3 Risposte
- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
0
There is no Opensearch Dashboard SDK available at this time but I'm able to achieve this as part of the CDK Stack using Custom Resource Lambda, Opensearch Dashboard APIs, AWS NodeHttpClient with Sigv4. There is an open requests for adding this capability in the Javascript client though. https://github.com/opensearch-project/opensearch-js/issues/264
con risposta 2 anni fa
0
Steps I did:
- Add a role for lambda used by custom resource
- update internal roles for Opensearch domain to accept the IAM role as a backend_role for "all_access" internal role, with a request made by lambda, similar to this
curl -X PUT "https://vpc-xxxxxxxxx-xxxxxxxx.eu-west-1.es.amazonaws.com/_plugins/_security/api/rolesmapping/all_access" -H "Content-Type: application/json" -H "kbn-xsrf: true" -u "master_username:master_password" -d '{
"backend_roles": ["arn:aws:iam::xxxxxxxx:role/ROLE-NAME"],
"hosts": [],
"users": ["master_username"]
}'
- do normal signed requests from the same lambda to API to create various things, e.g. POST https://vpc-xxxxxxxxx-xxxxxxxx.eu-west-1.es.amazonaws.com/_dashboards/api/saved_objects/index-pattern e.g.
const generateRequest = (request: HttpRequestType) => {
// Promise wrapper for https request
return new Promise((resolve, reject) => {
const options = {
hostname: request.hostname,
port: request.port,
protocol: request.protocol,
path: request.path,
method: request.method,
headers: request.headers,
};
const req = https.request(options, (res) => {
let responseBody = "";
res.on("data", (d) => {
responseBody += d;
});
res.on("end", () => {
resolve(responseBody);
});
});
req.on("error", (error) => {
reject(error);
});
// Write data to request body
req.write(request.body);
req.end();
});
};
const credentials = await defaultProvider()();
const signer = new SignatureV4({
credentials,
region: process.env.AWS_REGION,
service: "es",
sha256: Sha256,
});
const indexPatternRequest = new HttpRequest({
body: JSON.stringify({
attributes: {
title: IndexPattern,
},
}),
port: 443,
protocol: "https:",
hostname: DomainDashboardUrl,
path: "/_dashboards/api/saved_objects/index-pattern",
method: "POST",
headers: {
"Content-Type": "application/json",
"osd-xsrf": "true", // Required by OpenSearch Dashboards for all save operations
Host: DomainDashboardUrl,
},
});
const signedRequest = await signer.sign(indexPatternRequest);
const sendRequest = generateRequest(signedRequest);
const response = await sendRequest;
con risposta 2 mesi fa
0
Hi, there is a CDK construct library to manage OpenSearch resources such as role or role mapping.
https://github.com/tmokmss/opensearch-rest-resources
You can create OpenSearch resources with the following code:
import { OpenSearchRole, OpenSearchRoleMapping } from 'opensearch-rest-resources'; const role = new OpenSearchRole(this, 'Role1', { vpc, domain, roleName: 'Role1', payload: { clusterPermissions: ['indices:data/write/bulk'], indexPermissions: [ { indexPatterns: ['*'], allowedActions: ['read', 'write', 'index', 'create_index'], }, ], } }); const roleMapping = new OpenSearchRoleMapping(this, 'RoleMapping1', { vpc, domain, roleName: 'Role1', payload: { backendRoles: [role.roleArn], }, removalPolicy: RemovalPolicy.RETAIN, });
con risposta un mese fa
Contenuto pertinente
- AWS UFFICIALEAggiornata 2 anni fa
- AWS UFFICIALEAggiornata 2 anni fa
- AWS UFFICIALEAggiornata 3 mesi fa