chore: skip checkov CKV_AWS_318

examples/opensearch/data.tf

@@ -6,10 +6,6 @@ data "aws_cloudformation_export" "web_subnet_b" {
   name = var.cf_export_web_subnet_b
 }
 
-data "aws_cloudformation_export" "web_subnet_c" {
-  name = var.cf_export_web_subnet_c
-}
-
 data "aws_cloudformation_export" "app_sg_id" {
   name = var.cf_export_app_sg_id
 }

examples/opensearch/main.tf

@@ -48,7 +48,6 @@ module "opensearch" {
   vpc_endpoint_subnet_ids = [
     data.aws_cloudformation_export.web_subnet_a.value,
     data.aws_cloudformation_export.web_subnet_b.value,
-    data.aws_cloudformation_export.web_subnet_c.value,
   ]
   vpc_endpoint_security_group_ids = [
     data.aws_cloudformation_export.app_sg_id.value,

examples/opensearch/variables.tf

@@ -13,7 +13,7 @@ variable "engine_version" {
 variable "instance_count" {
   description = "OpenSearch instance count"
   type        = number
-  default     = 3
+  default     = 2
 }
 
 variable "instance_type" {
@@ -34,12 +34,6 @@ variable "cf_export_web_subnet_b" {
   default     = "subnetIDWebB-ap-southeast-1"
 }
 
-variable "cf_export_web_subnet_c" {
-  description = "cf_export_web_subnet_c"
-  type        = string
-  default     = "subnetIDWebC-ap-southeast-1"
-}
-
 variable "cf_export_app_sg_id" {
   description = "app security group id"
   type        = string

main.tf

@@ -2,6 +2,8 @@ resource "aws_opensearch_domain" "this" {
   #checkov:skip=CKV2_AWS_52
   #checkov:skip=CKV_AWS_248:Ensure that Elasticsearch is not using the default Security Group
   #checkov:skip=CKV_AWS_317:Ensure Elasticsearch Domain Audit Logging is enabled
+  #checkov:skip=CKV_AWS_318:Ensure Elasticsearch domains are configured with at least three dedicated master nodes for HA
+
   # service linked role must exist and default cloudwatch log_group created.
   depends_on = [
     aws_iam_service_linked_role.aos,