aws-lambda-elasticsearch-kibana - AWS Solutions Constructs


All classes are under active development and subject to non-backward compatible changes or removal in any future version. These are not subject to the Semantic Versioning model. This means that while you may use them, you may need to update your source code when upgrading to a newer version of this package.

Language Package

This AWS Solutions Constructs pattern implements the AWS Lambda function and Amazon Elasticsearch Service with the least privileged permissions.

Here is a minimal deployable pattern definition:

const { LambdaToElasticSearchAndKibana } = require('@aws-solutions-constructs/aws-lambda-elasticsearch-kibana'); const lambdaProps: lambda.FunctionProps = { code: lambda.Code.asset(`${__dirname}/lambda`), runtime: lambda.Runtime.NODEJS_12_X, handler: 'index.handler' }; new LambdaToElasticSearchAndKibana(stack, 'test-lambda-elasticsearch-kibana', { lambdaFunctionProps: lambdaProps, domainName: 'test-domain' });


new LambdaToElasticSearchAndKibana(scope: Construct, id: string, props: LambdaToElasticSearchAndKibanaProps);


Pattern Construct Props

Name Type Description
existingLambdaObj? lambda.Function An optional, existing Lambda function to be used instead of the default function. If an existing function is provided, the lambdaFunctionProps property will be ignored.
lambdaFunctionProps? lambda.FunctionProps Optional user-provided properties to override the default properties for the Lambda function. Ignored if an existingLambdaObj is provided.
esDomainProps? elasticsearch.CfnDomainProps Optional user provided props to override the default props for the Amazon Elasticsearch Service
domainName string Domain name for the Cognito and the Amazon Elasticsearch Service

Pattern Properties

Name Type Description
cloudwatchAlarms cloudwatch.Alarm[] Returns a list of one or more CloudWatch alarms created by the pattern.
elasticsearchDomain elasticsearch.CfnDomain Returns an instance of the Elasticsearch domain created by the pattern.
elasticsearchDomainRole iam.Role Returns an instance of the IAM role created by the pattern for the Elasticsearch domain.
identityPool cognito.CfnIdentityPool Returns an instance of the Cognito identity pool created by the pattern.
lambdaFunction lambda.Function Returns an instance of the Lambda function created by the pattern.
userPool cognito.UserPool Returns an instance of the Cognito user pool created by the pattern.
userPoolClient cognito.UserPoolClient Returns an instance of the Cognito user pool client created by the pattern.

Default settings

Out-of-the-box implementation of this pattern without any overrides will set the following defaults:

AWS Lambda Function

  • Configure least privilege access IAM role for Lambda function

  • Enable reusing connections with Keep-Alive for NodeJs Lambda function

Amazon Cognito

  • Set password policy for User Pools

  • Enforce the advanced security mode for User Pools

Amazon Elasticsearch Service

  • Deploy best practices CloudWatch Alarms for the Elasticsearch Domain

  • Secure the Kibana dashboard access with Cognito User Pools

  • Enable server-side encryption for Elasticsearch Domain using AWS managed KMS Key

  • Enable node-to-node encryption for Elasticsearch Domain

  • Configure the cluster for the Amazon ES domain