aws-lambda-elasticsearch-kibana

All classes are under active development and subject to
non-backward compatible changes or removal in any future version.
These are not subject to the
Semantic Versioning
Language | Package |
---|---|
![]() |
aws_solutions_constructs.aws_lambda_elasticsearch_kibana
|
![]() |
@aws-solutions-constructs/aws-lambda-elasticsearch-kibana
|
![]() |
software.amazon.awsconstructs.services.lambdaelasticsearchkibana
|
This AWS Solutions Construct implements an AWS Lambda function and an Amazon Elasticsearch Service domain with least-privileged permissions.
Here is a minimal deployable pattern definition in TypeScript:
import { LambdaToElasticSearchAndKibana } from '@aws-solutions-constructs/aws-lambda-elasticsearch-kibana'; import { Aws } from "@aws-cdk/core"; const lambdaProps: lambda.FunctionProps = { code: lambda.Code.fromAsset(`${__dirname}/lambda`), runtime: lambda.Runtime.NODEJS_12_X, handler: 'index.handler' }; new LambdaToElasticSearchAndKibana(this, 'test-lambda-elasticsearch-kibana', { lambdaFunctionProps: lambdaProps, domainName: 'test-domain', // TODO: Ensure the Cognito domain name is globally unique cognitoDomainName: 'globallyuniquedomain' + Aws.ACCOUNT_ID; });
Initializer
new LambdaToElasticSearchAndKibana(scope: Construct, id: string, props: LambdaToElasticSearchAndKibanaProps);
Parameters
-
scope
Construct
-
id
string
Pattern Construct Props
Name | Type | Description |
---|---|---|
existingLambdaObj? |
lambda.Function
|
An optional, existing Lambda function to be used instead of the default function.
If an existing function is provided, the lambdaFunctionProps property will be ignored.
|
lambdaFunctionProps? |
lambda.FunctionProps
|
Optional user-provided properties to override the default properties for the
Lambda function. Ignored if an existingLambdaObj is provided.
|
esDomainProps? |
elasticsearch.CfnDomainProps
|
Optional user provided props to override the default props for the Amazon Elasticsearch Service |
domainName |
string
|
Domain name for the Cognito and the Amazon Elasticsearch Service |
cognitoDomainName? |
string
|
Optional Cognito domain name. If provided, it will be used for the Cognito domain,
and domainName will be used for the Elasticsearch domain.
|
createCloudWatchAlarms |
boolean
|
Whether to create recommended CloudWatch alarms. |
Pattern Properties
Name | Type | Description |
---|---|---|
cloudwatchAlarms? |
cloudwatch.Alarm[]
|
Returns a list of one or more CloudWatch alarms created by the pattern. |
elasticsearchDomain |
elasticsearch.CfnDomain
|
Returns an instance of the Elasticsearch domain created by the pattern. |
elasticsearchDomainRole |
iam.Role
|
Returns an instance of the IAM role created by the pattern for the Elasticsearch domain. |
identityPool |
cognito.CfnIdentityPool
|
Returns an instance of the Cognito identity pool created by the pattern. |
lambdaFunction |
lambda.Function
|
Returns an instance of the Lambda function created by the pattern. |
userPool |
cognito.UserPool
|
Returns an instance of the Cognito user pool created by the pattern. |
userPoolClient |
cognito.UserPoolClient
|
Returns an instance of the Cognito user pool client created by the pattern. |
Lambda function
This pattern requires a Lambda function that can post data into the Elasticsearch
service from the DynamoDB stream. A sample function is provided
here
Default settings
Out-of-the-box implementation of this pattern without any overrides will set the following defaults:
AWS Lambda Function
-
Configure limited privilege access IAM role for Lambda function.
-
Enable reusing connections with Keep-Alive for NodeJs Lambda function.
-
Enable X-Ray tracing.
-
Set environment variables:
-
DOMAIN_ENDPOINT
-
AWS_NODEJS_CONNECTION_REUSE_ENABLED
(for Node 10.x and higher functions)
-
Amazon Cognito
-
Set password policy for User Pools.
-
Enforce the advanced security mode for User Pools.
Amazon Elasticsearch Service
-
Deploy best practices CloudWatch Alarms for the Elasticsearch domain.
-
Secure the Kibana dashboard access with Cognito User Pools.
-
Enable server-side encryption for Elasticsearch domain using AWS managed KMS Key.
-
Enable node-to-node encryption for Elasticsearch domain.
-
Configure the cluster for the Amazon ES domain.
Architecture

GitHub
To view the code for this pattern, create/view issues and pull requests, and more: | |
---|---|
![]() |
@aws-solutions-constructs/aws-lambda-elasticsearch-kibana |