使用CloudFormation模板的可公开访问的Elasticsearch实例

Question

我可以使用控制台使用下面提到的选项创建一个弹性实例：

Network configuration: Public access
Fine Grained access control - enabled
Create Master user: selected
Master Username: root
Master Password: PassWord152)
Domain access policy: Allow open access

这里是一个例子：

如何使用这些参数创建cloudformation模板？

---

更新：

@Marcin忘记在“属性”部分添加此行-

DomainName: !Ref DomainName

Elasticsearch创建了一个与该行相矛盾的新随机名称...

“资源”： “ arn：aws：es：$ {AWS :: Region}：$ {AWS :: AccountId}：domain / $ {DomainName} / *”

然后出现AccessDenied错误。添加“ DomainName”参数后，它可以正常工作。

Answer 1

您可以检查以下模板（可能需要根据需要进行调整）：

---

Parameters:

  InstanceType:
    Type: String
    Default: c4.large.elasticsearch

  DomainName:
    Type: String
    Default: my-es-domain

  MasterUserName:
    Type: String
    Default: root

  MasterUserPassword:
    Type: String
    NoEcho: true
    Default: PassWord152)

Resources:

  MyESDomain:
    Type: AWS::Elasticsearch::Domain
    Properties:
      DomainName: !Ref DomainName 
      AccessPolicies: !Sub |
        {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Effect": "Allow",
              "Principal": {
                "AWS": "*"
              },
              "Action": "es:*",
              "Resource": "arn:aws:es:${AWS::Region}:${AWS::AccountId}:domain/${DomainName}/*"
            }
          ]
        }
      AdvancedSecurityOptions:
          Enabled: true
          InternalUserDatabaseEnabled: true
          MasterUserOptions: 
            MasterUserName: !Ref MasterUserName
            MasterUserPassword: !Ref MasterUserPassword
      EncryptionAtRestOptions: 
        Enabled: true
      NodeToNodeEncryptionOptions:
        Enabled: true
      DomainEndpointOptions:
        EnforceHTTPS: true
      EBSOptions: 
        EBSEnabled: true
        VolumeSize: 20
        VolumeType: gp2
      ElasticsearchClusterConfig: 
        DedicatedMasterEnabled: false
        InstanceCount: 1
        InstanceType: !Ref InstanceType
        ZoneAwarenessEnabled: false
      ElasticsearchVersion: 7.7

Outputs:
  
  Id:
    Value: !Ref MyESDomain    
    
  Arn:
    Value: !GetAtt MyESDomain.Arn    

  DomainArn:
    Value: !GetAtt MyESDomain.DomainArn
    
  DomainEndpoint:
    Value: !GetAtt MyESDomain.DomainEndpoint    
    
  KibanaEndpoint:
    Value: !Sub "${MyESDomain.DomainEndpoint}/_plugin/kibana/"