Add Cognito Options into Opensearch

main.tf

@@ -38,6 +38,13 @@ resource "aws_opensearch_domain" "this" {
     }
   }
 
+  cognito_options {
+    enabled          = var.enable_cognito
+    identity_pool_id = var.cognito_identity_pool_id
+    role_arn         = var.cognito_role_arn
+    user_pool_id     = var.cognito_user_id_pool
+  }
+
   vpc_options {
     subnet_ids         = var.subnet_ids
     security_group_ids = var.security_group_ids

variables.tf

@@ -57,6 +57,30 @@ variable "master_user_password" {
   default     = ""
 }
 
+variable "enable_cognito" {
+  description = "Whether Amazon Cognito authentication with Dashboard is enabled or not."
+  type        = bool
+  default     = false
+}
+
+variable "cognito_identity_pool_id" {
+  description = "ID of the Cognito Identity Pool to use."
+  type        = string
+  default     = ""
+}
+
+variable "cognito_role_arn" {
+  description = "ARN of the IAM role that has the AmazonOpenSearchServiceCognitoAccess policy attached."
+  type        = string
+  default     = ""
+}
+
+variable "cognito_user_id_pool" {
+  description = "ID of the Cognito User Pool to use."
+  type        = string
+  default     = ""
+}
+
 variable "master_instance_enabled" {
   description = "Indicates whether dedicated master nodes are enabled for the cluster."
   type        = bool