Skip to content

Commit ccbd2c5

Browse files
egarbiegarbi
authored
Merge pull request #20 from egarbi/Adds_service_role_conditional_creation
Adds creation of a service IAM role used by default
2 parents 74dc087 + 9505d92 commit ccbd2c5

3 files changed

Lines changed: 17 additions & 0 deletions

File tree

README.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -37,6 +37,7 @@ CONFIG
3737
| Name | Description | Type | Default | Required |
3838
|------|-------------|:----:|:-----:|:-----:|
3939
| access\_policies | IAM policy document specifying the access policies for the domain. | string | `""` | no |
40+
| create\_iam\_service\_linked\_role | Control the creation of the default service role, set it to false if you have already created it. | bool | true | no |
4041
| dedicated\_master | Indicates whether our cluster have dedicated master nodes enabled. | string | `"false"` | no |
4142
| elasticsearch\_version | Elastic Search Service cluster version number. | string | `"5.5"` | no |
4243
| encryption\_enabled | Enable encription in Elastic Search. | string | `"false"` | no |

main.tf

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -39,6 +39,13 @@ resource "aws_security_group_rule" "egress_all" {
3939
security_group_id = "${aws_security_group.elasticsearch.id}"
4040
}
4141

42+
# https://github.com/terraform-providers/terraform-provider-aws/issues/5218
43+
resource "aws_iam_service_linked_role" "default" {
44+
count = var.create_iam_service_linked_role ? 1 : 0
45+
aws_service_name = "es.amazonaws.com"
46+
description = "AWSServiceRoleForAmazonElasticsearchService Service-Linked Role"
47+
}
48+
4249
resource "aws_elasticsearch_domain" "es" {
4350
domain_name = "${var.name}"
4451
elasticsearch_version = "${var.elasticsearch_version}"
@@ -83,6 +90,10 @@ resource "aws_elasticsearch_domain" "es" {
8390
tags = {
8491
Domain = "${var.name}"
8592
}
93+
94+
depends_on = [
95+
"aws_iam_service_linked_role.default",
96+
]
8697
}
8798

8899
# Add ALB record on DNS

variables.tf

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,11 @@ variable "vpc_id" {
1515
}
1616

1717
// Optional
18+
variable "create_iam_service_linked_role" {
19+
description = "Control the creation of the default service role, set it to false if you have already created it"
20+
default = true
21+
}
22+
1823
variable "zone_id" {
1924
default = ""
2025
description = "Route 53 zone id where the DNS record will be created."

0 commit comments

Comments
 (0)