Merge pull request #10 from clouddrove/bridgecrew

enabled encyption at rest

Author: Sohan Yadav

_example/multi-node/example.tf

@@ -55,21 +55,19 @@ module "elasticsearch" {
   security_group_ids             = [module.security_group.security_group_ids]
   subnet_ids                     = tolist(module.public_subnets.public_subnet_id)
   zone_awareness_enabled         = true
-  encrypt_at_rest_enabled        = false
   availability_zone_count        = 2
   elasticsearch_version          = "7.1"
   instance_type                  = "t2.small.elasticsearch"
   instance_count                 = 2
   iam_actions                    = ["es:ESHttpGet", "es:ESHttpPut", "es:ESHttpPost"]
   volume_size                    = 30
   volume_type                    = "gp2"
-
-  dns_enabled     = false
-  es_hostname     = "es"
-  kibana_hostname = "kibana"
-  dns_zone_id     = false
+  dns_enabled                    = false
+  es_hostname                    = "es"
+  kibana_hostname                = "kibana"
+  dns_zone_id                    = false
 
   advanced_options = {
     "rest.action.multi.allow_explicit_index" = "true"
   }
-}
+}

_example/single-node/example.tf

@@ -65,14 +65,13 @@ module "elasticsearch" {
   log_publishing_search_cloudwatch_log_group_arn = true
   log_publishing_index_cloudwatch_log_group_arn  = true
 
-  encrypt_at_rest_enabled = false
-  enforce_https           = true
-  tls_security_policy     = "Policy-Min-TLS-1-0-2019-07"
-  public_enabled          = false
-  dns_enabled             = false
-  es_hostname             = "es"
-  kibana_hostname         = "kibana"
-  dns_zone_id             = "Z1XJD7SSBKXLC1"
+  enforce_https       = true
+  tls_security_policy = "Policy-Min-TLS-1-0-2019-07"
+  public_enabled      = false
+  dns_enabled         = false
+  es_hostname         = "es"
+  kibana_hostname     = "kibana"
+  dns_zone_id         = "Z1XJD7SSBKXLC1"
 
   advanced_options = {
     "rest.action.multi.allow_explicit_index" = "true"

main.tf

@@ -153,7 +153,7 @@ resource "aws_elasticsearch_domain" "default" {
   }
 
   encrypt_at_rest {
-    enabled    = var.encrypt_at_rest_enabled
+    enabled    = true
     kms_key_id = var.kms_key_id
   }
 
@@ -226,7 +226,7 @@ resource "aws_elasticsearch_domain" "default-public" {
   }
 
   encrypt_at_rest {
-    enabled    = var.encrypt_at_rest_enabled
+    enabled    = true
     kms_key_id = var.kms_key_id
   }
 
@@ -303,7 +303,7 @@ resource "aws_elasticsearch_domain" "single" {
   }
 
   encrypt_at_rest {
-    enabled    = var.encrypt_at_rest_enabled
+    enabled    = true
     kms_key_id = var.kms_key_id
   }
 
@@ -378,7 +378,7 @@ resource "aws_elasticsearch_domain" "single-public" {
   }
 
   encrypt_at_rest {
-    enabled    = var.encrypt_at_rest_enabled
+    enabled    = true
     kms_key_id = var.kms_key_id
   }
 

variables.tf

@@ -160,12 +160,6 @@ variable "iops" {
   description = "The baseline input/output (I/O) performance of EBS volumes attached to data nodes. Applicable only for the Provisioned IOPS EBS volume type."
 }
 
-variable "encrypt_at_rest_enabled" {
-  type        = bool
-  default     = true
-  description = "Whether to enable encryption at rest."
-}
-
 variable "kms_key_id" {
   type        = string
   default     = ""