Terraform provider for the Elastic Cloud API, including:
- Elasticsearch Service (ESS).
- Elastic Cloud Enterprise (ECE).
- Elasticsearch Service Private (ESSP).
Model changes might be introduced between minors until version 1.0.0 is released. Such changes and the expected impact will be detailed in the change log and the individual release notes.
The goal for a Terraform provider is to orchestrate lifecycle for deployments via common set of APIs across ESS, ESSP and ECE (see https://www.elastic.co/guide/en/cloud/current/ec-restful-api.html for API examples)
Things which are out of scope for provider:
- Configuring individual Elastic Stack components (Elasticsearch, Kibana, etc)
- Configuring snapshots settings for deployment (since they are using Elasticsearch SLM for this now, see https://www.elastic.co/guide/en/elasticsearch/reference/current/snapshot-lifecycle-management.html)
We now have Terraform provider for Elastic Stack https://github.com/elastic/terraform-provider-elasticstack which should be used for any operations on Elastic Stack products.
These examples are forward looking and might use an unreleased version, for a current view of working examples, please refer to the Terraform registry documentation.
terraform {
required_version = ">= 0.12.29"
required_providers {
ec = {
source = "elastic/ec"
version = "0.8.0"
}
}
}
provider "ec" {
# ECE installation endpoint
endpoint = "https://my.ece-environment.corp"
# If the ECE installation has a self-signed certificate
# setting "insecure" to true is required.
insecure = true
# APIKey is the recommended authentication mechanism. When
# Targeting the Elasticsearch Service, APIKeys are the only
# valid authentication mechanism.
apikey = "my-apikey"
# When targeting ECE installations, username and password
# authentication is allowed.
username = "my-username"
password = "my-password"
}
data "ec_stack" "latest" {
version_regex = "latest"
region = "us-east-1"
}
# Create an Elastic Cloud deployment
resource "ec_deployment" "example_minimal" {
# Optional name.
name = "my_example_deployment"
# Mandatory fields
region = "us-east-1"
version = data.ec_stack.latest.version
deployment_template_id = "aws-io-optimized-v2"
# Use the deployment template defaults
elasticsearch = {
hot = {
autoscaling = {}
}
}
kibana = {
topology = {}
}
}Clone the repository to a folder on your machine and run make install:
$ mkdir -p ~/development; cd ~/development
$ git clone https://github.com/elastic/terraform-provider-ec
$ cd terraform-provider-ec
$ make installTo generate an API key, follow these steps:
- Open your browser and navigate to https://cloud.elastic.co/login.
- Log in with your email and password.
- Click on Elasticsearch Service.
- Navigate to Features > API Keys and click on Generate API Key.
- Choose a name for your API key.
- Save your API key somewhere safe.
After you've generated your API Key, you can make it available to the Terraform provider by exporting it as an environment variable:
$ export EC_API_KEY="<apikey value>"After doing so, you can navigate to any of our examples in ./examples and try one.
v0.6.0 contains migration to TF Plugin Framework and intoduces new schema for ec_deployment resource:
- switching to attributes syntax instead of blocks for almost all definitions that used to be blocks. It means that, for example, a definition like
elasticsearch {...}has to be changed toelasticsearch = {...}, e.g.
resource "ec_deployment" "defaults" {
name = "example"
region = "us-east-1"
version = data.ec_stack.latest.version
deployment_template_id = "aws-io-optimized-v2"
elasticsearch = {
hot = {
autoscaling = {}
}
}
kibana = {
topology = {}
}
enterprise_search = {
zone_count = 1
}
}topologyattribute ofelasticsearchis replaced with a number of dedicated attributes, one per tier, e.g.
elasticsearch {
topology {
id = "hot_content"
size = "1g"
autoscaling {
max_size = "8g"
}
}
topology {
id = "warm"
size = "2g"
autoscaling {
max_size = "15g"
}
}
}
has to be converted to
elasticsearch = {
hot = {
size = "1g"
autoscaling = {
max_size = "8g"
}
}
warm = {
size = "2g"
autoscaling = {
max_size = "15g"
}
}
}
- due to some existing limitations of TF, nested attributes that are nested inside other nested attributes cannot be
Computed. It means that all such attributes have to be mentioned in configurations even if they are empty. E.g., a definition ofelasticsearchhas to include all topology elements (tiers) that have non-zero size or can be scaled up (if autoscaling is enabled) in the corresponding template. For example, the simplest definition ofelasticsearchforaws-io-optimized-v2template is
resource "ec_deployment" "defaults" {
name = "example"
region = "us-east-1"
version = data.ec_stack.latest.version
deployment_template_id = "aws-io-optimized-v2"
elasticsearch = {
hot = {
autoscaling = {}
}
}
}Please note that the snippet explicitly mentions hot tier with autoscaling attribute even despite the fact that they are empty.
-
a lot of attributes that used to be collections (e.g. lists and sets) are converted to sigletons, e.g.
elasticsearch,apm,kibana,enterprise_search,observability,topology,autoscaling, etc. Please note that, generally, users are not expected to make any change to their existing configuration to address this particular change (besides moving from block to attribute syntax). All these components used to exist in single instances, so the change is mostly syntactical, taking into account the switch to attributes instead of blocks (otherwise if we kept list for configs,config {}had to be rewritten inconfig = [{}]with the move to the attribute syntax). However this change is a breaking one from the schema perspective and requires state upgrade for existing resources that is performed by TF (by calling the provider's API). -
strategyattribute is converted to string with the same set of values that was used for itstypeattribute previously; -
switching to TF protocol 6. From user perspective it should not require any change in their existing configurations.
The schema modifications means that a current TF state cannot work as is with the provider version 0.6.0 and higher.
There are 2 ways to tackle this
- import existing resource using deployment ID, e.g
terraform import 'ec_deployment.test' <deployment_id> - state upgrade that is performed by TF by calling the provider's API so no action is required from users
Currently the state upgrade functionality is not implemented so importing existing resources is the recommended way to deal with existing TF states. Please mind the fact that state import doesn't import user passwords and secret tokens that can be the case if your TF modules make use of them. State upgrade doesn't have this limitation.
-
Older versions of terraform CLI can report errors with the provider 0.6.0 and higher. Please make sure to update Terraform CLI to the latest version.
-
Starting from the provider v0.6.0,
terraform planoutput can contain more changes comparing to the older versions of the provider (that use TF SDK v2). This happens because TF Framework treats allcomputedattributes asunknown(known after apply) once configuration changes. However, it doesn't mean that all attributes that marked asunknownin the plan will get new values after apply. -
After import, the next plan command can output more elements that the actual configuration defines, e.g. plan command can output
coldElasticsearch tier with 0 size or emptyconfigblock for configuration that doesn't specifycoldtier andconfigforelasticsearch. It should not be a problem. You can eigher execute the plan (the only result should be updated Terraform state while the deployment should stay the same) or add emptycoldtier andconfgto the configuration. -
The migration is based on 0.4.1, so all changes from 0.5.0 are omitted.