Opensearch module fixes (#10)

* Update iops config
* Update AWS pod permissions for hub staging

opensearch-variables.tf

@@ -7,7 +7,7 @@ variable "es_application_name" {
 variable "es_instance_count" {
   type        = number
   description = "Number of instances in the cluster"
-  default     = 1
+  default     = 2
 }
 
 variable "es_dedicated_master_type" {
@@ -36,7 +36,7 @@ variable "es_volume_size" {
 variable "es_ebs_iops" {
   type        = number
   description = "Baseline input/output (I/O) performance of EBS volumes attached to data nodes"
-  default     = 1000
+  default     = 3000
 }
 
 variable "es_engine_version" {

opensearch.tf

@@ -158,4 +158,23 @@ module "secret" {
   })
 }
 
+resource "aws_iam_role_policy_attachment" "test-attach" {
+  count  = var.elasticsearch_enabled ? 1 : 0
+
+  role       = module.pod_role.name
+  policy_arn = "arn:aws:iam::aws:policy/aws-service-role/AmazonElasticsearchServiceRolePolicy"
+
+  depends_on = [ module.pod_policy ]
+}
+
+module "pod_policy" {
+  count  = var.elasticsearch_enabled ? 1 : 0
+  source = "github.com/thoughtbot/flightdeck//aws/service-account-policy?ref=v0.9.0"
+
+  name             = "es-${var.es_application_name}-pods"
+  policy_documents = module.secret[*].policy_json
+
+  role_names       = [module.pod_role.name]
+}
+
 data "aws_region" "current" {}