adding https and sg

main.tf

@@ -22,6 +22,14 @@ resource "aws_elasticsearch_domain" "default" {
  kms_key_id = var.encrypt_at_rest_kms_key_id
  }
 
+ domain_endpoint_options {
+ enforce_https = var.domain_endpoint_options_enforce_https
+ tls_security_policy = var.domain_endpoint_options_tls_security_policy
+ # custom_endpoint_enabled = var.custom_endpoint_enabled
+ # custom_endpoint = var.custom_endpoint_enabled ? var.custom_endpoint : null
+ # custom_endpoint_certificate_arn = var.custom_endpoint_enabled ? var.custom_endpoint_certificate_arn : null
+ }
+
  cluster_config {
  instance_count = var.instance_count
  instance_type = var.instance_type
@@ -35,9 +43,10 @@ resource "aws_elasticsearch_domain" "default" {
  }
  }
 
- # here you will have to change the subnet 
+ # here you will have to change the subnet and security group
  vpc_options {
- subnet_ids = ["subnet-a41333cc"]
+ subnet_ids = ["subnet-a41333cc"]
+ security_group_ids = ["sg-0e684d5c8aedc8b44"]
  }
 
 

variables.tf

@@ -142,3 +142,34 @@ variable "node_to_node_encryption_enabled" {
  default = false
  description = "Whether to enable node-to-node encryption"
 }
+
+variable "domain_endpoint_options_enforce_https" {
+ type = bool
+ default = true
+ description = "Whether or not to require HTTPS"
+}
+
+variable "domain_endpoint_options_tls_security_policy" {
+ type = string
+ default = "Policy-Min-TLS-1-0-2019-07"
+ description = "The name of the TLS security policy that needs to be applied to the HTTPS endpoint"
+}
+
+
+# variable "custom_endpoint_enabled" {
+# type = bool
+# description = "Whether to enable custom endpoint for the Elasticsearch domain."
+# default = false
+# }
+
+# variable "custom_endpoint" {
+# type = string
+# description = "Fully qualified domain for custom endpoint."
+# default = ""
+# }
+
+# variable "custom_endpoint_certificate_arn" {
+# type = string
+# description = "ACM certificate ARN for custom endpoint."
+# default = ""
+# }