in packages/constructs/L3/analytics/opensearch-l3-construct/lib/opensearch-l3-construct.ts [147:249]
constructor(scope: Construct, id: string, props: OpensearchL3ConstructProps) {
super(scope, id, props);
this.props = props;
const azIds = this.props.domain.subnets.map(s => s.availabilityZone);
const subnetIds = this.props.domain.subnets.map(s => s.subnetId);
const subnets = this.props.domain.subnets.map(s =>
Subnet.fromSubnetAttributes(this, 'subnet-'.concat(s.subnetId), s),
);
const vpc = Vpc.fromVpcAttributes(this.scope, `domain-vpc`, {
vpcId: this.props.domain.vpcId,
availabilityZones: azIds,
privateSubnetIds: subnetIds,
});
const securityGroupIngress: MdaaSecurityGroupRuleProps = {
ipv4: this.props.domain.securityGroupIngress.ipv4?.map(x => {
return { cidr: x, port: 443, protocol: Protocol.TCP, description: `https Ingress for IPV4 CIDR ${x}` };
}),
sg: this.props.domain.securityGroupIngress.sg?.map(x => {
return { sgId: x, port: 443, protocol: Protocol.TCP, description: `https Ingress for SG ${x}` };
}),
};
const securityGroupProps: MdaaSecurityGroupProps = {
vpc: vpc,
naming: this.props.naming,
ingressRules: securityGroupIngress,
};
const securityGroup = new MdaaSecurityGroup(this, 'domain-sg', securityGroupProps);
this.dataAdminRole = this.props.roleHelper.resolveRoleRefWithRefId(this.props.domain.dataAdminRole, 'DataAdmin');
this.opensearchDomainKmsKey = this.createOpensearchDomainKMSKey();
this.logGroup = this.createLogGroup(this.opensearchDomainKmsKey, props.domain.opensearchDomainName, props.naming);
const certificate =
this.props.domain.customEndpoint != undefined && this.props.domain.customEndpoint.acmCertificateArn != undefined
? Certificate.fromCertificateArn(
this.scope,
`opensearch-custom-endpoint-certificate-${this.props.domain.opensearchDomainName}`,
this.props.domain.customEndpoint?.acmCertificateArn,
)
: undefined;
const hostedZoneProviderProps =
this.props.domain.customEndpoint != undefined &&
this.props.domain.customEndpoint.route53HostedZoneDomainName != undefined
? {
domainName: this.props.domain.customEndpoint.route53HostedZoneDomainName,
privateZone: true,
vpcId: this.props.domain.vpcId,
}
: undefined;
const hostedZone =
hostedZoneProviderProps != undefined
? HostedZone.fromLookup(
this.scope,
`opensearch-custom-endpoint-hosted-zone-${this.props.domain.opensearchDomainName}`,
hostedZoneProviderProps,
)
: undefined;
const domainL2Props: MdaaOpensearchDomainProps = {
masterUserRoleArn: this.dataAdminRole.arn(),
version: EngineVersion.openSearch(this.props.domain.opensearchEngineVersion),
opensearchDomainName: this.props.naming.props.moduleName,
enableVersionUpgrade: this.props.domain.enableVersionUpgrade,
encryptionKey: this.opensearchDomainKmsKey,
vpc: vpc,
vpcSubnets: [{ availabilityZones: azIds, subnets: subnets }],
securityGroups: [securityGroup],
zoneAwareness: this.props.domain.zoneAwareness ? this.props.domain.zoneAwareness : {},
capacity: this.props.domain.capacity,
ebs: this.props.domain.ebs ? this.props.domain.ebs : {},
customEndpoint: this.props.domain.customEndpoint
? { domainName: this.props.domain.customEndpoint.domainName, certificate: certificate, hostedZone: hostedZone }
: undefined,
automatedSnapshotStartHour: this.props.domain.automatedSnapshotStartHour,
accessPolicies: this.props.domain.accessPolicies.map(x => new PolicyStatement(x)),
naming: this.props.naming,
logGroup: this.logGroup,
};
//Create the domain
const domain = new MdaaOpensearchDomain(
this.scope,
`opensearch-domain-${props.domain.opensearchDomainName}`,
domainL2Props,
);
if (props.domain.eventNotifications) {
this.createEventNotifications(
this.props.domain.opensearchDomainName,
domain,
this.opensearchDomainKmsKey,
props.domain.eventNotifications,
);
}
}