created new construct

source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/.eslintignore

@@ -0,0 +1,5 @@
+lib/*.js
+test/*.js
+*.d.ts
+coverage
+test/lambda/index.js

source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/.gitignore

@@ -0,0 +1,16 @@
+lib/*.js
+test/*.js
+!test/lambda/*
+*.js.map
+*.d.ts
+node_modules
+*.generated.ts
+dist
+.jsii
+
+.LAST_BUILD
+.nyc_output
+coverage
+.nycrc
+.LAST_PACKAGE
+*.snk

source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/.npmignore

@@ -0,0 +1,21 @@
+# Exclude typescript source and config
+*.ts
+tsconfig.json
+coverage
+.nyc_output
+*.tgz
+*.snk
+*.tsbuildinfo
+
+# Include javascript files and typescript declarations
+!*.js
+!*.d.ts
+
+# Exclude jsii outdir
+dist
+
+# Include .jsii
+!.jsii
+
+# Include .jsii
+!.jsii

source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/README.md

@@ -118,9 +118,9 @@ new LambdaToOpenSearch(this, "sample",
 |userPool|[`cognito.UserPool`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_cognito.UserPool.html)|Returns an instance of `cognito.UserPool` created by the construct|
 |userPoolClient|[`cognito.UserPoolClient`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_cognito.UserPoolClient.html)|Returns an instance of `cognito.UserPoolClient` created by the construct|
 |identityPool|[`cognito.CfnIdentityPool`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_cognito.CfnIdentityPool.html)|Returns an instance of `cognito.CfnIdentityPool` created by the construct|
-|opensearchDomain|[`opensearchservice.CfnDomain`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_opensearchservice.CfnDomain.html)|Returns an instance of `opensearch.CfnDomain` created by the construct|
-|opensearchRole|[`iam.Role`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_iam.Role.html)|Returns an instance of `iam.Role` created by the construct for `opensearch.CfnDomain`|
-|cloudwatchAlarms?|[`cloudwatch.Alarm[]`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_cloudwatch.Alarm.html)|Returns a list of `cloudwatch.Alarm` created by the construct|
+|openSearchDomain|[`opensearchservice.CfnDomain`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_opensearchservice.CfnDomain.html)|Returns an instance of `opensearch.CfnDomain` created by the construct|
+|openSearchRole|[`iam.Role`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_iam.Role.html)|Returns an instance of `iam.Role` created by the construct for `opensearch.CfnDomain`|
+|cloudWatchAlarms?|[`cloudwatch.Alarm[]`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_cloudwatch.Alarm.html)|Returns a list of `cloudwatch.Alarm` created by the construct|
 |vpc?|[`ec2.IVpc`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ec2.IVpc.html)|Returns an interface on the VPC used by the pattern (if any). This may be a VPC created by the pattern or the VPC supplied to the pattern constructor.|
 
 ## Lambda Function
@@ -145,7 +145,7 @@ Out of the box implementation of the Construct without any overrides will set th
 
 ### Amazon OpenSearch Service
 * Deploy best practices CloudWatch Alarms for the OpenSearch Service domain
-* Secure the Kibana dashboard access with Cognito User Pools
+* Secure the OpenSearch Service dashboard access with Cognito User Pools
 * Enable server-side encryption for OpenSearch Service domain using AWS managed KMS Key
 * Enable node-to-node encryption for the OpenSearch Service domain
 * Configure the cluster for the OpenSearch Service domain

source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/lib/index.ts

@@ -0,0 +1,174 @@
+/**
+ *  Copyright 2022 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance
+ *  with the License. A copy of the License is located at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES
+ *  OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions
+ *  and limitations under the License.
+ */
+
+import * as opensearch from 'aws-cdk-lib/aws-opensearchservice';
+import * as lambda from 'aws-cdk-lib/aws-lambda';
+import * as iam from 'aws-cdk-lib/aws-iam';
+import * as cognito from 'aws-cdk-lib/aws-cognito';
+import * as cloudwatch from 'aws-cdk-lib/aws-cloudwatch';
+import * as ec2 from 'aws-cdk-lib/aws-ec2';
+import * as defaults from '@aws-solutions-constructs/core';
+// Note: To ensure CDKv2 compatibility, keep the import statement for Construct separate
+import { Construct } from 'constructs';
+
+/**
+ * @summary The properties for the CognitoToApiGatewayToLambda Construct
+ */
+export interface LambdaToOpenSearchProps {
+  /**
+   * Existing instance of Lambda Function object, providing both this and `lambdaFunctionProps` will cause an error.
+   *
+   * @default - None
+   */
+  readonly existingLambdaObj?: lambda.Function;
+  /**
+   * User provided props to override the default props for the Lambda function.
+   *
+   * @default - Default props are used
+   */
+  readonly lambdaFunctionProps?: lambda.FunctionProps;
+  /**
+   * Optional user provided props to override the default props for the OpenSearch Service.
+   *
+   * @default - Default props are used
+   */
+  readonly openSearchDomainProps?: opensearch.CfnDomainProps;
+  /**
+   * Domain name for the OpenSearch Service.
+   *
+   * @default - None
+   */
+  readonly openSearchDomainName: string;
+  /**
+   * Optional Amazon Cognito domain name. If omitted the Amazon Cognito domain will default to the OpenSearch Service domain name.
+   *
+   * @default - None
+   */
+  readonly cognitoDomainName?: string;
+  /**
+   * Whether to create recommended CloudWatch alarms
+   *
+   * @default - Alarms are created
+   */
+  readonly createCloudWatchAlarms?: boolean;
+  /**
+   * Optional Name for the Lambda function environment variable set to the domain endpoint.
+   *
+   * @default - DOMAIN_ENDPOINT
+   */
+  readonly domainEndpointEnvironmentVariableName?: string;
+  /**
+   * An existing VPC for the construct to use (construct will NOT create a new VPC in this case)
+   *
+   * @default - None
+   */
+  readonly existingVpc?: ec2.IVpc;
+  /**
+   * Properties to override default properties if deployVpc is true
+   *
+   * @default - DefaultIsolatedVpcProps() in vpc-defaults.ts
+   */
+  readonly vpcProps?: ec2.VpcProps;
+  /**
+   * Whether to deploy a new VPC
+   *
+   * @default - false
+   */
+  readonly deployVpc?: boolean;
+}
+
+export class LambdaToOpenSearch extends Construct {
+  public readonly lambdaFunction: lambda.Function;
+  public readonly userPool: cognito.UserPool;
+  public readonly userPoolClient: cognito.UserPoolClient;
+  public readonly identityPool: cognito.CfnIdentityPool;
+  public readonly openSearchDomain: opensearch.CfnDomain;
+  public readonly openSearchRole: iam.Role;
+  public readonly cloudWatchAlarms?: cloudwatch.Alarm[];
+  public readonly vpc?: ec2.IVpc;
+
+  /**
+   * @summary Constructs a new instance of the LambdaToOpenSearch class.
+   * @param {cdk.App} scope - represents the scope for all the resources.
+   * @param {string} id - this is a a scope-unique id.
+   * @param {LambdaToOpenSearchProps} props - user provided props for the construct
+   * @since 0.8.0
+   * @access public
+   */
+  constructor(scope: Construct, id: string, props: LambdaToOpenSearchProps) {
+    super(scope, id);
+    defaults.CheckProps(props);
+
+    if (props.vpcProps && !props.deployVpc) {
+      throw new Error("Error - deployVpc must be true when defining vpcProps");
+    }
+
+    if (props.lambdaFunctionProps?.vpc || props.lambdaFunctionProps?.vpcSubnets) {
+      throw new Error("Error - Define VPC using construct parameters not Lambda function props");
+    }
+
+    if (props.openSearchDomainProps?.vpcOptions) {
+      throw new Error("Error - Define VPC using construct parameters not the OpenSearch Service props");
+    }
+
+    if (props.deployVpc || props.existingVpc) {
+      this.vpc = defaults.buildVpc(scope, {
+        defaultVpcProps: defaults.DefaultIsolatedVpcProps(),
+        existingVpc: props.existingVpc,
+        userVpcProps: props.vpcProps,
+        constructVpcProps: {
+          enableDnsHostnames: true,
+          enableDnsSupport: true,
+        },
+      });
+    }
+
+    this.lambdaFunction = defaults.buildLambdaFunction(this, {
+      existingLambdaObj: props.existingLambdaObj,
+      lambdaFunctionProps: props.lambdaFunctionProps,
+      vpc: this.vpc
+    });
+
+    // Find the lambda service Role ARN
+    const lambdaFunctionRoleARN = this.lambdaFunction.role?.roleArn;
+
+    let cognitoAuthorizedRole: iam.Role;
+
+    [this.userPool, this.userPoolClient, this.identityPool, cognitoAuthorizedRole] =
+      defaults.setupOpenSearchCognito(this, props.cognitoDomainName ?? props.openSearchDomainName);
+
+    const buildOpenSearchProps: any = {
+      userpool: this.userPool,
+      identitypool: this.identityPool,
+      cognitoAuthorizedRoleARN: cognitoAuthorizedRole.roleArn,
+      serviceRoleARN: lambdaFunctionRoleARN,
+      vpc: this.vpc,
+      openSearchDomainName: props.openSearchDomainName,
+      clientDomainProps: props.openSearchDomainProps
+    };
+
+    if (this.vpc) {
+      const securityGroupIds = defaults.getLambdaVpcSecurityGroupIds(this.lambdaFunction);
+      buildOpenSearchProps.securityGroupIds = securityGroupIds;
+    }
+
+    [this.openSearchDomain, this.openSearchRole] = defaults.buildOpenSearch(this, buildOpenSearchProps);
+
+    if (props.createCloudWatchAlarms === undefined || props.createCloudWatchAlarms) {
+      this.cloudWatchAlarms = defaults.buildOpenSearchCWAlarms(this);
+    }
+
+    const domainEndpointEnvironmentVariableName = props.domainEndpointEnvironmentVariableName || 'DOMAIN_ENDPOINT';
+    this.lambdaFunction.addEnvironment(domainEndpointEnvironmentVariableName, this.openSearchDomain.attrDomainEndpoint);
+  }
+}

source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/package.json

@@ -0,0 +1,103 @@
+{
+    "name": "@aws-solutions-constructs/aws-lambda-opensearch",
+    "version": "0.0.0",
+    "description": "CDK Constructs for AWS Lambda to Amazon OpenSearch Service",
+    "main": "lib/index.js",
+    "types": "lib/index.d.ts",
+    "repository": {
+      "type": "git",
+      "url": "https://github.com/awslabs/aws-solutions-constructs.git",
+      "directory": "source/patterns/@aws-solutions-constructs/aws-lambda-opensearch"
+    },
+    "author": {
+      "name": "Amazon Web Services",
+      "url": "https://aws.amazon.com",
+      "organization": true
+    },
+    "license": "Apache-2.0",
+    "scripts": {
+      "build": "tsc -b .",
+      "lint": "eslint -c ../eslintrc.yml --ext=.js,.ts . && tslint --project .",
+      "lint-fix": "eslint -c ../eslintrc.yml --ext=.js,.ts --fix .",
+      "test": "jest --coverage",
+      "clean": "tsc -b --clean",
+      "watch": "tsc -b -w",
+      "integ": "cdk-integ",
+      "integ-no-clean": "cdk-integ --no-clean",
+      "integ-assert": "cdk-integ-assert",
+      "jsii": "jsii",
+      "jsii-pacmak": "jsii-pacmak",
+      "build+lint+test": "npm run jsii && npm run lint && npm test && npm run integ-assert",
+      "snapshot-update": "npm run jsii && npm test -- -u && npm run integ-assert"
+    },
+    "jsii": {
+      "outdir": "dist",
+      "targets": {
+        "java": {
+          "package": "software.amazon.awsconstructs.services.lambdaopensearch",
+          "maven": {
+            "groupId": "software.amazon.awsconstructs",
+            "artifactId": "lambdaopensearch"
+          }
+        },
+        "dotnet": {
+          "namespace": "Amazon.SolutionsConstructs.AWS.LambdaOpenSearch",
+          "packageId": "Amazon.SolutionsConstructs.AWS.LambdaOpenSearch",
+          "signAssembly": true,
+          "iconUrl": "https://raw.githubusercontent.com/aws/aws-cdk/master/logo/default-256-dark.png"
+        },
+        "python": {
+          "distName": "aws-solutions-constructs.aws-lambda-opensearch",
+          "module": "aws_solutions_constructs.aws_lambda_opensearch"
+        }
+      }
+    },
+    "dependencies": {
+      "@aws-cdk/aws-lambda": "0.0.0",
+      "@aws-cdk/core": "0.0.0",
+      "@aws-cdk/aws-cognito": "0.0.0",
+      "@aws-cdk/aws-ec2": "0.0.0",
+      "@aws-cdk/aws-opensearchservice": "0.0.0",
+      "@aws-cdk/aws-iam": "0.0.0",
+      "@aws-cdk/aws-cloudwatch": "0.0.0",
+      "@aws-solutions-constructs/core": "0.0.0",
+      "constructs": "^3.2.0"
+    },
+    "devDependencies": {
+      "@aws-cdk/assert": "0.0.0",
+      "@types/jest": "^27.4.0",
+      "@types/node": "^10.3.0"
+    },
+    "jest": {
+      "moduleFileExtensions": [
+        "js"
+      ],
+      "coverageReporters": [
+        "text",
+        [
+          "lcov",
+          {
+            "projectRoot": "../../../../"
+          }
+        ]
+      ]
+    },
+    "peerDependencies": {
+      "@aws-cdk/aws-lambda": "0.0.0",
+      "@aws-cdk/core": "0.0.0",
+      "@aws-cdk/aws-cognito": "0.0.0",
+      "@aws-cdk/aws-opensearchservice": "0.0.0",
+      "@aws-solutions-constructs/core": "0.0.0",
+      "@aws-cdk/aws-iam": "0.0.0",
+      "@aws-cdk/aws-cloudwatch": "0.0.0",
+      "constructs": "^3.2.0"
+    },
+    "keywords": [
+      "aws",
+      "cdk",
+      "awscdk",
+      "AWS Solutions Constructs",
+      "Amazon OpenSearch Service",
+      "AWS Lambda"
+    ]
+  }