使用 CloudFormation 模板的可公开访问的 Elasticsearch 实例
Publicly accessible Elasticsearch instance using CloudFormation template
我可以使用控制台使用下面提到的选项创建一个弹性实例:
Network configuration: Public access
Fine Grained access control - enabled
Create Master user: selected
Master Username: root
Master Password: PassWord152)
Domain access policy: Allow open access
这是一个例子:
如何使用这些参数创建 cloudformation 模板?
更新:
@Marcin 忘记在“属性”部分添加这一行 -
DomainName: !Ref DomainName
Elasticsearch 创建了一个与此行相矛盾的新随机名称...
"Resource":
"arn:aws:es:${AWS::Region}:${AWS::AccountId}:domain/${DomainName}/*"
我收到了 AccessDenied 错误。添加“域名”参数后,成功了。
您可以查看以下模板(可能需要根据您的需要进行调整):
---
Parameters:
InstanceType:
Type: String
Default: c4.large.elasticsearch
DomainName:
Type: String
Default: my-es-domain
MasterUserName:
Type: String
Default: root
MasterUserPassword:
Type: String
NoEcho: true
Default: PassWord152)
Resources:
MyESDomain:
Type: AWS::Elasticsearch::Domain
Properties:
DomainName: !Ref DomainName
AccessPolicies: !Sub |
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "es:*",
"Resource": "arn:aws:es:${AWS::Region}:${AWS::AccountId}:domain/${DomainName}/*"
}
]
}
AdvancedSecurityOptions:
Enabled: true
InternalUserDatabaseEnabled: true
MasterUserOptions:
MasterUserName: !Ref MasterUserName
MasterUserPassword: !Ref MasterUserPassword
EncryptionAtRestOptions:
Enabled: true
NodeToNodeEncryptionOptions:
Enabled: true
DomainEndpointOptions:
EnforceHTTPS: true
EBSOptions:
EBSEnabled: true
VolumeSize: 20
VolumeType: gp2
ElasticsearchClusterConfig:
DedicatedMasterEnabled: false
InstanceCount: 1
InstanceType: !Ref InstanceType
ZoneAwarenessEnabled: false
ElasticsearchVersion: 7.7
Outputs:
Id:
Value: !Ref MyESDomain
Arn:
Value: !GetAtt MyESDomain.Arn
DomainArn:
Value: !GetAtt MyESDomain.DomainArn
DomainEndpoint:
Value: !GetAtt MyESDomain.DomainEndpoint
KibanaEndpoint:
Value: !Sub "${MyESDomain.DomainEndpoint}/_plugin/kibana/"
我可以使用控制台使用下面提到的选项创建一个弹性实例:
Network configuration: Public access
Fine Grained access control - enabled
Create Master user: selected
Master Username: root
Master Password: PassWord152)
Domain access policy: Allow open access
这是一个例子:
如何使用这些参数创建 cloudformation 模板?
更新:
@Marcin 忘记在“属性”部分添加这一行 -
DomainName: !Ref DomainName
Elasticsearch 创建了一个与此行相矛盾的新随机名称...
"Resource": "arn:aws:es:${AWS::Region}:${AWS::AccountId}:domain/${DomainName}/*"
我收到了 AccessDenied 错误。添加“域名”参数后,成功了。
您可以查看以下模板(可能需要根据您的需要进行调整):
---
Parameters:
InstanceType:
Type: String
Default: c4.large.elasticsearch
DomainName:
Type: String
Default: my-es-domain
MasterUserName:
Type: String
Default: root
MasterUserPassword:
Type: String
NoEcho: true
Default: PassWord152)
Resources:
MyESDomain:
Type: AWS::Elasticsearch::Domain
Properties:
DomainName: !Ref DomainName
AccessPolicies: !Sub |
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "es:*",
"Resource": "arn:aws:es:${AWS::Region}:${AWS::AccountId}:domain/${DomainName}/*"
}
]
}
AdvancedSecurityOptions:
Enabled: true
InternalUserDatabaseEnabled: true
MasterUserOptions:
MasterUserName: !Ref MasterUserName
MasterUserPassword: !Ref MasterUserPassword
EncryptionAtRestOptions:
Enabled: true
NodeToNodeEncryptionOptions:
Enabled: true
DomainEndpointOptions:
EnforceHTTPS: true
EBSOptions:
EBSEnabled: true
VolumeSize: 20
VolumeType: gp2
ElasticsearchClusterConfig:
DedicatedMasterEnabled: false
InstanceCount: 1
InstanceType: !Ref InstanceType
ZoneAwarenessEnabled: false
ElasticsearchVersion: 7.7
Outputs:
Id:
Value: !Ref MyESDomain
Arn:
Value: !GetAtt MyESDomain.Arn
DomainArn:
Value: !GetAtt MyESDomain.DomainArn
DomainEndpoint:
Value: !GetAtt MyESDomain.DomainEndpoint
KibanaEndpoint:
Value: !Sub "${MyESDomain.DomainEndpoint}/_plugin/kibana/"