cdk-aws-opensearch-api
Advanced tools
AWS CDK constructs for managing OpenSearch API resources.
This module can be useful when you need to manage the resources inside an OpenSearch cluster, for example creating Roles and Role Mappings for fine grained access control.
Prereqs:
{"username":"x","password":y"}import { Role } from "cdk-aws-opensearch-api";
// in your Stack/Construct
new Role(this, "MyRole", {
domain: yourOpenSearchDomain,
roleName: "roleName",
masterUserPasswordSecret: theMasterUserCredentialsInSecretsManager,
// this definition is what you'd PUT to the OpenSearch API:
// https://opensearch.org/docs/latest/security-plugin/access-control/api/#create-role
roleDefinition: {
cluster_permissions: ["indices:data/write/*"],
index_permissions: [{
index_patterns: ["*"],
allowed_actions: ["crud"],
}],
},
});
If you have access to a Role already, then you can call the addRoleMapping function to change the Role Mapping for
that role:
import { Role } from "cdk-aws-opensearch-api";
const myRole = new Role(/* ... */);
myRole.addRoleMapping({
// this definition is what you'd PUT to the OpenSearch API:
// https://opensearch.org/docs/latest/security-plugin/access-control/api/#create-role-mapping
backend_roles: ["starfleet", "captains", "defectors", "cn=ldaprole,ou=groups,dc=example,dc=com"],
hosts: ["*.starfleetintranet.com"],
users: ["worf"]
});
Otherwise, you can create a Role Mapping independently:
import { RoleMapping } from "cdk-aws-opensearch-api";
// in your Stack/Construct
new RoleMapping(this, "MyRoleMapping", {
domain: yourOpenSearchDomain,
roleName: "roleName",
masterUserPasswordSecret: theMasterUserCredentialsInSecretsManager,
// this definition is what you'd PUT to the OpenSearch API:
// https://opensearch.org/docs/latest/security-plugin/access-control/api/#create-role-mapping
roleDefinition: {
backend_roles: ["starfleet", "captains", "defectors", "cn=ldaprole,ou=groups,dc=example,dc=com"],
hosts: ["*.starfleetintranet.com"],
users: ["worf"]
},
});
There's also a low-level fallback resource called ApiResource which you can use to manage other API resources that
don't have a construct yet. Use at your own risk.
FAQs
AWS CDK constructs for managing OpenSearch API resources.
The npm package cdk-aws-opensearch-api receives a total of 2 weekly downloads. As such, cdk-aws-opensearch-api popularity was classified as not popular.
We found that cdk-aws-opensearch-api demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
pnpm 11.5 now recognizes npm staged publish approvals in release metadata, preventing those releases from being mistaken for lower-trust package publishes.
Security News
Federal audit finds NIST lacked a plan to clear the NVD backlog, wasted funds on duplicate work, and delayed use of CISA data.
Research
/Security News
A mini Shai-Hulud campaign compromised Red Hat Cloud Services npm packages to steal developer and CI/CD secrets during installation.