in infra/stack/data/data-pipeline-stack.ts [31:97]
private createFirehose2ES(domain: es.IDomain): hose.CfnDeliveryStream|undefined {
const esBucket = this.createS3Bucket('firehost-es')
const baseName = 'Firehose2ES';
const role = new iam.Role(this, `${baseName}Role`, {
roleName: `${this.projectPrefix}-${baseName}Role`,
assumedBy: new iam.ServicePrincipal('firehose.amazonaws.com'),
});
role.addToPolicy(
new iam.PolicyStatement({
resources: ['*'],
actions: [
'es:ESHttpPost',
'es:ESHttpPut',
'es:ESHttpGet',
// 'es:*',
'es:DescribeElasticsearchDomain',
'es:DescribeElasticsearchDomains',
'es:DescribeElasticsearchDomainConfig',
]
})
);
role.addToPolicy(
new iam.PolicyStatement({
resources: ['*'],
actions: [
's3:AbortMultipartUpload',
's3:GetBucketLocation',
's3:GetObject',
's3:ListBucket',
's3:ListBucketMultipartUploads',
's3:PutObject',
]
})
);
role.addToPolicy(
new iam.PolicyStatement({
resources: ['*'],
actions: [
'logs:PutLogEvents'
]
})
);
this.exportOutput('Firehose2ESRole', role.roleArn)
if (this.stackConfig.IoTRuleEnable) {
// https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-kinesisfirehose-deliverystream-elasticsearchdestinationconfiguration.html#cfn-kinesisfirehose-deliverystream-elasticsearchdestinationconfiguration-indexrotationperiod
const fhose = new hose.CfnDeliveryStream(this, 'firehose', {
deliveryStreamName: `${this.projectPrefix}-ES-Delivery`,
elasticsearchDestinationConfiguration: {
indexName: 'index-thing-data',
domainArn:domain.domainArn,
roleArn: role.roleArn,
indexRotationPeriod: 'OneDay',
s3BackupMode: 'FailedDocumentsOnly',
s3Configuration: {
bucketArn: esBucket.bucketArn,
roleArn: role.roleArn,
prefix: 'fail',
}
}
});
return fhose;
} else {
return undefined;
}
}