@aws-solutions-constructs/aws-lambda-opensearch 2.51.0 → 2.52.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (79) hide show
  1. package/.eslintignore +2 -0
  2. package/.jsii +49 -4
  3. package/integ.config.json +7 -0
  4. package/lib/index.js +1 -1
  5. package/package.json +9 -8
  6. package/test/integ.lamopn-cluster-config.js +6 -2
  7. package/test/integ.lamopn-cluster-config.js.snapshot/asset.abbc4eca9e7ddabc31da3ce83159e6eee8e72e2c358ab8af0711044514c41290/index.js +60 -0
  8. package/test/integ.lamopn-cluster-config.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/__entrypoint__.js +1 -0
  9. package/test/integ.lamopn-cluster-config.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/index.js +1 -0
  10. package/test/integ.lamopn-cluster-config.js.snapshot/cdk.out +1 -0
  11. package/test/integ.lamopn-cluster-config.js.snapshot/integ.json +12 -0
  12. package/test/integ.lamopn-cluster-config.js.snapshot/lamopn-cluster-config.assets.json +45 -0
  13. package/test/integ.lamopn-cluster-config.js.snapshot/lamopn-cluster-config.template.json +1295 -0
  14. package/test/integ.lamopn-cluster-config.js.snapshot/lamopnclusterconfigIntegDefaultTestDeployAssertD8012D1A.assets.json +19 -0
  15. package/test/integ.lamopn-cluster-config.js.snapshot/lamopnclusterconfigIntegDefaultTestDeployAssertD8012D1A.template.json +36 -0
  16. package/test/integ.lamopn-cluster-config.js.snapshot/manifest.json +323 -0
  17. package/test/integ.lamopn-cluster-config.js.snapshot/tree.json +1795 -0
  18. package/test/integ.lamopn-disabled-zone-awareness.js +6 -2
  19. package/test/integ.lamopn-disabled-zone-awareness.js.snapshot/asset.abbc4eca9e7ddabc31da3ce83159e6eee8e72e2c358ab8af0711044514c41290/index.js +60 -0
  20. package/test/integ.lamopn-disabled-zone-awareness.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/__entrypoint__.js +1 -0
  21. package/test/integ.lamopn-disabled-zone-awareness.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/index.js +1 -0
  22. package/test/integ.lamopn-disabled-zone-awareness.js.snapshot/cdk.out +1 -0
  23. package/test/integ.lamopn-disabled-zone-awareness.js.snapshot/integ.json +12 -0
  24. package/test/integ.lamopn-disabled-zone-awareness.js.snapshot/lamopn-disabled-zone-awareness.assets.json +45 -0
  25. package/test/integ.lamopn-disabled-zone-awareness.js.snapshot/lamopn-disabled-zone-awareness.template.json +1228 -0
  26. package/test/integ.lamopn-disabled-zone-awareness.js.snapshot/lamopndisabledzoneawarenessIntegDefaultTestDeployAssert7E083B68.assets.json +19 -0
  27. package/test/integ.lamopn-disabled-zone-awareness.js.snapshot/lamopndisabledzoneawarenessIntegDefaultTestDeployAssert7E083B68.template.json +36 -0
  28. package/test/integ.lamopn-disabled-zone-awareness.js.snapshot/manifest.json +305 -0
  29. package/test/integ.lamopn-disabled-zone-awareness.js.snapshot/tree.json +1687 -0
  30. package/test/integ.lamopn-domain-arguments.js +5 -2
  31. package/test/integ.lamopn-domain-arguments.js.snapshot/asset.abbc4eca9e7ddabc31da3ce83159e6eee8e72e2c358ab8af0711044514c41290/index.js +60 -0
  32. package/test/integ.lamopn-domain-arguments.js.snapshot/cdk.out +1 -0
  33. package/test/integ.lamopn-domain-arguments.js.snapshot/integ.json +12 -0
  34. package/test/integ.lamopn-domain-arguments.js.snapshot/lamopn-domain-arguments.assets.json +32 -0
  35. package/test/integ.lamopn-domain-arguments.js.snapshot/lamopn-domain-arguments.template.json +846 -0
  36. package/test/integ.lamopn-domain-arguments.js.snapshot/lamopndomainargumentsIntegDefaultTestDeployAssert47534E1E.assets.json +19 -0
  37. package/test/integ.lamopn-domain-arguments.js.snapshot/lamopndomainargumentsIntegDefaultTestDeployAssert47534E1E.template.json +36 -0
  38. package/test/integ.lamopn-domain-arguments.js.snapshot/manifest.json +233 -0
  39. package/test/integ.lamopn-domain-arguments.js.snapshot/tree.json +1256 -0
  40. package/test/integ.lamopn-existing-vpc.js +12 -6
  41. package/test/integ.lamopn-existing-vpc.js.snapshot/asset.abbc4eca9e7ddabc31da3ce83159e6eee8e72e2c358ab8af0711044514c41290/index.js +60 -0
  42. package/test/integ.lamopn-existing-vpc.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/__entrypoint__.js +1 -0
  43. package/test/integ.lamopn-existing-vpc.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/index.js +1 -0
  44. package/test/integ.lamopn-existing-vpc.js.snapshot/cdk.out +1 -0
  45. package/test/integ.lamopn-existing-vpc.js.snapshot/integ.json +12 -0
  46. package/test/integ.lamopn-existing-vpc.js.snapshot/lamopn-existing-vpc.assets.json +48 -0
  47. package/test/integ.lamopn-existing-vpc.js.snapshot/lamopn-existing-vpc.template.json +1571 -0
  48. package/test/integ.lamopn-existing-vpc.js.snapshot/lamopnexistingvpcIntegDefaultTestDeployAssert4A7EE058.assets.json +19 -0
  49. package/test/integ.lamopn-existing-vpc.js.snapshot/lamopnexistingvpcIntegDefaultTestDeployAssert4A7EE058.template.json +36 -0
  50. package/test/integ.lamopn-existing-vpc.js.snapshot/manifest.json +419 -0
  51. package/test/integ.lamopn-existing-vpc.js.snapshot/tree.json +2207 -0
  52. package/test/integ.lamopn-no-arguments.js +5 -2
  53. package/test/integ.lamopn-no-arguments.js.snapshot/asset.abbc4eca9e7ddabc31da3ce83159e6eee8e72e2c358ab8af0711044514c41290/index.js +60 -0
  54. package/test/integ.lamopn-no-arguments.js.snapshot/cdk.out +1 -0
  55. package/test/integ.lamopn-no-arguments.js.snapshot/integ.json +12 -0
  56. package/test/integ.lamopn-no-arguments.js.snapshot/lamopn-no-arguments.assets.json +32 -0
  57. package/test/integ.lamopn-no-arguments.js.snapshot/lamopn-no-arguments.template.json +846 -0
  58. package/test/integ.lamopn-no-arguments.js.snapshot/lamopnnoargumentsIntegDefaultTestDeployAssert4290A592.assets.json +19 -0
  59. package/test/integ.lamopn-no-arguments.js.snapshot/lamopnnoargumentsIntegDefaultTestDeployAssert4290A592.template.json +36 -0
  60. package/test/integ.lamopn-no-arguments.js.snapshot/manifest.json +233 -0
  61. package/test/integ.lamopn-no-arguments.js.snapshot/tree.json +1256 -0
  62. package/test/integ.lamopn-vpc-props.js +12 -6
  63. package/test/integ.lamopn-vpc-props.js.snapshot/asset.abbc4eca9e7ddabc31da3ce83159e6eee8e72e2c358ab8af0711044514c41290/index.js +60 -0
  64. package/test/integ.lamopn-vpc-props.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/__entrypoint__.js +1 -0
  65. package/test/integ.lamopn-vpc-props.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/index.js +1 -0
  66. package/test/integ.lamopn-vpc-props.js.snapshot/cdk.out +1 -0
  67. package/test/integ.lamopn-vpc-props.js.snapshot/integ.json +12 -0
  68. package/test/integ.lamopn-vpc-props.js.snapshot/lamopn-vpc-props.assets.json +48 -0
  69. package/test/integ.lamopn-vpc-props.js.snapshot/lamopn-vpc-props.template.json +1287 -0
  70. package/test/integ.lamopn-vpc-props.js.snapshot/lamopnvpcpropsIntegDefaultTestDeployAssertC7FD49B0.assets.json +19 -0
  71. package/test/integ.lamopn-vpc-props.js.snapshot/lamopnvpcpropsIntegDefaultTestDeployAssertC7FD49B0.template.json +36 -0
  72. package/test/integ.lamopn-vpc-props.js.snapshot/manifest.json +323 -0
  73. package/test/integ.lamopn-vpc-props.js.snapshot/tree.json +1795 -0
  74. package/test/integ.lamopn-cluster-config.expected.json +0 -1153
  75. package/test/integ.lamopn-disabled-zone-awareness.expected.json +0 -1093
  76. package/test/integ.lamopn-domain-arguments.expected.json +0 -846
  77. package/test/integ.lamopn-existing-vpc.expected.json +0 -1602
  78. package/test/integ.lamopn-no-arguments.expected.json +0 -846
  79. package/test/integ.lamopn-vpc-props.expected.json +0 -1208
@@ -1,1093 +0,0 @@
1
- {
2
- "Resources": {
3
- "testlambdaopensearchLambdaFunctionServiceRole4722AB8A": {
4
- "Type": "AWS::IAM::Role",
5
- "Properties": {
6
- "AssumeRolePolicyDocument": {
7
- "Statement": [
8
- {
9
- "Action": "sts:AssumeRole",
10
- "Effect": "Allow",
11
- "Principal": {
12
- "Service": "lambda.amazonaws.com"
13
- }
14
- }
15
- ],
16
- "Version": "2012-10-17"
17
- },
18
- "Policies": [
19
- {
20
- "PolicyDocument": {
21
- "Statement": [
22
- {
23
- "Action": [
24
- "logs:CreateLogGroup",
25
- "logs:CreateLogStream",
26
- "logs:PutLogEvents"
27
- ],
28
- "Effect": "Allow",
29
- "Resource": {
30
- "Fn::Join": [
31
- "",
32
- [
33
- "arn:",
34
- {
35
- "Ref": "AWS::Partition"
36
- },
37
- ":logs:",
38
- {
39
- "Ref": "AWS::Region"
40
- },
41
- ":",
42
- {
43
- "Ref": "AWS::AccountId"
44
- },
45
- ":log-group:/aws/lambda/*"
46
- ]
47
- ]
48
- }
49
- }
50
- ],
51
- "Version": "2012-10-17"
52
- },
53
- "PolicyName": "LambdaFunctionServiceRolePolicy"
54
- }
55
- ]
56
- }
57
- },
58
- "testlambdaopensearchLambdaFunctionServiceRoleDefaultPolicy78C56359": {
59
- "Type": "AWS::IAM::Policy",
60
- "Properties": {
61
- "PolicyDocument": {
62
- "Statement": [
63
- {
64
- "Action": [
65
- "ec2:CreateNetworkInterface",
66
- "ec2:DescribeNetworkInterfaces",
67
- "ec2:DeleteNetworkInterface",
68
- "ec2:AssignPrivateIpAddresses",
69
- "ec2:UnassignPrivateIpAddresses"
70
- ],
71
- "Effect": "Allow",
72
- "Resource": "*"
73
- },
74
- {
75
- "Action": [
76
- "xray:PutTraceSegments",
77
- "xray:PutTelemetryRecords"
78
- ],
79
- "Effect": "Allow",
80
- "Resource": "*"
81
- }
82
- ],
83
- "Version": "2012-10-17"
84
- },
85
- "PolicyName": "testlambdaopensearchLambdaFunctionServiceRoleDefaultPolicy78C56359",
86
- "Roles": [
87
- {
88
- "Ref": "testlambdaopensearchLambdaFunctionServiceRole4722AB8A"
89
- }
90
- ]
91
- },
92
- "Metadata": {
93
- "cfn_nag": {
94
- "rules_to_suppress": [
95
- {
96
- "id": "W12",
97
- "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC."
98
- }
99
- ]
100
- }
101
- }
102
- },
103
- "testlambdaopensearchReplaceDefaultSecurityGroupsecuritygroupB44718EC": {
104
- "Type": "AWS::EC2::SecurityGroup",
105
- "Properties": {
106
- "GroupDescription": "lamopn-disabled-zone-awareness/test-lambda-opensearch/ReplaceDefaultSecurityGroup-security-group",
107
- "SecurityGroupEgress": [
108
- {
109
- "CidrIp": "0.0.0.0/0",
110
- "Description": "Allow all outbound traffic by default",
111
- "IpProtocol": "-1"
112
- }
113
- ],
114
- "VpcId": {
115
- "Ref": "Vpc8378EB38"
116
- }
117
- },
118
- "Metadata": {
119
- "cfn_nag": {
120
- "rules_to_suppress": [
121
- {
122
- "id": "W5",
123
- "reason": "Egress of 0.0.0.0/0 is default and generally considered OK"
124
- },
125
- {
126
- "id": "W40",
127
- "reason": "Egress IPProtocol of -1 is default and generally considered OK"
128
- }
129
- ]
130
- }
131
- }
132
- },
133
- "testlambdaopensearchLambdaFunction93FD38F7": {
134
- "Type": "AWS::Lambda::Function",
135
- "Properties": {
136
- "Code": {
137
- "S3Bucket": {
138
- "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
139
- },
140
- "S3Key": "abbc4eca9e7ddabc31da3ce83159e6eee8e72e2c358ab8af0711044514c41290.zip"
141
- },
142
- "Environment": {
143
- "Variables": {
144
- "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1",
145
- "DOMAIN_ENDPOINT": {
146
- "Fn::GetAtt": [
147
- "testlambdaopensearchOpenSearchDomainF9CCC3D3",
148
- "DomainEndpoint"
149
- ]
150
- }
151
- }
152
- },
153
- "Handler": "index.handler",
154
- "Role": {
155
- "Fn::GetAtt": [
156
- "testlambdaopensearchLambdaFunctionServiceRole4722AB8A",
157
- "Arn"
158
- ]
159
- },
160
- "Runtime": "nodejs16.x",
161
- "TracingConfig": {
162
- "Mode": "Active"
163
- },
164
- "VpcConfig": {
165
- "SecurityGroupIds": [
166
- {
167
- "Fn::GetAtt": [
168
- "testlambdaopensearchReplaceDefaultSecurityGroupsecuritygroupB44718EC",
169
- "GroupId"
170
- ]
171
- }
172
- ],
173
- "SubnetIds": [
174
- {
175
- "Ref": "VpcisolatedSubnet1SubnetE62B1B9B"
176
- }
177
- ]
178
- }
179
- },
180
- "DependsOn": [
181
- "testlambdaopensearchLambdaFunctionServiceRoleDefaultPolicy78C56359",
182
- "testlambdaopensearchLambdaFunctionServiceRole4722AB8A",
183
- "VpcisolatedSubnet1RouteTableAssociationD259E31A"
184
- ],
185
- "Metadata": {
186
- "cfn_nag": {
187
- "rules_to_suppress": [
188
- {
189
- "id": "W58",
190
- "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions."
191
- },
192
- {
193
- "id": "W89",
194
- "reason": "This is not a rule for the general case, just for specific use cases/industries"
195
- },
196
- {
197
- "id": "W92",
198
- "reason": "Impossible for us to define the correct concurrency for clients"
199
- }
200
- ]
201
- }
202
- }
203
- },
204
- "testlambdaopensearchCognitoUserPoolA09096F9": {
205
- "Type": "AWS::Cognito::UserPool",
206
- "Properties": {
207
- "AccountRecoverySetting": {
208
- "RecoveryMechanisms": [
209
- {
210
- "Name": "verified_phone_number",
211
- "Priority": 1
212
- },
213
- {
214
- "Name": "verified_email",
215
- "Priority": 2
216
- }
217
- ]
218
- },
219
- "AdminCreateUserConfig": {
220
- "AllowAdminCreateUserOnly": true
221
- },
222
- "EmailVerificationMessage": "The verification code to your new account is {####}",
223
- "EmailVerificationSubject": "Verify your new account",
224
- "SmsVerificationMessage": "The verification code to your new account is {####}",
225
- "UserPoolAddOns": {
226
- "AdvancedSecurityMode": "ENFORCED"
227
- },
228
- "VerificationMessageTemplate": {
229
- "DefaultEmailOption": "CONFIRM_WITH_CODE",
230
- "EmailMessage": "The verification code to your new account is {####}",
231
- "EmailSubject": "Verify your new account",
232
- "SmsMessage": "The verification code to your new account is {####}"
233
- }
234
- },
235
- "UpdateReplacePolicy": "Retain",
236
- "DeletionPolicy": "Retain"
237
- },
238
- "testlambdaopensearchCognitoUserPoolClient39C21D94": {
239
- "Type": "AWS::Cognito::UserPoolClient",
240
- "Properties": {
241
- "AllowedOAuthFlows": [
242
- "implicit",
243
- "code"
244
- ],
245
- "AllowedOAuthFlowsUserPoolClient": true,
246
- "AllowedOAuthScopes": [
247
- "profile",
248
- "phone",
249
- "email",
250
- "openid",
251
- "aws.cognito.signin.user.admin"
252
- ],
253
- "CallbackURLs": [
254
- "https://example.com"
255
- ],
256
- "SupportedIdentityProviders": [
257
- "COGNITO"
258
- ],
259
- "UserPoolId": {
260
- "Ref": "testlambdaopensearchCognitoUserPoolA09096F9"
261
- }
262
- }
263
- },
264
- "testlambdaopensearchCognitoIdentityPool0B1FB311": {
265
- "Type": "AWS::Cognito::IdentityPool",
266
- "Properties": {
267
- "AllowUnauthenticatedIdentities": false,
268
- "CognitoIdentityProviders": [
269
- {
270
- "ClientId": {
271
- "Ref": "testlambdaopensearchCognitoUserPoolClient39C21D94"
272
- },
273
- "ProviderName": {
274
- "Fn::GetAtt": [
275
- "testlambdaopensearchCognitoUserPoolA09096F9",
276
- "ProviderName"
277
- ]
278
- },
279
- "ServerSideTokenCheck": true
280
- }
281
- ]
282
- }
283
- },
284
- "testlambdaopensearchUserPoolDomain98864920": {
285
- "Type": "AWS::Cognito::UserPoolDomain",
286
- "Properties": {
287
- "Domain": {
288
- "Fn::Join": [
289
- "-",
290
- [
291
- "dmn",
292
- {
293
- "Fn::Select": [
294
- 4,
295
- {
296
- "Fn::Split": [
297
- "-",
298
- {
299
- "Fn::Select": [
300
- 2,
301
- {
302
- "Fn::Split": [
303
- "/",
304
- {
305
- "Ref": "AWS::StackId"
306
- }
307
- ]
308
- }
309
- ]
310
- }
311
- ]
312
- }
313
- ]
314
- }
315
- ]
316
- ]
317
- },
318
- "UserPoolId": {
319
- "Ref": "testlambdaopensearchCognitoUserPoolA09096F9"
320
- }
321
- },
322
- "DependsOn": [
323
- "testlambdaopensearchCognitoUserPoolA09096F9"
324
- ]
325
- },
326
- "testlambdaopensearchCognitoAuthorizedRole58A1ED44": {
327
- "Type": "AWS::IAM::Role",
328
- "Properties": {
329
- "AssumeRolePolicyDocument": {
330
- "Statement": [
331
- {
332
- "Action": "sts:AssumeRoleWithWebIdentity",
333
- "Condition": {
334
- "StringEquals": {
335
- "cognito-identity.amazonaws.com:aud": {
336
- "Ref": "testlambdaopensearchCognitoIdentityPool0B1FB311"
337
- }
338
- },
339
- "ForAnyValue:StringLike": {
340
- "cognito-identity.amazonaws.com:amr": "authenticated"
341
- }
342
- },
343
- "Effect": "Allow",
344
- "Principal": {
345
- "Federated": "cognito-identity.amazonaws.com"
346
- }
347
- }
348
- ],
349
- "Version": "2012-10-17"
350
- },
351
- "Policies": [
352
- {
353
- "PolicyDocument": {
354
- "Statement": [
355
- {
356
- "Action": "es:ESHttp*",
357
- "Effect": "Allow",
358
- "Resource": {
359
- "Fn::Join": [
360
- "",
361
- [
362
- "arn:",
363
- {
364
- "Ref": "AWS::Partition"
365
- },
366
- ":es:",
367
- {
368
- "Ref": "AWS::Region"
369
- },
370
- ":",
371
- {
372
- "Ref": "AWS::AccountId"
373
- },
374
- ":domain/",
375
- {
376
- "Fn::Join": [
377
- "-",
378
- [
379
- "dmn",
380
- {
381
- "Fn::Select": [
382
- 4,
383
- {
384
- "Fn::Split": [
385
- "-",
386
- {
387
- "Fn::Select": [
388
- 2,
389
- {
390
- "Fn::Split": [
391
- "/",
392
- {
393
- "Ref": "AWS::StackId"
394
- }
395
- ]
396
- }
397
- ]
398
- }
399
- ]
400
- }
401
- ]
402
- }
403
- ]
404
- ]
405
- },
406
- "/*"
407
- ]
408
- ]
409
- }
410
- }
411
- ],
412
- "Version": "2012-10-17"
413
- },
414
- "PolicyName": "CognitoAccessPolicy"
415
- }
416
- ]
417
- }
418
- },
419
- "testlambdaopensearchIdentityPoolRoleMappingD8C765B1": {
420
- "Type": "AWS::Cognito::IdentityPoolRoleAttachment",
421
- "Properties": {
422
- "IdentityPoolId": {
423
- "Ref": "testlambdaopensearchCognitoIdentityPool0B1FB311"
424
- },
425
- "Roles": {
426
- "authenticated": {
427
- "Fn::GetAtt": [
428
- "testlambdaopensearchCognitoAuthorizedRole58A1ED44",
429
- "Arn"
430
- ]
431
- }
432
- }
433
- }
434
- },
435
- "testlambdaopensearchCognitoDashboardConfigureRole1F2B7B7A": {
436
- "Type": "AWS::IAM::Role",
437
- "Properties": {
438
- "AssumeRolePolicyDocument": {
439
- "Statement": [
440
- {
441
- "Action": "sts:AssumeRole",
442
- "Effect": "Allow",
443
- "Principal": {
444
- "Service": "es.amazonaws.com"
445
- }
446
- }
447
- ],
448
- "Version": "2012-10-17"
449
- }
450
- }
451
- },
452
- "testlambdaopensearchCognitoDashboardConfigureRolePolicyC9C6A6A2": {
453
- "Type": "AWS::IAM::Policy",
454
- "Properties": {
455
- "PolicyDocument": {
456
- "Statement": [
457
- {
458
- "Action": [
459
- "cognito-idp:DescribeUserPool",
460
- "cognito-idp:CreateUserPoolClient",
461
- "cognito-idp:DeleteUserPoolClient",
462
- "cognito-idp:DescribeUserPoolClient",
463
- "cognito-idp:AdminInitiateAuth",
464
- "cognito-idp:AdminUserGlobalSignOut",
465
- "cognito-idp:ListUserPoolClients",
466
- "cognito-identity:DescribeIdentityPool",
467
- "cognito-identity:UpdateIdentityPool",
468
- "cognito-identity:SetIdentityPoolRoles",
469
- "cognito-identity:GetIdentityPoolRoles",
470
- "es:UpdateDomainConfig"
471
- ],
472
- "Effect": "Allow",
473
- "Resource": [
474
- {
475
- "Fn::GetAtt": [
476
- "testlambdaopensearchCognitoUserPoolA09096F9",
477
- "Arn"
478
- ]
479
- },
480
- {
481
- "Fn::Join": [
482
- "",
483
- [
484
- "arn:",
485
- {
486
- "Ref": "AWS::Partition"
487
- },
488
- ":cognito-identity:",
489
- {
490
- "Ref": "AWS::Region"
491
- },
492
- ":",
493
- {
494
- "Ref": "AWS::AccountId"
495
- },
496
- ":identitypool/",
497
- {
498
- "Ref": "testlambdaopensearchCognitoIdentityPool0B1FB311"
499
- }
500
- ]
501
- ]
502
- },
503
- {
504
- "Fn::Join": [
505
- "",
506
- [
507
- "arn:",
508
- {
509
- "Ref": "AWS::Partition"
510
- },
511
- ":es:",
512
- {
513
- "Ref": "AWS::Region"
514
- },
515
- ":",
516
- {
517
- "Ref": "AWS::AccountId"
518
- },
519
- ":domain/",
520
- {
521
- "Fn::Join": [
522
- "-",
523
- [
524
- "dmn",
525
- {
526
- "Fn::Select": [
527
- 4,
528
- {
529
- "Fn::Split": [
530
- "-",
531
- {
532
- "Fn::Select": [
533
- 2,
534
- {
535
- "Fn::Split": [
536
- "/",
537
- {
538
- "Ref": "AWS::StackId"
539
- }
540
- ]
541
- }
542
- ]
543
- }
544
- ]
545
- }
546
- ]
547
- }
548
- ]
549
- ]
550
- }
551
- ]
552
- ]
553
- }
554
- ]
555
- },
556
- {
557
- "Action": "iam:PassRole",
558
- "Condition": {
559
- "StringLike": {
560
- "iam:PassedToService": "cognito-identity.amazonaws.com"
561
- }
562
- },
563
- "Effect": "Allow",
564
- "Resource": {
565
- "Fn::GetAtt": [
566
- "testlambdaopensearchCognitoDashboardConfigureRole1F2B7B7A",
567
- "Arn"
568
- ]
569
- }
570
- }
571
- ],
572
- "Version": "2012-10-17"
573
- },
574
- "PolicyName": "testlambdaopensearchCognitoDashboardConfigureRolePolicyC9C6A6A2",
575
- "Roles": [
576
- {
577
- "Ref": "testlambdaopensearchCognitoDashboardConfigureRole1F2B7B7A"
578
- }
579
- ]
580
- }
581
- },
582
- "testlambdaopensearchOpenSearchDomainF9CCC3D3": {
583
- "Type": "AWS::OpenSearchService::Domain",
584
- "Properties": {
585
- "AccessPolicies": {
586
- "Statement": [
587
- {
588
- "Action": "es:ESHttp*",
589
- "Effect": "Allow",
590
- "Principal": {
591
- "AWS": [
592
- {
593
- "Fn::GetAtt": [
594
- "testlambdaopensearchCognitoAuthorizedRole58A1ED44",
595
- "Arn"
596
- ]
597
- },
598
- {
599
- "Fn::GetAtt": [
600
- "testlambdaopensearchLambdaFunctionServiceRole4722AB8A",
601
- "Arn"
602
- ]
603
- }
604
- ]
605
- },
606
- "Resource": {
607
- "Fn::Join": [
608
- "",
609
- [
610
- "arn:",
611
- {
612
- "Ref": "AWS::Partition"
613
- },
614
- ":es:",
615
- {
616
- "Ref": "AWS::Region"
617
- },
618
- ":",
619
- {
620
- "Ref": "AWS::AccountId"
621
- },
622
- ":domain/",
623
- {
624
- "Fn::Join": [
625
- "-",
626
- [
627
- "dmn",
628
- {
629
- "Fn::Select": [
630
- 4,
631
- {
632
- "Fn::Split": [
633
- "-",
634
- {
635
- "Fn::Select": [
636
- 2,
637
- {
638
- "Fn::Split": [
639
- "/",
640
- {
641
- "Ref": "AWS::StackId"
642
- }
643
- ]
644
- }
645
- ]
646
- }
647
- ]
648
- }
649
- ]
650
- }
651
- ]
652
- ]
653
- },
654
- "/*"
655
- ]
656
- ]
657
- }
658
- }
659
- ],
660
- "Version": "2012-10-17"
661
- },
662
- "ClusterConfig": {
663
- "DedicatedMasterCount": 3,
664
- "DedicatedMasterEnabled": true,
665
- "InstanceCount": 3,
666
- "ZoneAwarenessEnabled": false
667
- },
668
- "CognitoOptions": {
669
- "Enabled": true,
670
- "IdentityPoolId": {
671
- "Ref": "testlambdaopensearchCognitoIdentityPool0B1FB311"
672
- },
673
- "RoleArn": {
674
- "Fn::GetAtt": [
675
- "testlambdaopensearchCognitoDashboardConfigureRole1F2B7B7A",
676
- "Arn"
677
- ]
678
- },
679
- "UserPoolId": {
680
- "Ref": "testlambdaopensearchCognitoUserPoolA09096F9"
681
- }
682
- },
683
- "DomainEndpointOptions": {
684
- "EnforceHTTPS": true,
685
- "TLSSecurityPolicy": "Policy-Min-TLS-1-2-2019-07"
686
- },
687
- "DomainName": {
688
- "Fn::Join": [
689
- "-",
690
- [
691
- "dmn",
692
- {
693
- "Fn::Select": [
694
- 4,
695
- {
696
- "Fn::Split": [
697
- "-",
698
- {
699
- "Fn::Select": [
700
- 2,
701
- {
702
- "Fn::Split": [
703
- "/",
704
- {
705
- "Ref": "AWS::StackId"
706
- }
707
- ]
708
- }
709
- ]
710
- }
711
- ]
712
- }
713
- ]
714
- }
715
- ]
716
- ]
717
- },
718
- "EBSOptions": {
719
- "EBSEnabled": true,
720
- "VolumeSize": 10
721
- },
722
- "EncryptionAtRestOptions": {
723
- "Enabled": true
724
- },
725
- "EngineVersion": "OpenSearch_1.3",
726
- "NodeToNodeEncryptionOptions": {
727
- "Enabled": true
728
- },
729
- "SnapshotOptions": {
730
- "AutomatedSnapshotStartHour": 1
731
- },
732
- "VPCOptions": {
733
- "SecurityGroupIds": [
734
- {
735
- "Fn::GetAtt": [
736
- "testlambdaopensearchReplaceDefaultSecurityGroupsecuritygroupB44718EC",
737
- "GroupId"
738
- ]
739
- }
740
- ],
741
- "SubnetIds": [
742
- {
743
- "Ref": "VpcisolatedSubnet1SubnetE62B1B9B"
744
- }
745
- ]
746
- }
747
- },
748
- "Metadata": {
749
- "cfn_nag": {
750
- "rules_to_suppress": [
751
- {
752
- "id": "W28",
753
- "reason": "The OpenSearch Service domain is passed dynamically as as parameter and explicitly specified to ensure that IAM policies are configured to lockdown access to this specific OpenSearch Service instance only"
754
- },
755
- {
756
- "id": "W90",
757
- "reason": "This is not a rule for the general case, just for specific use cases/industries"
758
- }
759
- ]
760
- }
761
- }
762
- },
763
- "testlambdaopensearchStatusRedAlarm1627144D": {
764
- "Type": "AWS::CloudWatch::Alarm",
765
- "Properties": {
766
- "AlarmDescription": "At least one primary shard and its replicas are not allocated to a node. ",
767
- "ComparisonOperator": "GreaterThanOrEqualToThreshold",
768
- "EvaluationPeriods": 1,
769
- "MetricName": "ClusterStatus.red",
770
- "Namespace": "AWS/ES",
771
- "Period": 60,
772
- "Statistic": "Maximum",
773
- "Threshold": 1
774
- }
775
- },
776
- "testlambdaopensearchStatusYellowAlarm57139CF0": {
777
- "Type": "AWS::CloudWatch::Alarm",
778
- "Properties": {
779
- "AlarmDescription": "At least one replica shard is not allocated to a node.",
780
- "ComparisonOperator": "GreaterThanOrEqualToThreshold",
781
- "EvaluationPeriods": 1,
782
- "MetricName": "ClusterStatus.yellow",
783
- "Namespace": "AWS/ES",
784
- "Period": 60,
785
- "Statistic": "Maximum",
786
- "Threshold": 1
787
- }
788
- },
789
- "testlambdaopensearchFreeStorageSpaceTooLowAlarm6A5E1E96": {
790
- "Type": "AWS::CloudWatch::Alarm",
791
- "Properties": {
792
- "AlarmDescription": "A node in your cluster is down to 20 GiB of free storage space.",
793
- "ComparisonOperator": "LessThanOrEqualToThreshold",
794
- "EvaluationPeriods": 1,
795
- "MetricName": "FreeStorageSpace",
796
- "Namespace": "AWS/ES",
797
- "Period": 60,
798
- "Statistic": "Minimum",
799
- "Threshold": 20000
800
- }
801
- },
802
- "testlambdaopensearchIndexWritesBlockedTooHighAlarmD2E041A3": {
803
- "Type": "AWS::CloudWatch::Alarm",
804
- "Properties": {
805
- "AlarmDescription": "Your cluster is blocking write requests.",
806
- "ComparisonOperator": "GreaterThanOrEqualToThreshold",
807
- "EvaluationPeriods": 1,
808
- "MetricName": "ClusterIndexWritesBlocked",
809
- "Namespace": "AWS/ES",
810
- "Period": 300,
811
- "Statistic": "Maximum",
812
- "Threshold": 1
813
- }
814
- },
815
- "testlambdaopensearchAutomatedSnapshotFailureTooHighAlarm9A4D0B1F": {
816
- "Type": "AWS::CloudWatch::Alarm",
817
- "Properties": {
818
- "AlarmDescription": "An automated snapshot failed. This failure is often the result of a red cluster health status.",
819
- "ComparisonOperator": "GreaterThanOrEqualToThreshold",
820
- "EvaluationPeriods": 1,
821
- "MetricName": "AutomatedSnapshotFailure",
822
- "Namespace": "AWS/ES",
823
- "Period": 60,
824
- "Statistic": "Maximum",
825
- "Threshold": 1
826
- }
827
- },
828
- "testlambdaopensearchCPUUtilizationTooHighAlarmC4850758": {
829
- "Type": "AWS::CloudWatch::Alarm",
830
- "Properties": {
831
- "AlarmDescription": "100% CPU utilization is not uncommon, but sustained high usage is problematic. Consider using larger instance types or adding instances.",
832
- "ComparisonOperator": "GreaterThanOrEqualToThreshold",
833
- "EvaluationPeriods": 3,
834
- "MetricName": "CPUUtilization",
835
- "Namespace": "AWS/ES",
836
- "Period": 900,
837
- "Statistic": "Average",
838
- "Threshold": 80
839
- }
840
- },
841
- "testlambdaopensearchJVMMemoryPressureTooHighAlarmEFB09A7C": {
842
- "Type": "AWS::CloudWatch::Alarm",
843
- "Properties": {
844
- "AlarmDescription": "Average JVM memory pressure over last 15 minutes too high. Consider scaling vertically.",
845
- "ComparisonOperator": "GreaterThanOrEqualToThreshold",
846
- "EvaluationPeriods": 1,
847
- "MetricName": "JVMMemoryPressure",
848
- "Namespace": "AWS/ES",
849
- "Period": 900,
850
- "Statistic": "Average",
851
- "Threshold": 80
852
- }
853
- },
854
- "testlambdaopensearchMasterCPUUtilizationTooHighAlarm124D5748": {
855
- "Type": "AWS::CloudWatch::Alarm",
856
- "Properties": {
857
- "AlarmDescription": "Average CPU utilization over last 45 minutes too high. Consider using larger instance types for your dedicated master nodes.",
858
- "ComparisonOperator": "GreaterThanOrEqualToThreshold",
859
- "EvaluationPeriods": 3,
860
- "MetricName": "MasterCPUUtilization",
861
- "Namespace": "AWS/ES",
862
- "Period": 900,
863
- "Statistic": "Average",
864
- "Threshold": 50
865
- }
866
- },
867
- "testlambdaopensearchMasterJVMMemoryPressureTooHighAlarmBC9524D3": {
868
- "Type": "AWS::CloudWatch::Alarm",
869
- "Properties": {
870
- "AlarmDescription": "Average JVM memory pressure over last 15 minutes too high. Consider scaling vertically.",
871
- "ComparisonOperator": "GreaterThanOrEqualToThreshold",
872
- "EvaluationPeriods": 1,
873
- "MetricName": "MasterJVMMemoryPressure",
874
- "Namespace": "AWS/ES",
875
- "Period": 900,
876
- "Statistic": "Average",
877
- "Threshold": 50
878
- }
879
- },
880
- "Vpc8378EB38": {
881
- "Type": "AWS::EC2::VPC",
882
- "Properties": {
883
- "CidrBlock": "10.0.0.0/16",
884
- "EnableDnsHostnames": true,
885
- "EnableDnsSupport": true,
886
- "InstanceTenancy": "default",
887
- "Tags": [
888
- {
889
- "Key": "Name",
890
- "Value": "lamopn-disabled-zone-awareness/Vpc"
891
- }
892
- ]
893
- }
894
- },
895
- "VpcisolatedSubnet1SubnetE62B1B9B": {
896
- "Type": "AWS::EC2::Subnet",
897
- "Properties": {
898
- "AvailabilityZone": "test-region-1a",
899
- "CidrBlock": "10.0.0.0/18",
900
- "MapPublicIpOnLaunch": false,
901
- "Tags": [
902
- {
903
- "Key": "aws-cdk:subnet-name",
904
- "Value": "isolated"
905
- },
906
- {
907
- "Key": "aws-cdk:subnet-type",
908
- "Value": "Isolated"
909
- },
910
- {
911
- "Key": "Name",
912
- "Value": "lamopn-disabled-zone-awareness/Vpc/isolatedSubnet1"
913
- }
914
- ],
915
- "VpcId": {
916
- "Ref": "Vpc8378EB38"
917
- }
918
- }
919
- },
920
- "VpcisolatedSubnet1RouteTableE442650B": {
921
- "Type": "AWS::EC2::RouteTable",
922
- "Properties": {
923
- "Tags": [
924
- {
925
- "Key": "Name",
926
- "Value": "lamopn-disabled-zone-awareness/Vpc/isolatedSubnet1"
927
- }
928
- ],
929
- "VpcId": {
930
- "Ref": "Vpc8378EB38"
931
- }
932
- }
933
- },
934
- "VpcisolatedSubnet1RouteTableAssociationD259E31A": {
935
- "Type": "AWS::EC2::SubnetRouteTableAssociation",
936
- "Properties": {
937
- "RouteTableId": {
938
- "Ref": "VpcisolatedSubnet1RouteTableE442650B"
939
- },
940
- "SubnetId": {
941
- "Ref": "VpcisolatedSubnet1SubnetE62B1B9B"
942
- }
943
- }
944
- },
945
- "VpcFlowLogIAMRole6A475D41": {
946
- "Type": "AWS::IAM::Role",
947
- "Properties": {
948
- "AssumeRolePolicyDocument": {
949
- "Statement": [
950
- {
951
- "Action": "sts:AssumeRole",
952
- "Effect": "Allow",
953
- "Principal": {
954
- "Service": "vpc-flow-logs.amazonaws.com"
955
- }
956
- }
957
- ],
958
- "Version": "2012-10-17"
959
- },
960
- "Tags": [
961
- {
962
- "Key": "Name",
963
- "Value": "lamopn-disabled-zone-awareness/Vpc/FlowLog"
964
- }
965
- ]
966
- }
967
- },
968
- "VpcFlowLogIAMRoleDefaultPolicy406FB995": {
969
- "Type": "AWS::IAM::Policy",
970
- "Properties": {
971
- "PolicyDocument": {
972
- "Statement": [
973
- {
974
- "Action": [
975
- "logs:CreateLogStream",
976
- "logs:PutLogEvents",
977
- "logs:DescribeLogStreams"
978
- ],
979
- "Effect": "Allow",
980
- "Resource": {
981
- "Fn::GetAtt": [
982
- "VpcFlowLogLogGroup7B5C56B9",
983
- "Arn"
984
- ]
985
- }
986
- },
987
- {
988
- "Action": "iam:PassRole",
989
- "Effect": "Allow",
990
- "Resource": {
991
- "Fn::GetAtt": [
992
- "VpcFlowLogIAMRole6A475D41",
993
- "Arn"
994
- ]
995
- }
996
- }
997
- ],
998
- "Version": "2012-10-17"
999
- },
1000
- "PolicyName": "VpcFlowLogIAMRoleDefaultPolicy406FB995",
1001
- "Roles": [
1002
- {
1003
- "Ref": "VpcFlowLogIAMRole6A475D41"
1004
- }
1005
- ]
1006
- }
1007
- },
1008
- "VpcFlowLogLogGroup7B5C56B9": {
1009
- "Type": "AWS::Logs::LogGroup",
1010
- "Properties": {
1011
- "RetentionInDays": 731,
1012
- "Tags": [
1013
- {
1014
- "Key": "Name",
1015
- "Value": "lamopn-disabled-zone-awareness/Vpc/FlowLog"
1016
- }
1017
- ]
1018
- },
1019
- "UpdateReplacePolicy": "Retain",
1020
- "DeletionPolicy": "Retain",
1021
- "Metadata": {
1022
- "cfn_nag": {
1023
- "rules_to_suppress": [
1024
- {
1025
- "id": "W84",
1026
- "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)"
1027
- }
1028
- ]
1029
- }
1030
- }
1031
- },
1032
- "VpcFlowLog8FF33A73": {
1033
- "Type": "AWS::EC2::FlowLog",
1034
- "Properties": {
1035
- "DeliverLogsPermissionArn": {
1036
- "Fn::GetAtt": [
1037
- "VpcFlowLogIAMRole6A475D41",
1038
- "Arn"
1039
- ]
1040
- },
1041
- "LogDestinationType": "cloud-watch-logs",
1042
- "LogGroupName": {
1043
- "Ref": "VpcFlowLogLogGroup7B5C56B9"
1044
- },
1045
- "ResourceId": {
1046
- "Ref": "Vpc8378EB38"
1047
- },
1048
- "ResourceType": "VPC",
1049
- "Tags": [
1050
- {
1051
- "Key": "Name",
1052
- "Value": "lamopn-disabled-zone-awareness/Vpc/FlowLog"
1053
- }
1054
- ],
1055
- "TrafficType": "ALL"
1056
- }
1057
- }
1058
- },
1059
- "Parameters": {
1060
- "BootstrapVersion": {
1061
- "Type": "AWS::SSM::Parameter::Value<String>",
1062
- "Default": "/cdk-bootstrap/hnb659fds/version",
1063
- "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
1064
- }
1065
- },
1066
- "Rules": {
1067
- "CheckBootstrapVersion": {
1068
- "Assertions": [
1069
- {
1070
- "Assert": {
1071
- "Fn::Not": [
1072
- {
1073
- "Fn::Contains": [
1074
- [
1075
- "1",
1076
- "2",
1077
- "3",
1078
- "4",
1079
- "5"
1080
- ],
1081
- {
1082
- "Ref": "BootstrapVersion"
1083
- }
1084
- ]
1085
- }
1086
- ]
1087
- },
1088
- "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
1089
- }
1090
- ]
1091
- }
1092
- }
1093
- }