@aws-solutions-constructs/aws-lambda-opensearch 2.26.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,1431 @@
1
+ {
2
+ "Resources": {
3
+ "Vpc8378EB38": {
4
+ "Type": "AWS::EC2::VPC",
5
+ "Properties": {
6
+ "CidrBlock": "172.168.0.0/16",
7
+ "EnableDnsHostnames": true,
8
+ "EnableDnsSupport": true,
9
+ "InstanceTenancy": "default",
10
+ "Tags": [
11
+ {
12
+ "Key": "Name",
13
+ "Value": "existing-vpc/Vpc"
14
+ }
15
+ ]
16
+ }
17
+ },
18
+ "VpcPublicSubnet1Subnet5C2D37C4": {
19
+ "Type": "AWS::EC2::Subnet",
20
+ "Properties": {
21
+ "VpcId": {
22
+ "Ref": "Vpc8378EB38"
23
+ },
24
+ "AvailabilityZone": "test-region-1a",
25
+ "CidrBlock": "172.168.0.0/19",
26
+ "MapPublicIpOnLaunch": true,
27
+ "Tags": [
28
+ {
29
+ "Key": "aws-cdk:subnet-name",
30
+ "Value": "Public"
31
+ },
32
+ {
33
+ "Key": "aws-cdk:subnet-type",
34
+ "Value": "Public"
35
+ },
36
+ {
37
+ "Key": "Name",
38
+ "Value": "existing-vpc/Vpc/PublicSubnet1"
39
+ }
40
+ ]
41
+ },
42
+ "Metadata": {
43
+ "cfn_nag": {
44
+ "rules_to_suppress": [
45
+ {
46
+ "id": "W33",
47
+ "reason": "Allow Public Subnets to have MapPublicIpOnLaunch set to true"
48
+ }
49
+ ]
50
+ }
51
+ }
52
+ },
53
+ "VpcPublicSubnet1RouteTable6C95E38E": {
54
+ "Type": "AWS::EC2::RouteTable",
55
+ "Properties": {
56
+ "VpcId": {
57
+ "Ref": "Vpc8378EB38"
58
+ },
59
+ "Tags": [
60
+ {
61
+ "Key": "Name",
62
+ "Value": "existing-vpc/Vpc/PublicSubnet1"
63
+ }
64
+ ]
65
+ }
66
+ },
67
+ "VpcPublicSubnet1RouteTableAssociation97140677": {
68
+ "Type": "AWS::EC2::SubnetRouteTableAssociation",
69
+ "Properties": {
70
+ "RouteTableId": {
71
+ "Ref": "VpcPublicSubnet1RouteTable6C95E38E"
72
+ },
73
+ "SubnetId": {
74
+ "Ref": "VpcPublicSubnet1Subnet5C2D37C4"
75
+ }
76
+ }
77
+ },
78
+ "VpcPublicSubnet1DefaultRoute3DA9E72A": {
79
+ "Type": "AWS::EC2::Route",
80
+ "Properties": {
81
+ "RouteTableId": {
82
+ "Ref": "VpcPublicSubnet1RouteTable6C95E38E"
83
+ },
84
+ "DestinationCidrBlock": "0.0.0.0/0",
85
+ "GatewayId": {
86
+ "Ref": "VpcIGWD7BA715C"
87
+ }
88
+ },
89
+ "DependsOn": [
90
+ "VpcVPCGWBF912B6E"
91
+ ]
92
+ },
93
+ "VpcPublicSubnet1EIPD7E02669": {
94
+ "Type": "AWS::EC2::EIP",
95
+ "Properties": {
96
+ "Domain": "vpc",
97
+ "Tags": [
98
+ {
99
+ "Key": "Name",
100
+ "Value": "existing-vpc/Vpc/PublicSubnet1"
101
+ }
102
+ ]
103
+ }
104
+ },
105
+ "VpcPublicSubnet1NATGateway4D7517AA": {
106
+ "Type": "AWS::EC2::NatGateway",
107
+ "Properties": {
108
+ "SubnetId": {
109
+ "Ref": "VpcPublicSubnet1Subnet5C2D37C4"
110
+ },
111
+ "AllocationId": {
112
+ "Fn::GetAtt": [
113
+ "VpcPublicSubnet1EIPD7E02669",
114
+ "AllocationId"
115
+ ]
116
+ },
117
+ "Tags": [
118
+ {
119
+ "Key": "Name",
120
+ "Value": "existing-vpc/Vpc/PublicSubnet1"
121
+ }
122
+ ]
123
+ },
124
+ "DependsOn": [
125
+ "VpcPublicSubnet1DefaultRoute3DA9E72A",
126
+ "VpcPublicSubnet1RouteTableAssociation97140677"
127
+ ]
128
+ },
129
+ "VpcPublicSubnet2Subnet691E08A3": {
130
+ "Type": "AWS::EC2::Subnet",
131
+ "Properties": {
132
+ "VpcId": {
133
+ "Ref": "Vpc8378EB38"
134
+ },
135
+ "AvailabilityZone": "test-region-1b",
136
+ "CidrBlock": "172.168.32.0/19",
137
+ "MapPublicIpOnLaunch": true,
138
+ "Tags": [
139
+ {
140
+ "Key": "aws-cdk:subnet-name",
141
+ "Value": "Public"
142
+ },
143
+ {
144
+ "Key": "aws-cdk:subnet-type",
145
+ "Value": "Public"
146
+ },
147
+ {
148
+ "Key": "Name",
149
+ "Value": "existing-vpc/Vpc/PublicSubnet2"
150
+ }
151
+ ]
152
+ },
153
+ "Metadata": {
154
+ "cfn_nag": {
155
+ "rules_to_suppress": [
156
+ {
157
+ "id": "W33",
158
+ "reason": "Allow Public Subnets to have MapPublicIpOnLaunch set to true"
159
+ }
160
+ ]
161
+ }
162
+ }
163
+ },
164
+ "VpcPublicSubnet2RouteTable94F7E489": {
165
+ "Type": "AWS::EC2::RouteTable",
166
+ "Properties": {
167
+ "VpcId": {
168
+ "Ref": "Vpc8378EB38"
169
+ },
170
+ "Tags": [
171
+ {
172
+ "Key": "Name",
173
+ "Value": "existing-vpc/Vpc/PublicSubnet2"
174
+ }
175
+ ]
176
+ }
177
+ },
178
+ "VpcPublicSubnet2RouteTableAssociationDD5762D8": {
179
+ "Type": "AWS::EC2::SubnetRouteTableAssociation",
180
+ "Properties": {
181
+ "RouteTableId": {
182
+ "Ref": "VpcPublicSubnet2RouteTable94F7E489"
183
+ },
184
+ "SubnetId": {
185
+ "Ref": "VpcPublicSubnet2Subnet691E08A3"
186
+ }
187
+ }
188
+ },
189
+ "VpcPublicSubnet2DefaultRoute97F91067": {
190
+ "Type": "AWS::EC2::Route",
191
+ "Properties": {
192
+ "RouteTableId": {
193
+ "Ref": "VpcPublicSubnet2RouteTable94F7E489"
194
+ },
195
+ "DestinationCidrBlock": "0.0.0.0/0",
196
+ "GatewayId": {
197
+ "Ref": "VpcIGWD7BA715C"
198
+ }
199
+ },
200
+ "DependsOn": [
201
+ "VpcVPCGWBF912B6E"
202
+ ]
203
+ },
204
+ "VpcPublicSubnet2EIP3C605A87": {
205
+ "Type": "AWS::EC2::EIP",
206
+ "Properties": {
207
+ "Domain": "vpc",
208
+ "Tags": [
209
+ {
210
+ "Key": "Name",
211
+ "Value": "existing-vpc/Vpc/PublicSubnet2"
212
+ }
213
+ ]
214
+ }
215
+ },
216
+ "VpcPublicSubnet2NATGateway9182C01D": {
217
+ "Type": "AWS::EC2::NatGateway",
218
+ "Properties": {
219
+ "SubnetId": {
220
+ "Ref": "VpcPublicSubnet2Subnet691E08A3"
221
+ },
222
+ "AllocationId": {
223
+ "Fn::GetAtt": [
224
+ "VpcPublicSubnet2EIP3C605A87",
225
+ "AllocationId"
226
+ ]
227
+ },
228
+ "Tags": [
229
+ {
230
+ "Key": "Name",
231
+ "Value": "existing-vpc/Vpc/PublicSubnet2"
232
+ }
233
+ ]
234
+ },
235
+ "DependsOn": [
236
+ "VpcPublicSubnet2DefaultRoute97F91067",
237
+ "VpcPublicSubnet2RouteTableAssociationDD5762D8"
238
+ ]
239
+ },
240
+ "VpcPublicSubnet3SubnetBE12F0B6": {
241
+ "Type": "AWS::EC2::Subnet",
242
+ "Properties": {
243
+ "VpcId": {
244
+ "Ref": "Vpc8378EB38"
245
+ },
246
+ "AvailabilityZone": "test-region-1c",
247
+ "CidrBlock": "172.168.64.0/19",
248
+ "MapPublicIpOnLaunch": true,
249
+ "Tags": [
250
+ {
251
+ "Key": "aws-cdk:subnet-name",
252
+ "Value": "Public"
253
+ },
254
+ {
255
+ "Key": "aws-cdk:subnet-type",
256
+ "Value": "Public"
257
+ },
258
+ {
259
+ "Key": "Name",
260
+ "Value": "existing-vpc/Vpc/PublicSubnet3"
261
+ }
262
+ ]
263
+ },
264
+ "Metadata": {
265
+ "cfn_nag": {
266
+ "rules_to_suppress": [
267
+ {
268
+ "id": "W33",
269
+ "reason": "Allow Public Subnets to have MapPublicIpOnLaunch set to true"
270
+ }
271
+ ]
272
+ }
273
+ }
274
+ },
275
+ "VpcPublicSubnet3RouteTable93458DBB": {
276
+ "Type": "AWS::EC2::RouteTable",
277
+ "Properties": {
278
+ "VpcId": {
279
+ "Ref": "Vpc8378EB38"
280
+ },
281
+ "Tags": [
282
+ {
283
+ "Key": "Name",
284
+ "Value": "existing-vpc/Vpc/PublicSubnet3"
285
+ }
286
+ ]
287
+ }
288
+ },
289
+ "VpcPublicSubnet3RouteTableAssociation1F1EDF02": {
290
+ "Type": "AWS::EC2::SubnetRouteTableAssociation",
291
+ "Properties": {
292
+ "RouteTableId": {
293
+ "Ref": "VpcPublicSubnet3RouteTable93458DBB"
294
+ },
295
+ "SubnetId": {
296
+ "Ref": "VpcPublicSubnet3SubnetBE12F0B6"
297
+ }
298
+ }
299
+ },
300
+ "VpcPublicSubnet3DefaultRoute4697774F": {
301
+ "Type": "AWS::EC2::Route",
302
+ "Properties": {
303
+ "RouteTableId": {
304
+ "Ref": "VpcPublicSubnet3RouteTable93458DBB"
305
+ },
306
+ "DestinationCidrBlock": "0.0.0.0/0",
307
+ "GatewayId": {
308
+ "Ref": "VpcIGWD7BA715C"
309
+ }
310
+ },
311
+ "DependsOn": [
312
+ "VpcVPCGWBF912B6E"
313
+ ]
314
+ },
315
+ "VpcPublicSubnet3EIP3A666A23": {
316
+ "Type": "AWS::EC2::EIP",
317
+ "Properties": {
318
+ "Domain": "vpc",
319
+ "Tags": [
320
+ {
321
+ "Key": "Name",
322
+ "Value": "existing-vpc/Vpc/PublicSubnet3"
323
+ }
324
+ ]
325
+ }
326
+ },
327
+ "VpcPublicSubnet3NATGateway7640CD1D": {
328
+ "Type": "AWS::EC2::NatGateway",
329
+ "Properties": {
330
+ "SubnetId": {
331
+ "Ref": "VpcPublicSubnet3SubnetBE12F0B6"
332
+ },
333
+ "AllocationId": {
334
+ "Fn::GetAtt": [
335
+ "VpcPublicSubnet3EIP3A666A23",
336
+ "AllocationId"
337
+ ]
338
+ },
339
+ "Tags": [
340
+ {
341
+ "Key": "Name",
342
+ "Value": "existing-vpc/Vpc/PublicSubnet3"
343
+ }
344
+ ]
345
+ },
346
+ "DependsOn": [
347
+ "VpcPublicSubnet3DefaultRoute4697774F",
348
+ "VpcPublicSubnet3RouteTableAssociation1F1EDF02"
349
+ ]
350
+ },
351
+ "VpcPrivateSubnet1Subnet536B997A": {
352
+ "Type": "AWS::EC2::Subnet",
353
+ "Properties": {
354
+ "VpcId": {
355
+ "Ref": "Vpc8378EB38"
356
+ },
357
+ "AvailabilityZone": "test-region-1a",
358
+ "CidrBlock": "172.168.96.0/19",
359
+ "MapPublicIpOnLaunch": false,
360
+ "Tags": [
361
+ {
362
+ "Key": "aws-cdk:subnet-name",
363
+ "Value": "Private"
364
+ },
365
+ {
366
+ "Key": "aws-cdk:subnet-type",
367
+ "Value": "Private"
368
+ },
369
+ {
370
+ "Key": "Name",
371
+ "Value": "existing-vpc/Vpc/PrivateSubnet1"
372
+ }
373
+ ]
374
+ }
375
+ },
376
+ "VpcPrivateSubnet1RouteTableB2C5B500": {
377
+ "Type": "AWS::EC2::RouteTable",
378
+ "Properties": {
379
+ "VpcId": {
380
+ "Ref": "Vpc8378EB38"
381
+ },
382
+ "Tags": [
383
+ {
384
+ "Key": "Name",
385
+ "Value": "existing-vpc/Vpc/PrivateSubnet1"
386
+ }
387
+ ]
388
+ }
389
+ },
390
+ "VpcPrivateSubnet1RouteTableAssociation70C59FA6": {
391
+ "Type": "AWS::EC2::SubnetRouteTableAssociation",
392
+ "Properties": {
393
+ "RouteTableId": {
394
+ "Ref": "VpcPrivateSubnet1RouteTableB2C5B500"
395
+ },
396
+ "SubnetId": {
397
+ "Ref": "VpcPrivateSubnet1Subnet536B997A"
398
+ }
399
+ }
400
+ },
401
+ "VpcPrivateSubnet1DefaultRouteBE02A9ED": {
402
+ "Type": "AWS::EC2::Route",
403
+ "Properties": {
404
+ "RouteTableId": {
405
+ "Ref": "VpcPrivateSubnet1RouteTableB2C5B500"
406
+ },
407
+ "DestinationCidrBlock": "0.0.0.0/0",
408
+ "NatGatewayId": {
409
+ "Ref": "VpcPublicSubnet1NATGateway4D7517AA"
410
+ }
411
+ }
412
+ },
413
+ "VpcPrivateSubnet2Subnet3788AAA1": {
414
+ "Type": "AWS::EC2::Subnet",
415
+ "Properties": {
416
+ "VpcId": {
417
+ "Ref": "Vpc8378EB38"
418
+ },
419
+ "AvailabilityZone": "test-region-1b",
420
+ "CidrBlock": "172.168.128.0/19",
421
+ "MapPublicIpOnLaunch": false,
422
+ "Tags": [
423
+ {
424
+ "Key": "aws-cdk:subnet-name",
425
+ "Value": "Private"
426
+ },
427
+ {
428
+ "Key": "aws-cdk:subnet-type",
429
+ "Value": "Private"
430
+ },
431
+ {
432
+ "Key": "Name",
433
+ "Value": "existing-vpc/Vpc/PrivateSubnet2"
434
+ }
435
+ ]
436
+ }
437
+ },
438
+ "VpcPrivateSubnet2RouteTableA678073B": {
439
+ "Type": "AWS::EC2::RouteTable",
440
+ "Properties": {
441
+ "VpcId": {
442
+ "Ref": "Vpc8378EB38"
443
+ },
444
+ "Tags": [
445
+ {
446
+ "Key": "Name",
447
+ "Value": "existing-vpc/Vpc/PrivateSubnet2"
448
+ }
449
+ ]
450
+ }
451
+ },
452
+ "VpcPrivateSubnet2RouteTableAssociationA89CAD56": {
453
+ "Type": "AWS::EC2::SubnetRouteTableAssociation",
454
+ "Properties": {
455
+ "RouteTableId": {
456
+ "Ref": "VpcPrivateSubnet2RouteTableA678073B"
457
+ },
458
+ "SubnetId": {
459
+ "Ref": "VpcPrivateSubnet2Subnet3788AAA1"
460
+ }
461
+ }
462
+ },
463
+ "VpcPrivateSubnet2DefaultRoute060D2087": {
464
+ "Type": "AWS::EC2::Route",
465
+ "Properties": {
466
+ "RouteTableId": {
467
+ "Ref": "VpcPrivateSubnet2RouteTableA678073B"
468
+ },
469
+ "DestinationCidrBlock": "0.0.0.0/0",
470
+ "NatGatewayId": {
471
+ "Ref": "VpcPublicSubnet2NATGateway9182C01D"
472
+ }
473
+ }
474
+ },
475
+ "VpcPrivateSubnet3SubnetF258B56E": {
476
+ "Type": "AWS::EC2::Subnet",
477
+ "Properties": {
478
+ "VpcId": {
479
+ "Ref": "Vpc8378EB38"
480
+ },
481
+ "AvailabilityZone": "test-region-1c",
482
+ "CidrBlock": "172.168.160.0/19",
483
+ "MapPublicIpOnLaunch": false,
484
+ "Tags": [
485
+ {
486
+ "Key": "aws-cdk:subnet-name",
487
+ "Value": "Private"
488
+ },
489
+ {
490
+ "Key": "aws-cdk:subnet-type",
491
+ "Value": "Private"
492
+ },
493
+ {
494
+ "Key": "Name",
495
+ "Value": "existing-vpc/Vpc/PrivateSubnet3"
496
+ }
497
+ ]
498
+ }
499
+ },
500
+ "VpcPrivateSubnet3RouteTableD98824C7": {
501
+ "Type": "AWS::EC2::RouteTable",
502
+ "Properties": {
503
+ "VpcId": {
504
+ "Ref": "Vpc8378EB38"
505
+ },
506
+ "Tags": [
507
+ {
508
+ "Key": "Name",
509
+ "Value": "existing-vpc/Vpc/PrivateSubnet3"
510
+ }
511
+ ]
512
+ }
513
+ },
514
+ "VpcPrivateSubnet3RouteTableAssociation16BDDC43": {
515
+ "Type": "AWS::EC2::SubnetRouteTableAssociation",
516
+ "Properties": {
517
+ "RouteTableId": {
518
+ "Ref": "VpcPrivateSubnet3RouteTableD98824C7"
519
+ },
520
+ "SubnetId": {
521
+ "Ref": "VpcPrivateSubnet3SubnetF258B56E"
522
+ }
523
+ }
524
+ },
525
+ "VpcPrivateSubnet3DefaultRoute94B74F0D": {
526
+ "Type": "AWS::EC2::Route",
527
+ "Properties": {
528
+ "RouteTableId": {
529
+ "Ref": "VpcPrivateSubnet3RouteTableD98824C7"
530
+ },
531
+ "DestinationCidrBlock": "0.0.0.0/0",
532
+ "NatGatewayId": {
533
+ "Ref": "VpcPublicSubnet3NATGateway7640CD1D"
534
+ }
535
+ }
536
+ },
537
+ "VpcIGWD7BA715C": {
538
+ "Type": "AWS::EC2::InternetGateway",
539
+ "Properties": {
540
+ "Tags": [
541
+ {
542
+ "Key": "Name",
543
+ "Value": "existing-vpc/Vpc"
544
+ }
545
+ ]
546
+ }
547
+ },
548
+ "VpcVPCGWBF912B6E": {
549
+ "Type": "AWS::EC2::VPCGatewayAttachment",
550
+ "Properties": {
551
+ "VpcId": {
552
+ "Ref": "Vpc8378EB38"
553
+ },
554
+ "InternetGatewayId": {
555
+ "Ref": "VpcIGWD7BA715C"
556
+ }
557
+ }
558
+ },
559
+ "VpcFlowLogIAMRole6A475D41": {
560
+ "Type": "AWS::IAM::Role",
561
+ "Properties": {
562
+ "AssumeRolePolicyDocument": {
563
+ "Statement": [
564
+ {
565
+ "Action": "sts:AssumeRole",
566
+ "Effect": "Allow",
567
+ "Principal": {
568
+ "Service": "vpc-flow-logs.amazonaws.com"
569
+ }
570
+ }
571
+ ],
572
+ "Version": "2012-10-17"
573
+ },
574
+ "Tags": [
575
+ {
576
+ "Key": "Name",
577
+ "Value": "existing-vpc/Vpc"
578
+ }
579
+ ]
580
+ }
581
+ },
582
+ "VpcFlowLogIAMRoleDefaultPolicy406FB995": {
583
+ "Type": "AWS::IAM::Policy",
584
+ "Properties": {
585
+ "PolicyDocument": {
586
+ "Statement": [
587
+ {
588
+ "Action": [
589
+ "logs:CreateLogStream",
590
+ "logs:PutLogEvents",
591
+ "logs:DescribeLogStreams"
592
+ ],
593
+ "Effect": "Allow",
594
+ "Resource": {
595
+ "Fn::GetAtt": [
596
+ "VpcFlowLogLogGroup7B5C56B9",
597
+ "Arn"
598
+ ]
599
+ }
600
+ },
601
+ {
602
+ "Action": "iam:PassRole",
603
+ "Effect": "Allow",
604
+ "Resource": {
605
+ "Fn::GetAtt": [
606
+ "VpcFlowLogIAMRole6A475D41",
607
+ "Arn"
608
+ ]
609
+ }
610
+ }
611
+ ],
612
+ "Version": "2012-10-17"
613
+ },
614
+ "PolicyName": "VpcFlowLogIAMRoleDefaultPolicy406FB995",
615
+ "Roles": [
616
+ {
617
+ "Ref": "VpcFlowLogIAMRole6A475D41"
618
+ }
619
+ ]
620
+ }
621
+ },
622
+ "VpcFlowLogLogGroup7B5C56B9": {
623
+ "Type": "AWS::Logs::LogGroup",
624
+ "Properties": {
625
+ "RetentionInDays": 731,
626
+ "Tags": [
627
+ {
628
+ "Key": "Name",
629
+ "Value": "existing-vpc/Vpc"
630
+ }
631
+ ]
632
+ },
633
+ "UpdateReplacePolicy": "Retain",
634
+ "DeletionPolicy": "Retain",
635
+ "Metadata": {
636
+ "cfn_nag": {
637
+ "rules_to_suppress": [
638
+ {
639
+ "id": "W84",
640
+ "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)"
641
+ }
642
+ ]
643
+ }
644
+ }
645
+ },
646
+ "VpcFlowLog8FF33A73": {
647
+ "Type": "AWS::EC2::FlowLog",
648
+ "Properties": {
649
+ "ResourceId": {
650
+ "Ref": "Vpc8378EB38"
651
+ },
652
+ "ResourceType": "VPC",
653
+ "TrafficType": "ALL",
654
+ "DeliverLogsPermissionArn": {
655
+ "Fn::GetAtt": [
656
+ "VpcFlowLogIAMRole6A475D41",
657
+ "Arn"
658
+ ]
659
+ },
660
+ "LogDestinationType": "cloud-watch-logs",
661
+ "LogGroupName": {
662
+ "Ref": "VpcFlowLogLogGroup7B5C56B9"
663
+ },
664
+ "Tags": [
665
+ {
666
+ "Key": "Name",
667
+ "Value": "existing-vpc/Vpc"
668
+ }
669
+ ]
670
+ }
671
+ },
672
+ "testlambdaelasticsearchkibana4LambdaFunctionServiceRoleA52BB7F9": {
673
+ "Type": "AWS::IAM::Role",
674
+ "Properties": {
675
+ "AssumeRolePolicyDocument": {
676
+ "Statement": [
677
+ {
678
+ "Action": "sts:AssumeRole",
679
+ "Effect": "Allow",
680
+ "Principal": {
681
+ "Service": "lambda.amazonaws.com"
682
+ }
683
+ }
684
+ ],
685
+ "Version": "2012-10-17"
686
+ },
687
+ "Policies": [
688
+ {
689
+ "PolicyDocument": {
690
+ "Statement": [
691
+ {
692
+ "Action": [
693
+ "logs:CreateLogGroup",
694
+ "logs:CreateLogStream",
695
+ "logs:PutLogEvents"
696
+ ],
697
+ "Effect": "Allow",
698
+ "Resource": {
699
+ "Fn::Join": [
700
+ "",
701
+ [
702
+ "arn:",
703
+ {
704
+ "Ref": "AWS::Partition"
705
+ },
706
+ ":logs:",
707
+ {
708
+ "Ref": "AWS::Region"
709
+ },
710
+ ":",
711
+ {
712
+ "Ref": "AWS::AccountId"
713
+ },
714
+ ":log-group:/aws/lambda/*"
715
+ ]
716
+ ]
717
+ }
718
+ }
719
+ ],
720
+ "Version": "2012-10-17"
721
+ },
722
+ "PolicyName": "LambdaFunctionServiceRolePolicy"
723
+ }
724
+ ]
725
+ }
726
+ },
727
+ "testlambdaelasticsearchkibana4LambdaFunctionServiceRoleDefaultPolicyA5AD88E5": {
728
+ "Type": "AWS::IAM::Policy",
729
+ "Properties": {
730
+ "PolicyDocument": {
731
+ "Statement": [
732
+ {
733
+ "Action": [
734
+ "ec2:CreateNetworkInterface",
735
+ "ec2:DescribeNetworkInterfaces",
736
+ "ec2:DeleteNetworkInterface",
737
+ "ec2:AssignPrivateIpAddresses",
738
+ "ec2:UnassignPrivateIpAddresses"
739
+ ],
740
+ "Effect": "Allow",
741
+ "Resource": "*"
742
+ },
743
+ {
744
+ "Action": [
745
+ "xray:PutTraceSegments",
746
+ "xray:PutTelemetryRecords"
747
+ ],
748
+ "Effect": "Allow",
749
+ "Resource": "*"
750
+ }
751
+ ],
752
+ "Version": "2012-10-17"
753
+ },
754
+ "PolicyName": "testlambdaelasticsearchkibana4LambdaFunctionServiceRoleDefaultPolicyA5AD88E5",
755
+ "Roles": [
756
+ {
757
+ "Ref": "testlambdaelasticsearchkibana4LambdaFunctionServiceRoleA52BB7F9"
758
+ }
759
+ ]
760
+ },
761
+ "Metadata": {
762
+ "cfn_nag": {
763
+ "rules_to_suppress": [
764
+ {
765
+ "id": "W12",
766
+ "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC."
767
+ }
768
+ ]
769
+ }
770
+ }
771
+ },
772
+ "testlambdaelasticsearchkibana4ReplaceDefaultSecurityGroupsecuritygroupA79E2B92": {
773
+ "Type": "AWS::EC2::SecurityGroup",
774
+ "Properties": {
775
+ "GroupDescription": "existing-vpc/test-lambda-elasticsearch-kibana4/ReplaceDefaultSecurityGroup-security-group",
776
+ "SecurityGroupEgress": [
777
+ {
778
+ "CidrIp": "0.0.0.0/0",
779
+ "Description": "Allow all outbound traffic by default",
780
+ "IpProtocol": "-1"
781
+ }
782
+ ],
783
+ "VpcId": {
784
+ "Ref": "Vpc8378EB38"
785
+ }
786
+ },
787
+ "Metadata": {
788
+ "cfn_nag": {
789
+ "rules_to_suppress": [
790
+ {
791
+ "id": "W5",
792
+ "reason": "Egress of 0.0.0.0/0 is default and generally considered OK"
793
+ },
794
+ {
795
+ "id": "W40",
796
+ "reason": "Egress IPProtocol of -1 is default and generally considered OK"
797
+ }
798
+ ]
799
+ }
800
+ }
801
+ },
802
+ "testlambdaelasticsearchkibana4LambdaFunction2C5856DF": {
803
+ "Type": "AWS::Lambda::Function",
804
+ "Properties": {
805
+ "Code": {
806
+ "S3Bucket": "cdk-hnb659fds-assets-12345678-test-region",
807
+ "S3Key": "abbc4eca9e7ddabc31da3ce83159e6eee8e72e2c358ab8af0711044514c41290.zip"
808
+ },
809
+ "Role": {
810
+ "Fn::GetAtt": [
811
+ "testlambdaelasticsearchkibana4LambdaFunctionServiceRoleA52BB7F9",
812
+ "Arn"
813
+ ]
814
+ },
815
+ "Environment": {
816
+ "Variables": {
817
+ "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1",
818
+ "DOMAIN_ENDPOINT": {
819
+ "Fn::GetAtt": [
820
+ "testlambdaelasticsearchkibana4OpenSearchDomain94EAD3A3",
821
+ "DomainEndpoint"
822
+ ]
823
+ }
824
+ }
825
+ },
826
+ "Handler": "index.handler",
827
+ "Runtime": "nodejs14.x",
828
+ "TracingConfig": {
829
+ "Mode": "Active"
830
+ },
831
+ "VpcConfig": {
832
+ "SecurityGroupIds": [
833
+ {
834
+ "Fn::GetAtt": [
835
+ "testlambdaelasticsearchkibana4ReplaceDefaultSecurityGroupsecuritygroupA79E2B92",
836
+ "GroupId"
837
+ ]
838
+ }
839
+ ],
840
+ "SubnetIds": [
841
+ {
842
+ "Ref": "VpcPrivateSubnet1Subnet536B997A"
843
+ },
844
+ {
845
+ "Ref": "VpcPrivateSubnet2Subnet3788AAA1"
846
+ },
847
+ {
848
+ "Ref": "VpcPrivateSubnet3SubnetF258B56E"
849
+ }
850
+ ]
851
+ }
852
+ },
853
+ "DependsOn": [
854
+ "testlambdaelasticsearchkibana4LambdaFunctionServiceRoleDefaultPolicyA5AD88E5",
855
+ "testlambdaelasticsearchkibana4LambdaFunctionServiceRoleA52BB7F9",
856
+ "VpcPrivateSubnet1DefaultRouteBE02A9ED",
857
+ "VpcPrivateSubnet1RouteTableAssociation70C59FA6",
858
+ "VpcPrivateSubnet2DefaultRoute060D2087",
859
+ "VpcPrivateSubnet2RouteTableAssociationA89CAD56",
860
+ "VpcPrivateSubnet3DefaultRoute94B74F0D",
861
+ "VpcPrivateSubnet3RouteTableAssociation16BDDC43"
862
+ ],
863
+ "Metadata": {
864
+ "cfn_nag": {
865
+ "rules_to_suppress": [
866
+ {
867
+ "id": "W58",
868
+ "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions."
869
+ },
870
+ {
871
+ "id": "W89",
872
+ "reason": "This is not a rule for the general case, just for specific use cases/industries"
873
+ },
874
+ {
875
+ "id": "W92",
876
+ "reason": "Impossible for us to define the correct concurrency for clients"
877
+ }
878
+ ]
879
+ }
880
+ }
881
+ },
882
+ "testlambdaelasticsearchkibana4CognitoUserPool37A5CDE1": {
883
+ "Type": "AWS::Cognito::UserPool",
884
+ "Properties": {
885
+ "AccountRecoverySetting": {
886
+ "RecoveryMechanisms": [
887
+ {
888
+ "Name": "verified_phone_number",
889
+ "Priority": 1
890
+ },
891
+ {
892
+ "Name": "verified_email",
893
+ "Priority": 2
894
+ }
895
+ ]
896
+ },
897
+ "AdminCreateUserConfig": {
898
+ "AllowAdminCreateUserOnly": true
899
+ },
900
+ "EmailVerificationMessage": "The verification code to your new account is {####}",
901
+ "EmailVerificationSubject": "Verify your new account",
902
+ "SmsVerificationMessage": "The verification code to your new account is {####}",
903
+ "UserPoolAddOns": {
904
+ "AdvancedSecurityMode": "ENFORCED"
905
+ },
906
+ "VerificationMessageTemplate": {
907
+ "DefaultEmailOption": "CONFIRM_WITH_CODE",
908
+ "EmailMessage": "The verification code to your new account is {####}",
909
+ "EmailSubject": "Verify your new account",
910
+ "SmsMessage": "The verification code to your new account is {####}"
911
+ }
912
+ },
913
+ "UpdateReplacePolicy": "Retain",
914
+ "DeletionPolicy": "Retain"
915
+ },
916
+ "testlambdaelasticsearchkibana4CognitoUserPoolClientABBF34C4": {
917
+ "Type": "AWS::Cognito::UserPoolClient",
918
+ "Properties": {
919
+ "UserPoolId": {
920
+ "Ref": "testlambdaelasticsearchkibana4CognitoUserPool37A5CDE1"
921
+ },
922
+ "AllowedOAuthFlows": [
923
+ "implicit",
924
+ "code"
925
+ ],
926
+ "AllowedOAuthFlowsUserPoolClient": true,
927
+ "AllowedOAuthScopes": [
928
+ "profile",
929
+ "phone",
930
+ "email",
931
+ "openid",
932
+ "aws.cognito.signin.user.admin"
933
+ ],
934
+ "CallbackURLs": [
935
+ "https://example.com"
936
+ ],
937
+ "SupportedIdentityProviders": [
938
+ "COGNITO"
939
+ ]
940
+ }
941
+ },
942
+ "testlambdaelasticsearchkibana4CognitoIdentityPool76EE9793": {
943
+ "Type": "AWS::Cognito::IdentityPool",
944
+ "Properties": {
945
+ "AllowUnauthenticatedIdentities": false,
946
+ "CognitoIdentityProviders": [
947
+ {
948
+ "ClientId": {
949
+ "Ref": "testlambdaelasticsearchkibana4CognitoUserPoolClientABBF34C4"
950
+ },
951
+ "ProviderName": {
952
+ "Fn::GetAtt": [
953
+ "testlambdaelasticsearchkibana4CognitoUserPool37A5CDE1",
954
+ "ProviderName"
955
+ ]
956
+ },
957
+ "ServerSideTokenCheck": true
958
+ }
959
+ ]
960
+ }
961
+ },
962
+ "testlambdaelasticsearchkibana4UserPoolDomain4CAAF2F6": {
963
+ "Type": "AWS::Cognito::UserPoolDomain",
964
+ "Properties": {
965
+ "Domain": "deploytestwithexistingvpc",
966
+ "UserPoolId": {
967
+ "Ref": "testlambdaelasticsearchkibana4CognitoUserPool37A5CDE1"
968
+ }
969
+ },
970
+ "DependsOn": [
971
+ "testlambdaelasticsearchkibana4CognitoUserPool37A5CDE1"
972
+ ]
973
+ },
974
+ "testlambdaelasticsearchkibana4CognitoAuthorizedRoleA7D6B392": {
975
+ "Type": "AWS::IAM::Role",
976
+ "Properties": {
977
+ "AssumeRolePolicyDocument": {
978
+ "Statement": [
979
+ {
980
+ "Action": "sts:AssumeRoleWithWebIdentity",
981
+ "Condition": {
982
+ "StringEquals": {
983
+ "cognito-identity.amazonaws.com:aud": {
984
+ "Ref": "testlambdaelasticsearchkibana4CognitoIdentityPool76EE9793"
985
+ }
986
+ },
987
+ "ForAnyValue:StringLike": {
988
+ "cognito-identity.amazonaws.com:amr": "authenticated"
989
+ }
990
+ },
991
+ "Effect": "Allow",
992
+ "Principal": {
993
+ "Federated": "cognito-identity.amazonaws.com"
994
+ }
995
+ }
996
+ ],
997
+ "Version": "2012-10-17"
998
+ },
999
+ "Policies": [
1000
+ {
1001
+ "PolicyDocument": {
1002
+ "Statement": [
1003
+ {
1004
+ "Action": "es:ESHttp*",
1005
+ "Effect": "Allow",
1006
+ "Resource": {
1007
+ "Fn::Join": [
1008
+ "",
1009
+ [
1010
+ "arn:",
1011
+ {
1012
+ "Ref": "AWS::Partition"
1013
+ },
1014
+ ":es:",
1015
+ {
1016
+ "Ref": "AWS::Region"
1017
+ },
1018
+ ":",
1019
+ {
1020
+ "Ref": "AWS::AccountId"
1021
+ },
1022
+ ":domain/deploytestwithexistingvpc/*"
1023
+ ]
1024
+ ]
1025
+ }
1026
+ }
1027
+ ],
1028
+ "Version": "2012-10-17"
1029
+ },
1030
+ "PolicyName": "CognitoAccessPolicy"
1031
+ }
1032
+ ]
1033
+ }
1034
+ },
1035
+ "testlambdaelasticsearchkibana4IdentityPoolRoleMapping9378D177": {
1036
+ "Type": "AWS::Cognito::IdentityPoolRoleAttachment",
1037
+ "Properties": {
1038
+ "IdentityPoolId": {
1039
+ "Ref": "testlambdaelasticsearchkibana4CognitoIdentityPool76EE9793"
1040
+ },
1041
+ "Roles": {
1042
+ "authenticated": {
1043
+ "Fn::GetAtt": [
1044
+ "testlambdaelasticsearchkibana4CognitoAuthorizedRoleA7D6B392",
1045
+ "Arn"
1046
+ ]
1047
+ }
1048
+ }
1049
+ }
1050
+ },
1051
+ "testlambdaelasticsearchkibana4CognitoDashboardConfigureRoleB36C775C": {
1052
+ "Type": "AWS::IAM::Role",
1053
+ "Properties": {
1054
+ "AssumeRolePolicyDocument": {
1055
+ "Statement": [
1056
+ {
1057
+ "Action": "sts:AssumeRole",
1058
+ "Effect": "Allow",
1059
+ "Principal": {
1060
+ "Service": "es.amazonaws.com"
1061
+ }
1062
+ }
1063
+ ],
1064
+ "Version": "2012-10-17"
1065
+ }
1066
+ }
1067
+ },
1068
+ "testlambdaelasticsearchkibana4CognitoDashboardConfigureRolePolicy1D82A101": {
1069
+ "Type": "AWS::IAM::Policy",
1070
+ "Properties": {
1071
+ "PolicyDocument": {
1072
+ "Statement": [
1073
+ {
1074
+ "Action": [
1075
+ "cognito-idp:DescribeUserPool",
1076
+ "cognito-idp:CreateUserPoolClient",
1077
+ "cognito-idp:DeleteUserPoolClient",
1078
+ "cognito-idp:DescribeUserPoolClient",
1079
+ "cognito-idp:AdminInitiateAuth",
1080
+ "cognito-idp:AdminUserGlobalSignOut",
1081
+ "cognito-idp:ListUserPoolClients",
1082
+ "cognito-identity:DescribeIdentityPool",
1083
+ "cognito-identity:UpdateIdentityPool",
1084
+ "cognito-identity:SetIdentityPoolRoles",
1085
+ "cognito-identity:GetIdentityPoolRoles",
1086
+ "es:UpdateDomainConfig"
1087
+ ],
1088
+ "Effect": "Allow",
1089
+ "Resource": [
1090
+ {
1091
+ "Fn::GetAtt": [
1092
+ "testlambdaelasticsearchkibana4CognitoUserPool37A5CDE1",
1093
+ "Arn"
1094
+ ]
1095
+ },
1096
+ {
1097
+ "Fn::Join": [
1098
+ "",
1099
+ [
1100
+ "arn:aws:cognito-identity:",
1101
+ {
1102
+ "Ref": "AWS::Region"
1103
+ },
1104
+ ":",
1105
+ {
1106
+ "Ref": "AWS::AccountId"
1107
+ },
1108
+ ":identitypool/",
1109
+ {
1110
+ "Ref": "testlambdaelasticsearchkibana4CognitoIdentityPool76EE9793"
1111
+ }
1112
+ ]
1113
+ ]
1114
+ },
1115
+ {
1116
+ "Fn::Join": [
1117
+ "",
1118
+ [
1119
+ "arn:aws:es:",
1120
+ {
1121
+ "Ref": "AWS::Region"
1122
+ },
1123
+ ":",
1124
+ {
1125
+ "Ref": "AWS::AccountId"
1126
+ },
1127
+ ":domain/deploytestwithexistingvpc"
1128
+ ]
1129
+ ]
1130
+ }
1131
+ ]
1132
+ },
1133
+ {
1134
+ "Action": "iam:PassRole",
1135
+ "Condition": {
1136
+ "StringLike": {
1137
+ "iam:PassedToService": "cognito-identity.amazonaws.com"
1138
+ }
1139
+ },
1140
+ "Effect": "Allow",
1141
+ "Resource": {
1142
+ "Fn::GetAtt": [
1143
+ "testlambdaelasticsearchkibana4CognitoDashboardConfigureRoleB36C775C",
1144
+ "Arn"
1145
+ ]
1146
+ }
1147
+ }
1148
+ ],
1149
+ "Version": "2012-10-17"
1150
+ },
1151
+ "PolicyName": "testlambdaelasticsearchkibana4CognitoDashboardConfigureRolePolicy1D82A101",
1152
+ "Roles": [
1153
+ {
1154
+ "Ref": "testlambdaelasticsearchkibana4CognitoDashboardConfigureRoleB36C775C"
1155
+ }
1156
+ ]
1157
+ }
1158
+ },
1159
+ "testlambdaelasticsearchkibana4OpenSearchDomain94EAD3A3": {
1160
+ "Type": "AWS::OpenSearchService::Domain",
1161
+ "Properties": {
1162
+ "AccessPolicies": {
1163
+ "Statement": [
1164
+ {
1165
+ "Action": "es:ESHttp*",
1166
+ "Effect": "Allow",
1167
+ "Principal": {
1168
+ "AWS": [
1169
+ {
1170
+ "Fn::GetAtt": [
1171
+ "testlambdaelasticsearchkibana4CognitoAuthorizedRoleA7D6B392",
1172
+ "Arn"
1173
+ ]
1174
+ },
1175
+ {
1176
+ "Fn::GetAtt": [
1177
+ "testlambdaelasticsearchkibana4LambdaFunctionServiceRoleA52BB7F9",
1178
+ "Arn"
1179
+ ]
1180
+ }
1181
+ ]
1182
+ },
1183
+ "Resource": {
1184
+ "Fn::Join": [
1185
+ "",
1186
+ [
1187
+ "arn:aws:es:",
1188
+ {
1189
+ "Ref": "AWS::Region"
1190
+ },
1191
+ ":",
1192
+ {
1193
+ "Ref": "AWS::AccountId"
1194
+ },
1195
+ ":domain/deploytestwithexistingvpc/*"
1196
+ ]
1197
+ ]
1198
+ }
1199
+ }
1200
+ ],
1201
+ "Version": "2012-10-17"
1202
+ },
1203
+ "ClusterConfig": {
1204
+ "DedicatedMasterCount": 3,
1205
+ "DedicatedMasterEnabled": true,
1206
+ "InstanceCount": 3,
1207
+ "ZoneAwarenessConfig": {
1208
+ "AvailabilityZoneCount": 3
1209
+ },
1210
+ "ZoneAwarenessEnabled": true
1211
+ },
1212
+ "CognitoOptions": {
1213
+ "Enabled": true,
1214
+ "IdentityPoolId": {
1215
+ "Ref": "testlambdaelasticsearchkibana4CognitoIdentityPool76EE9793"
1216
+ },
1217
+ "RoleArn": {
1218
+ "Fn::GetAtt": [
1219
+ "testlambdaelasticsearchkibana4CognitoDashboardConfigureRoleB36C775C",
1220
+ "Arn"
1221
+ ]
1222
+ },
1223
+ "UserPoolId": {
1224
+ "Ref": "testlambdaelasticsearchkibana4CognitoUserPool37A5CDE1"
1225
+ }
1226
+ },
1227
+ "DomainName": "deploytestwithexistingvpc",
1228
+ "EBSOptions": {
1229
+ "EBSEnabled": true,
1230
+ "VolumeSize": 10
1231
+ },
1232
+ "EncryptionAtRestOptions": {
1233
+ "Enabled": true
1234
+ },
1235
+ "EngineVersion": "OpenSearch_1.3",
1236
+ "NodeToNodeEncryptionOptions": {
1237
+ "Enabled": true
1238
+ },
1239
+ "SnapshotOptions": {
1240
+ "AutomatedSnapshotStartHour": 1
1241
+ },
1242
+ "VPCOptions": {
1243
+ "SecurityGroupIds": [
1244
+ {
1245
+ "Fn::GetAtt": [
1246
+ "testlambdaelasticsearchkibana4ReplaceDefaultSecurityGroupsecuritygroupA79E2B92",
1247
+ "GroupId"
1248
+ ]
1249
+ }
1250
+ ],
1251
+ "SubnetIds": [
1252
+ {
1253
+ "Ref": "VpcPrivateSubnet1Subnet536B997A"
1254
+ },
1255
+ {
1256
+ "Ref": "VpcPrivateSubnet2Subnet3788AAA1"
1257
+ },
1258
+ {
1259
+ "Ref": "VpcPrivateSubnet3SubnetF258B56E"
1260
+ }
1261
+ ]
1262
+ }
1263
+ },
1264
+ "Metadata": {
1265
+ "cfn_nag": {
1266
+ "rules_to_suppress": [
1267
+ {
1268
+ "id": "W28",
1269
+ "reason": "The OpenSearch Service domain is passed dynamically as as parameter and explicitly specified to ensure that IAM policies are configured to lockdown access to this specific OpenSearch Service instance only"
1270
+ },
1271
+ {
1272
+ "id": "W90",
1273
+ "reason": "This is not a rule for the general case, just for specific use cases/industries"
1274
+ }
1275
+ ]
1276
+ }
1277
+ }
1278
+ },
1279
+ "testlambdaelasticsearchkibana4StatusRedAlarm56DEE5C7": {
1280
+ "Type": "AWS::CloudWatch::Alarm",
1281
+ "Properties": {
1282
+ "ComparisonOperator": "GreaterThanOrEqualToThreshold",
1283
+ "EvaluationPeriods": 1,
1284
+ "AlarmDescription": "At least one primary shard and its replicas are not allocated to a node. ",
1285
+ "MetricName": "ClusterStatus.red",
1286
+ "Namespace": "AWS/ES",
1287
+ "Period": 60,
1288
+ "Statistic": "Maximum",
1289
+ "Threshold": 1
1290
+ }
1291
+ },
1292
+ "testlambdaelasticsearchkibana4StatusYellowAlarm810B4F9E": {
1293
+ "Type": "AWS::CloudWatch::Alarm",
1294
+ "Properties": {
1295
+ "ComparisonOperator": "GreaterThanOrEqualToThreshold",
1296
+ "EvaluationPeriods": 1,
1297
+ "AlarmDescription": "At least one replica shard is not allocated to a node.",
1298
+ "MetricName": "ClusterStatus.yellow",
1299
+ "Namespace": "AWS/ES",
1300
+ "Period": 60,
1301
+ "Statistic": "Maximum",
1302
+ "Threshold": 1
1303
+ }
1304
+ },
1305
+ "testlambdaelasticsearchkibana4FreeStorageSpaceTooLowAlarmF3FB31EA": {
1306
+ "Type": "AWS::CloudWatch::Alarm",
1307
+ "Properties": {
1308
+ "ComparisonOperator": "LessThanOrEqualToThreshold",
1309
+ "EvaluationPeriods": 1,
1310
+ "AlarmDescription": "A node in your cluster is down to 20 GiB of free storage space.",
1311
+ "MetricName": "FreeStorageSpace",
1312
+ "Namespace": "AWS/ES",
1313
+ "Period": 60,
1314
+ "Statistic": "Minimum",
1315
+ "Threshold": 20000
1316
+ }
1317
+ },
1318
+ "testlambdaelasticsearchkibana4IndexWritesBlockedTooHighAlarmF2968C92": {
1319
+ "Type": "AWS::CloudWatch::Alarm",
1320
+ "Properties": {
1321
+ "ComparisonOperator": "GreaterThanOrEqualToThreshold",
1322
+ "EvaluationPeriods": 1,
1323
+ "AlarmDescription": "Your cluster is blocking write requests.",
1324
+ "MetricName": "ClusterIndexWritesBlocked",
1325
+ "Namespace": "AWS/ES",
1326
+ "Period": 300,
1327
+ "Statistic": "Maximum",
1328
+ "Threshold": 1
1329
+ }
1330
+ },
1331
+ "testlambdaelasticsearchkibana4AutomatedSnapshotFailureTooHighAlarm53EB1ABB": {
1332
+ "Type": "AWS::CloudWatch::Alarm",
1333
+ "Properties": {
1334
+ "ComparisonOperator": "GreaterThanOrEqualToThreshold",
1335
+ "EvaluationPeriods": 1,
1336
+ "AlarmDescription": "An automated snapshot failed. This failure is often the result of a red cluster health status.",
1337
+ "MetricName": "AutomatedSnapshotFailure",
1338
+ "Namespace": "AWS/ES",
1339
+ "Period": 60,
1340
+ "Statistic": "Maximum",
1341
+ "Threshold": 1
1342
+ }
1343
+ },
1344
+ "testlambdaelasticsearchkibana4CPUUtilizationTooHighAlarm29B67D10": {
1345
+ "Type": "AWS::CloudWatch::Alarm",
1346
+ "Properties": {
1347
+ "ComparisonOperator": "GreaterThanOrEqualToThreshold",
1348
+ "EvaluationPeriods": 3,
1349
+ "AlarmDescription": "100% CPU utilization is not uncommon, but sustained high usage is problematic. Consider using larger instance types or adding instances.",
1350
+ "MetricName": "CPUUtilization",
1351
+ "Namespace": "AWS/ES",
1352
+ "Period": 900,
1353
+ "Statistic": "Average",
1354
+ "Threshold": 80
1355
+ }
1356
+ },
1357
+ "testlambdaelasticsearchkibana4JVMMemoryPressureTooHighAlarm9DDED711": {
1358
+ "Type": "AWS::CloudWatch::Alarm",
1359
+ "Properties": {
1360
+ "ComparisonOperator": "GreaterThanOrEqualToThreshold",
1361
+ "EvaluationPeriods": 1,
1362
+ "AlarmDescription": "Average JVM memory pressure over last 15 minutes too high. Consider scaling vertically.",
1363
+ "MetricName": "JVMMemoryPressure",
1364
+ "Namespace": "AWS/ES",
1365
+ "Period": 900,
1366
+ "Statistic": "Average",
1367
+ "Threshold": 80
1368
+ }
1369
+ },
1370
+ "testlambdaelasticsearchkibana4MasterCPUUtilizationTooHighAlarmE66867F2": {
1371
+ "Type": "AWS::CloudWatch::Alarm",
1372
+ "Properties": {
1373
+ "ComparisonOperator": "GreaterThanOrEqualToThreshold",
1374
+ "EvaluationPeriods": 3,
1375
+ "AlarmDescription": "Average CPU utilization over last 45 minutes too high. Consider using larger instance types for your dedicated master nodes.",
1376
+ "MetricName": "MasterCPUUtilization",
1377
+ "Namespace": "AWS/ES",
1378
+ "Period": 900,
1379
+ "Statistic": "Average",
1380
+ "Threshold": 50
1381
+ }
1382
+ },
1383
+ "testlambdaelasticsearchkibana4MasterJVMMemoryPressureTooHighAlarm83E1822E": {
1384
+ "Type": "AWS::CloudWatch::Alarm",
1385
+ "Properties": {
1386
+ "ComparisonOperator": "GreaterThanOrEqualToThreshold",
1387
+ "EvaluationPeriods": 1,
1388
+ "AlarmDescription": "Average JVM memory pressure over last 15 minutes too high. Consider scaling vertically.",
1389
+ "MetricName": "MasterJVMMemoryPressure",
1390
+ "Namespace": "AWS/ES",
1391
+ "Period": 900,
1392
+ "Statistic": "Average",
1393
+ "Threshold": 50
1394
+ }
1395
+ }
1396
+ },
1397
+ "Parameters": {
1398
+ "BootstrapVersion": {
1399
+ "Type": "AWS::SSM::Parameter::Value<String>",
1400
+ "Default": "/cdk-bootstrap/hnb659fds/version",
1401
+ "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
1402
+ }
1403
+ },
1404
+ "Rules": {
1405
+ "CheckBootstrapVersion": {
1406
+ "Assertions": [
1407
+ {
1408
+ "Assert": {
1409
+ "Fn::Not": [
1410
+ {
1411
+ "Fn::Contains": [
1412
+ [
1413
+ "1",
1414
+ "2",
1415
+ "3",
1416
+ "4",
1417
+ "5"
1418
+ ],
1419
+ {
1420
+ "Ref": "BootstrapVersion"
1421
+ }
1422
+ ]
1423
+ }
1424
+ ]
1425
+ },
1426
+ "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
1427
+ }
1428
+ ]
1429
+ }
1430
+ }
1431
+ }