Merge pull request #7 from angelbarrera92/master

 [Feature Request] access_policies variable #5 - master

Author: egarbi

README.md

@@ -13,5 +13,21 @@ module "es-cluster" {
   zone_id                   = "ZA863HSKDDD9"
   itype                     = "m4.large.elasticsearch"
   ingress_allow_cidr_blocks = [ "10.20.0.0/16", "10.22.0.0/16" ]
+  access_policies           = <<CONFIG
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Action": "es:*",
+            "Principal": "*",
+            "Effect": "Allow",
+            "Condition": {
+                "IpAddress": {"aws:SourceIp": ["66.193.100.22/32"]}
+            }
+        }
+    ]
+}
+CONFIG
+
 }
 ```

main.tf

@@ -1,11 +1,13 @@
 // Required
 variable "name" {}
+
 variable "vpc_id" {}
+
 variable "subnet_ids" {
   type = "list"
 }
-variable "zone_id" {}
 
+variable "zone_id" {}
 
 // Optional
 variable "elasticsearch_version" {
@@ -47,6 +49,7 @@ variable "ingress_allow_cidr_blocks" {
 variable "rest_action_multi_allow_explicit_index" {
   default = "true"
 }
+
 variable "indices_fielddata_cache_size" {
   default = ""
 }
@@ -63,16 +66,20 @@ variable "volume_size" {
   default = "35"
 }
 
+variable "access_policies" {
+  description = "IAM policy document specifying the access policies for the domain"
+  default     = ""
+}
 
 resource "aws_security_group" "elasticsearch" {
   name        = "${var.name}"
   description = "Security Group to allow traffic to ElasticSearch"
 
-   ingress {
-    from_port       = 443
-    to_port         = 443
-    protocol        = "tcp"
-    cidr_blocks     = ["${var.ingress_allow_cidr_blocks}"]
+  ingress {
+    from_port   = 443
+    to_port     = 443
+    protocol    = "tcp"
+    cidr_blocks = ["${var.ingress_allow_cidr_blocks}"]
   }
 
   ingress {
@@ -97,23 +104,25 @@ resource "aws_elasticsearch_domain" "es" {
   elasticsearch_version = "${var.elasticsearch_version}"
 
   cluster_config {
-    instance_type = "${var.itype}"
-    instance_count = "${var.icount}"
+    instance_type            = "${var.itype}"
+    instance_count           = "${var.icount}"
     dedicated_master_enabled = "${var.dedicated_master}"
-    dedicated_master_type   = "${var.mtype}"
-    dedicated_master_count = "${var.mcount}"
-    zone_awareness_enabled = "${var.zone_awareness}"
+    dedicated_master_type    = "${var.mtype}"
+    dedicated_master_count   = "${var.mcount}"
+    zone_awareness_enabled   = "${var.zone_awareness}"
   }
 
+  access_policies = "${var.access_policies}"
+
   vpc_options {
-    security_group_ids = [ "${aws_security_group.elasticsearch.id}" ]
-    subnet_ids         = [ "${var.subnet_ids}" ]
+    security_group_ids = ["${aws_security_group.elasticsearch.id}"]
+    subnet_ids         = ["${var.subnet_ids}"]
   }
 
   advanced_options {
     "rest.action.multi.allow_explicit_index" = "${var.rest_action_multi_allow_explicit_index}"
-    "indices.fielddata.cache.size" = "${var.indices_fielddata_cache_size}"
-    "indices.query.bool.max_clause_count" = "${var.indices_query_bool_max_clause_count}"
+    "indices.fielddata.cache.size"           = "${var.indices_fielddata_cache_size}"
+    "indices.query.bool.max_clause_count"    = "${var.indices_query_bool_max_clause_count}"
   }
 
   ebs_options {