{"id":20839175,"url":"https://github.com/timoa/terraform-elasticsearch-single-node","last_synced_at":"2026-04-28T16:33:51.085Z","repository":{"id":42706261,"uuid":"164814910","full_name":"timoa/terraform-elasticsearch-single-node","owner":"timoa","description":"Example of the creation of an AWS Elasticsearch single node with Terraform","archived":false,"fork":false,"pushed_at":"2023-12-15T17:47:58.000Z","size":22,"stargazers_count":1,"open_issues_count":1,"forks_count":2,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-12-27T02:52:54.849Z","etag":null,"topics":["aws","aws-elasticsearch","elasticsearch","managed-by-terraform","single-node","terraform"],"latest_commit_sha":null,"homepage":"https://timoa.com","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/timoa.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2019-01-09T07:49:27.000Z","updated_at":"2022-04-19T11:51:16.000Z","dependencies_parsed_at":"2022-08-23T10:10:28.983Z","dependency_job_id":null,"html_url":"https://github.com/timoa/terraform-elasticsearch-single-node","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/timoa/terraform-elasticsearch-single-node","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/timoa%2Fterraform-elasticsearch-single-node","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/timoa%2Fterraform-elasticsearch-single-node/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/timoa%2Fterraform-elasticsearch-single-node/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/timoa%2Fterraform-elasticsearch-single-node/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/timoa","download_url":"https://codeload.github.com/timoa/terraform-elasticsearch-single-node/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/timoa%2Fterraform-elasticsearch-single-node/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32390037,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-28T14:34:11.604Z","status":"ssl_error","status_checked_at":"2026-04-28T14:32:37.009Z","response_time":56,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","aws-elasticsearch","elasticsearch","managed-by-terraform","single-node","terraform"],"created_at":"2024-11-18T01:12:34.715Z","updated_at":"2026-04-28T16:33:51.066Z","avatar_url":"https://github.com/timoa.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Terraform module - AWS Elasticsearch Service Single Node\n\nExample of a minimal Terraform module to deploy an AWS Elasticsearch Service instance with a single node.\n\nMinimal doesn't have to be unsecure 😄\n\nIt supports encryption at rest with a custom KMS key and IAM Access Policy that gives access only to your public IP.\n\n\u003e This module has been made to provide an example but in a real world scenario, it will be better to run your Elasticsearch instance under a custom VPC with only access from your EC2 instance(s) or AWS services instead of facing to Internet. Kibana can be available thru a NGINX reverse-proxy in this case, to expose the 443 port.\n\n## Includes\n\n- Create an AWS Elasticsearch Service instance (managed by AWS)\n- Encryption with a KMS CMK (let you manage the usage of the KMS key)\n- Accessible only from your public IP\n- Under a custom VPC (`minimal-vpc` module) or default VPC (`minimal` module)\n\n## Usage\n\n### Input\n\n| Name | Description | Type |  Default | Required |\n|------|-------------|:------:|----------|:----------:|\n| `my_public_ip` | Your public IP | String | | Yes |\n| `aws_region` | The AWS region where you want to deploy your Elasticsearch instance | String | `us-east-1` | No |\n| `domain_name` | Elasticsearch cluster name | String | `elasticsearch-single-node` | No |\n| `elasticsearch_version` | Elasticsearch version | String | `6.3` | No |\n| `instance_type` | Elasticsearch instance type (t2 family doesn't support encryption at rest) | String | `m4.large.elasticsearch` | No |\n| `volume_size` | Elasticsearch volume size | String | `10` | No |\n| `tags` | Default tags you want to add | Map | `Terraform=true` | No |\n\n### Output\n\n| Name | Description | Type |\n|------|-------------|:------:|\n| `elasticsearch_endpoint` | Elasticsearch public endpoint | String |\n| `elasticsearch_kibana_endpoint` | Elasticsearch Kibana public endpoint | String |\n\n### Examples\n\n#### Under the default VPC\n\n```bash\nmodule \"es-single-node\" {\n  source = \"github.com/timoa/terraform-elasticsearch-single-node/minimal\"\n\n  # Your public IP to secure your Elasticsearch instance (required)\n  my_public_ip    = \"1.2.3.4\"\n\n  # AWS Region where you want to deploy your Elasticsearch single node\n  aws_region      = \"eu-west-2\"\n\n}\n```\n\n#### Under a new custom VPC\n\n```bash\nmodule \"es-single-node\" {\n  source = \"github.com/timoa/terraform-elasticsearch-single-node/minimal-vpc\"\n\n  # Your public IP to secure your Elasticsearch instance (required)\n  my_public_ip    = \"1.2.3.4\"\n\n  # AWS Region where you want to deploy your Elasticsearch single node\n  aws_region      = \"eu-west-2\"\n\n}\n```\n\n## Improvements\n\nThis Terraform module can also be improved by adding this changes:\n\n- Support for multiple environments (distinct name and tags between environment)\n- Support for Route 53 (by adding an alias to an existing Route 53 zone)\n\n## References\n\n### Security/Compliance\n\n#### Cloud Conformity\n\n| Description | Risk level | Link |\n|-------------|:------------:|------|\n| Elasticsearch Domain open to Internet | **High**| [Elasticsearch Domain IP-Based Access][1] |\n| Elasticsearch Domain without encryption at rest | **High** | [Enable AWS ElasticSearch Encryption At Rest][2] |\n| Elasticsearch Domain encryption with AWS managed-keys |  **High**  | [Elasticsearch Domain Encrypted with KMS CMKs][3] |\n| Elasticsearch Domain outside custom VPC |  **High**  | [AWS Elasticsearch Domain In VPC][4]\n\n[1]: https://www.cloudconformity.com/conformity-rules/Elasticsearch/elasticsearch-accessible-only-from-whitelisted-ip-addresses.html\n[2]: https://www.cloudconformity.com/conformity-rules/Elasticsearch/encryption-at-rest.html\n[3]: https://www.cloudconformity.com/conformity-rules/Elasticsearch/domain-encrypted-with-kms-customer-master-keys.html\n[4]: https://www.cloudconformity.com/conformity-rules/Elasticsearch/domain-in-vpc.html\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftimoa%2Fterraform-elasticsearch-single-node","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftimoa%2Fterraform-elasticsearch-single-node","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftimoa%2Fterraform-elasticsearch-single-node/lists"}