Reputation: 32336
I can create an elastic instance using console using the options mentioned below:
Network configuration: Public access
Fine Grained access control - enabled
Create Master user: selected
Master Username: root
Master Password: PassWord152)
Domain access policy: Allow open access
Here is an example:
How do I create a cloudformation template with these parameters?
Update:
@Marcin forgot to add this line in "Properties" section -
DomainName: !Ref DomainName
Elasticsearch created a new random name that contradicted with this line...
"Resource": "arn:aws:es:${AWS::Region}:${AWS::AccountId}:domain/${DomainName}/*"
And I got the AccessDenied error. After adding "DomainName" parameter, it worked.
Upvotes: 2
Views: 808
Reputation: 238299
You can check the following template (may need to adjust it to your needs):
---
Parameters:
InstanceType:
Type: String
Default: c4.large.elasticsearch
DomainName:
Type: String
Default: my-es-domain
MasterUserName:
Type: String
Default: root
MasterUserPassword:
Type: String
NoEcho: true
Default: PassWord152)
Resources:
MyESDomain:
Type: AWS::Elasticsearch::Domain
Properties:
DomainName: !Ref DomainName
AccessPolicies: !Sub |
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "es:*",
"Resource": "arn:aws:es:${AWS::Region}:${AWS::AccountId}:domain/${DomainName}/*"
}
]
}
AdvancedSecurityOptions:
Enabled: true
InternalUserDatabaseEnabled: true
MasterUserOptions:
MasterUserName: !Ref MasterUserName
MasterUserPassword: !Ref MasterUserPassword
EncryptionAtRestOptions:
Enabled: true
NodeToNodeEncryptionOptions:
Enabled: true
DomainEndpointOptions:
EnforceHTTPS: true
EBSOptions:
EBSEnabled: true
VolumeSize: 20
VolumeType: gp2
ElasticsearchClusterConfig:
DedicatedMasterEnabled: false
InstanceCount: 1
InstanceType: !Ref InstanceType
ZoneAwarenessEnabled: false
ElasticsearchVersion: 7.7
Outputs:
Id:
Value: !Ref MyESDomain
Arn:
Value: !GetAtt MyESDomain.Arn
DomainArn:
Value: !GetAtt MyESDomain.DomainArn
DomainEndpoint:
Value: !GetAtt MyESDomain.DomainEndpoint
KibanaEndpoint:
Value: !Sub "${MyESDomain.DomainEndpoint}/_plugin/kibana/"
Upvotes: 3