@aws-cdk/aws-elasticsearch
Advanced tools
Changelog
1.67.0 (2020-10-07)
monocdk. Note that monocdk is still experimental.. in the name (#10441) (063798b), closes #10109addExecuteFileCommand arguments cannot be omitted (#10692) (7178374), closes #10687InitCommand.shellCommand() renders an argv command instead (#10691) (de9d2f7), closes #10684Readme
| Features | Stability |
|---|---|
| CFN Resources |  |
| Higher level constructs for Domain |  |
CFN Resources: All classes with the
Cfnprefix in this module (CFN Resources) are always stable and safe to use.
Experimental: Higher level constructs in this module that are marked as experimental are under active development. They are subject to non-backward compatible changes or removal in any future version. These are not subject to the Semantic Versioning model and breaking changes will be announced in the release notes. This means that while you may use them, you may need to update your source code when upgrading to a newer version of this package.
Create a development cluster by simply specifying the version:
import * as es from '@aws-cdk/aws-elasticsearch';
const devDomain = new es.Domain(this, 'Domain', {
version: es.ElasticsearchVersion.V7_1,
});
Create a production grade cluster by also specifying things like capacity and az distribution
const prodDomain = new es.Domain(this, 'Domain', {
version: es.ElasticsearchVersion.V7_1,
capacity: {
masterNodes: 5,
dataNodes: 20
},
ebs: {
volumeSize: 20
},
zoneAwareness: {
availabilityZoneCount: 3
},
logging: {
slowSearchLogEnabled: true,
appLogEnabled: true,
slowIndexLogEnabled: true,
},
});
This creates an Elasticsearch cluster and automatically sets up log groups for logging the domain logs and slow search logs.
To import an existing domain into your CDK application, use the Domain.fromDomainEndpoint factory method.
This method accepts a domain endpoint of an already existing domain:
const domainEndpoint = 'https://my-domain-jcjotrt6f7otem4sqcwbch3c4u.us-east-1.es.amazonaws.com';
const domain = Domain.fromDomainEndpoint(this, 'ImportedDomain', domainEndpoint);
Helper methods also exist for managing access to the domain.
const lambda = new lambda.Function(this, 'Lambda', { /* ... */ });
// Grant write access to the app-search index
domain.grantIndexWrite('app-search', lambda);
// Grant read access to the 'app-search/_search' path
domain.grantPathRead('app-search/_search', lambda);
The domain can also be created with encryption enabled:
const domain = new es.Domain(this, 'Domain', {
version: es.ElasticsearchVersion.V7_4,
ebs: {
volumeSize: 100,
volumeType: EbsDeviceVolumeType.GENERAL_PURPOSE_SSD,
},
nodeToNodeEncryption: true,
encryptionAtRest: {
enabled: true,
},
});
This sets up the domain with node to node encryption and encryption at rest. You can also choose to supply your own KMS key to use for encryption at rest.
Helper methods exist to access common domain metrics for example:
const freeStorageSpace = domain.metricFreeStorageSpace();
const masterSysMemoryUtilization = domain.metric('MasterSysMemoryUtilization');
This module is part of the AWS Cloud Development Kit project.
The domain can also be created with a master user configured. The password can be supplied or dynamically created if not supplied.
const domain = new es.Domain(this, 'Domain', {
version: es.ElasticsearchVersion.V7_1,
enforceHttps: true,
nodeToNodeEncryption: true,
encryptionAtRest: {
enabled: true,
},
fineGrainedAccessControl: {
masterUserName: 'master-user',
},
});
const masterUserPassword = domain.masterUserPassword;
For convenience, the domain can be configured to allow unsigned HTTP requests that use basic auth. Unless the domain is configured to be part of a VPC this means anyone can access the domain using the configured master username and password.
To enable unsigned basic auth access the domain is configured with an access policy that allows anyonmous requests, HTTPS required, node to node encryption, encryption at rest and fine grained access control.
If the above settings are not set they will be configured as part of enabling unsigned basic auth. If they are set with conflicting values, an error will be thrown.
If no master user is configured a default master user is created with the
username admin.
If no password is configured a default master user password is created and
stored in the AWS Secrets Manager as secret. The secret has the prefix
<domain id>MasterUser.
const domain = new es.Domain(this, 'Domain', {
version: es.ElasticsearchVersion.V7_1,
useUnsignedBasicAuth: true,
});
const masterUserPassword = domain.masterUserPassword;
FAQs
The CDK Construct Library for AWS::Elasticsearch
The npm package @aws-cdk/aws-elasticsearch receives a total of 21,646 weekly downloads. As such, @aws-cdk/aws-elasticsearch popularity was classified as popular.
We found that @aws-cdk/aws-elasticsearch demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.
Security News
Polyfill.io has been serving malware for months via its CDN, after the project's open source maintainer sold the service to a company based in China.
Security News
OpenSSF is warning open source maintainers to stay vigilant against reputation farming on GitHub, where users artificially inflate their status by manipulating interactions on closed issues and PRs.