Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(aws-elasticsearch): Execute code after Elasticsearch domain is created #13935

Closed
jakubgruber opened this issue Apr 1, 2021 · 2 comments
Closed

(aws-elasticsearch): Execute code after Elasticsearch domain is created #13935

jakubgruber opened this issue Apr 1, 2021 · 2 comments
Assignees
@iliapolo
Labels
@aws-cdk/aws-elasticsearch Related to Amazon Elasticsearch Service guidance Question that needs advice or information. response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days.

Comments

@jakubgruber
Copy link

❓ General Issue

Execute custom code after elasticsearch.CfDomain is created

I am trying to install EFK stack through CDK according to the eksworkshop.

During one step, they are waiting for ES cluster to be fully created to curl-it and register IAM role for fluent-bit.

# We need to retrieve the Fluent Bit Role ARN
export FLUENTBIT_ROLE=$(eksctl get iamserviceaccount --cluster eksworkshop-eksctl --namespace logging -o json | jq '.[].status.roleARN' -r) 

# Get the Elasticsearch Endpoint
export ES_ENDPOINT=$(aws es describe-elasticsearch-domain --domain-name ${ES_DOMAIN_NAME} --output text --query "DomainStatus.Endpoint")

# Update the Elasticsearch internal database
curl -sS -u "${ES_DOMAIN_USER}:${ES_DOMAIN_PASSWORD}" \
    -X PATCH \
    https://${ES_ENDPOINT}/_opendistro/_security/api/rolesmapping/all_access?pretty \
    -H 'Content-Type: application/json' \
    -d'
[
  {
    "op": "add", "path": "/backend_roles", "value": ["'${FLUENTBIT_ROLE}'"]
  }
]
'

Is there any workaround to wait in CDK for ES cluster to run and then automatically execute custom code? My IaaC codebase is in Typescript, but I assume it is rather a general question.
@jakubgruber jakubgruber added guidance Question that needs advice or information. needs-triage This issue or PR still needs to be triaged. labels Apr 1, 2021
@github-actions github-actions bot added the @aws-cdk/aws-elasticsearch Related to Amazon Elasticsearch Service label Apr 1, 2021
@iliapolo
Copy link
Contributor

iliapolo commented Apr 2, 2021

@jakubgruber

Is there any workaround to wait in CDK for ES cluster to run and then automatically execute custom code? My IaaC codebase is in Typescript, but I assume it is rather a general question.

Yeap, you can use custom-resources. In fact, we have this exact example as part of our own implementation for the L2 Domain construct.

See https://github.com/aws/aws-cdk/blob/master/packages/%40aws-cdk/aws-elasticsearch/lib/elasticsearch-access-policy.ts

This code configures access policies after the domain has been created, since it runs an aws-sdk call, it uses a predefined version of a custom resource that handles AWS SDK Calls, but you can run any code you like.

In addition, we have an RFC in progress to specifically address this exact use case, called Deployment Triggers, you are welcome to join the discussion :)

@iliapolo iliapolo added response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. and removed needs-triage This issue or PR still needs to be triaged. labels Apr 2, 2021
@github-actions
Copy link

github-actions bot commented Apr 6, 2021

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@iliapolo iliapolo

Labels
@aws-cdk/aws-elasticsearch Related to Amazon Elasticsearch Service guidance Question that needs advice or information. response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@iliapolo @jakubgruber