Skip to main content
ELK AWS Module 0.11.1

ElastAlert IAM Policies

View SourceRelease Notes

This folder contains a Terraform module that defines the IAM Policies used by an ElastAlert cluster. These policies are defined in a separate module so that you can add them to any existing IAM Role.

Quick start

Let's say you want to deploy ElastAlert using the elastalert module:

module "elastalert" {
  # TODO: replace <VERSION> with the latest version from the releases page: https://github.com/gruntwork-io/terraform-aws-elk/releases
  source = "github.com/gruntwork-io/terraform-aws-elk//modules/elastalert?ref=<VERSION>"

  # ... (other params omitted) ...
}

You can attach the IAM policies to this cluster as follows:

module "elastalert_iam_policies" {
  # TODO: replace <VERSION> with the latest version from the releases page: https://github.com/gruntwork-io/terraform-aws-elk/releases
  source = "github.com/gruntwork-io/terraform-aws-elk//modules/elastalert-iam-policies?ref=<VERSION>"

  iam_role_id = module.elasticsearch.iam_role_id
}

Note the following parameters:

  • source: Use this parameter to specify the URL of this module. The double slash (//) is intentional and required. Terraform uses it to specify subfolders within a Git repo (see module sources). The ref parameter specifies a specific Git tag in this repo. That way, instead of using the latest version of this module from the master branch, which will change every time you run Terraform, you're using a fixed version of the repo.

  • iam_role_id: Use this parameter to specify the ID of the IAM Role to which the policies in this module should be added.

You can find the other parameters in variables.tf.

Check out the elk-multi-cluster example for working sample code.

Sample Usage

main.tf

# ------------------------------------------------------------------------------------------------------
# DEPLOY GRUNTWORK'S ELASTALERT-IAM-POLICIES MODULE
# ------------------------------------------------------------------------------------------------------

module "elastalert_iam_policies" {

  source = "git::git@github.com:gruntwork-io/terraform-aws-elk.git//modules/elastalert-iam-policies?ref=v0.11.1"

  # ----------------------------------------------------------------------------------------------------
  # REQUIRED VARIABLES
  # ----------------------------------------------------------------------------------------------------

  # The ID of the IAM Role to which these IAM policies should be attached
  iam_role_id = <INPUT REQUIRED>

  # ----------------------------------------------------------------------------------------------------
  # OPTIONAL VARIABLES
  # ----------------------------------------------------------------------------------------------------

  # The name we will give to the aws_iam_role_policy.
  policy_name = "elastalert-cluster-policy"

  # The Amazon S3 bucket ARNs to grant the Elasticsearch instances access to for
  # storing backup snapshots
  sns_topic_arn = "*"

}