@aws-solutions-constructs/aws-dynamodb-stream-lambda-elasticsearch-kibana

aws-dynamodb-stream-lambda-elasticsearch-kibana module

---

Some of our early constructs don’t meet the naming standards that evolved for the library. We are releasing completely feature compatible versions with corrected names. The underlying implementation code is the same regardless of whether you deploy the construct using the old or new name. We will support both names for all 1.x releases, but in 2.x we will only publish the correctly named constructs. This construct is being replaced by the functionally identical aws-dynamodbstreams-lambda-elasticsearch-kibana.

---

Reference Documentation:	https://docs.aws.amazon.com/solutions/latest/constructs/

Language	Package
Python	aws_solutions_constructs.aws_dynamodb_stream_elasticsearch_kibana
Typescript	@aws-solutions-constructs/aws-dynamodb-stream-lambda-elasticsearch-kibana
Java	software.amazon.awsconstructs.services.dynamodbstreamlambdaelasticsearchkibana

This AWS Solutions Construct implements Amazon DynamoDB table with stream, AWS Lambda function and Amazon Elasticsearch Service with the least privileged permissions.

Here is a minimal deployable pattern definition in Typescript:

import { DynamoDBStreamToLambdaToElasticSearchAndKibana, DynamoDBStreamToLambdaToElasticSearchAndKibanaProps } from '@aws-solutions-constructs/aws-dynamodb-stream-lambda-elasticsearch-kibana';
import { Aws } from "@aws-cdk/core";

const props: DynamoDBStreamToLambdaToElasticSearchAndKibanaProps = {
  lambdaFunctionProps: {
      code: lambda.Code.fromAsset(`${__dirname}/lambda`),
      runtime: lambda.Runtime.NODEJS_14_X,
      handler: 'index.handler'
  },
  domainName: 'test-domain',
  // TODO: Ensure the Cognito domain name is globally unique
  cognitoDomainName: 'globallyuniquedomain' + Aws.ACCOUNT_ID;
};

new DynamoDBStreamToLambdaToElasticSearchAndKibana(this, 'test-dynamodb-stream-lambda-elasticsearch-kibana', props);

Initializer

new DynamoDBStreamToLambdaToElasticSearchAndKibana(scope: Construct, id: string, props: DynamoDBStreamToLambdaToElasticSearchAndKibanaProps);

Parameters

• scope Construct
• id string
• props DynamoDBStreamToLambdaToElasticSearchAndKibanaProps

Pattern Construct Props

Name	Type	Description
existingLambdaObj?	lambda.Function	Existing instance of Lambda Function object, providing both this and lambdaFunctionProps will cause an error.
lambdaFunctionProps?	lambda.FunctionProps	User provided props to override the default props for the Lambda function.
dynamoTableProps?	dynamodb.TableProps	Optional user provided props to override the default props for DynamoDB Table
existingTableInterface?	dynamodb.ITable	Existing instance of DynamoDB table object or interface, providing both this and dynamoTableProps will cause an error.
dynamoEventSourceProps?	aws-lambda-event-sources.DynamoEventSourceProps	Optional user provided props to override the default props for DynamoDB Event Source
esDomainProps?	elasticsearch.CfnDomainProps	Optional user provided props to override the default props for the Elasticsearch Service
domainName	string	Domain name for the Cognito and the Elasticsearch Service
createCloudWatchAlarms	boolean	Whether to create recommended CloudWatch alarms

Pattern Properties

Name	Type	Description
dynamoTableInterface	dynamodb.ITable	Returns an instance of dynamodb.ITable created by the construct
dynamoTable?	dynamodb.Table	Returns an instance of dynamodb.Table created by the construct. IMPORTANT: If existingTableInterface was provided in Pattern Construct Props, this property will be undefined
lambdaFunction	lambda.Function	Returns an instance of lambda.Function created by the construct
userPool	cognito.UserPool	Returns an instance of cognito.UserPool created by the construct
userPoolClient	cognito.UserPoolClient	Returns an instance of cognito.UserPoolClient created by the construct
identityPool	cognito.CfnIdentityPool	Returns an instance of cognito.CfnIdentityPool created by the construct
elasticsearchDomain	elasticsearch.CfnDomain	Returns an instance of elasticsearch.CfnDomain created by the construct
elasticsearchDomain	iam.Role	Returns an instance of iam.Role created by the construct for elasticsearch.CfnDomain
cloudwatchAlarms?	cloudwatch.Alarm[]	Returns a list of cloudwatch.Alarm created by the construct

Lambda Function

This pattern requires a lambda function that can post data into the Elasticsearch from DynamoDB stream. A sample function is provided here.

Default settings

Out of the box implementation of the Construct without any override will set the following defaults:

Amazon DynamoDB Table

• Set the billing mode for DynamoDB Table to On-Demand (Pay per request)
• Enable server-side encryption for DynamoDB Table using AWS managed KMS Key
• Creates a partition key called 'id' for DynamoDB Table
• Retain the Table when deleting the CloudFormation stack
• Enable continuous backups and point-in-time recovery

AWS Lambda Function

• Configure limited privilege access IAM role for Lambda function
• Enable reusing connections with Keep-Alive for NodeJs Lambda function
• Enable X-Ray Tracing
• Enable Failure-Handling features like enable bisect on function Error, set defaults for Maximum Record Age (24 hours) & Maximum Retry Attempts (500) and deploy SQS dead-letter queue as destination on failure
• Set Environment Variables
  • AWS_NODEJS_CONNECTION_REUSE_ENABLED (for Node 10.x and higher functions)

Amazon Cognito

• Set password policy for User Pools
• Enforce the advanced security mode for User Pools

Amazon Elasticsearch Service

• Deploy best practices CloudWatch Alarms for the Elasticsearch Domain
• Secure the Kibana dashboard access with Cognito User Pools
• Enable server-side encryption for Elasticsearch Domain using AWS managed KMS Key
• Enable node-to-node encryption for Elasticsearch Domain
• Configure the cluster for the Amazon ES domain

Architecture

---

© Copyright 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.