使用 AWS CloudFormation 创建 Amazon OpenSearch 无服务器集合 - 亚马逊 OpenSearch 服务

本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。

使用 AWS CloudFormation 创建 Amazon OpenSearch 无服务器集合

您可以使用 AWS CloudFormation 创建 Amazon OpenSearch 无服务器资源,如集合、安全策略和 VPC 端点。有关 OpenSearch 无服务器 CloudFormation 的全面参考资料,请参阅《AWS CloudFormation 用户指南》中的 Amazon OpenSearch 无服务器

以下示例 CloudFormation 模板将创建简单的数据访问策略、网络策略和安全策略,以及相匹配的集合。这是使 Amazon OpenSearch 无服务器快速启动和运行以及预调配创建和使用集合所需元素的好方法。

重要

此示例使用公共网络访问权限,建议不要将其用于生产工作负载。我们建议使用 VPC 访问权限来保护您的集合。有关更多信息,请参阅 AWS::OpenSearchServerless::VpcEndpoint使用接口终端节点访问 Amazon OpenSearch Serverless ()AWS PrivateLink

AWSTemplateFormatVersion: 2010-09-09
Description: 'Amazon OpenSearch Serverless template to create an IAM user, encryption policy, data access policy and collection'
Resources:
  IAMUSer:
    Type: 'AWS::IAM::User'
    Properties:
      UserName:  aossadmin
  DataAccessPolicy:
    Type: 'AWS::OpenSearchServerless::AccessPolicy'
    Properties:
      Name: quickstart-access-policy
      Type: data
      Description: Access policy for quickstart collection
      Policy: !Sub >-
        [{"Description":"Access for cfn user","Rules":[{"ResourceType":"index","Resource":["index/*/*"],"Permission":["aoss:*"]},
        {"ResourceType":"collection","Resource":["collection/quickstart"],"Permission":["aoss:*"]}],
        "Principal":["arn:aws:iam::${AWS::AccountId}:user/aossadmin"]}]
  NetworkPolicy:
    Type: 'AWS::OpenSearchServerless::SecurityPolicy'
    Properties:
      Name: quickstart-network-policy
      Type: network
      Description: Network policy for quickstart collection
      Policy: >-
        [{"Rules":[{"ResourceType":"collection","Resource":["collection/quickstart"]}, {"ResourceType":"dashboard","Resource":["collection/quickstart"]}],"AllowFromPublic":true}]
  EncryptionPolicy:
    Type: 'AWS::OpenSearchServerless::SecurityPolicy'
    Properties:
      Name: quickstart-security-policy
      Type: encryption
      Description: Encryption policy for quickstart collection
      Policy: >-
        {"Rules":[{"ResourceType":"collection","Resource":["collection/quickstart"]}],"AWSOwnedKey":true}
  Collection:
    Type: 'AWS::OpenSearchServerless::Collection'
    Properties:
      Name: quickstart
      Type: TIMESERIES
      Description: Collection to holds timeseries data
    DependsOn: EncryptionPolicy
Outputs:
  IAMUser:
    Value: !Ref IAMUSer
  DashboardURL:
    Value: !GetAtt Collection.DashboardEndpoint
  CollectionARN:
    Value: !GetAtt Collection.Arn