gistfile1.txt

resource "aws_iam_role" "opensearch_role" {
  name               = "opensearch-access-role"
  assume_role_policy = jsonencode({
    Version = "2012-10-17"
    Statement = [
      {
        Effect = "Allow"
        Principal = {
          Service = "es.amazonaws.com"
        }
        Action = "sts:AssumeRole"
      }
    ]
  })
}

resource "aws_iam_role_policy_attachment" "opensearch_policy" {
  role       = aws_iam_role.opensearch_role.name
  policy_arn = "arn:aws:iam::aws:policy/AmazonOpenSearchServiceFullAccess"
}

resource "null_resource" "wait_for_role_propagation" {
  depends_on = [
    aws_iam_role_policy_attachment.opensearch_policy
  ]

  provisioner "local-exec" {
    command = <<EOT
    until aws iam get-role --role-name ${aws_iam_role.opensearch_role.name} --query 'Role.RoleName' --output text; do
      echo "Waiting for IAM role to propagate..."
      sleep 5
    done
    EOT
  }
}

resource "null_resource" "create_opensearch_collections" {
  depends_on = [
    null_resource.wait_for_role_propagation
  ]

  provisioner "local-exec" {
    command = <<EOT
    aws opensearchserverless create-collection --name my-collection --type SEARCH --region us-east-1
    EOT
  }
}