3개 답변
- 최신
- 최다 투표
- 가장 많은 댓글
0
There is no Opensearch Dashboard SDK available at this time but I'm able to achieve this as part of the CDK Stack using Custom Resource Lambda, Opensearch Dashboard APIs, AWS NodeHttpClient with Sigv4. There is an open requests for adding this capability in the Javascript client though. https://github.com/opensearch-project/opensearch-js/issues/264
답변함 2년 전
0
Steps I did:
- Add a role for lambda used by custom resource
- update internal roles for Opensearch domain to accept the IAM role as a backend_role for "all_access" internal role, with a request made by lambda, similar to this
curl -X PUT "https://vpc-xxxxxxxxx-xxxxxxxx.eu-west-1.es.amazonaws.com/_plugins/_security/api/rolesmapping/all_access" -H "Content-Type: application/json" -H "kbn-xsrf: true" -u "master_username:master_password" -d '{
"backend_roles": ["arn:aws:iam::xxxxxxxx:role/ROLE-NAME"],
"hosts": [],
"users": ["master_username"]
}'
- do normal signed requests from the same lambda to API to create various things, e.g. POST https://vpc-xxxxxxxxx-xxxxxxxx.eu-west-1.es.amazonaws.com/_dashboards/api/saved_objects/index-pattern e.g.
const generateRequest = (request: HttpRequestType) => {
// Promise wrapper for https request
return new Promise((resolve, reject) => {
const options = {
hostname: request.hostname,
port: request.port,
protocol: request.protocol,
path: request.path,
method: request.method,
headers: request.headers,
};
const req = https.request(options, (res) => {
let responseBody = "";
res.on("data", (d) => {
responseBody += d;
});
res.on("end", () => {
resolve(responseBody);
});
});
req.on("error", (error) => {
reject(error);
});
// Write data to request body
req.write(request.body);
req.end();
});
};
const credentials = await defaultProvider()();
const signer = new SignatureV4({
credentials,
region: process.env.AWS_REGION,
service: "es",
sha256: Sha256,
});
const indexPatternRequest = new HttpRequest({
body: JSON.stringify({
attributes: {
title: IndexPattern,
},
}),
port: 443,
protocol: "https:",
hostname: DomainDashboardUrl,
path: "/_dashboards/api/saved_objects/index-pattern",
method: "POST",
headers: {
"Content-Type": "application/json",
"osd-xsrf": "true", // Required by OpenSearch Dashboards for all save operations
Host: DomainDashboardUrl,
},
});
const signedRequest = await signer.sign(indexPatternRequest);
const sendRequest = generateRequest(signedRequest);
const response = await sendRequest;
답변함 2달 전
0
Hi, there is a CDK construct library to manage OpenSearch resources such as role or role mapping.
https://github.com/tmokmss/opensearch-rest-resources
You can create OpenSearch resources with the following code:
import { OpenSearchRole, OpenSearchRoleMapping } from 'opensearch-rest-resources'; const role = new OpenSearchRole(this, 'Role1', { vpc, domain, roleName: 'Role1', payload: { clusterPermissions: ['indices:data/write/bulk'], indexPermissions: [ { indexPatterns: ['*'], allowedActions: ['read', 'write', 'index', 'create_index'], }, ], } }); const roleMapping = new OpenSearchRoleMapping(this, 'RoleMapping1', { vpc, domain, roleName: 'Role1', payload: { backendRoles: [role.roleArn], }, removalPolicy: RemovalPolicy.RETAIN, });
답변함 한 달 전
관련 콘텐츠
- AWS 공식업데이트됨 2년 전