Manage OpenSearch REST resources from AWS CDK.
Project description
Custom Resources Library for Amazon OpenSearch Service
An AWS CDK construct library to manage OpenSearch resources via CloudFormation custom resource. This is especially useful if you use fine-grained access control feature on OpenSearch, where you have to create resources such as role or role mapping via OpenSearch REST API.
Currently supported resources
You can manage any other REST resources via our low level API (ResourceBase class).
Usage
Instal it via npm:
npm install opensearch-rest-resources
Then you can create OpenSearch resources using Domain construct.
import { IVpc } from 'aws-cdk-lib/aws-ec2';
import { IRole } from 'aws-cdk-lib/aws-iam';
import { Domain } from 'aws-cdk-lib/aws-opensearchservice';
import { OpenSearchRole, OpenSearchRoleMapping } from 'opensearch-rest-resources';
declare const vpc: IVpc;
declare const backendRole: IRole;
declare const domain: Domain;
const role = new OpenSearchRole(this, 'Role1', {
vpc,
domain,
roleName: 'Role1',
payload: {
clusterPermissions: ['indices:data/write/bulk'],
indexPermissions: [
{
indexPatterns: ['*'],
allowedActions: ['read', 'write', 'index', 'create_index'],
},
],
}
});
const roleMapping = new OpenSearchRoleMapping(this, 'RoleMapping1', {
vpc,
domain,
roleName: 'Role1',
payload: {
backendRoles: [backendRole.roleArn],
},
removalPolicy: RemovalPolicy.RETAIN,
});
roleMapping.node.addDependency(role);
Limitation
Currently this library assumes your OpenSearch domain is configured as:
- Fine-grained access control is enabled
- Deployed within a VPC
- Use the
DomainL2 construct - The credential for the master user (username and password) is stored in Secret Manager
- Domain access policy is permissive enough like below:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "es:ESHttp*",
"Resource": "domain-arn/*"
}
]
}
Most of the above follow the current operational best practices of Amazon OpenSearch Service. If you want other configuration supported, please submit an issue.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file opensearch-rest-resources-0.0.7.tar.gz.
File metadata
- Download URL: opensearch-rest-resources-0.0.7.tar.gz
- Upload date:
- Size: 97.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.0.0 CPython/3.12.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
67bd630b939fc18f339666001dfaf857da87e1e16ef195619d02cee6dad6d07b
|
|
| MD5 |
4d2d52d003fb18c7d3af1a1786faff79
|
|
| BLAKE2b-256 |
cb30d4904e0e56d9d6c96627d4671784eaca6639b4f9e1a0667d5b2485797120
|
File details
Details for the file opensearch_rest_resources-0.0.7-py3-none-any.whl.
File metadata
- Download URL: opensearch_rest_resources-0.0.7-py3-none-any.whl
- Upload date:
- Size: 96.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.0.0 CPython/3.12.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
e3dba3628a53ede93dda3a20ae808e3147796822fe2ab8a5bb4997c8562c3350
|
|
| MD5 |
f3f934def1c9e2b438c260f670adbb23
|
|
| BLAKE2b-256 |
d504bdcc77926b5b78e95cc514ccaad4190c0dcf5043a58c351e59a78dde973a
|
