@aws-solutions-constructs/aws-lambda-opensearch 2.51.0 → 2.52.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (79) hide show
  1. package/.eslintignore +2 -0
  2. package/.jsii +49 -4
  3. package/integ.config.json +7 -0
  4. package/lib/index.js +1 -1
  5. package/package.json +9 -8
  6. package/test/integ.lamopn-cluster-config.js +6 -2
  7. package/test/integ.lamopn-cluster-config.js.snapshot/asset.abbc4eca9e7ddabc31da3ce83159e6eee8e72e2c358ab8af0711044514c41290/index.js +60 -0
  8. package/test/integ.lamopn-cluster-config.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/__entrypoint__.js +1 -0
  9. package/test/integ.lamopn-cluster-config.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/index.js +1 -0
  10. package/test/integ.lamopn-cluster-config.js.snapshot/cdk.out +1 -0
  11. package/test/integ.lamopn-cluster-config.js.snapshot/integ.json +12 -0
  12. package/test/integ.lamopn-cluster-config.js.snapshot/lamopn-cluster-config.assets.json +45 -0
  13. package/test/integ.lamopn-cluster-config.js.snapshot/lamopn-cluster-config.template.json +1295 -0
  14. package/test/integ.lamopn-cluster-config.js.snapshot/lamopnclusterconfigIntegDefaultTestDeployAssertD8012D1A.assets.json +19 -0
  15. package/test/integ.lamopn-cluster-config.js.snapshot/lamopnclusterconfigIntegDefaultTestDeployAssertD8012D1A.template.json +36 -0
  16. package/test/integ.lamopn-cluster-config.js.snapshot/manifest.json +323 -0
  17. package/test/integ.lamopn-cluster-config.js.snapshot/tree.json +1795 -0
  18. package/test/integ.lamopn-disabled-zone-awareness.js +6 -2
  19. package/test/integ.lamopn-disabled-zone-awareness.js.snapshot/asset.abbc4eca9e7ddabc31da3ce83159e6eee8e72e2c358ab8af0711044514c41290/index.js +60 -0
  20. package/test/integ.lamopn-disabled-zone-awareness.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/__entrypoint__.js +1 -0
  21. package/test/integ.lamopn-disabled-zone-awareness.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/index.js +1 -0
  22. package/test/integ.lamopn-disabled-zone-awareness.js.snapshot/cdk.out +1 -0
  23. package/test/integ.lamopn-disabled-zone-awareness.js.snapshot/integ.json +12 -0
  24. package/test/integ.lamopn-disabled-zone-awareness.js.snapshot/lamopn-disabled-zone-awareness.assets.json +45 -0
  25. package/test/integ.lamopn-disabled-zone-awareness.js.snapshot/lamopn-disabled-zone-awareness.template.json +1228 -0
  26. package/test/integ.lamopn-disabled-zone-awareness.js.snapshot/lamopndisabledzoneawarenessIntegDefaultTestDeployAssert7E083B68.assets.json +19 -0
  27. package/test/integ.lamopn-disabled-zone-awareness.js.snapshot/lamopndisabledzoneawarenessIntegDefaultTestDeployAssert7E083B68.template.json +36 -0
  28. package/test/integ.lamopn-disabled-zone-awareness.js.snapshot/manifest.json +305 -0
  29. package/test/integ.lamopn-disabled-zone-awareness.js.snapshot/tree.json +1687 -0
  30. package/test/integ.lamopn-domain-arguments.js +5 -2
  31. package/test/integ.lamopn-domain-arguments.js.snapshot/asset.abbc4eca9e7ddabc31da3ce83159e6eee8e72e2c358ab8af0711044514c41290/index.js +60 -0
  32. package/test/integ.lamopn-domain-arguments.js.snapshot/cdk.out +1 -0
  33. package/test/integ.lamopn-domain-arguments.js.snapshot/integ.json +12 -0
  34. package/test/integ.lamopn-domain-arguments.js.snapshot/lamopn-domain-arguments.assets.json +32 -0
  35. package/test/integ.lamopn-domain-arguments.js.snapshot/lamopn-domain-arguments.template.json +846 -0
  36. package/test/integ.lamopn-domain-arguments.js.snapshot/lamopndomainargumentsIntegDefaultTestDeployAssert47534E1E.assets.json +19 -0
  37. package/test/integ.lamopn-domain-arguments.js.snapshot/lamopndomainargumentsIntegDefaultTestDeployAssert47534E1E.template.json +36 -0
  38. package/test/integ.lamopn-domain-arguments.js.snapshot/manifest.json +233 -0
  39. package/test/integ.lamopn-domain-arguments.js.snapshot/tree.json +1256 -0
  40. package/test/integ.lamopn-existing-vpc.js +12 -6
  41. package/test/integ.lamopn-existing-vpc.js.snapshot/asset.abbc4eca9e7ddabc31da3ce83159e6eee8e72e2c358ab8af0711044514c41290/index.js +60 -0
  42. package/test/integ.lamopn-existing-vpc.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/__entrypoint__.js +1 -0
  43. package/test/integ.lamopn-existing-vpc.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/index.js +1 -0
  44. package/test/integ.lamopn-existing-vpc.js.snapshot/cdk.out +1 -0
  45. package/test/integ.lamopn-existing-vpc.js.snapshot/integ.json +12 -0
  46. package/test/integ.lamopn-existing-vpc.js.snapshot/lamopn-existing-vpc.assets.json +48 -0
  47. package/test/integ.lamopn-existing-vpc.js.snapshot/lamopn-existing-vpc.template.json +1571 -0
  48. package/test/integ.lamopn-existing-vpc.js.snapshot/lamopnexistingvpcIntegDefaultTestDeployAssert4A7EE058.assets.json +19 -0
  49. package/test/integ.lamopn-existing-vpc.js.snapshot/lamopnexistingvpcIntegDefaultTestDeployAssert4A7EE058.template.json +36 -0
  50. package/test/integ.lamopn-existing-vpc.js.snapshot/manifest.json +419 -0
  51. package/test/integ.lamopn-existing-vpc.js.snapshot/tree.json +2207 -0
  52. package/test/integ.lamopn-no-arguments.js +5 -2
  53. package/test/integ.lamopn-no-arguments.js.snapshot/asset.abbc4eca9e7ddabc31da3ce83159e6eee8e72e2c358ab8af0711044514c41290/index.js +60 -0
  54. package/test/integ.lamopn-no-arguments.js.snapshot/cdk.out +1 -0
  55. package/test/integ.lamopn-no-arguments.js.snapshot/integ.json +12 -0
  56. package/test/integ.lamopn-no-arguments.js.snapshot/lamopn-no-arguments.assets.json +32 -0
  57. package/test/integ.lamopn-no-arguments.js.snapshot/lamopn-no-arguments.template.json +846 -0
  58. package/test/integ.lamopn-no-arguments.js.snapshot/lamopnnoargumentsIntegDefaultTestDeployAssert4290A592.assets.json +19 -0
  59. package/test/integ.lamopn-no-arguments.js.snapshot/lamopnnoargumentsIntegDefaultTestDeployAssert4290A592.template.json +36 -0
  60. package/test/integ.lamopn-no-arguments.js.snapshot/manifest.json +233 -0
  61. package/test/integ.lamopn-no-arguments.js.snapshot/tree.json +1256 -0
  62. package/test/integ.lamopn-vpc-props.js +12 -6
  63. package/test/integ.lamopn-vpc-props.js.snapshot/asset.abbc4eca9e7ddabc31da3ce83159e6eee8e72e2c358ab8af0711044514c41290/index.js +60 -0
  64. package/test/integ.lamopn-vpc-props.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/__entrypoint__.js +1 -0
  65. package/test/integ.lamopn-vpc-props.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/index.js +1 -0
  66. package/test/integ.lamopn-vpc-props.js.snapshot/cdk.out +1 -0
  67. package/test/integ.lamopn-vpc-props.js.snapshot/integ.json +12 -0
  68. package/test/integ.lamopn-vpc-props.js.snapshot/lamopn-vpc-props.assets.json +48 -0
  69. package/test/integ.lamopn-vpc-props.js.snapshot/lamopn-vpc-props.template.json +1287 -0
  70. package/test/integ.lamopn-vpc-props.js.snapshot/lamopnvpcpropsIntegDefaultTestDeployAssertC7FD49B0.assets.json +19 -0
  71. package/test/integ.lamopn-vpc-props.js.snapshot/lamopnvpcpropsIntegDefaultTestDeployAssertC7FD49B0.template.json +36 -0
  72. package/test/integ.lamopn-vpc-props.js.snapshot/manifest.json +323 -0
  73. package/test/integ.lamopn-vpc-props.js.snapshot/tree.json +1795 -0
  74. package/test/integ.lamopn-cluster-config.expected.json +0 -1153
  75. package/test/integ.lamopn-disabled-zone-awareness.expected.json +0 -1093
  76. package/test/integ.lamopn-domain-arguments.expected.json +0 -846
  77. package/test/integ.lamopn-existing-vpc.expected.json +0 -1602
  78. package/test/integ.lamopn-no-arguments.expected.json +0 -846
  79. package/test/integ.lamopn-vpc-props.expected.json +0 -1208
@@ -1,1153 +0,0 @@
1
- {
2
- "Resources": {
3
- "testlambdaopensearchLambdaFunctionServiceRole4722AB8A": {
4
- "Type": "AWS::IAM::Role",
5
- "Properties": {
6
- "AssumeRolePolicyDocument": {
7
- "Statement": [
8
- {
9
- "Action": "sts:AssumeRole",
10
- "Effect": "Allow",
11
- "Principal": {
12
- "Service": "lambda.amazonaws.com"
13
- }
14
- }
15
- ],
16
- "Version": "2012-10-17"
17
- },
18
- "Policies": [
19
- {
20
- "PolicyDocument": {
21
- "Statement": [
22
- {
23
- "Action": [
24
- "logs:CreateLogGroup",
25
- "logs:CreateLogStream",
26
- "logs:PutLogEvents"
27
- ],
28
- "Effect": "Allow",
29
- "Resource": {
30
- "Fn::Join": [
31
- "",
32
- [
33
- "arn:",
34
- {
35
- "Ref": "AWS::Partition"
36
- },
37
- ":logs:",
38
- {
39
- "Ref": "AWS::Region"
40
- },
41
- ":",
42
- {
43
- "Ref": "AWS::AccountId"
44
- },
45
- ":log-group:/aws/lambda/*"
46
- ]
47
- ]
48
- }
49
- }
50
- ],
51
- "Version": "2012-10-17"
52
- },
53
- "PolicyName": "LambdaFunctionServiceRolePolicy"
54
- }
55
- ]
56
- }
57
- },
58
- "testlambdaopensearchLambdaFunctionServiceRoleDefaultPolicy78C56359": {
59
- "Type": "AWS::IAM::Policy",
60
- "Properties": {
61
- "PolicyDocument": {
62
- "Statement": [
63
- {
64
- "Action": [
65
- "ec2:CreateNetworkInterface",
66
- "ec2:DescribeNetworkInterfaces",
67
- "ec2:DeleteNetworkInterface",
68
- "ec2:AssignPrivateIpAddresses",
69
- "ec2:UnassignPrivateIpAddresses"
70
- ],
71
- "Effect": "Allow",
72
- "Resource": "*"
73
- },
74
- {
75
- "Action": [
76
- "xray:PutTraceSegments",
77
- "xray:PutTelemetryRecords"
78
- ],
79
- "Effect": "Allow",
80
- "Resource": "*"
81
- }
82
- ],
83
- "Version": "2012-10-17"
84
- },
85
- "PolicyName": "testlambdaopensearchLambdaFunctionServiceRoleDefaultPolicy78C56359",
86
- "Roles": [
87
- {
88
- "Ref": "testlambdaopensearchLambdaFunctionServiceRole4722AB8A"
89
- }
90
- ]
91
- },
92
- "Metadata": {
93
- "cfn_nag": {
94
- "rules_to_suppress": [
95
- {
96
- "id": "W12",
97
- "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC."
98
- }
99
- ]
100
- }
101
- }
102
- },
103
- "testlambdaopensearchReplaceDefaultSecurityGroupsecuritygroupB44718EC": {
104
- "Type": "AWS::EC2::SecurityGroup",
105
- "Properties": {
106
- "GroupDescription": "lamopn-cluster-config/test-lambda-opensearch/ReplaceDefaultSecurityGroup-security-group",
107
- "SecurityGroupEgress": [
108
- {
109
- "CidrIp": "0.0.0.0/0",
110
- "Description": "Allow all outbound traffic by default",
111
- "IpProtocol": "-1"
112
- }
113
- ],
114
- "VpcId": {
115
- "Ref": "Vpc8378EB38"
116
- }
117
- },
118
- "Metadata": {
119
- "cfn_nag": {
120
- "rules_to_suppress": [
121
- {
122
- "id": "W5",
123
- "reason": "Egress of 0.0.0.0/0 is default and generally considered OK"
124
- },
125
- {
126
- "id": "W40",
127
- "reason": "Egress IPProtocol of -1 is default and generally considered OK"
128
- }
129
- ]
130
- }
131
- }
132
- },
133
- "testlambdaopensearchLambdaFunction93FD38F7": {
134
- "Type": "AWS::Lambda::Function",
135
- "Properties": {
136
- "Code": {
137
- "S3Bucket": {
138
- "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
139
- },
140
- "S3Key": "abbc4eca9e7ddabc31da3ce83159e6eee8e72e2c358ab8af0711044514c41290.zip"
141
- },
142
- "Environment": {
143
- "Variables": {
144
- "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1",
145
- "DOMAIN_ENDPOINT": {
146
- "Fn::GetAtt": [
147
- "testlambdaopensearchOpenSearchDomainF9CCC3D3",
148
- "DomainEndpoint"
149
- ]
150
- }
151
- }
152
- },
153
- "Handler": "index.handler",
154
- "Role": {
155
- "Fn::GetAtt": [
156
- "testlambdaopensearchLambdaFunctionServiceRole4722AB8A",
157
- "Arn"
158
- ]
159
- },
160
- "Runtime": "nodejs16.x",
161
- "TracingConfig": {
162
- "Mode": "Active"
163
- },
164
- "VpcConfig": {
165
- "SecurityGroupIds": [
166
- {
167
- "Fn::GetAtt": [
168
- "testlambdaopensearchReplaceDefaultSecurityGroupsecuritygroupB44718EC",
169
- "GroupId"
170
- ]
171
- }
172
- ],
173
- "SubnetIds": [
174
- {
175
- "Ref": "VpcisolatedSubnet1SubnetE62B1B9B"
176
- },
177
- {
178
- "Ref": "VpcisolatedSubnet2Subnet39217055"
179
- }
180
- ]
181
- }
182
- },
183
- "DependsOn": [
184
- "testlambdaopensearchLambdaFunctionServiceRoleDefaultPolicy78C56359",
185
- "testlambdaopensearchLambdaFunctionServiceRole4722AB8A",
186
- "VpcisolatedSubnet1RouteTableAssociationD259E31A",
187
- "VpcisolatedSubnet2RouteTableAssociation25A4716F"
188
- ],
189
- "Metadata": {
190
- "cfn_nag": {
191
- "rules_to_suppress": [
192
- {
193
- "id": "W58",
194
- "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions."
195
- },
196
- {
197
- "id": "W89",
198
- "reason": "This is not a rule for the general case, just for specific use cases/industries"
199
- },
200
- {
201
- "id": "W92",
202
- "reason": "Impossible for us to define the correct concurrency for clients"
203
- }
204
- ]
205
- }
206
- }
207
- },
208
- "testlambdaopensearchCognitoUserPoolA09096F9": {
209
- "Type": "AWS::Cognito::UserPool",
210
- "Properties": {
211
- "AccountRecoverySetting": {
212
- "RecoveryMechanisms": [
213
- {
214
- "Name": "verified_phone_number",
215
- "Priority": 1
216
- },
217
- {
218
- "Name": "verified_email",
219
- "Priority": 2
220
- }
221
- ]
222
- },
223
- "AdminCreateUserConfig": {
224
- "AllowAdminCreateUserOnly": true
225
- },
226
- "EmailVerificationMessage": "The verification code to your new account is {####}",
227
- "EmailVerificationSubject": "Verify your new account",
228
- "SmsVerificationMessage": "The verification code to your new account is {####}",
229
- "UserPoolAddOns": {
230
- "AdvancedSecurityMode": "ENFORCED"
231
- },
232
- "VerificationMessageTemplate": {
233
- "DefaultEmailOption": "CONFIRM_WITH_CODE",
234
- "EmailMessage": "The verification code to your new account is {####}",
235
- "EmailSubject": "Verify your new account",
236
- "SmsMessage": "The verification code to your new account is {####}"
237
- }
238
- },
239
- "UpdateReplacePolicy": "Retain",
240
- "DeletionPolicy": "Retain"
241
- },
242
- "testlambdaopensearchCognitoUserPoolClient39C21D94": {
243
- "Type": "AWS::Cognito::UserPoolClient",
244
- "Properties": {
245
- "AllowedOAuthFlows": [
246
- "implicit",
247
- "code"
248
- ],
249
- "AllowedOAuthFlowsUserPoolClient": true,
250
- "AllowedOAuthScopes": [
251
- "profile",
252
- "phone",
253
- "email",
254
- "openid",
255
- "aws.cognito.signin.user.admin"
256
- ],
257
- "CallbackURLs": [
258
- "https://example.com"
259
- ],
260
- "SupportedIdentityProviders": [
261
- "COGNITO"
262
- ],
263
- "UserPoolId": {
264
- "Ref": "testlambdaopensearchCognitoUserPoolA09096F9"
265
- }
266
- }
267
- },
268
- "testlambdaopensearchCognitoIdentityPool0B1FB311": {
269
- "Type": "AWS::Cognito::IdentityPool",
270
- "Properties": {
271
- "AllowUnauthenticatedIdentities": false,
272
- "CognitoIdentityProviders": [
273
- {
274
- "ClientId": {
275
- "Ref": "testlambdaopensearchCognitoUserPoolClient39C21D94"
276
- },
277
- "ProviderName": {
278
- "Fn::GetAtt": [
279
- "testlambdaopensearchCognitoUserPoolA09096F9",
280
- "ProviderName"
281
- ]
282
- },
283
- "ServerSideTokenCheck": true
284
- }
285
- ]
286
- }
287
- },
288
- "testlambdaopensearchUserPoolDomain98864920": {
289
- "Type": "AWS::Cognito::UserPoolDomain",
290
- "Properties": {
291
- "Domain": {
292
- "Fn::Join": [
293
- "-",
294
- [
295
- "dmn",
296
- {
297
- "Fn::Select": [
298
- 4,
299
- {
300
- "Fn::Split": [
301
- "-",
302
- {
303
- "Fn::Select": [
304
- 2,
305
- {
306
- "Fn::Split": [
307
- "/",
308
- {
309
- "Ref": "AWS::StackId"
310
- }
311
- ]
312
- }
313
- ]
314
- }
315
- ]
316
- }
317
- ]
318
- }
319
- ]
320
- ]
321
- },
322
- "UserPoolId": {
323
- "Ref": "testlambdaopensearchCognitoUserPoolA09096F9"
324
- }
325
- },
326
- "DependsOn": [
327
- "testlambdaopensearchCognitoUserPoolA09096F9"
328
- ]
329
- },
330
- "testlambdaopensearchCognitoAuthorizedRole58A1ED44": {
331
- "Type": "AWS::IAM::Role",
332
- "Properties": {
333
- "AssumeRolePolicyDocument": {
334
- "Statement": [
335
- {
336
- "Action": "sts:AssumeRoleWithWebIdentity",
337
- "Condition": {
338
- "StringEquals": {
339
- "cognito-identity.amazonaws.com:aud": {
340
- "Ref": "testlambdaopensearchCognitoIdentityPool0B1FB311"
341
- }
342
- },
343
- "ForAnyValue:StringLike": {
344
- "cognito-identity.amazonaws.com:amr": "authenticated"
345
- }
346
- },
347
- "Effect": "Allow",
348
- "Principal": {
349
- "Federated": "cognito-identity.amazonaws.com"
350
- }
351
- }
352
- ],
353
- "Version": "2012-10-17"
354
- },
355
- "Policies": [
356
- {
357
- "PolicyDocument": {
358
- "Statement": [
359
- {
360
- "Action": "es:ESHttp*",
361
- "Effect": "Allow",
362
- "Resource": {
363
- "Fn::Join": [
364
- "",
365
- [
366
- "arn:",
367
- {
368
- "Ref": "AWS::Partition"
369
- },
370
- ":es:",
371
- {
372
- "Ref": "AWS::Region"
373
- },
374
- ":",
375
- {
376
- "Ref": "AWS::AccountId"
377
- },
378
- ":domain/",
379
- {
380
- "Fn::Join": [
381
- "-",
382
- [
383
- "dmn",
384
- {
385
- "Fn::Select": [
386
- 4,
387
- {
388
- "Fn::Split": [
389
- "-",
390
- {
391
- "Fn::Select": [
392
- 2,
393
- {
394
- "Fn::Split": [
395
- "/",
396
- {
397
- "Ref": "AWS::StackId"
398
- }
399
- ]
400
- }
401
- ]
402
- }
403
- ]
404
- }
405
- ]
406
- }
407
- ]
408
- ]
409
- },
410
- "/*"
411
- ]
412
- ]
413
- }
414
- }
415
- ],
416
- "Version": "2012-10-17"
417
- },
418
- "PolicyName": "CognitoAccessPolicy"
419
- }
420
- ]
421
- }
422
- },
423
- "testlambdaopensearchIdentityPoolRoleMappingD8C765B1": {
424
- "Type": "AWS::Cognito::IdentityPoolRoleAttachment",
425
- "Properties": {
426
- "IdentityPoolId": {
427
- "Ref": "testlambdaopensearchCognitoIdentityPool0B1FB311"
428
- },
429
- "Roles": {
430
- "authenticated": {
431
- "Fn::GetAtt": [
432
- "testlambdaopensearchCognitoAuthorizedRole58A1ED44",
433
- "Arn"
434
- ]
435
- }
436
- }
437
- }
438
- },
439
- "testlambdaopensearchCognitoDashboardConfigureRole1F2B7B7A": {
440
- "Type": "AWS::IAM::Role",
441
- "Properties": {
442
- "AssumeRolePolicyDocument": {
443
- "Statement": [
444
- {
445
- "Action": "sts:AssumeRole",
446
- "Effect": "Allow",
447
- "Principal": {
448
- "Service": "es.amazonaws.com"
449
- }
450
- }
451
- ],
452
- "Version": "2012-10-17"
453
- }
454
- }
455
- },
456
- "testlambdaopensearchCognitoDashboardConfigureRolePolicyC9C6A6A2": {
457
- "Type": "AWS::IAM::Policy",
458
- "Properties": {
459
- "PolicyDocument": {
460
- "Statement": [
461
- {
462
- "Action": [
463
- "cognito-idp:DescribeUserPool",
464
- "cognito-idp:CreateUserPoolClient",
465
- "cognito-idp:DeleteUserPoolClient",
466
- "cognito-idp:DescribeUserPoolClient",
467
- "cognito-idp:AdminInitiateAuth",
468
- "cognito-idp:AdminUserGlobalSignOut",
469
- "cognito-idp:ListUserPoolClients",
470
- "cognito-identity:DescribeIdentityPool",
471
- "cognito-identity:UpdateIdentityPool",
472
- "cognito-identity:SetIdentityPoolRoles",
473
- "cognito-identity:GetIdentityPoolRoles",
474
- "es:UpdateDomainConfig"
475
- ],
476
- "Effect": "Allow",
477
- "Resource": [
478
- {
479
- "Fn::GetAtt": [
480
- "testlambdaopensearchCognitoUserPoolA09096F9",
481
- "Arn"
482
- ]
483
- },
484
- {
485
- "Fn::Join": [
486
- "",
487
- [
488
- "arn:",
489
- {
490
- "Ref": "AWS::Partition"
491
- },
492
- ":cognito-identity:",
493
- {
494
- "Ref": "AWS::Region"
495
- },
496
- ":",
497
- {
498
- "Ref": "AWS::AccountId"
499
- },
500
- ":identitypool/",
501
- {
502
- "Ref": "testlambdaopensearchCognitoIdentityPool0B1FB311"
503
- }
504
- ]
505
- ]
506
- },
507
- {
508
- "Fn::Join": [
509
- "",
510
- [
511
- "arn:",
512
- {
513
- "Ref": "AWS::Partition"
514
- },
515
- ":es:",
516
- {
517
- "Ref": "AWS::Region"
518
- },
519
- ":",
520
- {
521
- "Ref": "AWS::AccountId"
522
- },
523
- ":domain/",
524
- {
525
- "Fn::Join": [
526
- "-",
527
- [
528
- "dmn",
529
- {
530
- "Fn::Select": [
531
- 4,
532
- {
533
- "Fn::Split": [
534
- "-",
535
- {
536
- "Fn::Select": [
537
- 2,
538
- {
539
- "Fn::Split": [
540
- "/",
541
- {
542
- "Ref": "AWS::StackId"
543
- }
544
- ]
545
- }
546
- ]
547
- }
548
- ]
549
- }
550
- ]
551
- }
552
- ]
553
- ]
554
- }
555
- ]
556
- ]
557
- }
558
- ]
559
- },
560
- {
561
- "Action": "iam:PassRole",
562
- "Condition": {
563
- "StringLike": {
564
- "iam:PassedToService": "cognito-identity.amazonaws.com"
565
- }
566
- },
567
- "Effect": "Allow",
568
- "Resource": {
569
- "Fn::GetAtt": [
570
- "testlambdaopensearchCognitoDashboardConfigureRole1F2B7B7A",
571
- "Arn"
572
- ]
573
- }
574
- }
575
- ],
576
- "Version": "2012-10-17"
577
- },
578
- "PolicyName": "testlambdaopensearchCognitoDashboardConfigureRolePolicyC9C6A6A2",
579
- "Roles": [
580
- {
581
- "Ref": "testlambdaopensearchCognitoDashboardConfigureRole1F2B7B7A"
582
- }
583
- ]
584
- }
585
- },
586
- "testlambdaopensearchOpenSearchDomainF9CCC3D3": {
587
- "Type": "AWS::OpenSearchService::Domain",
588
- "Properties": {
589
- "AccessPolicies": {
590
- "Statement": [
591
- {
592
- "Action": "es:ESHttp*",
593
- "Effect": "Allow",
594
- "Principal": {
595
- "AWS": [
596
- {
597
- "Fn::GetAtt": [
598
- "testlambdaopensearchCognitoAuthorizedRole58A1ED44",
599
- "Arn"
600
- ]
601
- },
602
- {
603
- "Fn::GetAtt": [
604
- "testlambdaopensearchLambdaFunctionServiceRole4722AB8A",
605
- "Arn"
606
- ]
607
- }
608
- ]
609
- },
610
- "Resource": {
611
- "Fn::Join": [
612
- "",
613
- [
614
- "arn:",
615
- {
616
- "Ref": "AWS::Partition"
617
- },
618
- ":es:",
619
- {
620
- "Ref": "AWS::Region"
621
- },
622
- ":",
623
- {
624
- "Ref": "AWS::AccountId"
625
- },
626
- ":domain/",
627
- {
628
- "Fn::Join": [
629
- "-",
630
- [
631
- "dmn",
632
- {
633
- "Fn::Select": [
634
- 4,
635
- {
636
- "Fn::Split": [
637
- "-",
638
- {
639
- "Fn::Select": [
640
- 2,
641
- {
642
- "Fn::Split": [
643
- "/",
644
- {
645
- "Ref": "AWS::StackId"
646
- }
647
- ]
648
- }
649
- ]
650
- }
651
- ]
652
- }
653
- ]
654
- }
655
- ]
656
- ]
657
- },
658
- "/*"
659
- ]
660
- ]
661
- }
662
- }
663
- ],
664
- "Version": "2012-10-17"
665
- },
666
- "ClusterConfig": {
667
- "DedicatedMasterCount": 3,
668
- "DedicatedMasterEnabled": true,
669
- "InstanceCount": 2,
670
- "ZoneAwarenessConfig": {
671
- "AvailabilityZoneCount": 2
672
- },
673
- "ZoneAwarenessEnabled": true
674
- },
675
- "CognitoOptions": {
676
- "Enabled": true,
677
- "IdentityPoolId": {
678
- "Ref": "testlambdaopensearchCognitoIdentityPool0B1FB311"
679
- },
680
- "RoleArn": {
681
- "Fn::GetAtt": [
682
- "testlambdaopensearchCognitoDashboardConfigureRole1F2B7B7A",
683
- "Arn"
684
- ]
685
- },
686
- "UserPoolId": {
687
- "Ref": "testlambdaopensearchCognitoUserPoolA09096F9"
688
- }
689
- },
690
- "DomainEndpointOptions": {
691
- "EnforceHTTPS": true,
692
- "TLSSecurityPolicy": "Policy-Min-TLS-1-2-2019-07"
693
- },
694
- "DomainName": {
695
- "Fn::Join": [
696
- "-",
697
- [
698
- "dmn",
699
- {
700
- "Fn::Select": [
701
- 4,
702
- {
703
- "Fn::Split": [
704
- "-",
705
- {
706
- "Fn::Select": [
707
- 2,
708
- {
709
- "Fn::Split": [
710
- "/",
711
- {
712
- "Ref": "AWS::StackId"
713
- }
714
- ]
715
- }
716
- ]
717
- }
718
- ]
719
- }
720
- ]
721
- }
722
- ]
723
- ]
724
- },
725
- "EBSOptions": {
726
- "EBSEnabled": true,
727
- "VolumeSize": 10
728
- },
729
- "EncryptionAtRestOptions": {
730
- "Enabled": true
731
- },
732
- "EngineVersion": "OpenSearch_1.3",
733
- "NodeToNodeEncryptionOptions": {
734
- "Enabled": true
735
- },
736
- "SnapshotOptions": {
737
- "AutomatedSnapshotStartHour": 1
738
- },
739
- "VPCOptions": {
740
- "SecurityGroupIds": [
741
- {
742
- "Fn::GetAtt": [
743
- "testlambdaopensearchReplaceDefaultSecurityGroupsecuritygroupB44718EC",
744
- "GroupId"
745
- ]
746
- }
747
- ],
748
- "SubnetIds": [
749
- {
750
- "Ref": "VpcisolatedSubnet1SubnetE62B1B9B"
751
- },
752
- {
753
- "Ref": "VpcisolatedSubnet2Subnet39217055"
754
- }
755
- ]
756
- }
757
- },
758
- "Metadata": {
759
- "cfn_nag": {
760
- "rules_to_suppress": [
761
- {
762
- "id": "W28",
763
- "reason": "The OpenSearch Service domain is passed dynamically as as parameter and explicitly specified to ensure that IAM policies are configured to lockdown access to this specific OpenSearch Service instance only"
764
- },
765
- {
766
- "id": "W90",
767
- "reason": "This is not a rule for the general case, just for specific use cases/industries"
768
- }
769
- ]
770
- }
771
- }
772
- },
773
- "testlambdaopensearchStatusRedAlarm1627144D": {
774
- "Type": "AWS::CloudWatch::Alarm",
775
- "Properties": {
776
- "AlarmDescription": "At least one primary shard and its replicas are not allocated to a node. ",
777
- "ComparisonOperator": "GreaterThanOrEqualToThreshold",
778
- "EvaluationPeriods": 1,
779
- "MetricName": "ClusterStatus.red",
780
- "Namespace": "AWS/ES",
781
- "Period": 60,
782
- "Statistic": "Maximum",
783
- "Threshold": 1
784
- }
785
- },
786
- "testlambdaopensearchStatusYellowAlarm57139CF0": {
787
- "Type": "AWS::CloudWatch::Alarm",
788
- "Properties": {
789
- "AlarmDescription": "At least one replica shard is not allocated to a node.",
790
- "ComparisonOperator": "GreaterThanOrEqualToThreshold",
791
- "EvaluationPeriods": 1,
792
- "MetricName": "ClusterStatus.yellow",
793
- "Namespace": "AWS/ES",
794
- "Period": 60,
795
- "Statistic": "Maximum",
796
- "Threshold": 1
797
- }
798
- },
799
- "testlambdaopensearchFreeStorageSpaceTooLowAlarm6A5E1E96": {
800
- "Type": "AWS::CloudWatch::Alarm",
801
- "Properties": {
802
- "AlarmDescription": "A node in your cluster is down to 20 GiB of free storage space.",
803
- "ComparisonOperator": "LessThanOrEqualToThreshold",
804
- "EvaluationPeriods": 1,
805
- "MetricName": "FreeStorageSpace",
806
- "Namespace": "AWS/ES",
807
- "Period": 60,
808
- "Statistic": "Minimum",
809
- "Threshold": 20000
810
- }
811
- },
812
- "testlambdaopensearchIndexWritesBlockedTooHighAlarmD2E041A3": {
813
- "Type": "AWS::CloudWatch::Alarm",
814
- "Properties": {
815
- "AlarmDescription": "Your cluster is blocking write requests.",
816
- "ComparisonOperator": "GreaterThanOrEqualToThreshold",
817
- "EvaluationPeriods": 1,
818
- "MetricName": "ClusterIndexWritesBlocked",
819
- "Namespace": "AWS/ES",
820
- "Period": 300,
821
- "Statistic": "Maximum",
822
- "Threshold": 1
823
- }
824
- },
825
- "testlambdaopensearchAutomatedSnapshotFailureTooHighAlarm9A4D0B1F": {
826
- "Type": "AWS::CloudWatch::Alarm",
827
- "Properties": {
828
- "AlarmDescription": "An automated snapshot failed. This failure is often the result of a red cluster health status.",
829
- "ComparisonOperator": "GreaterThanOrEqualToThreshold",
830
- "EvaluationPeriods": 1,
831
- "MetricName": "AutomatedSnapshotFailure",
832
- "Namespace": "AWS/ES",
833
- "Period": 60,
834
- "Statistic": "Maximum",
835
- "Threshold": 1
836
- }
837
- },
838
- "testlambdaopensearchCPUUtilizationTooHighAlarmC4850758": {
839
- "Type": "AWS::CloudWatch::Alarm",
840
- "Properties": {
841
- "AlarmDescription": "100% CPU utilization is not uncommon, but sustained high usage is problematic. Consider using larger instance types or adding instances.",
842
- "ComparisonOperator": "GreaterThanOrEqualToThreshold",
843
- "EvaluationPeriods": 3,
844
- "MetricName": "CPUUtilization",
845
- "Namespace": "AWS/ES",
846
- "Period": 900,
847
- "Statistic": "Average",
848
- "Threshold": 80
849
- }
850
- },
851
- "testlambdaopensearchJVMMemoryPressureTooHighAlarmEFB09A7C": {
852
- "Type": "AWS::CloudWatch::Alarm",
853
- "Properties": {
854
- "AlarmDescription": "Average JVM memory pressure over last 15 minutes too high. Consider scaling vertically.",
855
- "ComparisonOperator": "GreaterThanOrEqualToThreshold",
856
- "EvaluationPeriods": 1,
857
- "MetricName": "JVMMemoryPressure",
858
- "Namespace": "AWS/ES",
859
- "Period": 900,
860
- "Statistic": "Average",
861
- "Threshold": 80
862
- }
863
- },
864
- "testlambdaopensearchMasterCPUUtilizationTooHighAlarm124D5748": {
865
- "Type": "AWS::CloudWatch::Alarm",
866
- "Properties": {
867
- "AlarmDescription": "Average CPU utilization over last 45 minutes too high. Consider using larger instance types for your dedicated master nodes.",
868
- "ComparisonOperator": "GreaterThanOrEqualToThreshold",
869
- "EvaluationPeriods": 3,
870
- "MetricName": "MasterCPUUtilization",
871
- "Namespace": "AWS/ES",
872
- "Period": 900,
873
- "Statistic": "Average",
874
- "Threshold": 50
875
- }
876
- },
877
- "testlambdaopensearchMasterJVMMemoryPressureTooHighAlarmBC9524D3": {
878
- "Type": "AWS::CloudWatch::Alarm",
879
- "Properties": {
880
- "AlarmDescription": "Average JVM memory pressure over last 15 minutes too high. Consider scaling vertically.",
881
- "ComparisonOperator": "GreaterThanOrEqualToThreshold",
882
- "EvaluationPeriods": 1,
883
- "MetricName": "MasterJVMMemoryPressure",
884
- "Namespace": "AWS/ES",
885
- "Period": 900,
886
- "Statistic": "Average",
887
- "Threshold": 50
888
- }
889
- },
890
- "Vpc8378EB38": {
891
- "Type": "AWS::EC2::VPC",
892
- "Properties": {
893
- "CidrBlock": "10.0.0.0/16",
894
- "EnableDnsHostnames": true,
895
- "EnableDnsSupport": true,
896
- "InstanceTenancy": "default",
897
- "Tags": [
898
- {
899
- "Key": "Name",
900
- "Value": "lamopn-cluster-config/Vpc"
901
- }
902
- ]
903
- }
904
- },
905
- "VpcisolatedSubnet1SubnetE62B1B9B": {
906
- "Type": "AWS::EC2::Subnet",
907
- "Properties": {
908
- "AvailabilityZone": "test-region-1a",
909
- "CidrBlock": "10.0.0.0/18",
910
- "MapPublicIpOnLaunch": false,
911
- "Tags": [
912
- {
913
- "Key": "aws-cdk:subnet-name",
914
- "Value": "isolated"
915
- },
916
- {
917
- "Key": "aws-cdk:subnet-type",
918
- "Value": "Isolated"
919
- },
920
- {
921
- "Key": "Name",
922
- "Value": "lamopn-cluster-config/Vpc/isolatedSubnet1"
923
- }
924
- ],
925
- "VpcId": {
926
- "Ref": "Vpc8378EB38"
927
- }
928
- }
929
- },
930
- "VpcisolatedSubnet1RouteTableE442650B": {
931
- "Type": "AWS::EC2::RouteTable",
932
- "Properties": {
933
- "Tags": [
934
- {
935
- "Key": "Name",
936
- "Value": "lamopn-cluster-config/Vpc/isolatedSubnet1"
937
- }
938
- ],
939
- "VpcId": {
940
- "Ref": "Vpc8378EB38"
941
- }
942
- }
943
- },
944
- "VpcisolatedSubnet1RouteTableAssociationD259E31A": {
945
- "Type": "AWS::EC2::SubnetRouteTableAssociation",
946
- "Properties": {
947
- "RouteTableId": {
948
- "Ref": "VpcisolatedSubnet1RouteTableE442650B"
949
- },
950
- "SubnetId": {
951
- "Ref": "VpcisolatedSubnet1SubnetE62B1B9B"
952
- }
953
- }
954
- },
955
- "VpcisolatedSubnet2Subnet39217055": {
956
- "Type": "AWS::EC2::Subnet",
957
- "Properties": {
958
- "AvailabilityZone": "test-region-1b",
959
- "CidrBlock": "10.0.64.0/18",
960
- "MapPublicIpOnLaunch": false,
961
- "Tags": [
962
- {
963
- "Key": "aws-cdk:subnet-name",
964
- "Value": "isolated"
965
- },
966
- {
967
- "Key": "aws-cdk:subnet-type",
968
- "Value": "Isolated"
969
- },
970
- {
971
- "Key": "Name",
972
- "Value": "lamopn-cluster-config/Vpc/isolatedSubnet2"
973
- }
974
- ],
975
- "VpcId": {
976
- "Ref": "Vpc8378EB38"
977
- }
978
- }
979
- },
980
- "VpcisolatedSubnet2RouteTable334F9764": {
981
- "Type": "AWS::EC2::RouteTable",
982
- "Properties": {
983
- "Tags": [
984
- {
985
- "Key": "Name",
986
- "Value": "lamopn-cluster-config/Vpc/isolatedSubnet2"
987
- }
988
- ],
989
- "VpcId": {
990
- "Ref": "Vpc8378EB38"
991
- }
992
- }
993
- },
994
- "VpcisolatedSubnet2RouteTableAssociation25A4716F": {
995
- "Type": "AWS::EC2::SubnetRouteTableAssociation",
996
- "Properties": {
997
- "RouteTableId": {
998
- "Ref": "VpcisolatedSubnet2RouteTable334F9764"
999
- },
1000
- "SubnetId": {
1001
- "Ref": "VpcisolatedSubnet2Subnet39217055"
1002
- }
1003
- }
1004
- },
1005
- "VpcFlowLogIAMRole6A475D41": {
1006
- "Type": "AWS::IAM::Role",
1007
- "Properties": {
1008
- "AssumeRolePolicyDocument": {
1009
- "Statement": [
1010
- {
1011
- "Action": "sts:AssumeRole",
1012
- "Effect": "Allow",
1013
- "Principal": {
1014
- "Service": "vpc-flow-logs.amazonaws.com"
1015
- }
1016
- }
1017
- ],
1018
- "Version": "2012-10-17"
1019
- },
1020
- "Tags": [
1021
- {
1022
- "Key": "Name",
1023
- "Value": "lamopn-cluster-config/Vpc/FlowLog"
1024
- }
1025
- ]
1026
- }
1027
- },
1028
- "VpcFlowLogIAMRoleDefaultPolicy406FB995": {
1029
- "Type": "AWS::IAM::Policy",
1030
- "Properties": {
1031
- "PolicyDocument": {
1032
- "Statement": [
1033
- {
1034
- "Action": [
1035
- "logs:CreateLogStream",
1036
- "logs:PutLogEvents",
1037
- "logs:DescribeLogStreams"
1038
- ],
1039
- "Effect": "Allow",
1040
- "Resource": {
1041
- "Fn::GetAtt": [
1042
- "VpcFlowLogLogGroup7B5C56B9",
1043
- "Arn"
1044
- ]
1045
- }
1046
- },
1047
- {
1048
- "Action": "iam:PassRole",
1049
- "Effect": "Allow",
1050
- "Resource": {
1051
- "Fn::GetAtt": [
1052
- "VpcFlowLogIAMRole6A475D41",
1053
- "Arn"
1054
- ]
1055
- }
1056
- }
1057
- ],
1058
- "Version": "2012-10-17"
1059
- },
1060
- "PolicyName": "VpcFlowLogIAMRoleDefaultPolicy406FB995",
1061
- "Roles": [
1062
- {
1063
- "Ref": "VpcFlowLogIAMRole6A475D41"
1064
- }
1065
- ]
1066
- }
1067
- },
1068
- "VpcFlowLogLogGroup7B5C56B9": {
1069
- "Type": "AWS::Logs::LogGroup",
1070
- "Properties": {
1071
- "RetentionInDays": 731,
1072
- "Tags": [
1073
- {
1074
- "Key": "Name",
1075
- "Value": "lamopn-cluster-config/Vpc/FlowLog"
1076
- }
1077
- ]
1078
- },
1079
- "UpdateReplacePolicy": "Retain",
1080
- "DeletionPolicy": "Retain",
1081
- "Metadata": {
1082
- "cfn_nag": {
1083
- "rules_to_suppress": [
1084
- {
1085
- "id": "W84",
1086
- "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)"
1087
- }
1088
- ]
1089
- }
1090
- }
1091
- },
1092
- "VpcFlowLog8FF33A73": {
1093
- "Type": "AWS::EC2::FlowLog",
1094
- "Properties": {
1095
- "DeliverLogsPermissionArn": {
1096
- "Fn::GetAtt": [
1097
- "VpcFlowLogIAMRole6A475D41",
1098
- "Arn"
1099
- ]
1100
- },
1101
- "LogDestinationType": "cloud-watch-logs",
1102
- "LogGroupName": {
1103
- "Ref": "VpcFlowLogLogGroup7B5C56B9"
1104
- },
1105
- "ResourceId": {
1106
- "Ref": "Vpc8378EB38"
1107
- },
1108
- "ResourceType": "VPC",
1109
- "Tags": [
1110
- {
1111
- "Key": "Name",
1112
- "Value": "lamopn-cluster-config/Vpc/FlowLog"
1113
- }
1114
- ],
1115
- "TrafficType": "ALL"
1116
- }
1117
- }
1118
- },
1119
- "Parameters": {
1120
- "BootstrapVersion": {
1121
- "Type": "AWS::SSM::Parameter::Value<String>",
1122
- "Default": "/cdk-bootstrap/hnb659fds/version",
1123
- "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
1124
- }
1125
- },
1126
- "Rules": {
1127
- "CheckBootstrapVersion": {
1128
- "Assertions": [
1129
- {
1130
- "Assert": {
1131
- "Fn::Not": [
1132
- {
1133
- "Fn::Contains": [
1134
- [
1135
- "1",
1136
- "2",
1137
- "3",
1138
- "4",
1139
- "5"
1140
- ],
1141
- {
1142
- "Ref": "BootstrapVersion"
1143
- }
1144
- ]
1145
- }
1146
- ]
1147
- },
1148
- "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
1149
- }
1150
- ]
1151
- }
1152
- }
1153
- }