r/aws_elasticsearch_domain: Add log_publishing_options

aws/resource_aws_elasticsearch_domain.go

@@ -169,6 +169,38 @@ func resourceAwsElasticSearchDomain() *schema.Resource {
 					},
 				},
 			},
+			"log_publishing_options": {
+				Type:     schema.TypeSet,
+				Optional: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"log_type": {
+							Type:     schema.TypeString,
+							Required: true,
+							ValidateFunc: func(v interface{}, k string) (ws []string, errors []error) {
+								value := v.(string)
+								validLogTypes := []string{"INDEX_SLOW_LOGS", "SEARCH_SLOW_LOGS"}
+								for _, str := range validLogTypes {
+									if value == str {
+										return
+									}
+								}
+								errors = append(errors, fmt.Errorf("expected %s to be one of %v, got %s", k, validLogTypes, value))
+								return
+							},
+						},
+						"cloud_watch_logs_log_group_arn": {
+							Type:     schema.TypeString,
+							Required: true,
+						},
+						"enabled": {
+							Type:     schema.TypeBool,
+							Optional: true,
+							Default:  true,
+						},
+					},
+				},
+			},
 			"elasticsearch_version": {
 				Type:     schema.TypeString,
 				Optional: true,
@@ -308,6 +340,18 @@ func resourceAwsElasticSearchDomainCreate(d *schema.ResourceData, meta interface
 		input.VPCOptions = expandESVPCOptions(s)
 	}
 
+	if v, ok := d.GetOk("log_publishing_options"); ok {
+		input.LogPublishingOptions = make(map[string]*elasticsearch.LogPublishingOption)
+		options := v.(*schema.Set).List()
+		for _, vv := range options {
+			lo := vv.(map[string]interface{})
+			input.LogPublishingOptions[lo["log_type"].(string)] = &elasticsearch.LogPublishingOption{
+				CloudWatchLogsLogGroupArn: aws.String(lo["cloud_watch_logs_log_group_arn"].(string)),
+				Enabled:                   aws.Bool(lo["enabled"].(bool)),
+			}
+		}
+	}
+
 	log.Printf("[DEBUG] Creating ElasticSearch domain: %s", input)
 
 	// IAM Roles can take some time to propagate if set in AccessPolicies and created in the same terraform
@@ -448,6 +492,18 @@ func resourceAwsElasticSearchDomainRead(d *schema.ResourceData, meta interface{}
 		}
 	}
 
+	if ds.LogPublishingOptions != nil {
+		m := make([]map[string]interface{}, 0)
+		for k, val := range ds.LogPublishingOptions {
+			mm := map[string]interface{}{}
+			mm["log_type"] = k
+			mm["cloud_watch_logs_log_group_arn"] = *val.CloudWatchLogsLogGroupArn
+			mm["enabled"] = *val.Enabled
+			m = append(m, mm)
+		}
+		d.Set("log_publishing_options", m)
+	}
+
 	d.Set("arn", ds.ARN)
 
 	listOut, err := conn.ListTags(&elasticsearch.ListTagsInput{
@@ -535,6 +591,18 @@ func resourceAwsElasticSearchDomainUpdate(d *schema.ResourceData, meta interface
 		input.VPCOptions = expandESVPCOptions(s)
 	}
 
+	if d.HasChange("log_publishing_options") {
+		input.LogPublishingOptions = make(map[string]*elasticsearch.LogPublishingOption)
+		options := d.Get("log_publishing_options").(*schema.Set).List()
+		for _, vv := range options {
+			lo := vv.(map[string]interface{})
+			input.LogPublishingOptions[lo["log_type"].(string)] = &elasticsearch.LogPublishingOption{
+				CloudWatchLogsLogGroupArn: aws.String(lo["cloud_watch_logs_log_group_arn"].(string)),
+				Enabled:                   aws.Bool(lo["enabled"].(bool)),
+			}
+		}
+	}
+
 	_, err := conn.UpdateElasticsearchDomainConfig(&input)
 	if err != nil {
 		return err

aws/resource_aws_elasticsearch_domain_test.go

@@ -216,6 +216,23 @@ func TestAccAWSElasticSearchDomain_internetToVpcEndpoint(t *testing.T) {
 	})
 }
 
+func TestAccAWSElasticSearchDomain_LogPublishingOptions(t *testing.T) {
+	var domain elasticsearch.ElasticsearchDomainStatus
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckESDomainDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccESDomainConfig_LogPublishingOptions(acctest.RandInt()),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckESDomainExists("aws_elasticsearch_domain.example", &domain),
+				),
+			},
+		},
+	})
+}
+
 func testAccCheckESNumberOfSecurityGroups(numberOfSecurityGroups int, status *elasticsearch.ElasticsearchDomainStatus) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		count := len(status.VPCOptions.SecurityGroupIds)
@@ -414,7 +431,7 @@ resource "aws_elasticsearch_domain" "example" {
   ebs_options {
     ebs_enabled = true
 		volume_size = 10
-		
+
   }
 
   cluster_config {
@@ -704,3 +721,46 @@ resource "aws_elasticsearch_domain" "example" {
 }
 `, randInt)
 }
+
+func testAccESDomainConfig_LogPublishingOptions(randInt int) string {
+	return fmt.Sprintf(`
+resource "aws_cloudwatch_log_group" "example" {
+  name = "tf-test-%d"
+}
+
+resource "aws_cloudwatch_log_resource_policy" "example" {
+  policy_name = "tf-cwlp-%d"
+  policy_document = <<CONFIG
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "es.amazonaws.com"
+      },
+      "Action": [
+        "logs:PutLogEvents",
+        "logs:PutLogEventsBatch",
+        "logs:CreateLogStream"
+      ],
+      "Resource": "arn:aws:logs:*"
+    }
+  ]
+}
+CONFIG
+}
+
+resource "aws_elasticsearch_domain" "example" {
+  domain_name = "tf-test-%d"
+  ebs_options {
+    ebs_enabled = true
+    volume_size = 10
+  }
+  log_publishing_options {
+    log_type = "INDEX_SLOW_LOGS"
+    cloud_watch_logs_log_group_arn = "${aws_cloudwatch_log_group.example.arn}"
+  }
+}
+`, randInt, randInt, randInt)
+}

website/docs/r/elasticsearch_domain.html.markdown

@@ -60,6 +60,7 @@ The following arguments are supported:
 * `cluster_config` - (Optional) Cluster configuration of the domain, see below.
 * `snapshot_options` - (Optional) Snapshot related options, see below.
 * `vpc_options` - (Optional) VPC related options, see below. Adding or removing this configuration forces a new resource ([documentation](https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/es-vpc.html#es-vpc-limitations)).
+* `log_publishing_options` - (Optional) Options for publishing slow logs to CloudWatch Logs.
 * `elasticsearch_version` - (Optional) The version of ElasticSearch to deploy. Defaults to `1.5`
 * `tags` - (Optional) A mapping of tags to assign to the resource
 
@@ -95,6 +96,11 @@ Security Groups and Subnets referenced in these attributes must all be within th
 * `automated_snapshot_start_hour` - (Required) Hour during which the service takes an automated daily
 	snapshot of the indices in the domain.
 
+**log_publishing_options** supports the following attribute:
+
+* `log_type` - (Required) A type of Elasticsearch log. Valid values: INDEX_SLOW_LOGS, SEARCH_SLOW_LOGS
+* `cloud_watch_logs_log_group_arn` - (Required) ARN of the Cloudwatch log group to which log needs to be published.
+* `enabled` - (Optional, Default: true) Specifies whether given log publishing option is enabled or not.
 
 ## Attributes Reference