@aws-solutions-constructs/aws-lambda-opensearch 2.51.0 → 2.52.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (79) hide show
  1. package/.eslintignore +2 -0
  2. package/.jsii +49 -4
  3. package/integ.config.json +7 -0
  4. package/lib/index.js +1 -1
  5. package/package.json +9 -8
  6. package/test/integ.lamopn-cluster-config.js +6 -2
  7. package/test/integ.lamopn-cluster-config.js.snapshot/asset.abbc4eca9e7ddabc31da3ce83159e6eee8e72e2c358ab8af0711044514c41290/index.js +60 -0
  8. package/test/integ.lamopn-cluster-config.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/__entrypoint__.js +1 -0
  9. package/test/integ.lamopn-cluster-config.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/index.js +1 -0
  10. package/test/integ.lamopn-cluster-config.js.snapshot/cdk.out +1 -0
  11. package/test/integ.lamopn-cluster-config.js.snapshot/integ.json +12 -0
  12. package/test/integ.lamopn-cluster-config.js.snapshot/lamopn-cluster-config.assets.json +45 -0
  13. package/test/integ.lamopn-cluster-config.js.snapshot/lamopn-cluster-config.template.json +1295 -0
  14. package/test/integ.lamopn-cluster-config.js.snapshot/lamopnclusterconfigIntegDefaultTestDeployAssertD8012D1A.assets.json +19 -0
  15. package/test/integ.lamopn-cluster-config.js.snapshot/lamopnclusterconfigIntegDefaultTestDeployAssertD8012D1A.template.json +36 -0
  16. package/test/integ.lamopn-cluster-config.js.snapshot/manifest.json +323 -0
  17. package/test/integ.lamopn-cluster-config.js.snapshot/tree.json +1795 -0
  18. package/test/integ.lamopn-disabled-zone-awareness.js +6 -2
  19. package/test/integ.lamopn-disabled-zone-awareness.js.snapshot/asset.abbc4eca9e7ddabc31da3ce83159e6eee8e72e2c358ab8af0711044514c41290/index.js +60 -0
  20. package/test/integ.lamopn-disabled-zone-awareness.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/__entrypoint__.js +1 -0
  21. package/test/integ.lamopn-disabled-zone-awareness.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/index.js +1 -0
  22. package/test/integ.lamopn-disabled-zone-awareness.js.snapshot/cdk.out +1 -0
  23. package/test/integ.lamopn-disabled-zone-awareness.js.snapshot/integ.json +12 -0
  24. package/test/integ.lamopn-disabled-zone-awareness.js.snapshot/lamopn-disabled-zone-awareness.assets.json +45 -0
  25. package/test/integ.lamopn-disabled-zone-awareness.js.snapshot/lamopn-disabled-zone-awareness.template.json +1228 -0
  26. package/test/integ.lamopn-disabled-zone-awareness.js.snapshot/lamopndisabledzoneawarenessIntegDefaultTestDeployAssert7E083B68.assets.json +19 -0
  27. package/test/integ.lamopn-disabled-zone-awareness.js.snapshot/lamopndisabledzoneawarenessIntegDefaultTestDeployAssert7E083B68.template.json +36 -0
  28. package/test/integ.lamopn-disabled-zone-awareness.js.snapshot/manifest.json +305 -0
  29. package/test/integ.lamopn-disabled-zone-awareness.js.snapshot/tree.json +1687 -0
  30. package/test/integ.lamopn-domain-arguments.js +5 -2
  31. package/test/integ.lamopn-domain-arguments.js.snapshot/asset.abbc4eca9e7ddabc31da3ce83159e6eee8e72e2c358ab8af0711044514c41290/index.js +60 -0
  32. package/test/integ.lamopn-domain-arguments.js.snapshot/cdk.out +1 -0
  33. package/test/integ.lamopn-domain-arguments.js.snapshot/integ.json +12 -0
  34. package/test/integ.lamopn-domain-arguments.js.snapshot/lamopn-domain-arguments.assets.json +32 -0
  35. package/test/integ.lamopn-domain-arguments.js.snapshot/lamopn-domain-arguments.template.json +846 -0
  36. package/test/integ.lamopn-domain-arguments.js.snapshot/lamopndomainargumentsIntegDefaultTestDeployAssert47534E1E.assets.json +19 -0
  37. package/test/integ.lamopn-domain-arguments.js.snapshot/lamopndomainargumentsIntegDefaultTestDeployAssert47534E1E.template.json +36 -0
  38. package/test/integ.lamopn-domain-arguments.js.snapshot/manifest.json +233 -0
  39. package/test/integ.lamopn-domain-arguments.js.snapshot/tree.json +1256 -0
  40. package/test/integ.lamopn-existing-vpc.js +12 -6
  41. package/test/integ.lamopn-existing-vpc.js.snapshot/asset.abbc4eca9e7ddabc31da3ce83159e6eee8e72e2c358ab8af0711044514c41290/index.js +60 -0
  42. package/test/integ.lamopn-existing-vpc.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/__entrypoint__.js +1 -0
  43. package/test/integ.lamopn-existing-vpc.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/index.js +1 -0
  44. package/test/integ.lamopn-existing-vpc.js.snapshot/cdk.out +1 -0
  45. package/test/integ.lamopn-existing-vpc.js.snapshot/integ.json +12 -0
  46. package/test/integ.lamopn-existing-vpc.js.snapshot/lamopn-existing-vpc.assets.json +48 -0
  47. package/test/integ.lamopn-existing-vpc.js.snapshot/lamopn-existing-vpc.template.json +1571 -0
  48. package/test/integ.lamopn-existing-vpc.js.snapshot/lamopnexistingvpcIntegDefaultTestDeployAssert4A7EE058.assets.json +19 -0
  49. package/test/integ.lamopn-existing-vpc.js.snapshot/lamopnexistingvpcIntegDefaultTestDeployAssert4A7EE058.template.json +36 -0
  50. package/test/integ.lamopn-existing-vpc.js.snapshot/manifest.json +419 -0
  51. package/test/integ.lamopn-existing-vpc.js.snapshot/tree.json +2207 -0
  52. package/test/integ.lamopn-no-arguments.js +5 -2
  53. package/test/integ.lamopn-no-arguments.js.snapshot/asset.abbc4eca9e7ddabc31da3ce83159e6eee8e72e2c358ab8af0711044514c41290/index.js +60 -0
  54. package/test/integ.lamopn-no-arguments.js.snapshot/cdk.out +1 -0
  55. package/test/integ.lamopn-no-arguments.js.snapshot/integ.json +12 -0
  56. package/test/integ.lamopn-no-arguments.js.snapshot/lamopn-no-arguments.assets.json +32 -0
  57. package/test/integ.lamopn-no-arguments.js.snapshot/lamopn-no-arguments.template.json +846 -0
  58. package/test/integ.lamopn-no-arguments.js.snapshot/lamopnnoargumentsIntegDefaultTestDeployAssert4290A592.assets.json +19 -0
  59. package/test/integ.lamopn-no-arguments.js.snapshot/lamopnnoargumentsIntegDefaultTestDeployAssert4290A592.template.json +36 -0
  60. package/test/integ.lamopn-no-arguments.js.snapshot/manifest.json +233 -0
  61. package/test/integ.lamopn-no-arguments.js.snapshot/tree.json +1256 -0
  62. package/test/integ.lamopn-vpc-props.js +12 -6
  63. package/test/integ.lamopn-vpc-props.js.snapshot/asset.abbc4eca9e7ddabc31da3ce83159e6eee8e72e2c358ab8af0711044514c41290/index.js +60 -0
  64. package/test/integ.lamopn-vpc-props.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/__entrypoint__.js +1 -0
  65. package/test/integ.lamopn-vpc-props.js.snapshot/asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e/index.js +1 -0
  66. package/test/integ.lamopn-vpc-props.js.snapshot/cdk.out +1 -0
  67. package/test/integ.lamopn-vpc-props.js.snapshot/integ.json +12 -0
  68. package/test/integ.lamopn-vpc-props.js.snapshot/lamopn-vpc-props.assets.json +48 -0
  69. package/test/integ.lamopn-vpc-props.js.snapshot/lamopn-vpc-props.template.json +1287 -0
  70. package/test/integ.lamopn-vpc-props.js.snapshot/lamopnvpcpropsIntegDefaultTestDeployAssertC7FD49B0.assets.json +19 -0
  71. package/test/integ.lamopn-vpc-props.js.snapshot/lamopnvpcpropsIntegDefaultTestDeployAssertC7FD49B0.template.json +36 -0
  72. package/test/integ.lamopn-vpc-props.js.snapshot/manifest.json +323 -0
  73. package/test/integ.lamopn-vpc-props.js.snapshot/tree.json +1795 -0
  74. package/test/integ.lamopn-cluster-config.expected.json +0 -1153
  75. package/test/integ.lamopn-disabled-zone-awareness.expected.json +0 -1093
  76. package/test/integ.lamopn-domain-arguments.expected.json +0 -846
  77. package/test/integ.lamopn-existing-vpc.expected.json +0 -1602
  78. package/test/integ.lamopn-no-arguments.expected.json +0 -846
  79. package/test/integ.lamopn-vpc-props.expected.json +0 -1208
@@ -1,846 +0,0 @@
1
- {
2
- "Resources": {
3
- "testlambdaopensearchLambdaFunctionServiceRole4722AB8A": {
4
- "Type": "AWS::IAM::Role",
5
- "Properties": {
6
- "AssumeRolePolicyDocument": {
7
- "Statement": [
8
- {
9
- "Action": "sts:AssumeRole",
10
- "Effect": "Allow",
11
- "Principal": {
12
- "Service": "lambda.amazonaws.com"
13
- }
14
- }
15
- ],
16
- "Version": "2012-10-17"
17
- },
18
- "Policies": [
19
- {
20
- "PolicyDocument": {
21
- "Statement": [
22
- {
23
- "Action": [
24
- "logs:CreateLogGroup",
25
- "logs:CreateLogStream",
26
- "logs:PutLogEvents"
27
- ],
28
- "Effect": "Allow",
29
- "Resource": {
30
- "Fn::Join": [
31
- "",
32
- [
33
- "arn:",
34
- {
35
- "Ref": "AWS::Partition"
36
- },
37
- ":logs:",
38
- {
39
- "Ref": "AWS::Region"
40
- },
41
- ":",
42
- {
43
- "Ref": "AWS::AccountId"
44
- },
45
- ":log-group:/aws/lambda/*"
46
- ]
47
- ]
48
- }
49
- }
50
- ],
51
- "Version": "2012-10-17"
52
- },
53
- "PolicyName": "LambdaFunctionServiceRolePolicy"
54
- }
55
- ]
56
- }
57
- },
58
- "testlambdaopensearchLambdaFunctionServiceRoleDefaultPolicy78C56359": {
59
- "Type": "AWS::IAM::Policy",
60
- "Properties": {
61
- "PolicyDocument": {
62
- "Statement": [
63
- {
64
- "Action": [
65
- "xray:PutTraceSegments",
66
- "xray:PutTelemetryRecords"
67
- ],
68
- "Effect": "Allow",
69
- "Resource": "*"
70
- }
71
- ],
72
- "Version": "2012-10-17"
73
- },
74
- "PolicyName": "testlambdaopensearchLambdaFunctionServiceRoleDefaultPolicy78C56359",
75
- "Roles": [
76
- {
77
- "Ref": "testlambdaopensearchLambdaFunctionServiceRole4722AB8A"
78
- }
79
- ]
80
- },
81
- "Metadata": {
82
- "cfn_nag": {
83
- "rules_to_suppress": [
84
- {
85
- "id": "W12",
86
- "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC."
87
- }
88
- ]
89
- }
90
- }
91
- },
92
- "testlambdaopensearchLambdaFunction93FD38F7": {
93
- "Type": "AWS::Lambda::Function",
94
- "Properties": {
95
- "Code": {
96
- "S3Bucket": {
97
- "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
98
- },
99
- "S3Key": "abbc4eca9e7ddabc31da3ce83159e6eee8e72e2c358ab8af0711044514c41290.zip"
100
- },
101
- "Environment": {
102
- "Variables": {
103
- "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1",
104
- "DOMAIN_ENDPOINT": {
105
- "Fn::GetAtt": [
106
- "testlambdaopensearchOpenSearchDomainF9CCC3D3",
107
- "DomainEndpoint"
108
- ]
109
- }
110
- }
111
- },
112
- "Handler": "index.handler",
113
- "Role": {
114
- "Fn::GetAtt": [
115
- "testlambdaopensearchLambdaFunctionServiceRole4722AB8A",
116
- "Arn"
117
- ]
118
- },
119
- "Runtime": "nodejs16.x",
120
- "TracingConfig": {
121
- "Mode": "Active"
122
- }
123
- },
124
- "DependsOn": [
125
- "testlambdaopensearchLambdaFunctionServiceRoleDefaultPolicy78C56359",
126
- "testlambdaopensearchLambdaFunctionServiceRole4722AB8A"
127
- ],
128
- "Metadata": {
129
- "cfn_nag": {
130
- "rules_to_suppress": [
131
- {
132
- "id": "W58",
133
- "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions."
134
- },
135
- {
136
- "id": "W89",
137
- "reason": "This is not a rule for the general case, just for specific use cases/industries"
138
- },
139
- {
140
- "id": "W92",
141
- "reason": "Impossible for us to define the correct concurrency for clients"
142
- }
143
- ]
144
- }
145
- }
146
- },
147
- "testlambdaopensearchCognitoUserPoolA09096F9": {
148
- "Type": "AWS::Cognito::UserPool",
149
- "Properties": {
150
- "AccountRecoverySetting": {
151
- "RecoveryMechanisms": [
152
- {
153
- "Name": "verified_phone_number",
154
- "Priority": 1
155
- },
156
- {
157
- "Name": "verified_email",
158
- "Priority": 2
159
- }
160
- ]
161
- },
162
- "AdminCreateUserConfig": {
163
- "AllowAdminCreateUserOnly": true
164
- },
165
- "EmailVerificationMessage": "The verification code to your new account is {####}",
166
- "EmailVerificationSubject": "Verify your new account",
167
- "SmsVerificationMessage": "The verification code to your new account is {####}",
168
- "UserPoolAddOns": {
169
- "AdvancedSecurityMode": "ENFORCED"
170
- },
171
- "VerificationMessageTemplate": {
172
- "DefaultEmailOption": "CONFIRM_WITH_CODE",
173
- "EmailMessage": "The verification code to your new account is {####}",
174
- "EmailSubject": "Verify your new account",
175
- "SmsMessage": "The verification code to your new account is {####}"
176
- }
177
- },
178
- "UpdateReplacePolicy": "Retain",
179
- "DeletionPolicy": "Retain"
180
- },
181
- "testlambdaopensearchCognitoUserPoolClient39C21D94": {
182
- "Type": "AWS::Cognito::UserPoolClient",
183
- "Properties": {
184
- "AllowedOAuthFlows": [
185
- "implicit",
186
- "code"
187
- ],
188
- "AllowedOAuthFlowsUserPoolClient": true,
189
- "AllowedOAuthScopes": [
190
- "profile",
191
- "phone",
192
- "email",
193
- "openid",
194
- "aws.cognito.signin.user.admin"
195
- ],
196
- "CallbackURLs": [
197
- "https://example.com"
198
- ],
199
- "SupportedIdentityProviders": [
200
- "COGNITO"
201
- ],
202
- "UserPoolId": {
203
- "Ref": "testlambdaopensearchCognitoUserPoolA09096F9"
204
- }
205
- }
206
- },
207
- "testlambdaopensearchCognitoIdentityPool0B1FB311": {
208
- "Type": "AWS::Cognito::IdentityPool",
209
- "Properties": {
210
- "AllowUnauthenticatedIdentities": false,
211
- "CognitoIdentityProviders": [
212
- {
213
- "ClientId": {
214
- "Ref": "testlambdaopensearchCognitoUserPoolClient39C21D94"
215
- },
216
- "ProviderName": {
217
- "Fn::GetAtt": [
218
- "testlambdaopensearchCognitoUserPoolA09096F9",
219
- "ProviderName"
220
- ]
221
- },
222
- "ServerSideTokenCheck": true
223
- }
224
- ]
225
- }
226
- },
227
- "testlambdaopensearchUserPoolDomain98864920": {
228
- "Type": "AWS::Cognito::UserPoolDomain",
229
- "Properties": {
230
- "Domain": {
231
- "Fn::Join": [
232
- "-",
233
- [
234
- "dn",
235
- {
236
- "Fn::Select": [
237
- 4,
238
- {
239
- "Fn::Split": [
240
- "-",
241
- {
242
- "Fn::Select": [
243
- 2,
244
- {
245
- "Fn::Split": [
246
- "/",
247
- {
248
- "Ref": "AWS::StackId"
249
- }
250
- ]
251
- }
252
- ]
253
- }
254
- ]
255
- }
256
- ]
257
- }
258
- ]
259
- ]
260
- },
261
- "UserPoolId": {
262
- "Ref": "testlambdaopensearchCognitoUserPoolA09096F9"
263
- }
264
- },
265
- "DependsOn": [
266
- "testlambdaopensearchCognitoUserPoolA09096F9"
267
- ]
268
- },
269
- "testlambdaopensearchCognitoAuthorizedRole58A1ED44": {
270
- "Type": "AWS::IAM::Role",
271
- "Properties": {
272
- "AssumeRolePolicyDocument": {
273
- "Statement": [
274
- {
275
- "Action": "sts:AssumeRoleWithWebIdentity",
276
- "Condition": {
277
- "StringEquals": {
278
- "cognito-identity.amazonaws.com:aud": {
279
- "Ref": "testlambdaopensearchCognitoIdentityPool0B1FB311"
280
- }
281
- },
282
- "ForAnyValue:StringLike": {
283
- "cognito-identity.amazonaws.com:amr": "authenticated"
284
- }
285
- },
286
- "Effect": "Allow",
287
- "Principal": {
288
- "Federated": "cognito-identity.amazonaws.com"
289
- }
290
- }
291
- ],
292
- "Version": "2012-10-17"
293
- },
294
- "Policies": [
295
- {
296
- "PolicyDocument": {
297
- "Statement": [
298
- {
299
- "Action": "es:ESHttp*",
300
- "Effect": "Allow",
301
- "Resource": {
302
- "Fn::Join": [
303
- "",
304
- [
305
- "arn:",
306
- {
307
- "Ref": "AWS::Partition"
308
- },
309
- ":es:",
310
- {
311
- "Ref": "AWS::Region"
312
- },
313
- ":",
314
- {
315
- "Ref": "AWS::AccountId"
316
- },
317
- ":domain/",
318
- {
319
- "Fn::Join": [
320
- "-",
321
- [
322
- "dn",
323
- {
324
- "Fn::Select": [
325
- 4,
326
- {
327
- "Fn::Split": [
328
- "-",
329
- {
330
- "Fn::Select": [
331
- 2,
332
- {
333
- "Fn::Split": [
334
- "/",
335
- {
336
- "Ref": "AWS::StackId"
337
- }
338
- ]
339
- }
340
- ]
341
- }
342
- ]
343
- }
344
- ]
345
- }
346
- ]
347
- ]
348
- },
349
- "/*"
350
- ]
351
- ]
352
- }
353
- }
354
- ],
355
- "Version": "2012-10-17"
356
- },
357
- "PolicyName": "CognitoAccessPolicy"
358
- }
359
- ]
360
- }
361
- },
362
- "testlambdaopensearchIdentityPoolRoleMappingD8C765B1": {
363
- "Type": "AWS::Cognito::IdentityPoolRoleAttachment",
364
- "Properties": {
365
- "IdentityPoolId": {
366
- "Ref": "testlambdaopensearchCognitoIdentityPool0B1FB311"
367
- },
368
- "Roles": {
369
- "authenticated": {
370
- "Fn::GetAtt": [
371
- "testlambdaopensearchCognitoAuthorizedRole58A1ED44",
372
- "Arn"
373
- ]
374
- }
375
- }
376
- }
377
- },
378
- "testlambdaopensearchCognitoDashboardConfigureRole1F2B7B7A": {
379
- "Type": "AWS::IAM::Role",
380
- "Properties": {
381
- "AssumeRolePolicyDocument": {
382
- "Statement": [
383
- {
384
- "Action": "sts:AssumeRole",
385
- "Effect": "Allow",
386
- "Principal": {
387
- "Service": "es.amazonaws.com"
388
- }
389
- }
390
- ],
391
- "Version": "2012-10-17"
392
- }
393
- }
394
- },
395
- "testlambdaopensearchCognitoDashboardConfigureRolePolicyC9C6A6A2": {
396
- "Type": "AWS::IAM::Policy",
397
- "Properties": {
398
- "PolicyDocument": {
399
- "Statement": [
400
- {
401
- "Action": [
402
- "cognito-idp:DescribeUserPool",
403
- "cognito-idp:CreateUserPoolClient",
404
- "cognito-idp:DeleteUserPoolClient",
405
- "cognito-idp:DescribeUserPoolClient",
406
- "cognito-idp:AdminInitiateAuth",
407
- "cognito-idp:AdminUserGlobalSignOut",
408
- "cognito-idp:ListUserPoolClients",
409
- "cognito-identity:DescribeIdentityPool",
410
- "cognito-identity:UpdateIdentityPool",
411
- "cognito-identity:SetIdentityPoolRoles",
412
- "cognito-identity:GetIdentityPoolRoles",
413
- "es:UpdateDomainConfig"
414
- ],
415
- "Effect": "Allow",
416
- "Resource": [
417
- {
418
- "Fn::GetAtt": [
419
- "testlambdaopensearchCognitoUserPoolA09096F9",
420
- "Arn"
421
- ]
422
- },
423
- {
424
- "Fn::Join": [
425
- "",
426
- [
427
- "arn:",
428
- {
429
- "Ref": "AWS::Partition"
430
- },
431
- ":cognito-identity:",
432
- {
433
- "Ref": "AWS::Region"
434
- },
435
- ":",
436
- {
437
- "Ref": "AWS::AccountId"
438
- },
439
- ":identitypool/",
440
- {
441
- "Ref": "testlambdaopensearchCognitoIdentityPool0B1FB311"
442
- }
443
- ]
444
- ]
445
- },
446
- {
447
- "Fn::Join": [
448
- "",
449
- [
450
- "arn:",
451
- {
452
- "Ref": "AWS::Partition"
453
- },
454
- ":es:",
455
- {
456
- "Ref": "AWS::Region"
457
- },
458
- ":",
459
- {
460
- "Ref": "AWS::AccountId"
461
- },
462
- ":domain/",
463
- {
464
- "Fn::Join": [
465
- "-",
466
- [
467
- "dn",
468
- {
469
- "Fn::Select": [
470
- 4,
471
- {
472
- "Fn::Split": [
473
- "-",
474
- {
475
- "Fn::Select": [
476
- 2,
477
- {
478
- "Fn::Split": [
479
- "/",
480
- {
481
- "Ref": "AWS::StackId"
482
- }
483
- ]
484
- }
485
- ]
486
- }
487
- ]
488
- }
489
- ]
490
- }
491
- ]
492
- ]
493
- }
494
- ]
495
- ]
496
- }
497
- ]
498
- },
499
- {
500
- "Action": "iam:PassRole",
501
- "Condition": {
502
- "StringLike": {
503
- "iam:PassedToService": "cognito-identity.amazonaws.com"
504
- }
505
- },
506
- "Effect": "Allow",
507
- "Resource": {
508
- "Fn::GetAtt": [
509
- "testlambdaopensearchCognitoDashboardConfigureRole1F2B7B7A",
510
- "Arn"
511
- ]
512
- }
513
- }
514
- ],
515
- "Version": "2012-10-17"
516
- },
517
- "PolicyName": "testlambdaopensearchCognitoDashboardConfigureRolePolicyC9C6A6A2",
518
- "Roles": [
519
- {
520
- "Ref": "testlambdaopensearchCognitoDashboardConfigureRole1F2B7B7A"
521
- }
522
- ]
523
- }
524
- },
525
- "testlambdaopensearchOpenSearchDomainF9CCC3D3": {
526
- "Type": "AWS::OpenSearchService::Domain",
527
- "Properties": {
528
- "AccessPolicies": {
529
- "Statement": [
530
- {
531
- "Action": "es:ESHttp*",
532
- "Effect": "Allow",
533
- "Principal": {
534
- "AWS": [
535
- {
536
- "Fn::GetAtt": [
537
- "testlambdaopensearchCognitoAuthorizedRole58A1ED44",
538
- "Arn"
539
- ]
540
- },
541
- {
542
- "Fn::GetAtt": [
543
- "testlambdaopensearchLambdaFunctionServiceRole4722AB8A",
544
- "Arn"
545
- ]
546
- }
547
- ]
548
- },
549
- "Resource": {
550
- "Fn::Join": [
551
- "",
552
- [
553
- "arn:",
554
- {
555
- "Ref": "AWS::Partition"
556
- },
557
- ":es:",
558
- {
559
- "Ref": "AWS::Region"
560
- },
561
- ":",
562
- {
563
- "Ref": "AWS::AccountId"
564
- },
565
- ":domain/",
566
- {
567
- "Fn::Join": [
568
- "-",
569
- [
570
- "dn",
571
- {
572
- "Fn::Select": [
573
- 4,
574
- {
575
- "Fn::Split": [
576
- "-",
577
- {
578
- "Fn::Select": [
579
- 2,
580
- {
581
- "Fn::Split": [
582
- "/",
583
- {
584
- "Ref": "AWS::StackId"
585
- }
586
- ]
587
- }
588
- ]
589
- }
590
- ]
591
- }
592
- ]
593
- }
594
- ]
595
- ]
596
- },
597
- "/*"
598
- ]
599
- ]
600
- }
601
- }
602
- ],
603
- "Version": "2012-10-17"
604
- },
605
- "ClusterConfig": {
606
- "DedicatedMasterCount": 3,
607
- "DedicatedMasterEnabled": true,
608
- "InstanceCount": 3,
609
- "ZoneAwarenessConfig": {
610
- "AvailabilityZoneCount": 3
611
- },
612
- "ZoneAwarenessEnabled": true
613
- },
614
- "CognitoOptions": {
615
- "Enabled": true,
616
- "IdentityPoolId": {
617
- "Ref": "testlambdaopensearchCognitoIdentityPool0B1FB311"
618
- },
619
- "RoleArn": {
620
- "Fn::GetAtt": [
621
- "testlambdaopensearchCognitoDashboardConfigureRole1F2B7B7A",
622
- "Arn"
623
- ]
624
- },
625
- "UserPoolId": {
626
- "Ref": "testlambdaopensearchCognitoUserPoolA09096F9"
627
- }
628
- },
629
- "DomainEndpointOptions": {
630
- "EnforceHTTPS": true,
631
- "TLSSecurityPolicy": "Policy-Min-TLS-1-2-2019-07"
632
- },
633
- "DomainName": {
634
- "Fn::Join": [
635
- "-",
636
- [
637
- "dn",
638
- {
639
- "Fn::Select": [
640
- 4,
641
- {
642
- "Fn::Split": [
643
- "-",
644
- {
645
- "Fn::Select": [
646
- 2,
647
- {
648
- "Fn::Split": [
649
- "/",
650
- {
651
- "Ref": "AWS::StackId"
652
- }
653
- ]
654
- }
655
- ]
656
- }
657
- ]
658
- }
659
- ]
660
- }
661
- ]
662
- ]
663
- },
664
- "EBSOptions": {
665
- "EBSEnabled": true,
666
- "VolumeSize": 10
667
- },
668
- "EncryptionAtRestOptions": {
669
- "Enabled": true
670
- },
671
- "EngineVersion": "OpenSearch_1.3",
672
- "NodeToNodeEncryptionOptions": {
673
- "Enabled": true
674
- },
675
- "SnapshotOptions": {
676
- "AutomatedSnapshotStartHour": 1
677
- }
678
- },
679
- "Metadata": {
680
- "cfn_nag": {
681
- "rules_to_suppress": [
682
- {
683
- "id": "W28",
684
- "reason": "The OpenSearch Service domain is passed dynamically as as parameter and explicitly specified to ensure that IAM policies are configured to lockdown access to this specific OpenSearch Service instance only"
685
- },
686
- {
687
- "id": "W90",
688
- "reason": "This is not a rule for the general case, just for specific use cases/industries"
689
- }
690
- ]
691
- }
692
- }
693
- },
694
- "testlambdaopensearchStatusRedAlarm1627144D": {
695
- "Type": "AWS::CloudWatch::Alarm",
696
- "Properties": {
697
- "AlarmDescription": "At least one primary shard and its replicas are not allocated to a node. ",
698
- "ComparisonOperator": "GreaterThanOrEqualToThreshold",
699
- "EvaluationPeriods": 1,
700
- "MetricName": "ClusterStatus.red",
701
- "Namespace": "AWS/ES",
702
- "Period": 60,
703
- "Statistic": "Maximum",
704
- "Threshold": 1
705
- }
706
- },
707
- "testlambdaopensearchStatusYellowAlarm57139CF0": {
708
- "Type": "AWS::CloudWatch::Alarm",
709
- "Properties": {
710
- "AlarmDescription": "At least one replica shard is not allocated to a node.",
711
- "ComparisonOperator": "GreaterThanOrEqualToThreshold",
712
- "EvaluationPeriods": 1,
713
- "MetricName": "ClusterStatus.yellow",
714
- "Namespace": "AWS/ES",
715
- "Period": 60,
716
- "Statistic": "Maximum",
717
- "Threshold": 1
718
- }
719
- },
720
- "testlambdaopensearchFreeStorageSpaceTooLowAlarm6A5E1E96": {
721
- "Type": "AWS::CloudWatch::Alarm",
722
- "Properties": {
723
- "AlarmDescription": "A node in your cluster is down to 20 GiB of free storage space.",
724
- "ComparisonOperator": "LessThanOrEqualToThreshold",
725
- "EvaluationPeriods": 1,
726
- "MetricName": "FreeStorageSpace",
727
- "Namespace": "AWS/ES",
728
- "Period": 60,
729
- "Statistic": "Minimum",
730
- "Threshold": 20000
731
- }
732
- },
733
- "testlambdaopensearchIndexWritesBlockedTooHighAlarmD2E041A3": {
734
- "Type": "AWS::CloudWatch::Alarm",
735
- "Properties": {
736
- "AlarmDescription": "Your cluster is blocking write requests.",
737
- "ComparisonOperator": "GreaterThanOrEqualToThreshold",
738
- "EvaluationPeriods": 1,
739
- "MetricName": "ClusterIndexWritesBlocked",
740
- "Namespace": "AWS/ES",
741
- "Period": 300,
742
- "Statistic": "Maximum",
743
- "Threshold": 1
744
- }
745
- },
746
- "testlambdaopensearchAutomatedSnapshotFailureTooHighAlarm9A4D0B1F": {
747
- "Type": "AWS::CloudWatch::Alarm",
748
- "Properties": {
749
- "AlarmDescription": "An automated snapshot failed. This failure is often the result of a red cluster health status.",
750
- "ComparisonOperator": "GreaterThanOrEqualToThreshold",
751
- "EvaluationPeriods": 1,
752
- "MetricName": "AutomatedSnapshotFailure",
753
- "Namespace": "AWS/ES",
754
- "Period": 60,
755
- "Statistic": "Maximum",
756
- "Threshold": 1
757
- }
758
- },
759
- "testlambdaopensearchCPUUtilizationTooHighAlarmC4850758": {
760
- "Type": "AWS::CloudWatch::Alarm",
761
- "Properties": {
762
- "AlarmDescription": "100% CPU utilization is not uncommon, but sustained high usage is problematic. Consider using larger instance types or adding instances.",
763
- "ComparisonOperator": "GreaterThanOrEqualToThreshold",
764
- "EvaluationPeriods": 3,
765
- "MetricName": "CPUUtilization",
766
- "Namespace": "AWS/ES",
767
- "Period": 900,
768
- "Statistic": "Average",
769
- "Threshold": 80
770
- }
771
- },
772
- "testlambdaopensearchJVMMemoryPressureTooHighAlarmEFB09A7C": {
773
- "Type": "AWS::CloudWatch::Alarm",
774
- "Properties": {
775
- "AlarmDescription": "Average JVM memory pressure over last 15 minutes too high. Consider scaling vertically.",
776
- "ComparisonOperator": "GreaterThanOrEqualToThreshold",
777
- "EvaluationPeriods": 1,
778
- "MetricName": "JVMMemoryPressure",
779
- "Namespace": "AWS/ES",
780
- "Period": 900,
781
- "Statistic": "Average",
782
- "Threshold": 80
783
- }
784
- },
785
- "testlambdaopensearchMasterCPUUtilizationTooHighAlarm124D5748": {
786
- "Type": "AWS::CloudWatch::Alarm",
787
- "Properties": {
788
- "AlarmDescription": "Average CPU utilization over last 45 minutes too high. Consider using larger instance types for your dedicated master nodes.",
789
- "ComparisonOperator": "GreaterThanOrEqualToThreshold",
790
- "EvaluationPeriods": 3,
791
- "MetricName": "MasterCPUUtilization",
792
- "Namespace": "AWS/ES",
793
- "Period": 900,
794
- "Statistic": "Average",
795
- "Threshold": 50
796
- }
797
- },
798
- "testlambdaopensearchMasterJVMMemoryPressureTooHighAlarmBC9524D3": {
799
- "Type": "AWS::CloudWatch::Alarm",
800
- "Properties": {
801
- "AlarmDescription": "Average JVM memory pressure over last 15 minutes too high. Consider scaling vertically.",
802
- "ComparisonOperator": "GreaterThanOrEqualToThreshold",
803
- "EvaluationPeriods": 1,
804
- "MetricName": "MasterJVMMemoryPressure",
805
- "Namespace": "AWS/ES",
806
- "Period": 900,
807
- "Statistic": "Average",
808
- "Threshold": 50
809
- }
810
- }
811
- },
812
- "Parameters": {
813
- "BootstrapVersion": {
814
- "Type": "AWS::SSM::Parameter::Value<String>",
815
- "Default": "/cdk-bootstrap/hnb659fds/version",
816
- "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
817
- }
818
- },
819
- "Rules": {
820
- "CheckBootstrapVersion": {
821
- "Assertions": [
822
- {
823
- "Assert": {
824
- "Fn::Not": [
825
- {
826
- "Fn::Contains": [
827
- [
828
- "1",
829
- "2",
830
- "3",
831
- "4",
832
- "5"
833
- ],
834
- {
835
- "Ref": "BootstrapVersion"
836
- }
837
- ]
838
- }
839
- ]
840
- },
841
- "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
842
- }
843
- ]
844
- }
845
- }
846
- }