AWS::Elasticsearch::Domain - AWS CloudFormation
AWS 文档中描述的 AWS 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅中国的 AWS 服务入门

AWS::Elasticsearch::Domain

AWS::Elasticsearch::Domain 资源创建一个 Amazon Elasticsearch Service (Amazon ES) 域。

语法

要在 AWS CloudFormation 模板中声明此实体,请使用以下语法:

属性

AccessPolicies

一个 AWS Identity and Access Management (IAM) 策略文档,该文档指定谁能访问 Amazon ES 域及其权限。有关更多信息,请参阅 Amazon Elasticsearch Service 开发人员指南 中的配置访问策略

必需:否

类型:Json

Update requires: No interruption

AdvancedOptions

要为 Amazon ES 域指定的其他选项。有关更多信息,请参阅 Amazon Elasticsearch Service 开发人员指南 中的配置高级选项

必需:否

类型:字符串的映射

Update requires: No interruption

CognitoOptions

配置 Amazon ES 以将 Amazon Cognito 身份验证用于 Kibana。

必需:否

类型CognitoOptions

Update requires: No interruption

DomainName

Amazon ES 域的名称。有关有效值的信息,请参阅 Amazon Elasticsearch Service 开发人员指南 中的 DomainName 数据类型。如果不指定名称,则 AWS CloudFormation 会生成一个唯一的物理 ID 并将该 ID 用于域名。有关更多信息,请参阅名称类型

重要

如果指定一个名称,您将无法执行需要替换该资源的更新。您可以执行不需要或者只需要部分中断的更新。如果必须替换资源,请指定新名称。

必需:否

类型:字符串

Update requires: Replacement

EBSOptions

附加到 Amazon ES 域中的数据节点的 Amazon Elastic Block Store (Amazon EBS) 卷的配置。有关更多信息,请参阅 Amazon Elasticsearch Service 开发人员指南 中的配置基于 EBS 的存储

必需:否

类型EBSOptions

Update requires: No interruption

ElasticsearchClusterConfig

ElasticsearchClusterConfig 是 AWS::Elasticsearch::Domain 资源的属性,该资源配置 Amazon Elasticsearch Service (Amazon ES) 域的集群。

必需:否

类型ElasticsearchClusterConfig

Update requires: No interruption

ElasticsearchVersion

要使用的 Elasticsearch 的版本,例如 2.3。如果未指定,则将 1.5 用作默认值。有关 Amazon ES 支持的版本的信息,请参阅 Amazon Elasticsearch Service 开发人员指南 中的 CreateElasticsearchDomain 操作的 Elasticsearch-Version 参数。

如果将 UpgradeElasticsearchVersion 更新策略设置为 true,您可以在没有中断的情况下更新 ElasticsearchVersion。如果未指定 UpgradeElasticsearchVersion 或设置为 false,更新 ElasticsearchVersion 将导致替换

必需:否

类型:字符串

Update requires: Some interruptions

EncryptionAtRestOptions

域是否应加密静态数据,如果应加密,则为要使用的 AWS Key Management Service (KMS) 密钥。只能用于创建新域,而不能用于更新现有域。

必需:否

类型EncryptionAtRestOptions

Update requires: Replacement

LogPublishingOptions

具有以下一个或多个键的对象:SEARCH_SLOW_LOGSES_APPLICATION_LOGSINDEX_SLOW_LOGS,具体取决于要发布的日志类型。每个键都需要一个有效的 LogPublishingOption 值。请参阅此处了解完整的语法。

必需:否

类型LogPublishingOption 映射

Update requires: No interruption

NodeToNodeEncryptionOptions

指定是否启用节点到节点加密。

必需:否

类型NodeToNodeEncryptionOptions

Update requires: Replacement

SnapshotOptions

Amazon ES 域索引的自动快照配置。

必需:否

类型SnapshotOptions

Update requires: No interruption

Tags

要与 Amazon ES 域关联的任意标签组(键值对)。

必需:否

类型Tag 的列表

Update requires: No interruption

VPCOptions

Amazon ES 域的 Virtual Private Cloud (VPC) 配置。有关更多信息,请参阅 Amazon Elasticsearch Service 开发人员指南 中的 VPC 支持 Amazon Elasticsearch Service 域

必需:否

类型VPCOptions

Update requires: No interruption

返回值

Ref

当该资源的逻辑 ID 提供给 Ref 内部函数时,Ref 将返回资源名称,例如 mystack-elasticsea-abc1d2efg3h4.。有关使用 Ref 函数的更多信息,请参阅 Ref

Fn::GetAtt

Fn::GetAtt 返回此类型的指定属性的值。有关更多信息,请参阅 Fn::GetAtt。以下为可用属性和示例返回值。

Arn

域的 Amazon 资源名称 (ARN),如 arn:aws:es:us-west-2:123456789012:domain/mystack-elasti-1ab2cdefghij。该返回值与由 AWS::Elasticsearch::Domain.DomainArn 返回的值相同。

DomainArn

域的 Amazon 资源名称 (ARN),如 arn:aws:es:us-west-2:123456789012:domain/mystack-elasti-1ab2cdefghij。该返回值与由 AWS::Elasticsearch::Domain.Arn 返回的值相同。

DomainEndpoint

用于对 Elasticsearch API 的请求的特定于域的终端节点,例如 search-mystack-elasti-1ab2cdefghij-ab1c2deckoyb3hofw7wpqa3cm.us-west-1.es.amazonaws.com

示例

创建一个包含两个数据节点和三个主节点的 Amazon ES 域

以下示例创建一个运行 Elasticsearch 7.4 的 Amazon ES 域,该域包含两个数据节点和三个专用主节点。该域具有 40 GiB 的存储空间,并允许对应用程序日志、搜索慢日志和索引慢日志发布日志。访问策略允许 AWS 账户的 root 用户向域发出所有 HTTP 请求,例如编制文档索引或搜索索引。

JSON

{ "Resources": { "ElasticsearchDomain": { "Type": "AWS::Elasticsearch::Domain", "Properties": { "DomainName": "test", "ElasticsearchClusterConfig": { "DedicatedMasterEnabled": "true", "InstanceCount": "2", "ZoneAwarenessEnabled": "true", "InstanceType": "m4.large.elasticsearch", "DedicatedMasterType": "c4.large.elasticsearch", "DedicatedMasterCount": "3" }, "ElasticsearchVersion": 7.4, "EBSOptions": { "EBSEnabled": true, "VolumeSize": 20, "VolumeType": "gp2" }, "AccessPolicies": { "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Principal": { "AWS": "123456789012" }, "Action": "es:ESHttp*", "Resource": "arn:aws:es:us-west-1:123456789012:domain/test/*" }] }, "LogPublishingOptions": { "SEARCH_SLOW_LOGS": { "CloudWatchLogsLogGroupArn": "arn:aws:logs:us-west-1:123456789012:log-group:test-1", "Enabled": true }, "INDEX_SLOW_LOGS": { "CloudWatchLogsLogGroupArn": "arn:aws:logs:us-west-1:123456789012:log-group:test-2", "Enabled": true }, "ES_APPLICATION_LOGS": { "CloudWatchLogsLogGroupArn": "arn:aws:logs:us-west-1:123456789012:log-group:test-3", "Enabled": true } } } } } }

YAML

Resources: ElasticsearchDomain: Type: 'AWS::Elasticsearch::Domain' Properties: DomainName: test ElasticsearchClusterConfig: DedicatedMasterEnabled: 'true' InstanceCount: '2' ZoneAwarenessEnabled: 'true' InstanceType: m4.large.elasticsearch DedicatedMasterType: c4.large.elasticsearch DedicatedMasterCount: '3' ElasticsearchVersion: 7.4 EBSOptions: EBSEnabled: true VolumeSize: 20 VolumeType: gp2 AccessPolicies: Version: 2012-10-17 Statement: - Effect: Allow Principal: AWS: '904601396794' Action: 'es:ESHttp*' Resource: 'arn:aws:es:us-west-1:904601396794:domain/test/*' LogPublishingOptions: SEARCH_SLOW_LOGS: CloudWatchLogsLogGroupArn: 'arn:aws:logs:us-west-1:904601396794:log-group:test-1' Enabled: true INDEX_SLOW_LOGS: CloudWatchLogsLogGroupArn: 'arn:aws:logs:us-west-1:904601396794:log-group:test-2' Enabled: true ES_APPLICATION_LOGS: CloudWatchLogsLogGroupArn: 'arn:aws:logs:us-west-1:904601396794:log-group:test-3' Enabled: true

使用 VPC 选项创建域

以下示例使用 VPC 选项创建一个域。

JSON

{ "AWSTemplateFormatVersion": "2010-09-09", "Description": "ElasticsearchDomain resource", "Parameters": { "DomainName": { "Description": "User defined Elasticsearch Domain name", "Type": "String" }, "ElasticsearchVersion": { "Description": "User defined Elasticsearch Version", "Type": "String" }, "InstanceType": { "Type": "String" }, "AvailabilityZone": { "Type": "String" }, "CidrBlock": { "Type": "String" }, "GroupDescription": { "Type": "String" }, "SGName": { "Type": "String" } }, "Resources": { "ElasticsearchDomain": { "Type": "AWS::Elasticsearch::Domain", "Properties": { "DomainName": { "Ref": "DomainName" }, "ElasticsearchVersion": { "Ref": "ElasticsearchVersion" }, "ElasticsearchClusterConfig": { "InstanceCount": "1", "InstanceType": { "Ref": "InstanceType" } }, "EBSOptions": { "EBSEnabled": "true", "Iops": 0, "VolumeSize": 10, "VolumeType": "standard" }, "SnapshotOptions": { "AutomatedSnapshotStartHour": "0" }, "AccessPolicies": { "Version": "2012-10-17", "Statement": [ { "Effect": "Deny", "Principal": { "AWS": "*" }, "Action": "es:*", "Resource": "*" } ] }, "LogPublishingOptions": { "SEARCH_SLOW_LOGS": { "CloudWatchLogsLogGroupArn": "arn:aws:logs:us-east-1:123456789012:log-group:/aws/aes/domains/es-slow-logs", "Enabled": "true" }, "INDEX_SLOW_LOGS": { "CloudWatchLogsLogGroupArn": "arn:aws:logs:us-east-1:123456789012:log-group:/aws/aes/domains/es-index-slow-logs", "Enabled": "true" } }, "AdvancedOptions": { "rest.action.multi.allow_explicit_index": "true" }, "Tags": [ { "Key": "foo", "Value": "bar" } ], "VPCOptions": { "SubnetIds": [ { "Ref": "subnet" } ], "SecurityGroupIds": [ { "Ref": "mySecurityGroup" } ] } } }, "vpc": { "Type": "AWS::EC2::VPC", "Properties": { "CidrBlock": "10.0.0.0/16" } }, "subnet": { "Type": "AWS::EC2::Subnet", "Properties": { "VpcId": { "Ref": "vpc" }, "CidrBlock": { "Ref": "CidrBlock" }, "AvailabilityZone": { "Ref": "AvailabilityZone" } } }, "mySecurityGroup": { "Type": "AWS::EC2::SecurityGroup", "Properties": { "GroupDescription": { "Ref": "GroupDescription" }, "VpcId": { "Ref": "vpc" }, "GroupName": { "Ref": "SGName" }, "SecurityGroupIngress": [ { "FromPort": "443", "IpProtocol": "tcp", "ToPort": "443", "CidrIp": "0.0.0.0/0" } ] } } }, "Outputs": { "DomainArn": { "Value": { "Fn::GetAtt": [ "ElasticsearchDomain", "DomainArn" ] } }, "DomainEndpoint": { "Value": { "Fn::GetAtt": [ "ElasticsearchDomain", "DomainEndpoint" ] } }, "SecurityGroupId": { "Value": { "Ref": "mySecurityGroup" } }, "SubnetId": { "Value": { "Ref": "subnet" } } } }

YAML

AWSTemplateFormatVersion: 2010-09-09 Description: ElasticsearchDomain resource Parameters: DomainName: Description: User defined Elasticsearch Domain name Type: String ElasticsearchVersion: Description: User defined Elasticsearch Version Type: String InstanceType: Type: String AvailabilityZone: Type: String CidrBlock: Type: String GroupDescription: Type: String SGName: Type: String Resources: ElasticsearchDomain: Type: AWS::Elasticsearch::Domain Properties: DomainName: !Ref DomainName ElasticsearchVersion: !Ref ElasticsearchVersion ElasticsearchClusterConfig: InstanceCount: '1' InstanceType: !Ref InstanceType EBSOptions: EBSEnabled: 'true' Iops: 0 VolumeSize: 10 VolumeType: standard SnapshotOptions: AutomatedSnapshotStartHour: '0' AccessPolicies: Version: 2012-10-17 Statement: - Effect: Deny Principal: AWS: '*' Action: 'es:*' Resource: '*' AdvancedOptions: rest.action.multi.allow_explicit_index: 'true' LogPublishingOptions: SEARCH_SLOW_LOGS: CloudWatchLogsLogGroupArn: arn:aws:logs:us-east-1:123456789012:log-group:/aws/aes/domains/es-slow-logs Enabled: 'true' INDEX_SLOW_LOGS: CloudWatchLogsLogGroupArn: arn:aws:logs:us-east-1:123456789012:log-group:/aws/aes/domains/es-index-slow-logs Enabled: 'true' Tags: - Key: foo Value: bar VPCOptions: SubnetIds: - !Ref subnet SecurityGroupIds: - !Ref mySecurityGroup vpc: Type: AWS::EC2::VPC Properties: CidrBlock: 10.0.0.0/16 subnet: Type: AWS::EC2::Subnet Properties: VpcId: !Ref vpc CidrBlock: !Ref CidrBlock AvailabilityZone: !Ref AvailabilityZone mySecurityGroup: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: !Ref GroupDescription VpcId: !Ref vpc GroupName: !Ref SGName SecurityGroupIngress: - FromPort: '443' IpProtocol: tcp ToPort: '443' CidrIp: 0.0.0.0/0 Outputs: DomainArn: Value: !GetAtt ElasticsearchDomain.DomainArn DomainEndpoint: Value: !GetAtt ElasticsearchDomain.DomainEndpoint SecurityGroupId: Value: !Ref mySecurityGroup SubnetId: Value: !Ref subnet