aws-resource-outside-vpc¶
Ensure that the resource is configured inside a VPC
This rule currently applies to the following list of resources:
- AWS Elasticsearch Domain
Examples¶
Insecure Example
resource "aws_elasticsearch_domain" "es" {
domain_name = var.domain
elasticsearch_version = "6.3"
cluster_config {
instance_type = "m4.large.elasticsearch"
}
advanced_options = {
"rest.action.multi.allow_explicit_index" = "true"
}
}
"ElasticsearchDomain":{
"Type":"AWS::Elasticsearch::Domain",
"Properties":{
"DomainName":"test",
"ElasticsearchVersion": "6.3"
"ElasticsearchClusterConfig":{
"InstanceType":"m4.large.elasticsearch",
},
"AdvancedOptions":{
"rest.action.multi.allow_explicit_index":"true"
}
}
}
Secure Example
resource "aws_elasticsearch_domain" "es" {
domain_name = var.domain
elasticsearch_version = "6.3"
cluster_config {
instance_type = "m4.large.elasticsearch"
}
vpc_options {
subnet_ids = [
data.aws_subnet_ids.selected.ids[0],
data.aws_subnet_ids.selected.ids[1],
]
security_group_ids = [aws_security_group.es.id]
}
advanced_options = {
"rest.action.multi.allow_explicit_index" = "true"
}
}
"ElasticsearchDomain":{
"Type":"AWS::Elasticsearch::Domain",
"Properties":{
"DomainName":"test",
"ElasticsearchVersion": "6.3"
"ElasticsearchClusterConfig":{
"InstanceType":"m4.large.elasticsearch",
},
"VPCOptions" : {
"SubnetIds" : [
"SubnetId0",
"SubnetId1",
],
"SecurityGroupIds" : [
"SecurityGroupId0",
"SecurityGroupId1",
]
},
"AdvancedOptions":{
"rest.action.multi.allow_explicit_index":"true"
}
}
}