3 Answers
- Newest
- Most votes
- Most comments
0
There is no Opensearch Dashboard SDK available at this time but I'm able to achieve this as part of the CDK Stack using Custom Resource Lambda, Opensearch Dashboard APIs, AWS NodeHttpClient with Sigv4. There is an open requests for adding this capability in the Javascript client though. https://github.com/opensearch-project/opensearch-js/issues/264
answered 2 years ago
0
Steps I did:
- Add a role for lambda used by custom resource
- update internal roles for Opensearch domain to accept the IAM role as a backend_role for "all_access" internal role, with a request made by lambda, similar to this
curl -X PUT "https://vpc-xxxxxxxxx-xxxxxxxx.eu-west-1.es.amazonaws.com/_plugins/_security/api/rolesmapping/all_access" -H "Content-Type: application/json" -H "kbn-xsrf: true" -u "master_username:master_password" -d '{
"backend_roles": ["arn:aws:iam::xxxxxxxx:role/ROLE-NAME"],
"hosts": [],
"users": ["master_username"]
}'
- do normal signed requests from the same lambda to API to create various things, e.g. POST https://vpc-xxxxxxxxx-xxxxxxxx.eu-west-1.es.amazonaws.com/_dashboards/api/saved_objects/index-pattern e.g.
const generateRequest = (request: HttpRequestType) => {
// Promise wrapper for https request
return new Promise((resolve, reject) => {
const options = {
hostname: request.hostname,
port: request.port,
protocol: request.protocol,
path: request.path,
method: request.method,
headers: request.headers,
};
const req = https.request(options, (res) => {
let responseBody = "";
res.on("data", (d) => {
responseBody += d;
});
res.on("end", () => {
resolve(responseBody);
});
});
req.on("error", (error) => {
reject(error);
});
// Write data to request body
req.write(request.body);
req.end();
});
};
const credentials = await defaultProvider()();
const signer = new SignatureV4({
credentials,
region: process.env.AWS_REGION,
service: "es",
sha256: Sha256,
});
const indexPatternRequest = new HttpRequest({
body: JSON.stringify({
attributes: {
title: IndexPattern,
},
}),
port: 443,
protocol: "https:",
hostname: DomainDashboardUrl,
path: "/_dashboards/api/saved_objects/index-pattern",
method: "POST",
headers: {
"Content-Type": "application/json",
"osd-xsrf": "true", // Required by OpenSearch Dashboards for all save operations
Host: DomainDashboardUrl,
},
});
const signedRequest = await signer.sign(indexPatternRequest);
const sendRequest = generateRequest(signedRequest);
const response = await sendRequest;
answered 7 months ago
0
Hi, there is a CDK construct library to manage OpenSearch resources such as role or role mapping.
https://github.com/tmokmss/opensearch-rest-resources
You can create OpenSearch resources with the following code:
import { OpenSearchRole, OpenSearchRoleMapping } from 'opensearch-rest-resources'; const role = new OpenSearchRole(this, 'Role1', { vpc, domain, roleName: 'Role1', payload: { clusterPermissions: ['indices:data/write/bulk'], indexPermissions: [ { indexPatterns: ['*'], allowedActions: ['read', 'write', 'index', 'create_index'], }, ], } }); const roleMapping = new OpenSearchRoleMapping(this, 'RoleMapping1', { vpc, domain, roleName: 'Role1', payload: { backendRoles: [role.roleArn], }, removalPolicy: RemovalPolicy.RETAIN, });
answered 6 months ago
Relevant content
- asked 10 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated 2 months ago