasticsearch_version = var.cluster_version
   access_policies       = data.aws_iam_policy_document.access_policy.json
   advanced_options      = var.advanced_options
 
@@ -57,7 +56,7 @@ resource "aws_elasticsearch_domain" "opensearch" {
     enforce_https       = true
     tls_security_policy = "Policy-Min-TLS-1-2-2019-07"
 
-    custom_endpoint_enabled         = true
+    custom_endpoint_enabled         = var.create_custom_endpoint
     custom_endpoint                 = "${var.cluster_hostname}.${data.aws_route53_zone.opensearch.name}"
     custom_endpoint_certificate_arn = data.aws_acm_certificate.domain_host.arn
   }