in infra/stack/data/data-pipeline-stack.ts [127:226]
private createElasticsearch(): es.IDomain {
let domain = undefined;
const temp: string = this.stackConfig.ElasticsearchSelection;
const selection: ElasticsearchSelection = (<any>ElasticsearchSelection)[temp];
const selectionName = Object.values(ElasticsearchSelection)[selection];
console.info('==> Elasticsearch Selection: ', selectionName);
const domainName = this.stackConfig.DomainName;
const fullDomainName = `${this.projectPrefix}-${domainName}`.toLowerCase().replace('_', '-');
const masterUserName = this.stackConfig.MasterUserName;
const conditions = this.createPolicyConditions(this.stackConfig.ESConditionAddress);
if (selection == ElasticsearchSelection.DEVELOP) {
const config = this.stackConfig.ElasticsearchCandidate[selectionName]
domain = new es.Domain(this, domainName, {
domainName: fullDomainName,
version: es.ElasticsearchVersion.V7_9,
enforceHttps: true,
nodeToNodeEncryption: true,
encryptionAtRest: {
enabled: true,
},
capacity: {
masterNodeInstanceType: config.MasterNodeType,
dataNodeInstanceType: config.DataNodeType
},
logging: {
slowSearchLogEnabled: true,
appLogEnabled: true,
slowIndexLogEnabled: true,
},
fineGrainedAccessControl: {
masterUserName: masterUserName,
},
useUnsignedBasicAuth: false,
accessPolicies: [
new iam.PolicyStatement({
effect: iam.Effect.ALLOW,
principals: [new iam.AnyPrincipal()],
resources: [`arn:aws:es:${this.region}:${this.account}:domain/${fullDomainName}/*`],
actions: [
'es:ESHttp*',
],
conditions: conditions
})
]
});
} else if (selection == ElasticsearchSelection.CUSTOM) {
const config = this.stackConfig.ElasticsearchCandidate[selectionName]
domain = new es.Domain(this, domainName, {
domainName: fullDomainName,
version: es.ElasticsearchVersion.V7_9,
capacity: {
masterNodes: config.MasterNodeCount,
masterNodeInstanceType: config.MasterNodeType,
dataNodes: config.DataNodeCount,
dataNodeInstanceType: config.DataNodeType
},
ebs: {
volumeSize: config.VolumeSize
},
zoneAwareness: {
availabilityZoneCount: config.AZCount
},
enforceHttps: true,
nodeToNodeEncryption: true,
encryptionAtRest: {
enabled: true,
},
fineGrainedAccessControl: {
masterUserName: masterUserName,
},
useUnsignedBasicAuth: false,
accessPolicies: [
new iam.PolicyStatement({
effect: iam.Effect.ALLOW,
principals: [new iam.AnyPrincipal()],
resources: [`arn:aws:es:${this.region}:${this.account}:domain/${fullDomainName}/*`],
actions: [
'es:ESHttp*',
],
conditions: conditions
})
]
});
} else if (selection == ElasticsearchSelection.LEGACY) {
const config = this.stackConfig.ElasticsearchCandidate[selectionName]
const domainEndpoint = config.DomainEndpoint;
domain = es.Domain.fromDomainEndpoint(this, domainName, domainEndpoint);
} else {
console.error('Elasticsearch Creation Fail - Wrong Selection');
}
return domain!;
}