tessl/npm-pulumi--aws
A Pulumi package for creating and managing Amazon Web Services (AWS) cloud resources with infrastructure-as-code.
—
Pending
Quality
Pending
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
opensearch.mddocs/services/
Amazon OpenSearch Service
Amazon OpenSearch Service (successor to Elasticsearch Service) is a managed service for search and analytics.
Package
import * as aws from "@pulumi/aws";
import * as opensearch from "@pulumi/aws/opensearch";Key Resources
Domain
OpenSearch cluster.
const domain = new aws.opensearch.Domain("search", {
domainName: "my-search-domain",
engineVersion: "OpenSearch_2.11",
clusterConfig: {
instanceType: "t3.small.search",
instanceCount: 2,
zoneAwarenessEnabled: true,
zoneAwarenessConfig: {
availabilityZoneCount: 2,
},
},
ebsOptions: {
ebsEnabled: true,
volumeSize: 20,
volumeType: "gp3",
},
encryptAtRest: {
enabled: true,
kmsKeyId: kmsKey.id,
},
nodeToNodeEncryption: {
enabled: true,
},
domainEndpointOptions: {
enforceHttps: true,
tlsSecurityPolicy: "Policy-Min-TLS-1-2-2019-07",
},
advancedSecurityOptions: {
enabled: true,
internalUserDatabaseEnabled: true,
masterUserOptions: {
masterUserName: "admin",
masterUserPassword: adminPassword,
},
},
tags: {
Environment: "production",
},
});Domain Policy
Access policy for the domain.
const domainPolicy = new aws.opensearch.DomainPolicy("policy", {
domainName: domain.domainName,
accessPolicies: pulumi.all([domain.arn]).apply(([arn]) =>
JSON.stringify({
Version: "2012-10-17",
Statement: [{
Effect: "Allow",
Principal: {
AWS: `arn:aws:iam::${accountId}:root`,
},
Action: "es:*",
Resource: `${arn}/*`,
}],
})
),
});Common Patterns
VPC-Based Domain
const vpcDomain = new aws.opensearch.Domain("vpc-search", {
domainName: "vpc-search-domain",
engineVersion: "OpenSearch_2.11",
clusterConfig: {
instanceType: "r6g.large.search",
instanceCount: 3,
},
vpcOptions: {
subnetIds: subnetIds,
securityGroupIds: [securityGroup.id],
},
});Production Cluster
const prodDomain = new aws.opensearch.Domain("production", {
domainName: "prod-search",
engineVersion: "OpenSearch_2.11",
clusterConfig: {
instanceType: "r6g.2xlarge.search",
instanceCount: 6,
dedicatedMasterEnabled: true,
dedicatedMasterType: "r6g.large.search",
dedicatedMasterCount: 3,
zoneAwarenessEnabled: true,
zoneAwarenessConfig: {
availabilityZoneCount: 3,
},
},
ebsOptions: {
ebsEnabled: true,
volumeSize: 100,
volumeType: "gp3",
iops: 3000,
throughput: 125,
},
});Use Cases
- Full-Text Search: Search application content
- Log Analytics: Analyze application and infrastructure logs
- Real-Time Monitoring: Dashboard and visualization
- Security Analytics: SIEM and threat detection
Related Services
- CloudWatch - Send logs to OpenSearch
- Kinesis - Stream data to OpenSearch
- Lambda - Process and index data
Install with Tessl CLI
npx tessl i tessl/npm-pulumi--aws