Allows setting policy to an Elasticsearch domain while referencing domain attributes (e.g., ARN)
resource "aws_elasticsearch_domain" "example" {
domain_name = "tf-test"
elasticsearch_version = "2.3"
}
resource "aws_elasticsearch_domain_policy" "main" {
domain_name = aws_elasticsearch_domain.example.domain_name
access_policies = <<POLICIES
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "es:*",
"Principal": "*",
"Effect": "Allow",
"Condition": {
"IpAddress": {"aws:SourceIp": "127.0.0.1/32"}
},
"Resource": "${aws_elasticsearch_domain.example.arn}/*"
}
]
}
POLICIES
}
This resource supports the following arguments:
domain_name
- (Required) Name of the domain.access_policies
- (Optional) IAM policy document specifying the access policies for the domainThis resource exports no additional attributes.