使用建AWS CloudFormation立亞馬遜OpenSearch無伺服器集合 - Amazon OpenSearch 服務

本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。

使用建AWS CloudFormation立亞馬遜OpenSearch無伺服器集合

您可以用AWS CloudFormation來建立 Amazon OpenSearch 無伺服器資源,例如集合、安全政策和 VPC 端點。如需完整的OpenSearch無伺服器CloudFormation參考資料,請參閱AWS CloudFormation使用者指南中的 Amazon OpenSearch 無伺服器

下列範例CloudFormation範本會建立簡單的資料存取原則、網路原則和安全性原則,以及相符的集合。這是使用 Amazon OpenSearch 無伺服器快速啟動和執行,以及佈建必要元素以建立和使用集合的好方法。

重要

此範例使用公有網路存取,不建議用於生產工作負載。我們建議您使用 VPC 存取權來保護您的集合。如需詳細資訊,請參閱 AWS::OpenSearchServerless::VpcEndpoint使用界面端點存取 Amazon OpenSearch 無伺服器 ()AWS PrivateLink

AWSTemplateFormatVersion: 2010-09-09
Description: 'Amazon OpenSearch Serverless template to create an IAM user, encryption policy, data access policy and collection'
Resources:
  IAMUSer:
    Type: 'AWS::IAM::User'
    Properties:
      UserName:  aossadmin
  DataAccessPolicy:
    Type: 'AWS::OpenSearchServerless::AccessPolicy'
    Properties:
      Name: quickstart-access-policy
      Type: data
      Description: Access policy for quickstart collection
      Policy: !Sub >-
        [{"Description":"Access for cfn user","Rules":[{"ResourceType":"index","Resource":["index/*/*"],"Permission":["aoss:*"]},
        {"ResourceType":"collection","Resource":["collection/quickstart"],"Permission":["aoss:*"]}],
        "Principal":["arn:aws:iam::${AWS::AccountId}:user/aossadmin"]}]
  NetworkPolicy:
    Type: 'AWS::OpenSearchServerless::SecurityPolicy'
    Properties:
      Name: quickstart-network-policy
      Type: network
      Description: Network policy for quickstart collection
      Policy: >-
        [{"Rules":[{"ResourceType":"collection","Resource":["collection/quickstart"]}, {"ResourceType":"dashboard","Resource":["collection/quickstart"]}],"AllowFromPublic":true}]
  EncryptionPolicy:
    Type: 'AWS::OpenSearchServerless::SecurityPolicy'
    Properties:
      Name: quickstart-security-policy
      Type: encryption
      Description: Encryption policy for quickstart collection
      Policy: >-
        {"Rules":[{"ResourceType":"collection","Resource":["collection/quickstart"]}],"AWSOwnedKey":true}
  Collection:
    Type: 'AWS::OpenSearchServerless::Collection'
    Properties:
      Name: quickstart
      Type: TIMESERIES
      Description: Collection to holds timeseries data
    DependsOn: EncryptionPolicy
Outputs:
  IAMUser:
    Value: !Ref IAMUSer
  DashboardURL:
    Value: !GetAtt Collection.DashboardEndpoint
  CollectionARN:
    Value: !GetAtt Collection.Arn