From 33afa187ec38eb4bb168f67a4246391a1b576d71 Mon Sep 17 00:00:00 2001
From: Olamide <65307752+OlamideOl1@users.noreply.github.com>
Date: Fri, 25 Oct 2024 16:29:17 +0100
Subject: [PATCH] Opensearch module fixes (#10)

* Update iops config
* Update AWS pod permissions for hub staging
---
 opensearch-variables.tf |  4 ++--
 opensearch.tf           | 19 +++++++++++++++++++
 2 files changed, 21 insertions(+), 2 deletions(-)

diff --git a/opensearch-variables.tf b/opensearch-variables.tf
index a6212ca..689534b 100644
--- a/opensearch-variables.tf
+++ b/opensearch-variables.tf
@@ -7,7 +7,7 @@ variable "es_application_name" {
 variable "es_instance_count" {
   type        = number
   description = "Number of instances in the cluster"
-  default     = 1
+  default     = 2
 }
 
 variable "es_dedicated_master_type" {
@@ -36,7 +36,7 @@ variable "es_volume_size" {
 variable "es_ebs_iops" {
   type        = number
   description = "Baseline input/output (I/O) performance of EBS volumes attached to data nodes"
-  default     = 1000
+  default     = 3000
 }
 
 variable "es_engine_version" {
diff --git a/opensearch.tf b/opensearch.tf
index 380f545..46d93c3 100644
--- a/opensearch.tf
+++ b/opensearch.tf
@@ -158,4 +158,23 @@ module "secret" {
   })
 }
 
+resource "aws_iam_role_policy_attachment" "test-attach" {
+  count  = var.elasticsearch_enabled ? 1 : 0
+
+  role       = module.pod_role.name
+  policy_arn = "arn:aws:iam::aws:policy/aws-service-role/AmazonElasticsearchServiceRolePolicy"
+
+  depends_on = [ module.pod_policy ]
+}
+
+module "pod_policy" {
+  count  = var.elasticsearch_enabled ? 1 : 0
+  source = "github.com/thoughtbot/flightdeck//aws/service-account-policy?ref=v0.9.0"
+
+  name             = "es-${var.es_application_name}-pods"
+  policy_documents = module.secret[*].policy_json
+
+  role_names       = [module.pod_role.name]
+}
+
 data "aws_region" "current" {}