My Saved Presets
You must be logged in to view saved presets

Loading Library ...

OpenSearch Domain Creation with IP Restricted Access Policy

Creates an OpenSearch domain and sets an access policy that restricts access to a specific IP address.

example

aws_opensearch_domain


advanced_security_options
master_user_options



auto_tune_options
maintenance_schedule

duration

cluster_config
cold_storage_options


zone_awareness_config
cognito_options



domain_endpoint_options



ebs_options


encrypt_at_rest

log_publishing_options

node_to_node_encryption
snapshot_options
software_update_options
vpc_options

security_group_ids

subnet_ids

off_peak_window_options
off_peak_window
window_start_time

depends_on


lifecycle

ignore_changes

replace_triggered_by

precondition


postcondition



main

aws_opensearch_domain_policy



depends_on


lifecycle

ignore_changes

replace_triggered_by

precondition


postcondition



main

aws_iam_policy_document

override_policy_documents


source_policy_documents

statement

actions

condition


values


not_actions

not_principals

identifiers

not_resources

principals

identifiers

resources


depends_on


lifecycle

ignore_changes

replace_triggered_by

precondition


postcondition



Terraform Template

data "aws_iam_policy_document" "main" {

  statement {
    actions = ["es:*"]

    condition {
      test = "IpAddress"
      values = ["127.0.0.1/32"]
      variable = "aws:SourceIp"
    }
    effect = "Allow"

    principals {
      identifiers = [*]
      type = *
    }
    resources = ["${aws_opensearch_domain.example.arn}/*"]
  }
}

resource "aws_opensearch_domain" "example" {
  domain_name = "tf-test"
  engine_version = "OpenSearch_1.1"
}

resource "aws_opensearch_domain_policy" "main" {
  access_policies = data.aws_iam_policy_document.main.json
  domain_name = aws_opensearch_domain.example.domain_name
}

© 2024 asecurecloud. All rights reserved.