This workshop has been deprecated and archived. The new Amazon EKS Workshop is now available at www.eksworkshop.com.
This example creates an one instance Amazon OpenSearch cluster named eksworkshop-logging. This cluster will be created in the same region as the EKS Kubernetes cluster.
The Amazon OpenSearch cluster will have Fine-Grained Access Control enabled.
Fine-grained access control offers two forms of authentication and authorization:
We will create a public access domain with fine-grained access control enabled, an access policy that doesn’t use IAM principals, and a master user in the internal user database.
First let’s create some variables
# name of our Amazon OpenSearch cluster
export ES_DOMAIN_NAME="eksworkshop-logging"
# Elasticsearch version
export ES_VERSION="OpenSearch_1.0"
# OpenSearch Dashboards admin user
export ES_DOMAIN_USER="eksworkshop"
# OpenSearch Dashboards admin password
export ES_DOMAIN_PASSWORD="$(openssl rand -base64 12)_Ek1$"
We are ready to create the Amazon OpenSearch cluster
# Download and update the template using the variables created previously
curl -sS https://www.eksworkshop.com/intermediate/230_logging/deploy.files/es_domain.json \
| envsubst > ~/environment/logging/es_domain.json
# Create the cluster
aws opensearch create-domain \
--cli-input-json file://~/environment/logging/es_domain.json
It takes a little while for the cluster to be in an active state. The AWS Console should show the following status when the cluster is ready.
You could also check this via AWS CLI
if [ $(aws opensearch describe-domain --domain-name ${ES_DOMAIN_NAME} --query 'DomainStatus.Processing') == "false" ]
then
tput setaf 2; echo "The Amazon OpenSearch cluster is ready"
else
tput setaf 1;echo "The Amazon OpenSearch cluster is NOT ready"
fi
It is important to wait for the cluster to be available before moving to the next section.