Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add option to apply security groups to domain #134

Merged
merged 5 commits into from
Feb 23, 2023
Merged

Add option to apply security groups to domain #134

merged 5 commits into from
Feb 23, 2023

Conversation

bgottlob
Copy link
Contributor

@bgottlob bgottlob commented May 6, 2022

what

  • Adds capability to attach existing security groups to ElasticSearch domain by setting var.create_security_group to false
  • Preserves default behavior of creating a new security group with one rule for each item in var.security_groups

why

  • Some users expect var.security_groups to be a list of security groups to be directly attached to the ElasticSearch domain

references

@bgottlob bgottlob requested review from a team as code owners May 6, 2022 15:27
@bgottlob bgottlob requested review from dotCipher and nitrocode May 6, 2022 15:27
bridgecrew[bot]
bridgecrew bot reviewed May 6, 2022
View reviewed changes
main.tf
@@ -167,7 +167,7 @@ resource "aws_elasticsearch_domain" "default" {
for_each = var.vpc_enabled ? [true] : []

content {
security_group_ids = [join("", aws_security_group.default.*.id)]
security_group_ids = var.create_security_group ? [join("", aws_security_group.default.*.id)] : var.security_groups
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

MEDIUM   Ensure AWS Elasticsearch has node-to-node encryption enabled
    Resource: module.elasticsearch.aws_elasticsearch_domain.default | ID: BC_AWS_ELASTICSEARCH_5

Description

The AWS Elasticsearch Service makes it possible to host sensitive workloads with node-to-node encryption by using Transport Layer Security (TLS) for all communications between instances in a cluster.

Using node-to-node encryption ensures that any data you send to your Amazon Elasticsearch Service domain over HTTPS, remains encrypted in-flight while it is being distributed and replicated between the nodes.

Benchmarks

  • PCI-DSS V3.2 3
  • FEDRAMP (MODERATE) SC-7, SC-8, SC-8(1)

🎉   Fixed by commit e468d88 - Auto Format

bridgecrew[bot]
bridgecrew bot reviewed May 6, 2022
View reviewed changes
Copy link

@bridgecrew bridgecrew bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️   Due to e468d88 - Auto Format - 1 error was fixed.

Change details

Error ID Change Path Resource
BC_AWS_ELASTICSEARCH_5 Fixed /main.tf module.elasticsearch.aws_elasticsearch_domain.default

@goruha
Copy link
Member

goruha commented Feb 18, 2023

/test all

@goruha goruha self-assigned this Feb 18, 2023
@goruha
Copy link
Member

goruha commented Feb 23, 2023

/test all

@goruha
Copy link
Member

goruha commented Feb 23, 2023

@bgottlob LGTM
Thanks for your contribution!

@goruha goruha merged commit 6cf06ed into cloudposse:master Feb 23, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bridgecrew bridgecrew[bot] bridgecrew[bot] left review comments

@goruha goruha goruha approved these changes

@dotCipher dotCipher Awaiting requested review from dotCipher dotCipher was automatically assigned from cloudposse/contributors

@nitrocode nitrocode Awaiting requested review from nitrocode nitrocode was automatically assigned from cloudposse/contributors

Assignees

@goruha goruha

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

security_groups ignored
3 participants
@bgottlob @goruha @cloudpossebot