feat: Update, test, and validate OpenSearch serverless collection module/example

Author: bryantbiggs

examples/collection/README.md

@@ -0,0 +1,83 @@
+# AWS OpenSearch Serverless Collection Example
+
+Configuration in this directory creates an AWS OpenSearch serverless collection
+
+## Usage
+
+To run this example you need to execute:
+
+```bash
+$ terraform init
+$ terraform plan
+$ terraform apply
+```
+
+Note that this example may create resources which will incur monetary charges on your AWS bill. Run `terraform destroy` when you no longer need these resources.
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.24 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.24 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_opensearch_collection_disabled"></a> [opensearch\_collection\_disabled](#module\_opensearch\_collection\_disabled) | ../../modules/collection | n/a |
+| <a name="module_opensearch_collection_private"></a> [opensearch\_collection\_private](#module\_opensearch\_collection\_private) | ../../modules/collection | n/a |
+| <a name="module_opensearch_collection_public"></a> [opensearch\_collection\_public](#module\_opensearch\_collection\_public) | ../../modules/collection | n/a |
+| <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 5.0 |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_opensearchserverless_vpc_endpoint.example](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/opensearchserverless_vpc_endpoint) | resource |
+| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source |
+
+## Inputs
+
+No inputs.
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_opensearch_collection_private_access_policy"></a> [opensearch\_collection\_private\_access\_policy](#output\_opensearch\_collection\_private\_access\_policy) | The JSON policy document of the access policy |
+| <a name="output_opensearch_collection_private_access_policy_version"></a> [opensearch\_collection\_private\_access\_policy\_version](#output\_opensearch\_collection\_private\_access\_policy\_version) | The version of the access policy |
+| <a name="output_opensearch_collection_private_arn"></a> [opensearch\_collection\_private\_arn](#output\_opensearch\_collection\_private\_arn) | Amazon Resource Name (ARN) of the collection |
+| <a name="output_opensearch_collection_private_dashboard_endpoint"></a> [opensearch\_collection\_private\_dashboard\_endpoint](#output\_opensearch\_collection\_private\_dashboard\_endpoint) | Collection-specific endpoint used to access OpenSearch Dashboards |
+| <a name="output_opensearch_collection_private_encryption_policy"></a> [opensearch\_collection\_private\_encryption\_policy](#output\_opensearch\_collection\_private\_encryption\_policy) | The JSON policy document of the encryption policy |
+| <a name="output_opensearch_collection_private_encryption_policy_version"></a> [opensearch\_collection\_private\_encryption\_policy\_version](#output\_opensearch\_collection\_private\_encryption\_policy\_version) | The version of the encryption policy |
+| <a name="output_opensearch_collection_private_endpoint"></a> [opensearch\_collection\_private\_endpoint](#output\_opensearch\_collection\_private\_endpoint) | Collection-specific endpoint used to submit index, search, and data upload requests to an OpenSearch Serverless collection |
+| <a name="output_opensearch_collection_private_id"></a> [opensearch\_collection\_private\_id](#output\_opensearch\_collection\_private\_id) | Unique identifier for the collection |
+| <a name="output_opensearch_collection_private_kms_key_arn"></a> [opensearch\_collection\_private\_kms\_key\_arn](#output\_opensearch\_collection\_private\_kms\_key\_arn) | The ARN of the Amazon Web Services KMS key used to encrypt the collection |
+| <a name="output_opensearch_collection_private_lifecycle_policy"></a> [opensearch\_collection\_private\_lifecycle\_policy](#output\_opensearch\_collection\_private\_lifecycle\_policy) | The JSON policy document of the lifecycle policy |
+| <a name="output_opensearch_collection_private_lifecycle_policy_version"></a> [opensearch\_collection\_private\_lifecycle\_policy\_version](#output\_opensearch\_collection\_private\_lifecycle\_policy\_version) | The version of the lifecycle policy |
+| <a name="output_opensearch_collection_private_network_policy"></a> [opensearch\_collection\_private\_network\_policy](#output\_opensearch\_collection\_private\_network\_policy) | The JSON policy document of the network policy |
+| <a name="output_opensearch_collection_private_network_policy_version"></a> [opensearch\_collection\_private\_network\_policy\_version](#output\_opensearch\_collection\_private\_network\_policy\_version) | The version of the network policy |
+| <a name="output_opensearch_collection_public_access_policy"></a> [opensearch\_collection\_public\_access\_policy](#output\_opensearch\_collection\_public\_access\_policy) | The JSON policy document of the access policy |
+| <a name="output_opensearch_collection_public_access_policy_version"></a> [opensearch\_collection\_public\_access\_policy\_version](#output\_opensearch\_collection\_public\_access\_policy\_version) | The version of the access policy |
+| <a name="output_opensearch_collection_public_arn"></a> [opensearch\_collection\_public\_arn](#output\_opensearch\_collection\_public\_arn) | Amazon Resource Name (ARN) of the collection |
+| <a name="output_opensearch_collection_public_dashboard_endpoint"></a> [opensearch\_collection\_public\_dashboard\_endpoint](#output\_opensearch\_collection\_public\_dashboard\_endpoint) | Collection-specific endpoint used to access OpenSearch Dashboards |
+| <a name="output_opensearch_collection_public_encryption_policy"></a> [opensearch\_collection\_public\_encryption\_policy](#output\_opensearch\_collection\_public\_encryption\_policy) | The JSON policy document of the encryption policy |
+| <a name="output_opensearch_collection_public_encryption_policy_version"></a> [opensearch\_collection\_public\_encryption\_policy\_version](#output\_opensearch\_collection\_public\_encryption\_policy\_version) | The version of the encryption policy |
+| <a name="output_opensearch_collection_public_endpoint"></a> [opensearch\_collection\_public\_endpoint](#output\_opensearch\_collection\_public\_endpoint) | Collection-specific endpoint used to submit index, search, and data upload requests to an OpenSearch Serverless collection |
+| <a name="output_opensearch_collection_public_id"></a> [opensearch\_collection\_public\_id](#output\_opensearch\_collection\_public\_id) | Unique identifier for the collection |
+| <a name="output_opensearch_collection_public_kms_key_arn"></a> [opensearch\_collection\_public\_kms\_key\_arn](#output\_opensearch\_collection\_public\_kms\_key\_arn) | The ARN of the Amazon Web Services KMS key used to encrypt the collection |
+| <a name="output_opensearch_collection_public_lifecycle_policy"></a> [opensearch\_collection\_public\_lifecycle\_policy](#output\_opensearch\_collection\_public\_lifecycle\_policy) | The JSON policy document of the lifecycle policy |
+| <a name="output_opensearch_collection_public_lifecycle_policy_version"></a> [opensearch\_collection\_public\_lifecycle\_policy\_version](#output\_opensearch\_collection\_public\_lifecycle\_policy\_version) | The version of the lifecycle policy |
+| <a name="output_opensearch_collection_public_network_policy"></a> [opensearch\_collection\_public\_network\_policy](#output\_opensearch\_collection\_public\_network\_policy) | The JSON policy document of the network policy |
+| <a name="output_opensearch_collection_public_network_policy_version"></a> [opensearch\_collection\_public\_network\_policy\_version](#output\_opensearch\_collection\_public\_network\_policy\_version) | The version of the network policy |
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+
+Apache-2.0 Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-aws-opensearch/blob/master/LICENSE).

examples/serverless/main.tf renamed to examples/collection/main.tf

@@ -22,16 +22,40 @@ locals {
 # OpenSearch Module
 ################################################################################
 
-module "opensearch" {
-  source = "../.."
+module "opensearch_collection_public" {
+  source = "../../modules/collection"
 
-  create = false
+  name        = "${local.name}-public"
+  description = "Example public OpenSearch Serverless collection"
+  type        = "SEARCH"
+
+  create_access_policy  = true
+  create_network_policy = true
 
   tags = local.tags
 }
 
-module "opensearch_disabled" {
-  source = "../.."
+module "opensearch_collection_private" {
+  source = "../../modules/collection"
+
+  name        = "${local.name}-private"
+  description = "Example private OpenSearch Serverless collection"
+  type        = "SEARCH"
+
+  create_access_policy  = true
+  create_network_policy = true
+  network_policy = {
+    AllowFromPublic = false
+    SourceVPCEs = [
+      aws_opensearchserverless_vpc_endpoint.example.id
+    ]
+  }
+
+  tags = local.tags
+}
+
+module "opensearch_collection_disabled" {
+  source = "../../modules/collection"
 
   create = false
 }
@@ -53,3 +77,9 @@ module "vpc" {
 
   tags = local.tags
 }
+
+resource "aws_opensearchserverless_vpc_endpoint" "example" {
+  name       = local.name
+  subnet_ids = module.vpc.private_subnets
+  vpc_id     = module.vpc.vpc_id
+}

examples/collection/outputs.tf

@@ -0,0 +1,137 @@
+################################################################################
+# OpenSearch Collection
+################################################################################
+
+output "opensearch_collection_public_arn" {
+  description = "Amazon Resource Name (ARN) of the collection"
+  value       = module.opensearch_collection_public.arn
+}
+
+output "opensearch_collection_public_endpoint" {
+  description = "Collection-specific endpoint used to submit index, search, and data upload requests to an OpenSearch Serverless collection"
+  value       = module.opensearch_collection_public.endpoint
+}
+
+output "opensearch_collection_public_dashboard_endpoint" {
+  description = "Collection-specific endpoint used to access OpenSearch Dashboards"
+  value       = module.opensearch_collection_public.dashboard_endpoint
+}
+
+output "opensearch_collection_public_kms_key_arn" {
+  description = "The ARN of the Amazon Web Services KMS key used to encrypt the collection"
+  value       = module.opensearch_collection_public.kms_key_arn
+}
+
+output "opensearch_collection_public_id" {
+  description = "Unique identifier for the collection"
+  value       = module.opensearch_collection_public.id
+}
+
+output "opensearch_collection_public_encryption_policy_version" {
+  description = "The version of the encryption policy"
+  value       = module.opensearch_collection_public.encryption_policy_version
+}
+
+output "opensearch_collection_public_encryption_policy" {
+  description = "The JSON policy document of the encryption policy"
+  value       = module.opensearch_collection_public.encryption_policy
+}
+
+output "opensearch_collection_public_network_policy_version" {
+  description = "The version of the network policy"
+  value       = module.opensearch_collection_public.network_policy_version
+}
+
+output "opensearch_collection_public_network_policy" {
+  description = "The JSON policy document of the network policy"
+  value       = module.opensearch_collection_public.network_policy
+}
+
+output "opensearch_collection_public_access_policy_version" {
+  description = "The version of the access policy"
+  value       = module.opensearch_collection_public.access_policy_version
+}
+
+output "opensearch_collection_public_access_policy" {
+  description = "The JSON policy document of the access policy"
+  value       = module.opensearch_collection_public.access_policy
+}
+
+output "opensearch_collection_public_lifecycle_policy_version" {
+  description = "The version of the lifecycle policy"
+  value       = module.opensearch_collection_public.lifecycle_policy_version
+}
+
+output "opensearch_collection_public_lifecycle_policy" {
+  description = "The JSON policy document of the lifecycle policy"
+  value       = module.opensearch_collection_public.lifecycle_policy
+}
+
+################################################################################
+# OpenSearch Private Collection
+################################################################################
+
+output "opensearch_collection_private_arn" {
+  description = "Amazon Resource Name (ARN) of the collection"
+  value       = module.opensearch_collection_private.arn
+}
+
+output "opensearch_collection_private_endpoint" {
+  description = "Collection-specific endpoint used to submit index, search, and data upload requests to an OpenSearch Serverless collection"
+  value       = module.opensearch_collection_private.endpoint
+}
+
+output "opensearch_collection_private_dashboard_endpoint" {
+  description = "Collection-specific endpoint used to access OpenSearch Dashboards"
+  value       = module.opensearch_collection_private.dashboard_endpoint
+}
+
+output "opensearch_collection_private_kms_key_arn" {
+  description = "The ARN of the Amazon Web Services KMS key used to encrypt the collection"
+  value       = module.opensearch_collection_private.kms_key_arn
+}
+
+output "opensearch_collection_private_id" {
+  description = "Unique identifier for the collection"
+  value       = module.opensearch_collection_private.id
+}
+
+output "opensearch_collection_private_encryption_policy_version" {
+  description = "The version of the encryption policy"
+  value       = module.opensearch_collection_private.encryption_policy_version
+}
+
+output "opensearch_collection_private_encryption_policy" {
+  description = "The JSON policy document of the encryption policy"
+  value       = module.opensearch_collection_private.encryption_policy
+}
+
+output "opensearch_collection_private_network_policy_version" {
+  description = "The version of the network policy"
+  value       = module.opensearch_collection_private.network_policy_version
+}
+
+output "opensearch_collection_private_network_policy" {
+  description = "The JSON policy document of the network policy"
+  value       = module.opensearch_collection_private.network_policy
+}
+
+output "opensearch_collection_private_access_policy_version" {
+  description = "The version of the access policy"
+  value       = module.opensearch_collection_private.access_policy_version
+}
+
+output "opensearch_collection_private_access_policy" {
+  description = "The JSON policy document of the access policy"
+  value       = module.opensearch_collection_private.access_policy
+}
+
+output "opensearch_collection_private_lifecycle_policy_version" {
+  description = "The version of the lifecycle policy"
+  value       = module.opensearch_collection_private.lifecycle_policy_version
+}
+
+output "opensearch_collection_private_lifecycle_policy" {
+  description = "The JSON policy document of the lifecycle policy"
+  value       = module.opensearch_collection_private.lifecycle_policy
+}