├── logstash ├── .dockerignore ├── Dockerfile └── assets │ └── logstash.conf ├── kibana ├── .dockerignore ├── Dockerfile └── assets │ └── kibana.yml ├── terraform ├── providers.tf ├── output.tf ├── data.tf ├── route53.tf ├── variables.tf ├── elb.tf ├── autoscaling_group.tf ├── iam.tf ├── launch_configuration.tf ├── README.md ├── user_data.sh.tpl ├── security_groups.tf └── graph.svg ├── .gitignore ├── elasticsearch ├── assets │ ├── elasticsearch.yml │ └── logging.yml └── Dockerfile ├── README.md ├── .travis.yml ├── docker-compose.yml ├── nginx └── assets │ ├── nginx.conf │ └── nginx-ssl-example.conf └── LICENSE /logstash/.dockerignore: -------------------------------------------------------------------------------- 1 | logstash-1.5.0.tar.gz 2 | logstash-1.5.0 3 | -------------------------------------------------------------------------------- /kibana/.dockerignore: -------------------------------------------------------------------------------- 1 | kibana-4.0.2-linux-x64 2 | kibana-4.0.2-linux-x64.tar.gz 3 | -------------------------------------------------------------------------------- /terraform/providers.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = "${var.aws_region}" 3 | } 4 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | elasticsearch/elasticsearch-1.5.2.tar.gz 2 | elasticsearch/elasticsearch-1.5.2 3 | elasticsearch/volumes/esdata/ 4 | kibana/kibana-4.0.2-linux-x64.tar.gz 5 | kibana/kibana-4.0.2-linux-x64 6 | logstash/logstash-1.5.0.tar.gz 7 | logstash/logstash-1.5.0.tar.gz 8 | nginx/assets/certs 9 | esdata/ 10 | .terraform 11 | -------------------------------------------------------------------------------- /terraform/output.tf: -------------------------------------------------------------------------------- 1 | output "autoscaling_group_id" { 2 | value = "${aws_autoscaling_group.autoscaling_group.id}" 3 | } 4 | 5 | output "launch_configuration_id" { 6 | value = "${aws_launch_configuration.launch_configuration.id}" 7 | } 8 | 9 | output "security_group_id" { 10 | value = "${aws_security_group.security_group.id}" 11 | } 12 | -------------------------------------------------------------------------------- /terraform/data.tf: -------------------------------------------------------------------------------- 1 | data "terraform_remote_state" "account" { 2 | backend = "s3" 3 | 4 | config { 5 | bucket = "${var.aws_account}" 6 | key = "terraform.tfstate" 7 | region = "us-east-1" 8 | } 9 | } 10 | 11 | data "terraform_remote_state" "vpc" { 12 | backend = "s3" 13 | 14 | config { 15 | bucket = "${var.aws_account}" 16 | key = "${var.aws_region}/${var.vpc_name}/terraform.tfstate" 17 | region = "us-east-1" 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /elasticsearch/assets/elasticsearch.yml: -------------------------------------------------------------------------------- 1 | bootstrap.mlockall: true 2 | cloud.aws.region: %AWS_REGION% 3 | cloud_node_auto_attributes: true 4 | cluster.name: elk_stack 5 | discovery.ec2.groups: %DISCOVERY_EC2_GROUPS% 6 | discovery.type: ec2 7 | discovery.zen.minimum_master_nodes: %DISCOVERY_ZEN_MINIMUM_MASTER_NODES% 8 | http.jsonp.enable: true 9 | network.host: %NETWORK_HOST% 10 | node.data: true 11 | node.master: true 12 | transport.tcp.port: 9300 13 | http.port: 9200 14 | #node.name: 15 | -------------------------------------------------------------------------------- /terraform/route53.tf: -------------------------------------------------------------------------------- 1 | // Create ELB DNS Alias 2 | resource "aws_route53_record" "external_elb_route53_record" { 3 | zone_id = "${data.terraform_remote_state.account.primary_zone_id}" 4 | name = "${var.kibana_address}.${data.terraform_remote_state.account.domain_name}." 5 | type = "A" 6 | 7 | alias { 8 | name = "${aws_elb.external_elb.dns_name}" 9 | zone_id = "${aws_elb.external_elb.zone_id}" 10 | evaluate_target_health = false 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /logstash/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM java:8-alpine 2 | 3 | ENV HOME_DIR /opt 4 | ENV VERSION 2.4.0 5 | 6 | WORKDIR ${HOME_DIR} 7 | 8 | # Insatall Logstash 9 | RUN apk add --update bash curl perl tar && \ 10 | curl -O https://download.elastic.co/logstash/logstash/logstash-${VERSION}.tar.gz && \ 11 | tar -xvf logstash-${VERSION}.tar.gz && \ 12 | rm -rf logstash-${VERSION}.tar.gz /var/cache/apk/* && \ 13 | ln -s logstash-${VERSION} logstash 14 | 15 | ## Install Plugins 16 | RUN /opt/logstash/bin/logstash-plugin install logstash-input-cloudwatch_logs 17 | 18 | ENV PATH=/opt/logstash/vendor/jruby/bin:$PATH 19 | 20 | EXPOSE 6379 21 | 22 | ENTRYPOINT ["/opt/logstash/bin/logstash"] 23 | 24 | CMD [] 25 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Clustered ELK Stack 2 | 3 | [![Build Status](https://travis-ci.com/TerraformDesignPattern/elk.svg?branch=master)](https://travis-ci.com/TerraformDesignPattern/elk) 4 | 5 | [ELK stack](https://www.elastic.co/elk-stack) with [Elasticsearch cluster](https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-cluster.html) provisioned by [Terraform](https://www.terraform.io/). 6 | 7 | ## Getting started 8 | 9 | ```bash 10 | docker-compose build 11 | cd terraform 12 | terraform init 13 | ``` 14 | 15 | Then follow with instructions in [`terraform` folder](./terraform). 16 | 17 | ## License 18 | 19 | [Apache 2.0](LICENSE.md) © [Terraform Design Pattern](https://github.com/TerraformDesignPattern) 20 | -------------------------------------------------------------------------------- /kibana/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM java:8-alpine 2 | 3 | 4 | ENV KIBANA_VERSION 4.6.0 5 | 6 | WORKDIR /opt 7 | 8 | RUN apk add --update nodejs curl tar && \ 9 | curl -LO https://download.elastic.co/kibana/kibana/kibana-${KIBANA_VERSION}-linux-x86_64.tar.gz && \ 10 | tar -xvf kibana-${KIBANA_VERSION}-linux-x86_64.tar.gz && \ 11 | rm kibana-${KIBANA_VERSION}-linux-x86_64/node/bin/node && \ 12 | rm kibana-${KIBANA_VERSION}-linux-x86_64/node/bin/npm && \ 13 | ln -s /usr/bin/node /opt/kibana-${KIBANA_VERSION}-linux-x86_64/node/bin/node && \ 14 | ln -s /usr/bin/npm /opt/kibana-${KIBANA_VERSION}-linux-x86_64/node/bin/npm && \ 15 | rm -rf kibana-${KIBANA_VERSION}-linux-x86_64.tar.gz /var/cache/apk/* && \ 16 | ln -s kibana-${KIBANA_VERSION}-linux-x86_64 kibana 17 | 18 | COPY assets/kibana.yml /opt/kibana/config/kibana.yml 19 | 20 | EXPOSE 5601 21 | 22 | ENTRYPOINT ["/opt/kibana/bin/kibana"] 23 | 24 | CMD [] 25 | -------------------------------------------------------------------------------- /elasticsearch/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM java:8-alpine 2 | 3 | RUN apk add --update curl tar && \ 4 | rm -rf /var/cache/apk/* 5 | 6 | ENV HOME_DIR /opt 7 | ENV VERSION 2.4.0 8 | 9 | WORKDIR ${HOME_DIR} 10 | 11 | RUN curl -O https://download.elasticsearch.org/elasticsearch/release/org/elasticsearch/distribution/tar/elasticsearch/${VERSION}/elasticsearch-${VERSION}.tar.gz && \ 12 | tar -xvf elasticsearch-${VERSION}.tar.gz && \ 13 | rm -rf elasticsearch-${VERSION}.tar.gz && \ 14 | ln -s elasticsearch-${VERSION} elasticsearch 15 | 16 | RUN ./elasticsearch/bin/plugin install https://download.elastic.co/elasticsearch/release/org/elasticsearch/plugin/cloud-aws/${VERSION}/cloud-aws-${VERSION}.zip 17 | 18 | COPY assets/elasticsearch.yml /opt/elasticsearch/config/elasticsearch.yml 19 | 20 | EXPOSE 9200 9300 21 | 22 | VOLUME /opt/elasticsearch/data 23 | 24 | ENTRYPOINT ["/opt/elasticsearch/bin/elasticsearch"] 25 | 26 | CMD [] 27 | -------------------------------------------------------------------------------- /terraform/variables.tf: -------------------------------------------------------------------------------- 1 | variable "aws_region" {} 2 | 3 | variable "aws_account" {} 4 | 5 | variable "environment_name" {} 6 | 7 | variable "image_id" {} 8 | 9 | variable "kibana_address" {} 10 | 11 | variable "vpc_name" {} 12 | 13 | variable "apply_immediately" { 14 | default = true 15 | } 16 | 17 | variable "autoscaling_group_desired_capacity" { 18 | default = "3" 19 | } 20 | 21 | variable "autoscaling_group_min_size" { 22 | default = "1" 23 | } 24 | 25 | variable "autoscaling_group_max_size" { 26 | default = "3" 27 | } 28 | 29 | variable "discovery_zen_minimum_master_nodes" { 30 | default = "2" 31 | } 32 | 33 | variable "elk_repository" { 34 | default = "TerraformDesignPattern/elk" 35 | } 36 | 37 | variable "elk_repository_branch" { 38 | default = "master" 39 | } 40 | 41 | variable "launch_configuration_instance_type" { 42 | default = "t2.medium" 43 | } 44 | 45 | variable "node_type" { 46 | default = "cache.t2.micro" 47 | } 48 | 49 | variable "unique_id" { 50 | default = "" 51 | } 52 | -------------------------------------------------------------------------------- /logstash/assets/logstash.conf: -------------------------------------------------------------------------------- 1 | input { 2 | cloudwatch_logs { 3 | log_group => "%FLOW_LOG_CLOUDWATCH_LOG_GROUP_ARN%" 4 | type => "flow-log" 5 | } 6 | s3 { 7 | bucket => "%AWS_ACCOUNT%" 8 | exclude_pattern => "terraform\.tfstate| dummy_object" 9 | type => "cloudtrail" 10 | } 11 | } 12 | filter { 13 | if [type] == "flow-log" { 14 | if [message] =~ "NODATA" { 15 | mutate { add_tag => [ "NODATA"] } 16 | grok { 17 | match => { 18 | "message" => "%{BASE10NUM:flow_log_version}\s*%{NUMBER:aws_account_id}\s*%{GREEDYDATA:message}" 19 | } 20 | } 21 | } else { 22 | grok { 23 | match => { 24 | "message" => "%{NUMBER:version} %{NUMBER:account-id} %{NOTSPACE:interface-id} %{NOTSPACE:srcaddr} %{NOTSPACE:dstaddr} %{NOTSPACE:srcport} %{NOTSPACE:dstport} %{NOTSPACE:protocol} %{NOTSPACE:packets} %{NOTSPACE:bytes} %{NUMBER:start} %{NUMBER:end} %{NOTSPACE:action} %{NOTSPACE:log-status}" 25 | } 26 | } 27 | } 28 | } 29 | } 30 | output { 31 | elasticsearch { 32 | hosts => "%NETWORK_HOST%" 33 | } 34 | } 35 | -------------------------------------------------------------------------------- /terraform/elb.tf: -------------------------------------------------------------------------------- 1 | // Create Kibana External ELB 2 | resource "aws_elb" "external_elb" { 3 | name = "${var.environment_name}-kibana-${var.aws_region}" 4 | subnets = ["${data.terraform_remote_state.vpc.public_subnet_ids}"] 5 | security_groups = ["${aws_security_group.elb_security_group.id}"] 6 | cross_zone_load_balancing = true 7 | connection_draining = true 8 | 9 | listener { 10 | instance_port = 443 11 | instance_protocol = "https" 12 | lb_port = 443 13 | lb_protocol = "https" 14 | ssl_certificate_id = "${data.terraform_remote_state.account.ssl_arn}" 15 | } 16 | 17 | listener { 18 | instance_port = 80 19 | instance_protocol = "http" 20 | lb_port = 80 21 | lb_protocol = "http" 22 | } 23 | 24 | health_check { 25 | healthy_threshold = 2 26 | unhealthy_threshold = 2 27 | timeout = 3 28 | target = "tcp:80" 29 | interval = 30 30 | } 31 | 32 | tags { 33 | aws_account = "${var.aws_account}" 34 | aws_region = "${var.aws_region}" 35 | environment_name = "${var.environment_name}" 36 | vpc_name = "${var.vpc_name}" 37 | } 38 | } 39 | -------------------------------------------------------------------------------- /terraform/autoscaling_group.tf: -------------------------------------------------------------------------------- 1 | // Create Auto Scaling Group Resource 2 | resource "aws_autoscaling_group" "autoscaling_group" { 3 | #name = "${var.environment_name}-${var.unique_id}elk-asg" 4 | desired_capacity = "${var.autoscaling_group_desired_capacity}" 5 | health_check_type = "EC2" 6 | health_check_grace_period = 900 7 | launch_configuration = "${aws_launch_configuration.launch_configuration.name}" 8 | load_balancers = ["${aws_elb.external_elb.name}"] 9 | max_size = "${var.autoscaling_group_max_size}" 10 | min_elb_capacity = "${var.autoscaling_group_min_size}" 11 | min_size = "${var.autoscaling_group_min_size}" 12 | vpc_zone_identifier = ["${data.terraform_remote_state.vpc.private_subnet_ids}"] 13 | wait_for_capacity_timeout = "10m" 14 | wait_for_elb_capacity = "${var.autoscaling_group_min_size}" 15 | 16 | lifecycle { 17 | create_before_destroy = true 18 | } 19 | 20 | tag { 21 | key = "Name" 22 | value = "${var.environment_name}-${var.unique_id}elk-asg" 23 | propagate_at_launch = true 24 | } 25 | 26 | tag { 27 | key = "environment" 28 | value = "${var.environment_name}" 29 | propagate_at_launch = true 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /terraform/iam.tf: -------------------------------------------------------------------------------- 1 | // Create IAM Role 2 | resource "aws_iam_role" "iam_role" { 3 | name = "${var.environment_name}-${var.unique_id}elk-role" 4 | 5 | assume_role_policy = < docker-compose 35 | - chmod +x docker-compose 36 | - sudo mv docker-compose /usr/local/bin 37 | script: 38 | - docker-compose build 39 | -------------------------------------------------------------------------------- /docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '2' 2 | services: 3 | elasticsearch: 4 | hostname: elasticsearch 5 | container_name: elasticsearch 6 | image: jonbrouse/sysadvent2016:elasticsearch 7 | build: elasticsearch 8 | command: -Des.insecure.allow.root=true 9 | network_mode: "host" 10 | ports: 11 | - "9200:9200" 12 | - "9300:9300" 13 | volumes: 14 | - ./elasticsearch/volumes/esdata/:/opt/elasticsearch/data 15 | - ./elasticsearch/assets/elasticsearch.yml:/opt/elasticsearch/config/elasticsearch.yml 16 | logstash: 17 | hostname: logstash 18 | container_name: logstash 19 | image: jonbrouse/sysadvent2016:logstash 20 | command: -f /etc/logstash.conf 21 | tty: true 22 | build: logstash 23 | ports: 24 | - "24642:24642" 25 | volumes: 26 | - ./logstash/assets/logstash.conf:/etc/logstash.conf 27 | kibana: 28 | hostname: kibana 29 | container_name: kibana 30 | image: jonbrouse/sysadvent2016:kibana 31 | build: kibana 32 | volumes: 33 | - ./kibana/assets/kibana.yml/:/opt/kibana/config/kibana.yml 34 | nginx: 35 | hostname: nginx 36 | container_name: nginx 37 | image: nginx:stable-alpine 38 | links: 39 | - kibana 40 | ports: 41 | - "80:80" 42 | - "443:443" 43 | volumes: 44 | - ./nginx/assets/certs:/etc/nginx/certs 45 | - ./nginx/assets/nginx.conf:/etc/nginx/nginx.conf 46 | -------------------------------------------------------------------------------- /terraform/launch_configuration.tf: -------------------------------------------------------------------------------- 1 | // Populate User Data Template 2 | data "template_file" "user_data" { 3 | template = "${file("${path.module}/user_data.sh.tpl")}" 4 | 5 | vars { 6 | aws_account = "${var.aws_account}" 7 | aws_region = "${var.aws_region}" 8 | cluster_name = "${var.environment_name}-${var.unique_id}elk" 9 | discovery_ec2_groups = "${aws_security_group.security_group.id}" 10 | discovery_zen_minimum_master_nodes = "${var.discovery_zen_minimum_master_nodes}" 11 | elk_repository = "${var.elk_repository}" 12 | elk_repository_branch = "${var.elk_repository_branch}" 13 | flow_log_cloudwatch_log_group_arn = "${data.terraform_remote_state.vpc.flow_log_cloudwatch_log_group_arn}" 14 | } 15 | } 16 | 17 | // Launch Configuration Resource 18 | resource "aws_launch_configuration" "launch_configuration" { 19 | name_prefix = "${var.environment_name}-${var.unique_id}elk-" 20 | iam_instance_profile = "${aws_iam_instance_profile.iam_instance_profile.arn}" 21 | key_name = "${data.terraform_remote_state.account.key_pair_name}" 22 | image_id = "${var.image_id}" 23 | instance_type = "${var.launch_configuration_instance_type}" 24 | security_groups = ["${split(",", aws_security_group.security_group.id)}"] 25 | user_data = "${data.template_file.user_data.rendered}" 26 | } 27 | -------------------------------------------------------------------------------- /terraform/README.md: -------------------------------------------------------------------------------- 1 | # ELK Terraform Module 2 | 3 | This module creates an ELK stack with an Elasticsearch cluster. 4 | 5 | ![Terraform Graph](./graph.svg) 6 | 7 | ## Example Usage 8 | 9 | ``` 10 | module "elk" { 11 | source = "" 12 | 13 | vpc_name = "${module.environment.vpc_name}" 14 | aws_region = "${module.environment.aws_region}" 15 | aws_account = "${module.environment.aws_account}" 16 | environment_name = "${module.environment.environment_name}" 17 | unique_id = "sysadvent-" 18 | } 19 | ``` 20 | 21 | ## Generate graph 22 | 23 | ```bash 24 | terraform graph -draw-cycles | dot -Tsvg -o graph.svg 25 | ``` 26 | 27 | # Resources 28 | 29 | * [AWS Blog - CloudWatch to ELK](https://aws.amazon.com/blogs/aws/cloudwatch-logs-subscription-consumer-elasticsearch-kibana-dashboards/) 30 | * [Elasticsearch - EC2 Discovery Plugin](https://www.elastic.co/guide/en/elasticsearch/plugins/current/discovery-ec2.html) 31 | * [Logstash - Input Plugins Use Enviroment Variables](https://www.elastic.co/guide/en/logstash/current/environment-variables.html) 32 | * [Logstash - Cloudwatch Log Input Blog Post](http://lukewaite.github.io/aws/lambda/elk/logstash/2015/07/13/aws-lambda-and-elk.html) 33 | * [Logstash - Redis Input Pugin](https://www.elastic.co/guide/en/logstash/current/plugins-inputs-redis.html) 34 | * [Logstash Book - Redis Configuration](https://read.amazon.com/?asin=B00B9JQTCO) 35 | * [Stack Overflow - Public ELB to Private Subnet](http://stackoverflow.com/questions/22541895/amazon-elb-for-ec2-instances-in-private-subnet-in-vpc) 36 | * [Terraform - Elasticache Cluster](https://www.terraform.io/docs/providers/aws/r/elasticache_cluster.html) 37 | * [X-Pack](https://www.elastic.co/guide/en/x-pack/current/installing-xpack.html) 38 | -------------------------------------------------------------------------------- /terraform/user_data.sh.tpl: -------------------------------------------------------------------------------- 1 | #!/bin/sh -ex 2 | # Cloud config for to start an ELK Server 3 | 4 | #### ELK Stack Version Configurations 5 | AWS_ACCONT=${aws_account} 6 | AWS_REGION=${aws_region} 7 | BRANCH=${elk_repository_branch} 8 | CLUSTER_NAME=${cluster_name} 9 | DISCOVERY_EC2_GROUPS=${discovery_ec2_groups} 10 | DISCOVERY_ZEN_MINIMUM_MASTER_NODES=${discovery_zen_minimum_master_nodes} 11 | ELK_REPOSITORY_URL="https://github.com/${elk_repository}/archive/$BRANCH.zip" 12 | FLOW_LOG_CLOUDWATCH_LOG_GROUP_ARN=${flow_log_cloudwatch_log_group_arn} 13 | NETWORK_HOST=$(curl http://169.254.169.254/latest/meta-data/local-ipv4) 14 | 15 | 16 | #### Download Docker ELK Repository 17 | curl -LO "$ELK_REPOSITORY_URL" 18 | unzip "$BRANCH.zip" 19 | 20 | #### Configure Elasticsearch 21 | CONFIG_FILE="elk-$BRANCH/elasticsearch/assets/elasticsearch.yml" 22 | sed -i "s/%AWS_REGION%/$AWS_REGION/g" "$CONFIG_FILE" 23 | sed -i "s/%CLUSTER_NAME%/$CLUSTER_NAME/g" "$CONFIG_FILE" 24 | sed -i "s/%DISCOVERY_EC2_GROUPS%/$DISCOVERY_EC2_GROUPS/g" "$CONFIG_FILE" 25 | sed -i "s/%DISCOVERY_ZEN_MINIMUM_MASTER_NODES%/$DISCOVERY_ZEN_MINIMUM_MASTER_NODES/g" "$CONFIG_FILE" 26 | sed -i "s/%NETWORK_HOST%/$NETWORK_HOST/g" "$CONFIG_FILE" 27 | 28 | #### Configure Kibana 29 | CONFIG_FILE="elk-$BRANCH/kibana/assets/kibana.yml" 30 | sed -i "s/%NETWORK_HOST%/$NETWORK_HOST/g" "$CONFIG_FILE" 31 | 32 | #### Configure Logstash 33 | CONFIG_FILE="elk-$BRANCH/logstash/assets/logstash.conf" 34 | sed -i "s/%AWS_ACCOUNT%/$AWS_ACCOUNT/g" "$CONFIG_FILE" 35 | sed -i "s/%FLOW_LOG_CLOUDWATCH_LOG_GROUP_ARN%/$FLOW_LOG_CLOUDWATCH_LOG_GROUP_ARN/g" "$CONFIG_FILE" 36 | sed -i "s/%NETWORK_HOST%/$NETWORK_HOST/g" "$CONFIG_FILE" 37 | 38 | 39 | docker-compose -f elk-$BRANCH/docker-compose.yml pull 40 | docker-compose -f elk-$BRANCH/docker-compose.yml up -d 41 | -------------------------------------------------------------------------------- /nginx/assets/nginx.conf: -------------------------------------------------------------------------------- 1 | 2 | #user nobody; 3 | worker_processes 1; 4 | 5 | #error_log logs/error.log; 6 | #error_log logs/error.log notice; 7 | #error_log logs/error.log info; 8 | 9 | #pid logs/nginx.pid; 10 | 11 | 12 | events { 13 | worker_connections 1024; 14 | } 15 | 16 | 17 | http { 18 | include mime.types; 19 | default_type application/octet-stream; 20 | 21 | #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' 22 | # '$status $body_bytes_sent "$http_referer" ' 23 | # '"$http_user_agent" "$http_x_forwarded_for"'; 24 | 25 | #access_log logs/access.log main; 26 | 27 | sendfile on; 28 | #tcp_nopush on; 29 | 30 | #keepalive_timeout 0; 31 | keepalive_timeout 65; 32 | 33 | #gzip on; 34 | 35 | server { 36 | listen 80; 37 | server_name localhost; 38 | 39 | #error_page 404 /404.html; 40 | 41 | # redirect server error pages to the static page /50x.html 42 | # 43 | error_page 500 502 503 504 /50x.html; 44 | location = /50x.html { 45 | root html; 46 | } 47 | 48 | location / { 49 | 50 | proxy_set_header Host $host; 51 | proxy_set_header X-Real-IP $remote_addr; 52 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 53 | proxy_set_header X-Forwarded-Proto $scheme; 54 | 55 | # Fix the “It appears that your reverse proxy set up is broken" error. 56 | proxy_pass http://kibana:5601; 57 | proxy_read_timeout 90; 58 | 59 | proxy_redirect http://kibana:5601 http://$host; 60 | } 61 | 62 | } 63 | 64 | } 65 | -------------------------------------------------------------------------------- /elasticsearch/assets/logging.yml: -------------------------------------------------------------------------------- 1 | # you can override this using by setting a system property, for example -Des.logger.level=DEBUG 2 | es.logger.level: INFO 3 | rootLogger: ${es.logger.level}, console, file 4 | logger: 5 | # log action execution errors for easier debugging 6 | action: DEBUG 7 | # reduce the logging for aws, too much is logged under the default INFO 8 | com.amazonaws: WARN 9 | 10 | # gateway 11 | #gateway: DEBUG 12 | #index.gateway: DEBUG 13 | 14 | # peer shard recovery 15 | #indices.recovery: DEBUG 16 | 17 | # discovery 18 | #discovery: TRACE 19 | 20 | index.search.slowlog: TRACE, index_search_slow_log_file 21 | index.indexing.slowlog: TRACE, index_indexing_slow_log_file 22 | 23 | additivity: 24 | index.search.slowlog: false 25 | index.indexing.slowlog: false 26 | 27 | appender: 28 | console: 29 | type: console 30 | layout: 31 | type: consolePattern 32 | conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %m%n" 33 | 34 | file: 35 | type: dailyRollingFile 36 | file: ${path.logs}/${cluster.name}.log 37 | datePattern: "'.'yyyy-MM-dd" 38 | layout: 39 | type: pattern 40 | conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %m%n" 41 | 42 | # Use the following log4j-extras RollingFileAppender to enable gzip compression of log files. 43 | # For more information see https://logging.apache.org/log4j/extras/apidocs/org/apache/log4j/rolling/RollingFileAppender.html 44 | #file: 45 | #type: extrasRollingFile 46 | #file: ${path.logs}/${cluster.name}.log 47 | #rollingPolicy: timeBased 48 | #rollingPolicy.FileNamePattern: ${path.logs}/${cluster.name}.log.%d{yyyy-MM-dd}.gz 49 | #layout: 50 | #type: pattern 51 | #conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %m%n" 52 | 53 | index_search_slow_log_file: 54 | type: dailyRollingFile 55 | file: ${path.logs}/${cluster.name}_index_search_slowlog.log 56 | datePattern: "'.'yyyy-MM-dd" 57 | layout: 58 | type: pattern 59 | conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %m%n" 60 | 61 | index_indexing_slow_log_file: 62 | type: dailyRollingFile 63 | file: ${path.logs}/${cluster.name}_index_indexing_slowlog.log 64 | datePattern: "'.'yyyy-MM-dd" 65 | layout: 66 | type: pattern 67 | conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %m%n" 68 | -------------------------------------------------------------------------------- /nginx/assets/nginx-ssl-example.conf: -------------------------------------------------------------------------------- 1 | 2 | #user nobody; 3 | worker_processes 1; 4 | 5 | #error_log logs/error.log; 6 | #error_log logs/error.log notice; 7 | #error_log logs/error.log info; 8 | 9 | #pid logs/nginx.pid; 10 | 11 | 12 | events { 13 | worker_connections 1024; 14 | } 15 | 16 | 17 | http { 18 | include mime.types; 19 | default_type application/octet-stream; 20 | 21 | #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' 22 | # '$status $body_bytes_sent "$http_referer" ' 23 | # '"$http_user_agent" "$http_x_forwarded_for"'; 24 | 25 | #access_log logs/access.log main; 26 | 27 | sendfile on; 28 | #tcp_nopush on; 29 | 30 | #keepalive_timeout 0; 31 | keepalive_timeout 65; 32 | 33 | #gzip on; 34 | 35 | server { 36 | listen 80; 37 | return 301 https://$host$request_uri; 38 | server_name localhost; 39 | 40 | #error_page 404 /404.html; 41 | 42 | # redirect server error pages to the static page /50x.html 43 | # 44 | error_page 500 502 503 504 /50x.html; 45 | location = /50x.html { 46 | root html; 47 | } 48 | } 49 | 50 | server { 51 | 52 | listen 443; 53 | 54 | ssl_certificate /etc/nginx/certs/example_com.full_chain.pem; 55 | ssl_certificate_key /etc/nginx/certs/example_com.key; 56 | 57 | ssl on; 58 | ssl_session_cache builtin:1000 shared:SSL:10m; 59 | ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 60 | ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4; 61 | ssl_prefer_server_ciphers on; 62 | 63 | location / { 64 | 65 | proxy_set_header Host $host; 66 | proxy_set_header X-Real-IP $remote_addr; 67 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 68 | proxy_set_header X-Forwarded-Proto $scheme; 69 | 70 | # Fix the “It appears that your reverse proxy set up is broken" error. 71 | proxy_pass http://kibana:5601; 72 | proxy_read_timeout 90; 73 | 74 | proxy_redirect http://kibana:5601 http://$host; 75 | } 76 | 77 | } 78 | 79 | } 80 | -------------------------------------------------------------------------------- /kibana/assets/kibana.yml: -------------------------------------------------------------------------------- 1 | # Kibana is served by a back end server. This controls which port to use. 2 | port: 5601 3 | 4 | # The host to bind the server to. 5 | host: "0.0.0.0" 6 | 7 | # The Elasticsearch instance to use for all your queries. 8 | elasticsearch_url: "http://%NETWORK_HOST%:9200" 9 | 10 | # preserve_elasticsearch_host true will send the hostname specified in `elasticsearch`. If you set it to false, 11 | # then the host you use to connect to *this* Kibana instance will be sent. 12 | elasticsearch_preserve_host: true 13 | 14 | # Kibana uses an index in Elasticsearch to store saved searches, visualizations 15 | # and dashboards. It will create a new index if it doesn't already exist. 16 | kibana_index: ".kibana" 17 | 18 | # If your Elasticsearch is protected with basic auth, this is the user credentials 19 | # used by the Kibana server to perform maintence on the kibana_index at statup. Your Kibana 20 | # users will still need to authenticate with Elasticsearch (which is proxied thorugh 21 | # the Kibana server) 22 | # kibana_elasticsearch_username: user 23 | # kibana_elasticsearch_password: pass 24 | 25 | # If your Elasticsearch requires client certificate and key 26 | # kibana_elasticsearch_client_crt: /path/to/your/client.crt 27 | # kibana_elasticsearch_client_key: /path/to/your/client.key 28 | 29 | # If you need to provide a CA certificate for your Elasticsarech instance, put 30 | # the path of the pem file here. 31 | # ca: /path/to/your/CA.pem 32 | 33 | # The default application to load. 34 | default_app_id: "discover" 35 | 36 | # Time in milliseconds to wait for responses from the back end or elasticsearch. 37 | # This must be > 0 38 | request_timeout: 300000 39 | 40 | # Time in milliseconds for Elasticsearch to wait for responses from shards. 41 | # Set to 0 to disable. 42 | shard_timeout: 0 43 | 44 | # Set to false to have a complete disregard for the validity of the SSL 45 | # certificate. 46 | verify_ssl: true 47 | 48 | # SSL for outgoing requests from the Kibana Server (PEM formatted) 49 | # ssl_key_file: /path/to/your/server.key 50 | # ssl_cert_file: /path/to/your/server.crt 51 | 52 | # Set the path to where you would like the process id file to be created. 53 | # pid_file: /var/run/kibana.pid 54 | 55 | # Plugins that are included in the build, and no longer found in the plugins/ folder 56 | bundled_plugin_ids: 57 | - plugins/dashboard/index 58 | - plugins/discover/index 59 | - plugins/doc/index 60 | - plugins/kibana/index 61 | - plugins/markdown_vis/index 62 | - plugins/metric_vis/index 63 | - plugins/settings/index 64 | - plugins/table_vis/index 65 | - plugins/vis_types/index 66 | - plugins/visualize/index 67 | -------------------------------------------------------------------------------- /terraform/security_groups.tf: -------------------------------------------------------------------------------- 1 | // Create External ELB Security Group 2 | resource "aws_security_group" "elb_security_group" { 3 | name = "${var.environment_name}-${var.unique_id}external-elk-elb-${var.aws_region}" 4 | description = "Security Group for ${var.environment_name}-external-elb-${var.unique_id}elk" 5 | vpc_id = "${data.terraform_remote_state.vpc.vpc_id}" 6 | 7 | // allow traffic for TCP 80 8 | ingress { 9 | from_port = 80 10 | to_port = 80 11 | protocol = "tcp" 12 | cidr_blocks = ["0.0.0.0/0"] 13 | } 14 | 15 | // allow traffic for TCP 443 16 | ingress { 17 | from_port = 443 18 | to_port = 443 19 | protocol = "tcp" 20 | cidr_blocks = ["0.0.0.0/0"] 21 | } 22 | 23 | // allow all outbound traffic 24 | egress { 25 | from_port = 0 26 | to_port = 0 27 | protocol = "-1" 28 | cidr_blocks = ["0.0.0.0/0"] 29 | } 30 | 31 | tags { 32 | Environment = "${var.environment_name}" 33 | Name = "${var.environment_name}-${var.unique_id}external-elk-elb-${var.aws_region}" 34 | } 35 | } 36 | 37 | // Create ELK Security Group 38 | resource "aws_security_group" "security_group" { 39 | name = "${var.environment_name}-${var.unique_id}elk-sg-${var.aws_region}" 40 | description = "Security Group for ${var.environment_name}-${var.unique_id}elk" 41 | vpc_id = "${data.terraform_remote_state.vpc.vpc_id}" 42 | 43 | // allow traffic for TCP 22 44 | ingress { 45 | from_port = 22 46 | to_port = 22 47 | protocol = "tcp" 48 | self = true 49 | cidr_blocks = ["${data.terraform_remote_state.vpc.vpc_cidr_block}"] 50 | } 51 | 52 | // allow traffic for TCP 80 53 | ingress { 54 | from_port = 80 55 | to_port = 80 56 | protocol = "tcp" 57 | self = true 58 | cidr_blocks = ["${data.terraform_remote_state.vpc.vpc_cidr_block}"] 59 | } 60 | 61 | // allow traffic for TCP 443 62 | ingress { 63 | from_port = 443 64 | to_port = 443 65 | protocol = "tcp" 66 | self = true 67 | cidr_blocks = ["${data.terraform_remote_state.vpc.vpc_cidr_block}"] 68 | } 69 | 70 | // allow traffic for TCP 6379 71 | ingress { 72 | from_port = 6379 73 | to_port = 6379 74 | protocol = "tcp" 75 | self = true 76 | cidr_blocks = ["${data.terraform_remote_state.vpc.vpc_cidr_block}"] 77 | } 78 | 79 | // allow traffic for TCP 9200 80 | ingress { 81 | from_port = 9200 82 | to_port = 9200 83 | protocol = "tcp" 84 | self = true 85 | cidr_blocks = ["${data.terraform_remote_state.vpc.private_subnet_cidr_blocks}"] 86 | } 87 | 88 | // allow traffic for TCP 9300 89 | ingress { 90 | from_port = 9300 91 | to_port = 9300 92 | protocol = "tcp" 93 | self = true 94 | cidr_blocks = ["${data.terraform_remote_state.vpc.private_subnet_cidr_blocks}"] 95 | } 96 | 97 | // allow all outbound traffic 98 | egress { 99 | from_port = 0 100 | to_port = 0 101 | protocol = "-1" 102 | cidr_blocks = ["0.0.0.0/0"] 103 | } 104 | 105 | tags { 106 | Environment = "${var.environment_name}" 107 | Name = "${var.environment_name}-${var.unique_id}elk-sg-${var.aws_region}" 108 | } 109 | } 110 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "{}" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright {yyyy} {name of copyright owner} 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | 203 | -------------------------------------------------------------------------------- /terraform/graph.svg: -------------------------------------------------------------------------------- 1 | 2 | 4 | 6 | 7 | 9 | 10 | %3 11 | 12 | 13 | 14 | [root] aws_autoscaling_group.autoscaling_group 15 | 16 | aws_autoscaling_group.autoscaling_group 17 | 18 | 19 | 20 | [root] aws_elb.external_elb 21 | 22 | aws_elb.external_elb 23 | 24 | 25 | 26 | [root] aws_autoscaling_group.autoscaling_group->[root] aws_elb.external_elb 27 | 28 | 29 | 30 | 31 | 32 | [root] aws_launch_configuration.launch_configuration 33 | 34 | aws_launch_configuration.launch_configuration 35 | 36 | 37 | 38 | [root] aws_autoscaling_group.autoscaling_group->[root] aws_launch_configuration.launch_configuration 39 | 40 | 41 | 42 | 43 | 44 | [root] var.autoscaling_group_desired_capacity 45 | 46 | [root] var.autoscaling_group_desired_capacity 47 | 48 | 49 | 50 | [root] aws_autoscaling_group.autoscaling_group->[root] var.autoscaling_group_desired_capacity 51 | 52 | 53 | 54 | 55 | 56 | [root] var.autoscaling_group_max_size 57 | 58 | [root] var.autoscaling_group_max_size 59 | 60 | 61 | 62 | [root] aws_autoscaling_group.autoscaling_group->[root] var.autoscaling_group_max_size 63 | 64 | 65 | 66 | 67 | 68 | [root] var.autoscaling_group_min_size 69 | 70 | [root] var.autoscaling_group_min_size 71 | 72 | 73 | 74 | [root] aws_autoscaling_group.autoscaling_group->[root] var.autoscaling_group_min_size 75 | 76 | 77 | 78 | 79 | 80 | [root] aws_security_group.elb_security_group 81 | 82 | aws_security_group.elb_security_group 83 | 84 | 85 | 86 | [root] aws_elb.external_elb->[root] aws_security_group.elb_security_group 87 | 88 | 89 | 90 | 91 | 92 | [root] data.terraform_remote_state.account 93 | 94 | data.terraform_remote_state.account 95 | 96 | 97 | 98 | [root] aws_elb.external_elb->[root] data.terraform_remote_state.account 99 | 100 | 101 | 102 | 103 | 104 | [root] aws_iam_instance_profile.iam_instance_profile 105 | 106 | aws_iam_instance_profile.iam_instance_profile 107 | 108 | 109 | 110 | [root] aws_iam_role.iam_role 111 | 112 | aws_iam_role.iam_role 113 | 114 | 115 | 116 | [root] aws_iam_instance_profile.iam_instance_profile->[root] aws_iam_role.iam_role 117 | 118 | 119 | 120 | 121 | 122 | [root] provider.aws 123 | 124 | provider.aws 125 | 126 | 127 | 128 | [root] aws_iam_role.iam_role->[root] provider.aws 129 | 130 | 131 | 132 | 133 | 134 | [root] var.environment_name 135 | 136 | [root] var.environment_name 137 | 138 | 139 | 140 | [root] aws_iam_role.iam_role->[root] var.environment_name 141 | 142 | 143 | 144 | 145 | 146 | [root] var.unique_id 147 | 148 | [root] var.unique_id 149 | 150 | 151 | 152 | [root] aws_iam_role.iam_role->[root] var.unique_id 153 | 154 | 155 | 156 | 157 | 158 | [root] aws_iam_role_policy.ec2_iam_role_policy 159 | 160 | aws_iam_role_policy.ec2_iam_role_policy 161 | 162 | 163 | 164 | [root] aws_iam_role_policy.ec2_iam_role_policy->[root] aws_iam_role.iam_role 165 | 166 | 167 | 168 | 169 | 170 | [root] data.terraform_remote_state.vpc 171 | 172 | data.terraform_remote_state.vpc 173 | 174 | 175 | 176 | [root] aws_iam_role_policy.ec2_iam_role_policy->[root] data.terraform_remote_state.vpc 177 | 178 | 179 | 180 | 181 | 182 | [root] aws_launch_configuration.launch_configuration->[root] aws_iam_instance_profile.iam_instance_profile 183 | 184 | 185 | 186 | 187 | 188 | [root] data.template_file.user_data 189 | 190 | data.template_file.user_data 191 | 192 | 193 | 194 | [root] aws_launch_configuration.launch_configuration->[root] data.template_file.user_data 195 | 196 | 197 | 198 | 199 | 200 | [root] aws_launch_configuration.launch_configuration->[root] data.terraform_remote_state.account 201 | 202 | 203 | 204 | 205 | 206 | [root] var.image_id 207 | 208 | [root] var.image_id 209 | 210 | 211 | 212 | [root] aws_launch_configuration.launch_configuration->[root] var.image_id 213 | 214 | 215 | 216 | 217 | 218 | [root] var.launch_configuration_instance_type 219 | 220 | [root] var.launch_configuration_instance_type 221 | 222 | 223 | 224 | [root] aws_launch_configuration.launch_configuration->[root] var.launch_configuration_instance_type 225 | 226 | 227 | 228 | 229 | 230 | [root] aws_route53_record.external_elb_route53_record 231 | 232 | aws_route53_record.external_elb_route53_record 233 | 234 | 235 | 236 | [root] aws_route53_record.external_elb_route53_record->[root] aws_elb.external_elb 237 | 238 | 239 | 240 | 241 | 242 | [root] var.kibana_address 243 | 244 | [root] var.kibana_address 245 | 246 | 247 | 248 | [root] aws_route53_record.external_elb_route53_record->[root] var.kibana_address 249 | 250 | 251 | 252 | 253 | 254 | [root] aws_security_group.elb_security_group->[root] data.terraform_remote_state.vpc 255 | 256 | 257 | 258 | 259 | 260 | [root] aws_security_group.elb_security_group->[root] provider.aws 261 | 262 | 263 | 264 | 265 | 266 | [root] aws_security_group.elb_security_group->[root] var.environment_name 267 | 268 | 269 | 270 | 271 | 272 | [root] aws_security_group.elb_security_group->[root] var.unique_id 273 | 274 | 275 | 276 | 277 | 278 | [root] aws_security_group.security_group 279 | 280 | aws_security_group.security_group 281 | 282 | 283 | 284 | [root] aws_security_group.security_group->[root] data.terraform_remote_state.vpc 285 | 286 | 287 | 288 | 289 | 290 | [root] aws_security_group.security_group->[root] provider.aws 291 | 292 | 293 | 294 | 295 | 296 | [root] aws_security_group.security_group->[root] var.environment_name 297 | 298 | 299 | 300 | 301 | 302 | [root] aws_security_group.security_group->[root] var.unique_id 303 | 304 | 305 | 306 | 307 | 308 | [root] data.template_file.user_data->[root] aws_security_group.security_group 309 | 310 | 311 | 312 | 313 | 314 | [root] provider.template 315 | 316 | provider.template 317 | 318 | 319 | 320 | [root] data.template_file.user_data->[root] provider.template 321 | 322 | 323 | 324 | 325 | 326 | [root] var.discovery_zen_minimum_master_nodes 327 | 328 | [root] var.discovery_zen_minimum_master_nodes 329 | 330 | 331 | 332 | [root] data.template_file.user_data->[root] var.discovery_zen_minimum_master_nodes 333 | 334 | 335 | 336 | 337 | 338 | [root] var.elk_repository 339 | 340 | [root] var.elk_repository 341 | 342 | 343 | 344 | [root] data.template_file.user_data->[root] var.elk_repository 345 | 346 | 347 | 348 | 349 | 350 | [root] var.elk_repository_branch 351 | 352 | [root] var.elk_repository_branch 353 | 354 | 355 | 356 | [root] data.template_file.user_data->[root] var.elk_repository_branch 357 | 358 | 359 | 360 | 361 | 362 | [root] provider.terraform 363 | 364 | provider.terraform 365 | 366 | 367 | 368 | [root] data.terraform_remote_state.account->[root] provider.terraform 369 | 370 | 371 | 372 | 373 | 374 | [root] var.aws_account 375 | 376 | [root] var.aws_account 377 | 378 | 379 | 380 | [root] data.terraform_remote_state.account->[root] var.aws_account 381 | 382 | 383 | 384 | 385 | 386 | [root] data.terraform_remote_state.vpc->[root] provider.terraform 387 | 388 | 389 | 390 | 391 | 392 | [root] data.terraform_remote_state.vpc->[root] var.aws_account 393 | 394 | 395 | 396 | 397 | 398 | [root] var.aws_region 399 | 400 | [root] var.aws_region 401 | 402 | 403 | 404 | [root] data.terraform_remote_state.vpc->[root] var.aws_region 405 | 406 | 407 | 408 | 409 | 410 | [root] var.vpc_name 411 | 412 | [root] var.vpc_name 413 | 414 | 415 | 416 | [root] data.terraform_remote_state.vpc->[root] var.vpc_name 417 | 418 | 419 | 420 | 421 | 422 | [root] provider.aws->[root] var.aws_region 423 | 424 | 425 | 426 | 427 | 428 | [root] meta.count-boundary (count boundary fixup) 429 | 430 | [root] meta.count-boundary (count boundary fixup) 431 | 432 | 433 | 434 | [root] meta.count-boundary (count boundary fixup)->[root] aws_iam_role_policy.ec2_iam_role_policy 435 | 436 | 437 | 438 | 439 | 440 | [root] meta.count-boundary (count boundary fixup)->[root] aws_route53_record.external_elb_route53_record 441 | 442 | 443 | 444 | 445 | 446 | [root] output.autoscaling_group_id 447 | 448 | [root] output.autoscaling_group_id 449 | 450 | 451 | 452 | [root] meta.count-boundary (count boundary fixup)->[root] output.autoscaling_group_id 453 | 454 | 455 | 456 | 457 | 458 | [root] output.launch_configuration_id 459 | 460 | [root] output.launch_configuration_id 461 | 462 | 463 | 464 | [root] meta.count-boundary (count boundary fixup)->[root] output.launch_configuration_id 465 | 466 | 467 | 468 | 469 | 470 | [root] output.security_group_id 471 | 472 | [root] output.security_group_id 473 | 474 | 475 | 476 | [root] meta.count-boundary (count boundary fixup)->[root] output.security_group_id 477 | 478 | 479 | 480 | 481 | 482 | [root] var.apply_immediately 483 | 484 | [root] var.apply_immediately 485 | 486 | 487 | 488 | [root] meta.count-boundary (count boundary fixup)->[root] var.apply_immediately 489 | 490 | 491 | 492 | 493 | 494 | [root] var.node_type 495 | 496 | [root] var.node_type 497 | 498 | 499 | 500 | [root] meta.count-boundary (count boundary fixup)->[root] var.node_type 501 | 502 | 503 | 504 | 505 | 506 | [root] output.autoscaling_group_id->[root] aws_autoscaling_group.autoscaling_group 507 | 508 | 509 | 510 | 511 | 512 | [root] output.launch_configuration_id->[root] aws_launch_configuration.launch_configuration 513 | 514 | 515 | 516 | 517 | 518 | [root] output.security_group_id->[root] aws_security_group.security_group 519 | 520 | 521 | 522 | 523 | 524 | [root] provider.aws (close) 525 | 526 | [root] provider.aws (close) 527 | 528 | 529 | 530 | [root] provider.aws (close)->[root] aws_autoscaling_group.autoscaling_group 531 | 532 | 533 | 534 | 535 | 536 | [root] provider.aws (close)->[root] aws_iam_role_policy.ec2_iam_role_policy 537 | 538 | 539 | 540 | 541 | 542 | [root] provider.aws (close)->[root] aws_route53_record.external_elb_route53_record 543 | 544 | 545 | 546 | 547 | 548 | [root] provider.template (close) 549 | 550 | [root] provider.template (close) 551 | 552 | 553 | 554 | [root] provider.template (close)->[root] data.template_file.user_data 555 | 556 | 557 | 558 | 559 | 560 | [root] provider.terraform (close) 561 | 562 | [root] provider.terraform (close) 563 | 564 | 565 | 566 | [root] provider.terraform (close)->[root] data.terraform_remote_state.account 567 | 568 | 569 | 570 | 571 | 572 | [root] provider.terraform (close)->[root] data.terraform_remote_state.vpc 573 | 574 | 575 | 576 | 577 | 578 | [root] root 579 | 580 | [root] root 581 | 582 | 583 | 584 | [root] root->[root] meta.count-boundary (count boundary fixup) 585 | 586 | 587 | 588 | 589 | 590 | [root] root->[root] provider.aws (close) 591 | 592 | 593 | 594 | 595 | 596 | [root] root->[root] provider.template (close) 597 | 598 | 599 | 600 | 601 | 602 | [root] root->[root] provider.terraform (close) 603 | 604 | 605 | 606 | 607 | 608 | --------------------------------------------------------------------------------