0.10.0 • Published 10 months ago

@project-lakechain/opensearch-domain v0.10.0

Weekly downloads
-
License
Apache-2.0
Repository
github
Last release
10 months ago

:package: OpenSearch Domain

Static Badge Static Badge

Overview

The OpenSearch Domain construct is an internal construct helper part of Project Lakechain and is mainly used for example purposes. It allows to easily create an OpenSearch Domain in a VPC with Cognito integration for authenticating users to the OpenSearch dashboard.

Usage

You can instantiate the construct in your CDK stack by specifying the VPC in which the domain should be created. This will create a new OpenSearch domain, a new Cognito user pool, a new security group for controlling access to the domain, and a new Cognito identity pool allowing users to authenticate with the domain's dashboard interface.

import { OpenSearchDomain } from '@project-lakechain/opensearch-domain';

export class Stack extends cdk.Stack {
  constructor(scope: Construct, id: string) {
    const openSearch = new OpenSearchDomain(this, 'Domain', {
      vpc: reference_your_vpc
    });
  }
}

Overriding domain parameters

You can provide your own domain parameters by partially specifying them in the opts property of the construct. For example, to customize the instance type for your domain, you can do the following :

You can override any property of the domain using the opts property.

import { OpenSearchDomain } from '@project-lakechain/opensearch-domain';

export class Stack extends cdk.Stack {
  constructor(scope: Construct, id: string) {
    const openSearch = new OpenSearchDomain(this, 'Domain', {
      vpc,
      opts: {
        capacity: {
          dataNodeInstanceType: 't3.small.elasticsearch'
        }
      }
    });
  }
}

Using an existing Cognito User Pool

If you already created a Cognito User Pool in your CDK stack that you would like this construct to use as an authenticating mechanism, you can simply pass your cognito.UserPool instance to the construct through its existingUserPool property :

import { OpenSearchDomain } from '@project-lakechain/opensearch-domain';

export class Stack extends cdk.Stack {
  constructor(scope: Construct, id: string) {
    const userPool = new cognito.UserPool(this, 'UserPool', {
      // ...
    });

    const openSearch = new OpenSearchDomain(this, 'Domain', {
      vpc,
      existingUserPool: userPool
    });
  }
}

Construct properties

When you create the OpenSearchDomain construct, it exposes the following properties that you can use in your code :

PropertyTypeDescription
domainopensearch.DomainThe OpenSearch Domain created by the construct.
userPoolcognito.UserPoolThe Cognito User Pool created by the construct.
securityGroupec2.SecurityGroupThe Security Group created by the construct for controlling access to the domain.

Access Policies

This construct will create 2 access policies for the OpenSearch domain :

  • A policy allowing es:ESHttpGet and es:ESHttpPost access to the domain from any IAM principal in the current account that has access to the VPC in which the domain is deployed. This allows to decouple the identity-based access control from the resource-based access control on the domain. Note that other IAM principals (such as an AWS Lambda IAM role) will still need to have the required identity-based permissions control to access the domain.
  • A policy allowing the Cognito authenticated role full access to the domain, allowing users to manage the domain through the OpenSearch dashboard.
awscdkopensearchcognito
0.10.0

10 months ago

0.9.0

10 months ago

0.8.0

11 months ago

0.7.0

1 year ago

0.5.0

1 year ago

0.4.0

1 year ago

0.3.4

1 year ago