# aws-lambda-opensearch module
<!--BEGIN STABILITY BANNER-->---
> All classes are under active development and subject to non-backward compatible changes or removal in any
> future version. These are not subject to the [Semantic Versioning](https://semver.org/) model.
> This means that while you may use them, you may need to update your source code when upgrading to a newer version of this package.
---
<!--END STABILITY BANNER-->
| **Reference Documentation**:| <span style="font-weight: normal">https://docs.aws.amazon.com/solutions/latest/constructs/</span>|
|:-------------|:-------------|
<div style="height:8px"></div>
| **Language** | **Package** |
|:-------------|-----------------|
| Python|`aws_solutions_constructs.aws_lambda_opensearch`|
| Typescript|`@aws-solutions-constructs/aws-lambda-opensearch`|
| Java|`software.amazon.awsconstructs.services.lambdaopensearch`|
## Overview
This AWS Solutions Construct implements an AWS Lambda function and Amazon OpenSearch Service with the least privileged permissions.
Here is a minimal deployable pattern definition:
Typescript
```python
import { Construct } from 'constructs';
import { Stack, StackProps, Aws } from 'aws-cdk-lib';
import { LambdaToOpenSearch } from '@aws-solutions-constructs/aws-lambda-opensearch';
import * as lambda from "aws-cdk-lib/aws-lambda";
const lambdaProps: lambda.FunctionProps = {
code: lambda.Code.fromAsset(`lambda`),
runtime: lambda.Runtime.NODEJS_16_X,
handler: 'index.handler'
};
new LambdaToOpenSearch(this, 'sample', {
lambdaFunctionProps: lambdaProps,
openSearchDomainName: 'testdomain',
// TODO: Ensure the Cognito domain name is globally unique
cognitoDomainName: 'globallyuniquedomain' + Aws.ACCOUNT_ID
});
```
Python
```python
from aws_solutions_constructs.aws_lambda_opensearch import LambdaToOpenSearch
from aws_cdk import (
aws_lambda as _lambda,
Aws,
Stack
)
from constructs import Construct
lambda_props = _lambda.FunctionProps(
code=_lambda.Code.from_asset('lambda'),
runtime=_lambda.Runtime.PYTHON_3_9,
handler='index.handler'
)
LambdaToOpenSearch(self, 'sample',
lambda_function_props=lambda_props,
open_search_domain_name='testdomain',
# TODO: Ensure the Cognito domain name is globally unique
cognito_domain_name='globallyuniquedomain' + Aws.ACCOUNT_ID
)
```
Java
```java
import software.constructs.Construct;
import software.amazon.awscdk.Stack;
import software.amazon.awscdk.StackProps;
import software.amazon.awscdk.Aws;
import software.amazon.awscdk.services.lambda.*;
import software.amazon.awscdk.services.lambda.Runtime;
import software.amazon.awsconstructs.services.lambdaopensearch.*;
new LambdaToOpenSearch(this, "sample",
new LambdaToOpenSearchProps.Builder()
.lambdaFunctionProps(new FunctionProps.Builder()
.runtime(Runtime.NODEJS_16_X)
.code(Code.fromAsset("lambda"))
.handler("index.handler")
.build())
.openSearchDomainName("testdomain")
// TODO: Ensure the Cognito domain name is globally unique
.cognitoDomainName("globallyuniquedomain" + Aws.ACCOUNT_ID)
.build());
```
## Pattern Construct Props
| **Name** | **Type** | **Description** |
|:-------------|:----------------|-----------------|
|existingLambdaObj?|[`lambda.Function`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_lambda.Function.html)|Existing instance of Lambda Function object, providing both this and `lambdaFunctionProps` will cause an error.|
|lambdaFunctionProps?|[`lambda.FunctionProps`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_lambda.FunctionProps.html)|User provided props to override the default props for the Lambda function.|
|openSearchDomainProps?|[`opensearchservice.CfnDomainProps`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_opensearchservice.CfnDomainProps.html)|Optional user provided props to override the default props for the OpenSearch Service.|
|openSearchDomainName|`string`|Domain name for the OpenSearch Service.|
|cognitoDomainName?|`string`|Optional Amazon Cognito domain name. If omitted the Amazon Cognito domain will default to the OpenSearch Service domain name.|
|createCloudWatchAlarms?|`boolean`|Whether to create the recommended CloudWatch alarms.|
|domainEndpointEnvironmentVariableName?|`string`|Optional name for the OpenSearch domain endpoint environment variable set for the Lambda function. Default is `DOMAIN_ENDPOINT`.|
|existingVpc?|[`ec2.IVpc`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ec2.IVpc.html)|An optional, existing VPC into which this pattern should be deployed. When deployed in a VPC, the Lambda function will use ENIs in the VPC to access network resources. If an existing VPC is provided, the `deployVpc` property cannot be `true`. This uses `ec2.IVpc` to allow clients to supply VPCs that exist outside the stack using the [`ec2.Vpc.fromLookup()`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ec2.Vpc.html#static-fromwbrlookupscope-id-options) method.|
|vpcProps?|[`ec2.VpcProps`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ec2.VpcProps.html)|Optional user provided properties to override the default properties for the new VPC. `enableDnsHostnames`, `enableDnsSupport`, `natGateways` and `subnetConfiguration` are set by the pattern, so any values for those properties supplied here will be overridden. If `deployVpc` is not `true` then this property will be ignored.|
|deployVpc?|`boolean`|Whether to create a new VPC based on `vpcProps` into which to deploy this pattern. Setting this to true will deploy the minimal, most private VPC to run the pattern:<ul><li> One isolated subnet in each Availability Zone used by the CDK program</li><li>`enableDnsHostnames` and `enableDnsSupport` will both be set to true</li></ul>If this property is `true` then `existingVpc` cannot be specified. Defaults to `false`.|
## Pattern Properties
| **Name** | **Type** | **Description** |
|:-------------|:----------------|-----------------|
|lambdaFunction|[`lambda.Function`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_lambda.Function.html)|Returns an instance of `lambda.Function` created by the construct|
|userPool|[`cognito.UserPool`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_cognito.UserPool.html)|Returns an instance of `cognito.UserPool` created by the construct|
|userPoolClient|[`cognito.UserPoolClient`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_cognito.UserPoolClient.html)|Returns an instance of `cognito.UserPoolClient` created by the construct|
|identityPool|[`cognito.CfnIdentityPool`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_cognito.CfnIdentityPool.html)|Returns an instance of `cognito.CfnIdentityPool` created by the construct|
|openSearchDomain|[`opensearchservice.CfnDomain`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_opensearchservice.CfnDomain.html)|Returns an instance of `opensearch.CfnDomain` created by the construct|
|openSearchRole|[`iam.Role`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_iam.Role.html)|Returns an instance of `iam.Role` created by the construct for `opensearch.CfnDomain`|
|cloudWatchAlarms?|[`cloudwatch.Alarm[]`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_cloudwatch.Alarm.html)|Returns a list of `cloudwatch.Alarm` created by the construct|
|vpc?|[`ec2.IVpc`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ec2.IVpc.html)|Returns an interface on the VPC used by the pattern (if any). This may be a VPC created by the pattern or the VPC supplied to the pattern constructor.|
## Lambda Function
This pattern requires a lambda function that can post data into the OpenSearch. A sample function is provided [here](https://github.com/awslabs/aws-solutions-constructs/blob/master/source/patterns/%40aws-solutions-constructs/aws-lambda-opensearch/test/lambda/index.js).
## Default settings
Out of the box implementation of the Construct without any overrides will set the following defaults:
### AWS Lambda Function
* Configure limited privilege access IAM role for Lambda function
* Enable reusing connections with Keep-Alive for Node.js Lambda function
* Enable X-Ray Tracing
* Set Environment Variables
* (default) DOMAIN_ENDPOINT
* AWS_NODEJS_CONNECTION_REUSE_ENABLED
### Amazon Cognito
* Set password policy for User Pools
* Enforce the advanced security mode for User Pools
### Amazon OpenSearch Service
* Deploy best practices CloudWatch Alarms for the OpenSearch Service domain
* Secure the OpenSearch Service dashboard access with Cognito User Pools
* Enable server-side encryption for OpenSearch Service domain using AWS managed KMS Key
* Enable node-to-node encryption for the OpenSearch Service domain
* Configure the cluster for the OpenSearch Service domain
## Architecture
---
© Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
Raw data
{
"_id": null,
"home_page": "https://github.com/awslabs/aws-solutions-constructs.git",
"name": "aws-solutions-constructs.aws-lambda-opensearch",
"maintainer": null,
"docs_url": null,
"requires_python": "~=3.8",
"maintainer_email": null,
"keywords": null,
"author": "Amazon Web Services",
"author_email": null,
"download_url": "https://files.pythonhosted.org/packages/00/6d/50f1e048e9fcf488b910fc15232fde6f4b9377988d19739062bda8c876d9/aws_solutions_constructs_aws_lambda_opensearch-2.74.0.tar.gz",
"platform": null,
"description": "# aws-lambda-opensearch module\n\n<!--BEGIN STABILITY BANNER-->---\n\n\n\n\n> All classes are under active development and subject to non-backward compatible changes or removal in any\n> future version. These are not subject to the [Semantic Versioning](https://semver.org/) model.\n> This means that while you may use them, you may need to update your source code when upgrading to a newer version of this package.\n\n---\n<!--END STABILITY BANNER-->\n\n| **Reference Documentation**:| <span style=\"font-weight: normal\">https://docs.aws.amazon.com/solutions/latest/constructs/</span>|\n|:-------------|:-------------|\n\n<div style=\"height:8px\"></div>\n\n| **Language** | **Package** |\n|:-------------|-----------------|\n| Python|`aws_solutions_constructs.aws_lambda_opensearch`|\n| Typescript|`@aws-solutions-constructs/aws-lambda-opensearch`|\n| Java|`software.amazon.awsconstructs.services.lambdaopensearch`|\n\n## Overview\n\nThis AWS Solutions Construct implements an AWS Lambda function and Amazon OpenSearch Service with the least privileged permissions.\n\nHere is a minimal deployable pattern definition:\n\nTypescript\n\n```python\nimport { Construct } from 'constructs';\nimport { Stack, StackProps, Aws } from 'aws-cdk-lib';\nimport { LambdaToOpenSearch } from '@aws-solutions-constructs/aws-lambda-opensearch';\nimport * as lambda from \"aws-cdk-lib/aws-lambda\";\n\nconst lambdaProps: lambda.FunctionProps = {\n code: lambda.Code.fromAsset(`lambda`),\n runtime: lambda.Runtime.NODEJS_16_X,\n handler: 'index.handler'\n};\n\nnew LambdaToOpenSearch(this, 'sample', {\n lambdaFunctionProps: lambdaProps,\n openSearchDomainName: 'testdomain',\n // TODO: Ensure the Cognito domain name is globally unique\n cognitoDomainName: 'globallyuniquedomain' + Aws.ACCOUNT_ID\n});\n```\n\nPython\n\n```python\nfrom aws_solutions_constructs.aws_lambda_opensearch import LambdaToOpenSearch\nfrom aws_cdk import (\n aws_lambda as _lambda,\n Aws,\n Stack\n)\nfrom constructs import Construct\n\nlambda_props = _lambda.FunctionProps(\n code=_lambda.Code.from_asset('lambda'),\n runtime=_lambda.Runtime.PYTHON_3_9,\n handler='index.handler'\n)\n\nLambdaToOpenSearch(self, 'sample',\n lambda_function_props=lambda_props,\n open_search_domain_name='testdomain',\n # TODO: Ensure the Cognito domain name is globally unique\n cognito_domain_name='globallyuniquedomain' + Aws.ACCOUNT_ID\n )\n```\n\nJava\n\n```java\nimport software.constructs.Construct;\n\nimport software.amazon.awscdk.Stack;\nimport software.amazon.awscdk.StackProps;\nimport software.amazon.awscdk.Aws;\nimport software.amazon.awscdk.services.lambda.*;\nimport software.amazon.awscdk.services.lambda.Runtime;\nimport software.amazon.awsconstructs.services.lambdaopensearch.*;\n\nnew LambdaToOpenSearch(this, \"sample\",\n new LambdaToOpenSearchProps.Builder()\n .lambdaFunctionProps(new FunctionProps.Builder()\n .runtime(Runtime.NODEJS_16_X)\n .code(Code.fromAsset(\"lambda\"))\n .handler(\"index.handler\")\n .build())\n .openSearchDomainName(\"testdomain\")\n // TODO: Ensure the Cognito domain name is globally unique\n .cognitoDomainName(\"globallyuniquedomain\" + Aws.ACCOUNT_ID)\n .build());\n```\n\n## Pattern Construct Props\n\n| **Name** | **Type** | **Description** |\n|:-------------|:----------------|-----------------|\n|existingLambdaObj?|[`lambda.Function`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_lambda.Function.html)|Existing instance of Lambda Function object, providing both this and `lambdaFunctionProps` will cause an error.|\n|lambdaFunctionProps?|[`lambda.FunctionProps`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_lambda.FunctionProps.html)|User provided props to override the default props for the Lambda function.|\n|openSearchDomainProps?|[`opensearchservice.CfnDomainProps`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_opensearchservice.CfnDomainProps.html)|Optional user provided props to override the default props for the OpenSearch Service.|\n|openSearchDomainName|`string`|Domain name for the OpenSearch Service.|\n|cognitoDomainName?|`string`|Optional Amazon Cognito domain name. If omitted the Amazon Cognito domain will default to the OpenSearch Service domain name.|\n|createCloudWatchAlarms?|`boolean`|Whether to create the recommended CloudWatch alarms.|\n|domainEndpointEnvironmentVariableName?|`string`|Optional name for the OpenSearch domain endpoint environment variable set for the Lambda function. Default is `DOMAIN_ENDPOINT`.|\n|existingVpc?|[`ec2.IVpc`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ec2.IVpc.html)|An optional, existing VPC into which this pattern should be deployed. When deployed in a VPC, the Lambda function will use ENIs in the VPC to access network resources. If an existing VPC is provided, the `deployVpc` property cannot be `true`. This uses `ec2.IVpc` to allow clients to supply VPCs that exist outside the stack using the [`ec2.Vpc.fromLookup()`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ec2.Vpc.html#static-fromwbrlookupscope-id-options) method.|\n|vpcProps?|[`ec2.VpcProps`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ec2.VpcProps.html)|Optional user provided properties to override the default properties for the new VPC. `enableDnsHostnames`, `enableDnsSupport`, `natGateways` and `subnetConfiguration` are set by the pattern, so any values for those properties supplied here will be overridden. If `deployVpc` is not `true` then this property will be ignored.|\n|deployVpc?|`boolean`|Whether to create a new VPC based on `vpcProps` into which to deploy this pattern. Setting this to true will deploy the minimal, most private VPC to run the pattern:<ul><li> One isolated subnet in each Availability Zone used by the CDK program</li><li>`enableDnsHostnames` and `enableDnsSupport` will both be set to true</li></ul>If this property is `true` then `existingVpc` cannot be specified. Defaults to `false`.|\n\n## Pattern Properties\n\n| **Name** | **Type** | **Description** |\n|:-------------|:----------------|-----------------|\n|lambdaFunction|[`lambda.Function`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_lambda.Function.html)|Returns an instance of `lambda.Function` created by the construct|\n|userPool|[`cognito.UserPool`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_cognito.UserPool.html)|Returns an instance of `cognito.UserPool` created by the construct|\n|userPoolClient|[`cognito.UserPoolClient`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_cognito.UserPoolClient.html)|Returns an instance of `cognito.UserPoolClient` created by the construct|\n|identityPool|[`cognito.CfnIdentityPool`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_cognito.CfnIdentityPool.html)|Returns an instance of `cognito.CfnIdentityPool` created by the construct|\n|openSearchDomain|[`opensearchservice.CfnDomain`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_opensearchservice.CfnDomain.html)|Returns an instance of `opensearch.CfnDomain` created by the construct|\n|openSearchRole|[`iam.Role`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_iam.Role.html)|Returns an instance of `iam.Role` created by the construct for `opensearch.CfnDomain`|\n|cloudWatchAlarms?|[`cloudwatch.Alarm[]`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_cloudwatch.Alarm.html)|Returns a list of `cloudwatch.Alarm` created by the construct|\n|vpc?|[`ec2.IVpc`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ec2.IVpc.html)|Returns an interface on the VPC used by the pattern (if any). This may be a VPC created by the pattern or the VPC supplied to the pattern constructor.|\n\n## Lambda Function\n\nThis pattern requires a lambda function that can post data into the OpenSearch. A sample function is provided [here](https://github.com/awslabs/aws-solutions-constructs/blob/master/source/patterns/%40aws-solutions-constructs/aws-lambda-opensearch/test/lambda/index.js).\n\n## Default settings\n\nOut of the box implementation of the Construct without any overrides will set the following defaults:\n\n### AWS Lambda Function\n\n* Configure limited privilege access IAM role for Lambda function\n* Enable reusing connections with Keep-Alive for Node.js Lambda function\n* Enable X-Ray Tracing\n* Set Environment Variables\n\n * (default) DOMAIN_ENDPOINT\n * AWS_NODEJS_CONNECTION_REUSE_ENABLED\n\n### Amazon Cognito\n\n* Set password policy for User Pools\n* Enforce the advanced security mode for User Pools\n\n### Amazon OpenSearch Service\n\n* Deploy best practices CloudWatch Alarms for the OpenSearch Service domain\n* Secure the OpenSearch Service dashboard access with Cognito User Pools\n* Enable server-side encryption for OpenSearch Service domain using AWS managed KMS Key\n* Enable node-to-node encryption for the OpenSearch Service domain\n* Configure the cluster for the OpenSearch Service domain\n\n## Architecture\n\n\n\n---\n\n\n\u00a9 Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.\n",
"bugtrack_url": null,
"license": "Apache-2.0",
"summary": "CDK Constructs for AWS Lambda to Amazon OpenSearch Service",
"version": "2.74.0",
"project_urls": {
"Homepage": "https://github.com/awslabs/aws-solutions-constructs.git",
"Source": "https://github.com/awslabs/aws-solutions-constructs.git"
},
"split_keywords": [],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "258a98392b6d384725dd7cf41a645c19fc024656143b66186e3ace020aba568a",
"md5": "3c7512eec27c93d73b26cb80249ff2c4",
"sha256": "6e86f77fdf5d33db413084ef30f367d74f50415110c29b7a57a138900dd38aa5"
},
"downloads": -1,
"filename": "aws_solutions_constructs.aws_lambda_opensearch-2.74.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "3c7512eec27c93d73b26cb80249ff2c4",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": "~=3.8",
"size": 183270,
"upload_time": "2024-10-22T18:08:20",
"upload_time_iso_8601": "2024-10-22T18:08:20.073001Z",
"url": "https://files.pythonhosted.org/packages/25/8a/98392b6d384725dd7cf41a645c19fc024656143b66186e3ace020aba568a/aws_solutions_constructs.aws_lambda_opensearch-2.74.0-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "006d50f1e048e9fcf488b910fc15232fde6f4b9377988d19739062bda8c876d9",
"md5": "be10a6821a9b6b132cc98d416051d97e",
"sha256": "5aa9e5480ebcb32c816d012caac0220e4647e5ad1926e92cc6f17bf3b14cff91"
},
"downloads": -1,
"filename": "aws_solutions_constructs_aws_lambda_opensearch-2.74.0.tar.gz",
"has_sig": false,
"md5_digest": "be10a6821a9b6b132cc98d416051d97e",
"packagetype": "sdist",
"python_version": "source",
"requires_python": "~=3.8",
"size": 184745,
"upload_time": "2024-10-22T18:09:52",
"upload_time_iso_8601": "2024-10-22T18:09:52.414989Z",
"url": "https://files.pythonhosted.org/packages/00/6d/50f1e048e9fcf488b910fc15232fde6f4b9377988d19739062bda8c876d9/aws_solutions_constructs_aws_lambda_opensearch-2.74.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-10-22 18:09:52",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "awslabs",
"github_project": "aws-solutions-constructs",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"lcname": "aws-solutions-constructs.aws-lambda-opensearch"
}
JSON
