added opensearch for logging.

02/terragrunt/live/stage-fek/opensearch/terragrunt.hcl

@@ -0,0 +1,23 @@
+include "root" {
+  path = find_in_parent_folders()
+}
+
+terraform {
+  source = "../../../modules//opensearch"
+  extra_arguments "common_vars" {
+    commands = get_terraform_commands_that_need_vars()
+    required_var_files = ["${get_parent_terragrunt_dir()}/common.tfvars"]
+  }
+}
+
+dependency "vpc" {
+  config_path = "../../../live/stage//vpc"
+}
+
+inputs = {
+  subnets = dependency.vpc.outputs.vpc.private_subnets
+  es_version = "OpenSearch_1.2"
+  instance_type = "t2.small.search"
+  vpc_id = dependency.vpc.outputs.vpc.vpc_id
+  vpc_cidr_blocks = dependency.vpc.outputs.vpc.private_subnets_cidr_blocks
+}

02/terragrunt/live/stage-fek/terragrunt.hcl

@@ -18,9 +18,6 @@ generate "provider" {
   contents = <<EOF
 provider "aws" {
   region  = "us-west-2"
-  assume_role {
-    role_arn = local.iam_state.eks_dude_role.arn
-  }
 }
 EOF
 }

02/terragrunt/modules/opensearch/main.tf

@@ -0,0 +1,58 @@
+data "aws_caller_identity" "current" {}
+data "aws_region" "current" {}
+
+resource "aws_iam_service_linked_role" "cluster" {
+  aws_service_name = "opensearchservice.amazonaws.com"
+}
+
+resource "aws_security_group" "cluster" {
+  name        = "opensearch-${var.env}"
+  description = "Opensearch security groups for ${var.env}"
+  vpc_id      = var.vpc_id
+
+  ingress {
+    from_port   = 443
+    to_port     = 443
+    protocol    = "tcp"
+    cidr_blocks = var.vpc_cidr_blocks
+  }
+}
+
+resource "aws_opensearch_domain" "cluster" {
+  domain_name    = "opensearch-${var.env}"
+  engine_version = var.es_version
+
+  cluster_config {
+    instance_type = var.instance_type
+  }
+
+  ebs_options {
+    ebs_enabled = "true"
+    volume_size = "10"
+  }
+
+  vpc_options {
+    subnet_ids         = [var.subnets[0]]
+    security_group_ids = [aws_security_group.cluster.id]
+  }
+
+  access_policies = <<CONFIG
+    {
+        "Version": "2012-10-17",
+        "Statement": [
+            {
+                "Action": "es:*",
+                "Principal": "*",
+                "Effect": "Allow",
+                "Resource": "arn:aws:es:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:domain/opensearch-${var.env}/*"
+            }
+        ]
+    }
+    CONFIG
+
+  tags = {
+    Env = var.env
+  }
+
+  depends_on = [aws_iam_service_linked_role.cluster]
+}

02/terragrunt/modules/opensearch/outputs.tf

@@ -0,0 +1,7 @@
+output "opensearch" {
+  value = {
+    "domain_name" : aws_opensearch_domain.cluster.domain_name
+    "domain_arn" : aws_opensearch_domain.cluster.arn
+    "domain_endpoint" : aws_opensearch_domain.cluster.endpoint
+  }
+}

02/terragrunt/modules/opensearch/vars.tf

@@ -0,0 +1,29 @@
+variable "env" {
+  type        = string
+  description = "run time environment. e.g: stage, prod, dev"
+}
+
+variable "es_version" {
+  type        = string
+  description = "Opensearch version: e.g: Opensearch_1.2"
+}
+
+variable "instance_type" {
+  type        = string
+  description = "Opensearch instance type: e.g: t2.small.search"
+}
+
+variable "subnets" {
+  type        = list(string)
+  description = "Subnets to use for the Opensearch cluster"
+}
+
+variable "vpc_id" {
+  type        = string
+  description = "VPC ID to use for the Opensearch cluster"
+}
+
+variable "vpc_cidr_blocks" {
+  type        = list(string)
+  description = "VPC CIDR blocks to use for the Opensearch cluster"
+}

02/terragrunt/modules/vpc/outputs.tf

@@ -3,5 +3,6 @@ output "vpc" {
     "vpc_id" : module.vpc_example_simple-vpc.vpc_id
     "public_subnets" : module.vpc_example_simple-vpc.public_subnets
     "private_subnets" : module.vpc_example_simple-vpc.private_subnets
+    "private_subnets_cidr_blocks" : module.vpc_example_simple-vpc.private_subnets_cidr_blocks
   }
 }