使用 CloudFormation 模板的可公开访问的 Elasticsearch 实例

Publicly accessible Elasticsearch instance using CloudFormation template

我可以使用控制台使用下面提到的选项创建一个弹性实例:

Network configuration: Public access
Fine Grained access control - enabled
Create Master user: selected
Master Username: root
Master Password: PassWord152)
Domain access policy: Allow open access

这是一个例子:

如何使用这些参数创建 cloudformation 模板?


更新:

@Marcin 忘记在“属性”部分添加这一行 -

DomainName: !Ref DomainName

Elasticsearch 创建了一个与此行相矛盾的新随机名称...

"Resource": "arn:aws:es:${AWS::Region}:${AWS::AccountId}:domain/${DomainName}/*"

我收到了 AccessDenied 错误。添加“域名”参数后,成功了。

您可以查看以下模板(可能需要根据您的需要进行调整):

---

Parameters:

  InstanceType:
    Type: String
    Default: c4.large.elasticsearch

  DomainName:
    Type: String
    Default: my-es-domain

  MasterUserName:
    Type: String
    Default: root

  MasterUserPassword:
    Type: String
    NoEcho: true
    Default: PassWord152)

Resources:

  MyESDomain:
    Type: AWS::Elasticsearch::Domain
    Properties:
      DomainName: !Ref DomainName 
      AccessPolicies: !Sub |
        {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Effect": "Allow",
              "Principal": {
                "AWS": "*"
              },
              "Action": "es:*",
              "Resource": "arn:aws:es:${AWS::Region}:${AWS::AccountId}:domain/${DomainName}/*"
            }
          ]
        }
      AdvancedSecurityOptions:
          Enabled: true
          InternalUserDatabaseEnabled: true
          MasterUserOptions: 
            MasterUserName: !Ref MasterUserName
            MasterUserPassword: !Ref MasterUserPassword
      EncryptionAtRestOptions: 
        Enabled: true
      NodeToNodeEncryptionOptions:
        Enabled: true
      DomainEndpointOptions:
        EnforceHTTPS: true
      EBSOptions: 
        EBSEnabled: true
        VolumeSize: 20
        VolumeType: gp2
      ElasticsearchClusterConfig: 
        DedicatedMasterEnabled: false
        InstanceCount: 1
        InstanceType: !Ref InstanceType
        ZoneAwarenessEnabled: false
      ElasticsearchVersion: 7.7

Outputs:
  
  Id:
    Value: !Ref MyESDomain    
    
  Arn:
    Value: !GetAtt MyESDomain.Arn    

  DomainArn:
    Value: !GetAtt MyESDomain.DomainArn
    
  DomainEndpoint:
    Value: !GetAtt MyESDomain.DomainEndpoint    
    
  KibanaEndpoint:
    Value: !Sub "${MyESDomain.DomainEndpoint}/_plugin/kibana/"