switching policy json to vpc options and adding endpoint output

access_policy.json

-{
-  "Version": "2012-10-17",
-  "Statement": [
-    {
-      "Effect": "Allow",
-      "Principal": {
-        "AWS": "*"
-      },
-      "Action": "es:*",
-        "Condition": {
-            "IpAddress": {
-              "aws:SourceIp": [ "${other_ips}" ]
-            }
-          }
-    },
-    {
-      "Sid": "",
-      "Effect": "Allow",
-      "Principal": {
-        "AWS": "*"
-      },
-      "Action": "es:*",
-        "Condition": {
-            "IpAddress": {
-              "aws:SourceIp": ${nat_ips}
-            }
-          }
-      }
-    ]
-}
\ No newline at end of file

main.tf

@@ -2,13 +2,15 @@ variable environment {}
 variable name {}
 
 variable nat_gateway_ips {}
-variable access_ips {}
 variable private_dns_zone {}
 variable private_dns_address {}
 variable public_dns_zone {}
 variable public_dns_address {}
+variable vpc_id {}
+variable subnet_ids {type = "list"}
+variable security_groups {type = "list"}
 
-variable elasticsearch_version {default = "1.5"}
+variable elasticsearch_version {default = "5.5"}
 variable automated_snapshot_start_hour {default = "02"}
 
 # EBS options
@@ -16,31 +18,40 @@ variable ebs_enabled {default = "true"}
 variable ebs_volume_type {default = "gp2"}
 variable ebs_volume_size {default = "20"}
 
-# Cluster config 
-# If zone awareness is enabled then an even number of data nodes is required. 
+# Cluster config
+# If zone awareness is enabled then an even number of data nodes is required.
 # Dedicated master count should be greater than 1
-variable instance_type {default = "t2.micro.elasticsearch"}
+# M3 medium minimum instance type for > ES 2.3
+variable instance_type {default = "m3.medium.elasticsearch"}
 variable instance_count {default = "2"}
 variable zone_awareness_enabled {default = "true"}
 variable dedicated_master_enabled {default = "true"}
-variable dedicated_master_type {default = "t2.micro.elasticsearch"}
+variable dedicated_master_type {default = "m3.medium.elasticsearch"}
 variable dedicated_master_count {default = "2"}
 
+resource "aws_security_group" "elasticsearch" {
+  name        = "elasticsearch"
+  description = "Allow ingress traffic to the ElasticSearch cluster"
+  vpc_id      = "${var.vpc_id}"
 
-data "template_file" "access_policy" {
-  template = "${file("${path.module}/access_policy.json")}"
-  vars {
-    nat_ips    = "${jsonencode(split(",", var.nat_gateway_ips))}"
-    other_ips = "${var.access_ips}"
+  ingress {
+    from_port       = 80
+    to_port         = 443
+    protocol        = "tcp"
+    security_groups = ["${var.security_groups}"]
   }
 }
 
-
 # Add var for domain name
 resource "aws_elasticsearch_domain" "elasticsearch" {
   domain_name = "es-${var.name}-${var.environment}"
   elasticsearch_version = "${var.elasticsearch_version}"
 
+  vpc_options {
+    security_group_ids = ["${aws_security_group.elasticsearch.id}"]
+    subnet_ids = ["${var.subnet_ids}"]
+  }
+
   ebs_options {
     ebs_enabled = "${var.ebs_enabled}"
     volume_type = "${var.ebs_volume_type}"
@@ -50,7 +61,6 @@ resource "aws_elasticsearch_domain" "elasticsearch" {
   snapshot_options {
     automated_snapshot_start_hour = "${var.automated_snapshot_start_hour}"
   }
-  access_policies = "${data.template_file.access_policy.rendered}"
 
   cluster_config {
     instance_type             = "${var.instance_type}"
@@ -74,8 +84,6 @@ resource "aws_elasticsearch_domain" "elasticsearch" {
   }
 }
 
-
-
 resource "aws_route53_record" "public" {
   zone_id = "${var.public_dns_zone}"
   name = "${var.public_dns_address}"
@@ -91,3 +99,7 @@ resource "aws_route53_record" "private" {
   ttl = 60
   records = ["${aws_elasticsearch_domain.elasticsearch.endpoint}"]
 }
+
+output "endpoint" {
+  value = "${aws_elasticsearch_domain.elasticsearch.endpoint}"
+}