Provides an CloudSearch domain service access policy resource.
Terraform waits for the domain service access policy to become Active
when applying a configuration.
resource "aws_cloudsearch_domain" "example" {
name = "example-domain"
}
data "aws_iam_policy_document" "example" {
statement {
sid = "search_only"
effect = "Allow"
principals {
type = "*"
identifiers = ["*"]
}
actions = [
"cloudsearch:search",
"cloudsearch:document",
]
condition {
test = "IpAddress"
variable = "aws:SourceIp"
values = ["192.0.2.0/32"]
}
}
}
resource "aws_cloudsearch_domain_service_access_policy" "example" {
domain_name = aws_cloudsearch_domain.example.id
access_policy = data.aws_iam_policy_document.example.json
}
This resource supports the following arguments:
access_policy
- (Required) The access rules you want to configure. These rules replace any existing rules. See the AWS documentation for details.domain_name
- (Required) The CloudSearch domain name the policy applies to.This resource exports no additional attributes.
update
- (Default 20m
)delete
- (Default 20m
)In Terraform v1.5.0 and later, use an import
block to import CloudSearch domain service access policies using the domain name. For example:
import {
to = aws_cloudsearch_domain_service_access_policy.example
id = "example-domain"
}
Using terraform import
, import CloudSearch domain service access policies using the domain name. For example:
% terraform import aws_cloudsearch_domain_service_access_policy.example example-domain