Update opensearch pod policy module name

thoughtbot · Nov 1, 2024 · 6f992d6 · 6f992d6
1 parent 5ae8197
commit 6f992d6
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 23 deletions.
diff --git a/modules/opensearch/main.tf b/modules/opensearch/main.tf
@@ -22,6 +22,8 @@ locals {
   static_domain_arn = "arn:${local.partition}:es:${local.region}:${local.account_id}:domain/${var.domain_name}"
 
   tags = merge(var.tags, { terraform-aws-modules = "opensearch" })
+
+  name   = "es-${var.application_name}"
 }
 
 ################################################################################
@@ -458,9 +460,9 @@ module "elasticsearch_secret" {
   resource_tags    = var.tags
 
   initial_value = jsonencode({
-    ES_ENDPOINT           = module.opensearch[0].domain_endpoint
-    ES_DASHBOARD_ENDPOINT = module.opensearch[0].domain_dashboard_endpoint
-    ES_DOMAIN_ID          = module.opensearch[0].domain_id
-    ES_PASSWORD           = random_password.es.result
+    ES_ENDPOINT           = try(aws_opensearch_domain.this[0].endpoint, null)
+    ES_DASHBOARD_ENDPOINT = try(aws_opensearch_domain.this[0].dashboard_endpoint, null)
+    ES_DOMAIN_ID          = try(aws_opensearch_domain.this[0].domain_id, null)
+    ES_PASSWORD           = var.advanced_security_options.master_user_options.master_user_password
   })
 }
diff --git a/opensearch.tf b/opensearch.tf
@@ -146,24 +146,6 @@ resource "random_password" "es" {
   special = false
 }
 
-module "elasticsearch_secret" {
-  count  = var.elasticsearch_enabled ? 1 : 0
-  source = "github.com/thoughtbot/terraform-aws-secrets//secret?ref=v0.4.0"
-
-  admin_principals = var.admin_principals
-  description      = "Elastisearch secrets for: ${local.name}"
-  name             = "${local.name}-secret"
-  read_principals  = var.read_principals
-  resource_tags    = var.tags
-
-  initial_value = jsonencode({
-    ES_ENDPOINT           = module.opensearch[0].domain_endpoint
-    ES_DASHBOARD_ENDPOINT = module.opensearch[0].domain_dashboard_endpoint
-    ES_DOMAIN_ID          = module.opensearch[0].domain_id
-    ES_PASSWORD           = random_password.es.result
-  })
-}
-
 resource "aws_iam_role_policy_attachment" "test-attach" {
   count = var.elasticsearch_enabled ? 1 : 0
 
@@ -173,7 +155,7 @@ resource "aws_iam_role_policy_attachment" "test-attach" {
   depends_on = [module.pod_policy]
 }
 
-module "pod_policy" {
+module "es_pod_policy" {
   count  = var.elasticsearch_enabled ? 1 : 0
   source = "github.com/thoughtbot/flightdeck//aws/service-account-policy?ref=v0.9.0"