Initializer Pattern Construct Props Pattern Properties Lambda function Default settings Architecture GitHub

aws-lambda-elasticsearch-kibana

All classes are under active development and subject to non-backward compatible changes or removal in any future version. These are not subject to the Semantic Versioning model. This means that while you may use them, you may need to update your source code when upgrading to a newer version of this package.

Language	Package
Python	`aws_solutions_constructs.aws_lambda_elasticsearch_kibana`
Typescript	`@aws-solutions-constructs/aws-lambda-elasticsearch-kibana`
Java	`software.amazon.awsconstructs.services.lambdaelasticsearchkibana`

This AWS Solutions Construct implements an AWS Lambda function and an Amazon Elasticsearch Service domain with least-privileged permissions.

Here is a minimal deployable pattern definition in TypeScript:



import { LambdaToElasticSearchAndKibana } from '@aws-solutions-constructs/aws-lambda-elasticsearch-kibana';
import { Aws } from "@aws-cdk/core";

const lambdaProps: lambda.FunctionProps = {
    code: lambda.Code.fromAsset(`${__dirname}/lambda`),
    runtime: lambda.Runtime.NODEJS_12_X,
    handler: 'index.handler'
};

new LambdaToElasticSearchAndKibana(this, 'test-lambda-elasticsearch-kibana', {
    lambdaFunctionProps: lambdaProps,
    domainName: 'test-domain',
    // TODO: Ensure the Cognito domain name is globally unique
    cognitoDomainName: 'globallyuniquedomain' + Aws.ACCOUNT_ID;
});

Initializer



new LambdaToElasticSearchAndKibana(scope: Construct, id: string, props: LambdaToElasticSearchAndKibanaProps);

Parameters

scope Construct
id string
props LambdaToElasticSearchAndKibanaProps

Pattern Construct Props

Name	Type	Description
existingLambdaObj?	`lambda.Function`	An optional, existing Lambda function to be used instead of the default function. If an existing function is provided, the `lambdaFunctionProps` property will be ignored.
lambdaFunctionProps?	`lambda.FunctionProps`	Optional user-provided properties to override the default properties for the Lambda function. Ignored if an `existingLambdaObj` is provided.
esDomainProps?	`elasticsearch.CfnDomainProps`	Optional user provided props to override the default props for the Amazon Elasticsearch Service
domainName	`string`	Domain name for the Cognito and the Amazon Elasticsearch Service
cognitoDomainName?	`string`	Optional Cognito domain name. If provided, it will be used for the Cognito domain, and `domainName` will be used for the Elasticsearch domain.
createCloudWatchAlarms	`boolean`	Whether to create recommended CloudWatch alarms.

Pattern Properties

Name	Type	Description
cloudwatchAlarms?	`cloudwatch.Alarm[]`	Returns a list of one or more CloudWatch alarms created by the pattern.
elasticsearchDomain	`elasticsearch.CfnDomain`	Returns an instance of the Elasticsearch domain created by the pattern.
elasticsearchDomainRole	`iam.Role`	Returns an instance of the IAM role created by the pattern for the Elasticsearch domain.
identityPool	`cognito.CfnIdentityPool`	Returns an instance of the Cognito identity pool created by the pattern.
lambdaFunction	`lambda.Function`	Returns an instance of the Lambda function created by the pattern.
userPool	`cognito.UserPool`	Returns an instance of the Cognito user pool created by the pattern.
userPoolClient	`cognito.UserPoolClient`	Returns an instance of the Cognito user pool client created by the pattern.

Lambda function

This pattern requires a Lambda function that can post data into the Elasticsearch service from the DynamoDB stream. A sample function is provided here.

Default settings

Out-of-the-box implementation of this pattern without any overrides will set the following defaults:

AWS Lambda Function

Configure limited privilege access IAM role for Lambda function.
Enable reusing connections with Keep-Alive for NodeJs Lambda function.
Enable X-Ray tracing.
Set environment variables:
- DOMAIN_ENDPOINT
- AWS_NODEJS_CONNECTION_REUSE_ENABLED (for Node 10.x and higher functions)

Amazon Cognito

Set password policy for User Pools.
Enforce the advanced security mode for User Pools.

Amazon Elasticsearch Service

Deploy best practices CloudWatch Alarms for the Elasticsearch domain.
Secure the Kibana dashboard access with Cognito User Pools.
Enable server-side encryption for Elasticsearch domain using AWS managed KMS Key.
Enable node-to-node encryption for Elasticsearch domain.
Configure the cluster for the Amazon ES domain.

Architecture

GitHub

To view the code for this pattern, create/view issues and pull requests, and more:
	@aws-solutions-constructs/aws-lambda-elasticsearch-kibana

Warning Javascript is disabled or is unavailable in your browser.

To use the AWS Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

aws-lambda-dynamodb

aws-lambda-s3