Hi im trying to create a terraform module to deploy aws opensearch using cognito, but it seems it is not possible to complete!
To create an opensearch cluster with cognito, you need to create
After the opensearch cluster is installed, it creates a new client app That you then have to add to the identity pool!
Any know how to get around a terraform deploy -> manual update.
[EDIT]
Added code snippet that resolve the issue, i didnt attach the starter code as to deploy open-search with cognito as its a good few hundred lines of code and seemed redundant.
## calls after elasticsearch and cognito has been built to
## add the elasticsearch client app to the cognito identity pool
data "external" "cognito" {
depends_on = [
aws_opensearch_domain.this
]
program = ["sh", "-c", "aws cognito-idp list-user-pool-clients --user-pool-id ${aws_cognito_user_pool.cognito-user-pool.id}| jq '.UserPoolClients | .[] | select(.ClientName | contains(\"AmazonOpenSearchService\"))'"]
}
output "cognito" {
value = data.external.cognito.result["ClientId"]
}
resource "aws_cognito_identity_pool" "cognito-identity-pool-opensearch" {
depends_on = [
data.external.cognito
]
identity_pool_name = "opensearch-${var.domain_name}-identity-pool"
allow_unauthenticated_identities = false
cognito_identity_providers {
client_id = data.external.cognito.result["ClientId"]
provider_name = aws_cognito_user_pool.cognito-user-pool.endpoint
server_side_token_check = false
}
}
Although your question should provide some sample code, I happen to know exactly what you're referring to because I've had to deal with it in several projects.
Unless things have changed since I last dealt with this, there is no easy solution and it's a gaping hole in the AWS API and Terraform AWS provider. The workaround I've used is:
It sucks, yes.