From d569972687b3c98fe6962f7557b1e6a06524df3b Mon Sep 17 00:00:00 2001
From: mickychetta <mickychetta@gmail.com>
Date: Thu, 29 Sep 2022 19:13:14 +0000
Subject: [PATCH 1/9] created README

---
 .../aws-lambda-opensearch/README.md           | 164 ++++++++++++++++++
 .../aws-lambda-opensearch/architecture.png    | Bin 0 -> 66516 bytes
 2 files changed, 164 insertions(+)
 create mode 100755 source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/README.md
 create mode 100644 source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/architecture.png

diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/README.md b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/README.md
new file mode 100755
index 000000000..72d835556
--- /dev/null
+++ b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/README.md
@@ -0,0 +1,164 @@
+# aws-lambda-opensearch module
+<!--BEGIN STABILITY BANNER-->
+
+---
+
+![Stability: Experimental](https://img.shields.io/badge/stability-Experimental-important.svg?style=for-the-badge)
+
+> All classes are under active development and subject to non-backward compatible changes or removal in any
+> future version. These are not subject to the [Semantic Versioning](https://semver.org/) model.
+> This means that while you may use them, you may need to update your source code when upgrading to a newer version of this package.
+
+---
+<!--END STABILITY BANNER-->
+
+| **Reference Documentation**:| <span style="font-weight: normal">https://docs.aws.amazon.com/solutions/latest/constructs/</span>|
+|:-------------|:-------------|
+<div style="height:8px"></div>
+
+| **Language**     | **Package**        |
+|:-------------|-----------------|
+|![Python Logo](https://docs.aws.amazon.com/cdk/api/latest/img/python32.png) Python|`aws_solutions_constructs.aws_lambda_opensearch`|
+|![Typescript Logo](https://docs.aws.amazon.com/cdk/api/latest/img/typescript32.png) Typescript|`@aws-solutions-constructs/aws-lambda-opensearch`|
+|![Java Logo](https://docs.aws.amazon.com/cdk/api/latest/img/java32.png) Java|`software.amazon.awsconstructs.services.lambdaopensearch`|
+
+## Overview
+This AWS Solutions Construct implements the AWS Lambda function and Amazon OpenSearch Service with the least privileged permissions.
+
+**Some cluster configurations (e.g VPC access) require the existence of the `AWSServiceRoleForAmazonOpenSearchService` Service-Linked Role in your account.**
+
+**You will need to create the service-linked role using the AWS CLI once in any account using this construct (it may have already been executed to support other stacks):**
+```
+aws iam create-service-linked-role --aws-service-name es.amazonaws.com
+```
+
+Here is a minimal deployable pattern definition:
+
+Typescript
+``` typescript
+import { Construct } from 'constructs';
+import { Stack, StackProps, Aws } from 'aws-cdk-lib';
+import { LambdaToOpenSearch } from '@aws-solutions-constructs/aws-lambda-opensearch';
+import * as lambda from "aws-cdk-lib/aws-lambda";
+
+const lambdaProps: lambda.FunctionProps = {
+  code: lambda.Code.fromAsset(`lambda`),
+  runtime: lambda.Runtime.NODEJS_14_X,
+  handler: 'index.handler'
+};
+
+new LambdaToOpenSearch(this, 'sample', {
+  lambdaFunctionProps: lambdaProps,
+  domainName: 'testdomain',
+  // TODO: Ensure the Cognito domain name is globally unique
+  cognitoDomainName: 'globallyuniquedomain' + Aws.ACCOUNT_ID
+});
+```
+
+Python
+```python
+from aws_solutions_constructs.aws_lambda_opensearch import LambdaToOpenSearch
+from aws_cdk import (
+    aws_lambda as _lambda,
+    Aws,
+    Stack
+)
+from constructs import Construct
+
+lambda_props = _lambda.FunctionProps(
+    code=_lambda.Code.from_asset('lambda'),
+    runtime=_lambda.Runtime.PYTHON_3_9,
+    handler='index.handler'
+)
+
+LambdaToOpenSearch(self, 'sample',
+                            lambda_function_props=lambda_props,
+                            domain_name='testdomain',
+                            # TODO: Ensure the Cognito domain name is globally unique
+                            cognito_domain_name='globallyuniquedomain' + Aws.ACCOUNT_ID
+                            )
+```
+
+Java
+``` java
+import software.constructs.Construct;
+
+import software.amazon.awscdk.Stack;
+import software.amazon.awscdk.StackProps;
+import software.amazon.awscdk.Aws;
+import software.amazon.awscdk.services.lambda.*;
+import software.amazon.awscdk.services.lambda.Runtime;
+import software.amazon.awsconstructs.services.lambdaopensearch.*;
+
+new LambdaToOpenSearch(this, "sample",
+        new LambdaToOpenSearchProps.Builder()
+                .lambdaFunctionProps(new FunctionProps.Builder()
+                        .runtime(Runtime.NODEJS_14_X)
+                        .code(Code.fromAsset("lambda"))
+                        .handler("index.handler")
+                        .build())
+                .domainName("testdomain")
+                // TODO: Ensure the Cognito domain name is globally unique
+                .cognitoDomainName("globallyuniquedomain" + Aws.ACCOUNT_ID)
+                .build());
+```
+## Pattern Construct Props
+
+| **Name**     | **Type**        | **Description** |
+|:-------------|:----------------|-----------------|
+|existingLambdaObj?|[`lambda.Function`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_lambda.Function.html)|Existing instance of Lambda Function object, providing both this and `lambdaFunctionProps` will cause an error.|
+|lambdaFunctionProps?|[`lambda.FunctionProps`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_lambda.FunctionProps.html)|User provided props to override the default props for the Lambda function.|
+|domainProps?|[`opensearchservice.CfnDomainProps`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_opensearchservice.CfnDomainProps.html)|Optional user provided props to override the default props for the OpenSearch Service.|
+|domainName|`string`|Domain name for the Cognito and the OpenSearch Service.|
+|cognitoDomainName?|`string`|Optional Cognito domain name, if provided it will be used for Cognito domain, and `domainName` will be used for the OpenSearch domain.|
+|createCloudWatchAlarms?|`boolean`|Whether to create the recommended CloudWatch alarms.|
+|domainEndpointEnvironmentVariableName?|`string`|Optional name for the OpenSearch domain endpoint environment variable set for the Lambda function.|
+|existingVpc?|[`ec2.IVpc`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ec2.IVpc.html)|An optional, existing VPC into which this pattern should be deployed. When deployed in a VPC, the Lambda function will use ENIs in the VPC to access network resources. If an existing VPC is provided, the `deployVpc` property cannot be `true`. This uses `ec2.IVpc` to allow clients to supply VPCs that exist outside the stack using the [`ec2.Vpc.fromLookup()`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ec2.Vpc.html#static-fromwbrlookupscope-id-options) method.|
+|vpcProps?|[`ec2.VpcProps`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ec2.VpcProps.html)|Optional user provided properties to override the default properties for the new VPC. `enableDnsHostnames`, `enableDnsSupport`, `natGateways` and `subnetConfiguration` are set by the pattern, so any values for those properties supplied here will be overridden. If `deployVpc` is not `true` then this property will be ignored.|
+|deployVpc?|`boolean`|Whether to create a new VPC based on `vpcProps` into which to deploy this pattern. Setting this to true will deploy the minimal, most private VPC to run the pattern:<ul><li> One isolated subnet in each Availability Zone used by the CDK program</li><li>`enableDnsHostnames` and `enableDnsSupport` will both be set to true</li></ul>If this property is `true` then `existingVpc` cannot be specified. Defaults to `false`.|
+
+## Pattern Properties
+
+| **Name**     | **Type**        | **Description** |
+|:-------------|:----------------|-----------------|
+|lambdaFunction|[`lambda.Function`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_lambda.Function.html)|Returns an instance of `lambda.Function` created by the construct|
+|userPool|[`cognito.UserPool`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_cognito.UserPool.html)|Returns an instance of `cognito.UserPool` created by the construct|
+|userPoolClient|[`cognito.UserPoolClient`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_cognito.UserPoolClient.html)|Returns an instance of `cognito.UserPoolClient` created by the construct|
+|identityPool|[`cognito.CfnIdentityPool`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_cognito.CfnIdentityPool.html)|Returns an instance of `cognito.CfnIdentityPool` created by the construct|
+|opensearchDomain|[`opensearchservice.CfnDomain`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_opensearchservice.CfnDomain.html)|Returns an instance of `opensearch.CfnDomain` created by the construct|
+|opensearchDomain|[`iam.Role`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_iam.Role.html)|Returns an instance of `iam.Role` created by the construct for opensearch.CfnDomain|
+|cloudwatchAlarms?|[`cloudwatch.Alarm[]`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_cloudwatch.Alarm.html)|Returns a list of `cloudwatch.Alarm` created by the construct|
+|vpc?|[`ec2.IVpc`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ec2.IVpc.html)|Returns an interface on the VPC used by the pattern (if any). This may be a VPC created by the pattern or the VPC supplied to the pattern constructor.|
+
+## Lambda Function
+
+This pattern requires a lambda function that can post data into the OpenSearch. A sample function is provided [here](https://github.com/awslabs/aws-solutions-constructs/blob/master/source/patterns/%40aws-solutions-constructs/aws-lambda-opensearch/test/lambda/index.js).
+
+## Default settings
+
+Out of the box implementation of the Construct without any override will set the following defaults:
+
+### AWS Lambda Function
+* Configure limited privilege access IAM role for Lambda function
+* Enable reusing connections with Keep-Alive for Node.js Lambda function
+* Enable X-Ray Tracing
+* Set Environment Variables
+  * (default) DOMAIN_ENDPOINT
+  * AWS_NODEJS_CONNECTION_REUSE_ENABLED (for Node 10.x and higher functions)
+
+### Amazon Cognito
+* Set password policy for User Pools
+* Enforce the advanced security mode for User Pools
+
+### Amazon OpenSearch Service
+* Deploy best practices CloudWatch Alarms for the OpenSearch Domain
+* Secure the Kibana dashboard access with Cognito User Pools
+* Enable server-side encryption for OpenSearch Domain using AWS managed KMS Key
+* Enable node-to-node encryption for OpenSearch Domain
+* Configure the cluster for the Amazon OpenSearch domain
+
+## Architecture
+![Architecture Diagram](architecture.png)
+
+***
+&copy; Copyright 2022 Amazon.com, Inc. or its affiliates. All Rights Reserved.
diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/architecture.png b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/architecture.png
new file mode 100644
index 0000000000000000000000000000000000000000..58e38198af9704a3e6e2067a346a0cd67d22066d
GIT binary patch
literal 66516
zcmeFYS6ov~7dNUAq=_^I6zNT+caYwD?>+RE&<P<l5fl&s0Tq-c(m^1A6ltM~N)u@T
zqzedy4xxl{Ha@RD&v$XI&c(U;er|VmCbMT&`L8u=tr=qVbW}-+Zxdg-bcs}5P08TW
zB@p`3r7I5zuL3QNcZJ1)kIQ}rstT9N`|qq=x<tU{uWaTIg*&@JoG!5oDgN`sF39id
z<>${Xq{J>L=;&(~=;p=i;N|PhYX`MMczFWPP~Zok7u3tq&DqV#@t>Z8{DOi!{1QBZ
z5=H_N>_YPV;=oNnlvhGX%;KN^b}mky{~K1@3*iQV*s%+$i16|QL*3Q3b8z$Y_wsXP
z7g7Met9$x8L4Z%78Mx~j0yi_@zW~3jfQYTwJ>XH^+Z*C!>SV9!=6^AYkQlF!DA0UY
zQ_V<Qi(OC=c!s!nH~}B3P7WSk7q2L~`g%cu78L=0VAhL&K%=3Zvz@Qoe}=f=%*o%*
z<sYt893c_`p1MjB>Usux{;tjv5H-X<+`ycC{oK4f|LG<m$Sce%e({5lG9XAtH#-+!
zJ3vhQZvT^xt&*d;vap+>ri4SFqPM!Cm|l?kKjV1X0W|%VwH_cK9)W)b5i^1KyG!_a
zDeDOXEea;?TB_=9M()B;gq<-!teuZffR>RP%n>5&YYtboSAqL!d005>`6>x&ItVJN
zd5ig4Xb1)fI++Ogx~dwuyFkq#P;FgL1x+0Zafqgoww_mjvN%M{MMK2T$y3izQC$JS
zFJUI`?xg9Z5-1PMsATG`p$UPwTj(1pxSL9N^ZV<lLktDoO+@Y7l!euOOw3G`0sggA
zecZI&jlH}D{3ZMq#dSsfG>oC%>LTtcu39id0}(qfUk!6zKQ&-PeP>a1KZJ#kg^Q`U
zfUc>Bs42gyiHEVFpJ|YWuz;|xfr_%0iLY6pk+G?myq%DuH=JKc&rZ)l%R|gSUkeTm
zG;@Fjc?bsq>?`=_0C(W>5j0c~G6EjNo%IA=gv?akV2ThSdj&^dHE$nf1qCg*2}HpQ
zAtdkY0#Kl<BC4V9;iRA_2J;4ZR55Z8@Dmm>GBnUo)fMyh*41)H7#sTunVYEFoBL?#
z18;a}sLM;}2nQOu!rU!9g>~gMT_F%hO*cTb3jE$Co_=aR0vd)IW(IIY5l;g<6E{Jq
zr;vrRn23w0o4JmWxS63BR9wJRP1)4c%h=G{z|JrLZttt&s3M_n<Zh&E;s6WO71M_Y
z=&Gx_J82nuLk%ICCOQUzTK?{8zN)G)fJlgkorS%ChLVCgFsGj;a5K;_^@2j&bs^4v
zCZ2kx0NPbdeNBa7MlcN#eP1IdCl75H1S+N*;Ogn;!taD|_wsSjgh4$5BwQ2#*?S8h
z<OBTmRE6}s3}CvNt}3R6{z0m6DBM-qQwZWB4)-?j6ZBOPHZb>>*YI;xb2pNQ1&H$V
zJG+X&oC2J@MFU}KhJHpm2#A{jG(cU|%-#VaE+(pD=%=jZFX5%9re_og_xHBYG~jpk
z7chpoikUeFD#4WW1I=Jw0YWZ9c1~(;PMUhY#zH>o;;Q;~Fm*9QCwU_YZ8KpZh^C!`
ziJG^FilK23!dJx9L{r4vNKxF#K_4&|1q&C1nwFmq!q4B-TtQFN%)`|Vp{8#q;iWCE
z<LBgP=r5pU1cgBKg*?4f^>vj*l;o9M+zj;PeMO7`hoAs))Ri|k_VUq&1!~Ic1Hcwk
z6%+@&hKia!M99ln4I*UjYpSfTrK=1P3sgj?n290;Bz$$D`YK}X9tP&BYU1WlO&2?1
zV=W(LBP~y0M0+iJ2>~;xkD`-<kePv(wxF(;nxK|B3?VFU?`d!Dt}m=%rs8A}sNkjt
zgL%8VtC=YV8R?j)z#V-&5bApR`l25Cc7S>KLgDrhVP~kDnue#p9x$*d;D%Hr%te&^
zv;tMtJpB}c#C>4`4(?7)dZJ=tstziCp6X`G;^r25CI)_{T5x3pK~V)=At4cQRb5vX
z5d{emZ&5{WFJTF|r=GdLhoYi4FrK`Rg^Gr=orQ_Lj<JAqpqIF=xUP~o;8+#3G~``H
zz0~}JT%AP?6a{^Q1c5IBfe1AfcUN68GX-G_Wj_O`i55gq$6Lhl0&yaqLh^tqDqI+%
zhA&i?-vIFs$%?w}ff_)gu&%PRIKoBI*%as{Z|ZID>L6kV6LXfZH`5SsRngRP73KF8
zftu(Es|mm~4NSZOHSEL?7S2LiZU`4)2Q#RkFYuy<pa?Lmf`qH4w!GejCj>?YE(@5c
z7~Ijp%l=|c0ZkDj4@YOUKykebS74zaAQ}Ml)Y29U5Of2avVy6Su9LdBwvM-%y||Mz
zG{`#uE&(+Ad1(j%{R07ytpqr2;PH>&{_Vtp@Bdp6g_NJ>P(d$UV!EWRByR+_!DQmU
zpjV!F!WG9sPKHOK?(GtB(~L<zk_vWi{bNd+h(YQp9?=G#nOVma3-Z%^GTuBqhSChO
zEbBE>EE!N*+EBU=8wg#?$oQg_8nSN`a4=~bZah^`TwJWqpLB`n`G2lFg}0>mu={s3
zt-m}X3O~Sf>mG$4HBMJvxAf%QB2zyNFTVT@PRVrnf0tU)C4AUZ{vM;7QG4&_OidpL
zP)_E5E11<$NODqth^O}ZvLLxkj2RV7zJB`royER^<c+u&%1<%ISF>&x-w{grJGq<(
zvs}cKg^J)?#`1QHCt+{zr-)5ZYuI~OJcT@6znbQVVfjO<+)H3uuB>Zz?H0uDgkWPU
zRe6?$TBrKhV(!(#&j|`IgZ@tbRqG+Bu{W0nj0-+JC^JXituA0Lf%a)6L8&HhOqBUo
zRa&yif&RHf@a`fl$D<yq-kP`2B_CCn8qpV!cQkZW&Hr@rw^LaJFt-P7*OCmnX_RBY
z2Mr4;GMGx><K;;IRv;$HtN)7ik96)n02qIl_&hh1!>8=2*)6UzUL*ha4R3h9yi-p3
zR`5CD0jO8^e{-|xT?O4hJJIG}qJuIsuSuUgG$n2qje{P|L%Llk$BR@aEOv6<9{nYQ
zZI<F~EAO@vf2_y7ko^k5i3YbxX||_#6IWwLo7ZoQvu8yKXZ}wCYOSh(5b{#mIm!p=
z)5T2!$>n9n%8rJ&l9}e{m0i=D#?uF~Oui4k9shUuZwkOGQPpkK)b^_y)Q!=2(C$<v
z$DtJK_AhEFf2I4Y&6Ct`c5@2x7{*Fs2Xz--;ble~-33YC015pID>-_?Z;{pnztrDc
zo3OpTzr_B2L<ZeLyK?{4ej0=u;ZJI--k$s~UeuUK08yCh^%d#R_*f6nOC)0`6_PRs
z^XzK=()W?-ZEHV$P}9|p&YIFXahtV`e8@BgiT?~?C9zOB^;(GYFIFlE^}sY9QtwA!
ztPd?TH1j?(=j+f*O4ibOqyAU+iU6~CRPP}37A*0sRU>*7H2OA==5k~I&PS?p(c?;%
ze_;XwCQ$NuR8jd?SNZa<O6VVBh!6+Rv!K^gsrCHe0e88Cs?e46rwun5o6*X*Bqrql
zOhq0Iz~_#;#H)MN2Nqp7oKndVm3|pu$kRW%VhRA5FJ{%QQy5ZpdRpb6Hk?%wN)%U7
zKqGnIdWrKdwumpV^(?CGdip^FcMdZm^&Pw*_b1O5`FG*JBwb~bi?E)R7bC({Au8CH
z?q<1(c#Y$%XWdkW{xMD9ZonZIktz61xK!wI^ovl__`6vvckQLLH{Qqnq39uAGWpw9
z9R<FQDs>sjtQ_-VqxJh4xiQ;D*BsdYN{H<_2%zW&le50Ebh{#x>%QYL9raz7FWLGy
zMrH9*`zFjZt|%id`_HIvGXQy!Jn%fOh4Bj&x4y6+#|m91?o`pNr01v~EQipMkqdr#
zu+?}RezLK;p5P$a^B+J_1MgP9eWQ?BaJVMk7%lgf<+aq{y|k555a^bICCy~P8G6E$
zk<G{}5Iq`Zz84*k{I8oa0_3Y7yZGFeEJrTIrz`&p)y4#Vit2=Mk!BKU8~vV$MhcI+
zZEjRbJvQ#>ub9-BG%rB;J>I-d9o#)t(9ee4r*$`0i+&vRnRmQhy1n6!5$gW*T$f7w
z%$_%;^fR{i+6;fS#S|e$qz7JBpR6nsrV-a*&hWRhPg|*?H@=qs70qx%i|l5t=mKK5
z<G6L<KLWi92vqoPftBhTkfhU4Mo9|GBwOteIhvnEN2(!ZyI1KCsN_II!0?=SY05q+
ztvU^nYSgfX;o<}Kr>&zM>cixe#1NX}Ud2DX^~eBD_TMsmcc!-78>vqBp|)5BS&%X3
zw3aW&RQ(HRCZHSs8%AIGY`4OM5BN@K8+7fI!cS1gT@upVPE!YQEgMf_3`pDPjl!Ry
z$<+We>8I)p@Oi5ZZ+KG?Hro|YDxKN@#o4SmS=X&r^MLbOVYf(^nE&GV0yPif6`t4K
z=8$*28kD5X=r`C%IjS;Y9XPJRuk~ZHc00FKC-{RI<6nz5xzIj~N3odJo&s2-!uy-&
zohrn>;bIBD>Nvju*KSWkJGMhKbm_-%pST^HU58u*y-G~?U#Im{;UP$}JBg4uMelLV
z7pk&wZ}x<71G%+#QaaY<IXt{J&{XU_r1f0^vcEG@06t_{n3%(do~;DxtUmA|F3<u|
zG(<iupY{$u(Lt?Ra!PCw^BVhZAfw=N`d{W;F99NyAl;d1+%Ivv7av*{S&NEeogR{#
z+quLfy;4p_#L;*cIYi4d`qw`^#|PxWUF06HI!CJB&hf6(d-<D)2UR&Un-4^*olhs2
z`>!75K>7e#syQ#2D!xo&s;CIx3@fs0IS=<ZtUv1PDuu44oHXts8U_6-<AVN!<A0oM
z&G4<|xF>c?H_gq~YBeirdEe}Z)RrB$n{A2z;rbHMjf=IeKX>-H?Ilxn9!=`>j|_su
zzJEi8hgU8WLkQH&9g`%z-g>5Xg_WcgM2p2y*k%3)#n%Cb{Kc!N|9GX}n%@E__hb3j
zq5<=idkU!4FzQRmzqDS251@3vKY_$QKNtW`Et5sdMEMWselOoQ&>2_$ofK$#&H~JP
z!>;Q7|1s~|)}=dtqnC?^h#P?A6cVNw|I5{dtH2js{_8P*KjZ<FNGhkj|LdoJ6Ll9U
zLGXW&%cKlw{9e1G@&7@KTtuJ5pCIF(AMQ~C9+iTll;w{d{3ePR(*J*ar~F@hWq$Kt
zod7ZeM0frF57F_?-8q~&KjSQKSiK*ST|1nkNKiSASc?r9vo`f#8|A67k=bg!V!zb;
z+P=C^lxh-MXYIaU#qzHLTzLQ$Yl<h&gr7H?xfkbW@SHF5h2J~F)}dlwnpk}K_>9LP
zTPC!#-e;ln3uiXBO8o7Y^)e>^5nWk4fJh=$qnqd+K2(#LU!O>5^Wol*Zr6)@h9%*u
zEvB}i#_ww<++z`15t)RHB!9z8;Y$D<D6d!DM-p74WqLx!=!xlS3fk=y=)S|s5V9q|
zc^E^%+WFcg>vd804Rq{QCI26h%UuChKi)Z}Mq-HndgEpbl_p>Fhq0b1*rc`;7VYqf
zK}<v>R#)aoiM!=+{$23FhROYMQ1IY8WgA+ORfm5S9HGJjtj6tw2`tFL=6JDbv!?w~
z%jtLBfit0X1>IDfIyVY4VQ*+<!<x+My>kMu&9UJ&8Y}95CTrqRYnI$o1M8-XYG;I>
z9nI&b+E7+I_ff7-*3nEts^br*Hp4itOYeQ7OfLBHFYw4S0a^Jw2k=oSgU<mOz4Ke{
z&w|UG9WHe3kJ;MRFp@Ba<0fY;a946j=gL08C-JZgiL$)dNiS51+8CGg@vq!2K((B&
z%<N+uc5^TPJMwe(3n#VWY*bg;s&WmBwCm{nmZK=GNgj6^Eql_2JI9PyH{&OgPm_Nq
zliqvY>dET2)Js7odx8|7i=t`@*^)zTwUfNlP8Xft<cK&Ocgc>uX=*hnnec#lzA}F1
z*)1U{{m|viKt%UdG6rtmrmgm8MM#T(adh`$Wwd{$$i`(95syq<ubXKpkZKw|KORFh
zg$uR?$3yoWwS=i9ZG5_JPR{}J>b-9{UKI(DW6Orm$4<|X*To+~(_3XW>K8fzP5gQs
z6|&VvAToK`zG9>KVA}HJXdoOLb<)ik-dm4R%kAs^%eoUQpu<`UDg~t}0=jnU%CS`f
z7sTGLxi0lh)cKixZ<>G%ad!CGM>D&}H=9tb)VQYIej#EAcf!f|K-dz!<Z^~zr&Fr+
zQt4WfDg(tS?%?1o;du&A-H)oMVK>1)kh?@w4@CE{1*0OX1_I0Tck_v|XLk#9GVj}j
zp9XAq(b&Rk6&+Cr)4}gN#>zz`<9>wU*5{EO*M+cTjj?Y}A_y4nZhTy3$Zh@9&&pNN
zR22y6rVrd}*V>ChQo-w!HX1i&_)OAc|Ab->@hrG5tRvyQ$2BY<t=U+Ik7QW-z#nt#
zOA*h>KYDMk6lPPO9`6eopxsN$I-`iFq~=a~g$8KxMH5)FJsK8YS#|>ath~wmPr&rn
z|H9bC9BY_a<Qd<{kIi;X`wwY1+t^1iQ{QG0#$#qt3qM`6?Xn48U(CJ4SN~&sp(r<j
zQfwxqS|41x&-%j=K)`jjhAwK$7?Dx4-2WE=l`}wSN%^qJn!GFH;h%1~#3Zq*5_3yg
zK`OhNP<GKt@{w1Mj-x}XE5k*<KWA3#G<V5#x`EzZ9-zs55U`U#A9gr5Upwi!JAxm)
zcs9BAzB<8mvKE>H|4#ca-qcb6OL`;hSHktQ^@+M~oHPb2fY@^#_-cE)YC6r!iZ=23
zo~Lfy#?$yP&F!b^Z81+Pk!zhFw6m@FW382z`ZL!`*H%j_urkh(QPxT(7H;_&YL&PC
z9shGSF#cIDRUNG{c){Ztdh<5p%cCCKv-z5eFvq1B)&z2~AKr>0Y<PBzp*ZaRS4i{z
zs67T<X`HSNqQhDBJWi&u@{XW+!V*XwwDX0tO9qEo7^&%I2qwhbZU0Y{SoZq2_Y^B>
z1%zHB%_jn*d@U7Jb#UYdsi^DWZ6xIOReE#~wA&{}gU%wGW8U!^kUbCS>u2JKh<{Fn
z>5A9QW6hxtadkf4Tbb@>uPQ&72}d<7s1a2TIsVIyH{j>iql(R557)bQ>h|!7OuYXQ
zdN74A<CGA^Cwcvj_&1zv)B~yh!}KiC30Kz51^(klozS|eQL68RNA){jxk|fQa2t|d
z6!~AMquziSp--ON@L(9c{bz;<2oOBDbkrEt%vY~$Hti-XPuV!VH151g2bn#6Q8}sq
zV0XmSHWmPqq1J1`E*z4SS_8W=C8=?<SM%SPAs@(ltXJo9xBuEU@SuEQ-XAD(r2pIa
ze|!F4DgDL6|7V1J(*xm9rabzqZSS@hS&(~fvM+kT7QcbnhgU8OXEuK>=ZU9N-x%r%
zT^!MKAi{8^l4~o(h$?JxN;t}pO=RgrWR5+4whlyqd785gku*l0F9g5PafVlrGbI`=
zcgG(1s|A8+-qwDiM4R&5Q!-2;hfdrjwmd68f5AzfXbMl#<%!-ps@z+dp_#o=NOZv(
zd1mWA0pAuc&Oq(!<imqT-=l@?r`-u5_XU|ZPTsaAge6dybk>>j%8!XyAAW3ZcMZNO
zjegv4>Dz^qbODXge~=T7EqEvv3WaBc7^E|DP7MtPdA?$IPz*w%nti`iJtJ9%;Nwkv
zkDMY_NwQ{&_{8>&1)2YRY2fP>0tv^q2vFnCvDaP|W>rVA>6~iRoP>N*HM=GB(r9*+
z{kITGS1ZsMgE-1Zav*D2XErZ*rLCVH@rG0ZER-Z?gEx`YMvG}OtELCSd4D3S;BO&M
zj0E!p>z-=>na9A)4-cF(8=mMu+K>LU-h-99*f9R}e#dLD4NeI<w#$@ik6T3u`WM!d
zeVN5Rdhev^6!%WD7=PCjK+m*B_EB-vQ5Cf9*SH39NTZb-(1RCwOdu$$)tMzCgD@k6
z4<DveRPA<^0kZ0`y4G|u-2?b0KbC3}fR<jOXAi)hOHkxx%IA1Gw}w8Bw7GJVVL#{7
zvb3u{`yo@QNCqoyw5d{L`^Jw~E&=963FST$MRBF920DeztmL%v9_2d?67u?TACbTM
zdg64IUn$S%ii!h}$(G=$(DN7WgbJ*@N}i!x*t{urGbrzYtWI-<W~n6Z_SeW}S3D`S
z7Ta^O2&bzdsk(}g#}});0f*jAbO9OT8e`Ss=1T&K$>?`qIA07DI{=xN%;Vj%>!3!U
zDEz@~=!xtX=G`D9Mh=18mF^h74Wwrlc;(aK*A?&IGI(vNwpe@+pzX0rUBG}qE|#cH
zKHq{b(lZ~W5#jZcA&?|~nYqjWt|*9xi6Q1@sM+m<2|Bi*&c!zJq!>=u!K!fSCUo2#
z8q1mrv-hgmKeA|ZF`PR?y{TQgLZ80pQncmDlfeedFMWu{Q)_+MYK#lL>D@erU)Lf_
zlW0na#`3T-W)8R=1o~yZ$^SB@$AEd-%4=f*8IgIn-ZDTvz~A>S+qsFmCG@TB+&cHu
zh@R_!w)H<ff&nI@#OghAX1m=;@ncNvDI@P-h{Sr>lNcpQMUq#zH9Jk^E!ic}icSN|
zOukn?cA6dy3a0O#Mrn2(Eb!f9>u$o<!JvhwOvD%iE%)0%`EZuidoiq9ogE)!dD4<;
z<}}4_Q1r#N>-|AEdG$0-zBi=e#FkVhlL4c(q~`fDOd7H>VJhmIO+U#=;P+q}hH}Ag
zLOZD&CrE5p%B<dKI(52->=Dd&1B#aqRc1?0o#_tRM(M9rrS)xpE9wq@Ul(=QaYXO;
z+7wQEUoxB+V^yF5i|4*mYxK^P);#pMaq4V<u+uh`J=E_!VZLz1Vb^cFvEdoXtBO<e
zJ#ea%&X5j(N(+$b29ABkh{KGc<^VqvPYK4bG9nwwYI8dD&LDB@78!RcL5bC*YY{Ex
z@fLWJ`e@WAUPT!^hCot0oy!NkPcri@o!Gj`4LeynTQb9d&@LfcNrn3K>mIVdP#?2;
zA<r(5_8kZUGJ6?SBk1E9@nIG&o|&uW;{I-fY;Tn41`G6LQ^#i*S*pOl3?5fjN48Pn
z`a&h2W;;LQy3zeEzBJY{vp^=D{USYA!z)K0^epieezxBkdi=Fi;iy=Zk0j9)CCvJ!
zbDGA#e=xFHt!byw%c8}fRoajJcD4|MnauYSZpEcfJ76;9Yq0I)FOl)l5%1ViLbGUa
zG8=a(g;mxE-Vrq3^-KE)5wk=X0|NSCG3Re=NQzJT=Fe%vgOeH7c-WEN2HHhqRA{2r
zvcO(WeAtKGYVVIU*9NI2oNpS@S57-!=Z7Ps!J2KyHcXDVxQYqW50bODX5e8$1=)u_
zpLzh^?l$Go)Au`HgU#`Rgku0W$F_bBZMj<mE<HE}XSZ30FkobDgvIb9n)A>u-pg+U
zLhwPj9OZn53ZZlKl$*_~dxn4y<pMRr-Ckcg5kM<fk2tad#`Ec095h{@zQ2H=5$;0A
z1EiVW!1hUIZ=3ROiP!d+o6ky-m)WRMDs<(|7z56~cl)r4;20l!!mMd}GKP;NYeEuI
zu~_Poqsb>^B>jGJ2CkJJnLorz8h~jI-Q_MS#E%G{p_g|BRqqT>M(|*p$pz4wqfB9~
zyWsHb7>~sL)El@}223<{EK&IJ1O4XxFgux9c?423RM~<*56WztgO)}QW?iaod53OB
zOWsWO7?o;YEhK0hP9?dm3nJA9|CGs|q&H}|5{Vjn&>6L*gj5F)AU1<hk$fPO@mSsC
zm=NpL?c1&7NxrsTOSU#Y$dkH)M?Hs3l`QRY`{GVnv0ct3%-^=}Jc;qv0Brk3N^4BB
zEZ27ONB#p<Z1;iUHSBQ%L2yFaQ8^3J;XU|K>vW)Z>Kk>DxtxkFF0#;z!4GGN7p3$;
z?>zyyAEkCgS~q>@y{t=uYUNEVBOi<V)Ed{9NBIlhUx)X*$eDjpeBz#e1d_Zh3wQw=
z4vS}5;pUSH8<WpyA=co5#%luTu89gdEcd9N$K~Mtz5V9XPTir8e6<Y&h(f=WHr^xl
z$fXpy4ocdyXkEJ6O*j9L8Ind~c>2g*>toy4Tbp6oMTmjOP&?CXg5dT@lCu3(7@MFR
zSH=g~s)h)%va|y8$3>;vQt0iv>|RXfcR_;NQs~s0zW2>}aksRvCe3L4pXnb^K0Sd_
zsSFqet3_8lz;`=>Iu6d>FDeR62Uv%xsqlWB+kE-fMTo4lwVc=YS+~~+DLIQhIhxEa
z$)QZz^32XWBHWyV5F#bcmdOZIy%P+s2Mk2I)_C^VO_sCbP<+A9+ag0(zJHA}Zh3Be
z2}iRzV#*ynJ9L!~t25v2#z!-{@rp!FMoKbMl?-;hP$V6wZhd~(ij)nZT&EAO9Q`>q
zC0{e6JOzLsM=(GwM7hBNifEpBJmoHpCgZ)az-VD6WK$4wON**P13s{i&3#aC_0%o@
zeQ&8{GwEU*77uors<T8^DKD*7BZMP;uIudB=99gqO6IRN-q~@L6aczbgx7Wzlnyln
z%MGFlM-_!OP~Np^+n!Z?66FnN2KKVHF`pF#&e|$GKJ~m9aQd<EGlB*e2Ct;*O_e9p
z2Y1`qrU~xy0^Z}t5PPHVI@t~h=3{DY{PCqUkFzcWmI7(1OR_nxej*$SVU}242d{)M
zC@K;A?F^Cs_E}HP&Zw06$De+cyq~y+hZTb(HzNreIj%}Rkd1*2mlbSpF?k4}E!U@P
zW^EaWLKS9CzBGrs3`S;l>p6{mYSNr!N3?&{u;=q2N5g49mo$G^6&YU-s@xp^_&j51
zwa!C26R3bozBU&EbX$P;<n)Z{fd=J|$54>uifE|xn5_ZRi4qN(a7d3n#&UDY2I5AJ
zcH`C<mfp=G2;Rad?LG!c4h>1*zAoDs^djT11awkp{2F6=_NbaxnDot;epsRRwU7Ik
zhaxk@{AyK!V(RsX9MpMzjOMEy8x5+)<}17^F`o@YA_bNnjoU8;&#=!=_(kS(GhpyV
z_C1?*39<<q=U2-6Tuvx`KYy>TKKtOSjdE_nWiGerR4HLFvSXvK`?<@#ct~$XO4Bev
z*6O~qhG={_EZaX^>;pAgSLY66p$CWSuTeJ{D_XDw(u;A7=bPxB&N@C@6JlI-23h97
zc|nVdnB~O|OGFx;J6`S5mzT!Jo`ro!a4R?qniF|}tC`dC2P{5^`&P1YV6Kz8iAi2$
zN<yMBn3MLrT4a#HZ-TnS3<$6_Cqy<Qc@(!7Wrp@on<LvIrI#r?!89E$uh32?X*3NT
zcCDBjYl<!FcRpzZb~20N=;MJJzc(lU&vWOGF1)TfaGxaqob*>87tZSCT7x|_2&|ei
z+9FT$MNp;MzerY1sG7bbm9=k@!Sc@qU+;XZEnSkt4U`VwxDqKq6LPDt#Qj!tztYQ_
zdEOmFm`C0f0=cJcVSHOZG|BmF5-2%TRsWm?aI8YDcJZpx2v#NoF$J>90O0-(;R|bU
zI-WB%8uIQX;FqAp7}qA^)ZqTEE~}rvf{?-c#d9Ld^YeVZFXB!ou+q98)`QEvn&Q4r
z1|->k53%M2|95d(M5V91s3>}Uy&fJE0bi6#j(u5t3J}R$fO5dX8z*9Aay&)af~7YS
zcRkK(_hslG@6GmHDF`WFFFEQz(oB3~|BLGQ728SxM{((0C%UhZ))XOKn)I`6SR#!5
zgnRDTA}G9R`%z;cwX6=ErPQp1xubou;Sl7>MbJP=QGaso%rQPHUL4Nib0meI&Y3}R
z{~ct(r<J{jq*Jr>%L~5Mvj&rh)7g_Z*t+SuT(kuV#Wr5;D?WGJ=kWe)Qc&;~P3)3p
z*22qQoiTd#b9l9GFH1APwId(Q88^K@8`=|TgTn*#8&_8s-%sl1p20!~_Jb;!%a><r
z{Pq>h`C8oe$Y}bDuz~cw$_W(Z%DoyOHa#X#Y7hg4B}}4yJ?`rAnbXJ**XiK4W&2~v
znX#=0Tk{(-WDWOhhdE=j=(u^V?*$>3<0@^g!Fu5P<Ao`0k?R9AHK9Lc$7b7F#&*Ho
z*?d6>rZ!Z$ZFpEgp2iqq-Kc^Bj=`&6)pf2FxB5v<Z<D7JG{)b36j~ng%m&j40|dor
zYT8nc4W@Z>qdS`c)5Pll0Rm$tD2On)h#S;B54+d#b+?fh)J6aja|=h5&x~?fG4r}K
z?OK!a#ek)i@Ye_6%Qz*eU?}o~h>{Y0h0G`Nq@!v3&v^@OBoyj`wpt4>u^Ii1El()X
zTf{U1ucgp#<FV^IEkP?)A4*8x7fy+W@nOk^K0U?XvKIpbq0?o8Olyt^6NTBTnf|*q
ztumVxVPx2RRA!bL_+W}AYc4?~H)P<5yuSv7d#icEfO!?N&1l91gdBOn+Bk=EaocCX
z;IKaUzH&^Avx{cS;rhbmMXPuod*r6{`L5D#m#~eK?91C)U_OV#z0$LL11I4F24IIr
zCQ2K;eSRX1XFP)*9uY0Sh(Ne#w=H{Cr?IfX)y)TR{qYL255NxdTX`ZYY~!t$Gzg7z
zkMilA$F}l`Yb@l>Hpi2<cur&8Q0nyxRtk<KAxw_~$ZBt(8LHCO4<^9(vRglax+}9<
zJ#SUWTn0(1<I>1r5oNupF{eWDrsKNJKt@f&Yxp@7Dao*!*rpR~--n_ix!&zGeSSS!
zW+jd@x>XhDgdUUZ3$1Ll{!EMcuq?0!oCf(EeW|J0NoV=Arf}dy_;}c5Mh7%U<NnAy
z>#RTA<IH3m%t!x*@4mxuY{LlNz#f`lY2>8Ou@Hb1Hp$i{t|d}F+3|J-+y2cQ2;i;a
z$Ro=_lS?k4_y#92N7{amjGEE64g!fn;7fXuG`RlEF0z=e{`ymvk(qr31ac^&<6<kH
zNfzW5GkEfTzfLJ)JsjB4=nqs8ebJf~np5?8@Iz({G(G0d*|cZ6AD(?$wbmBPIe)<W
zP|0U6j>ot8QK~KTUDL`(Mxm{>ckYebO<`FJj~lI($Y8H_Uk3nNERL$P$;|~$ra{+5
zvd`;mT1>wGqOwQM(VGlSEr%}cg4d=!evUQ&@Zo<u9m!{%Ga7l?Dz#m;)FwJk#8;Qa
zmq7Z!a*yO%GTRWGy|{wViB1>1HoX6Q*2K3dSHwv1lf77=aO4>)HJu$FVh1lwgj%u@
z>oL*yHoSa4Fqfc_a7=vSqJ|MEciUcArMmcLab2rU8LNdd5V<62qox6^MN&kr&+O~l
z*Q}SDe_Dt;n6U7F(97q$JjLu#X({eFh)Rfl?NGTqRT<}Hi{qX!?fz)9&lgCcsPrA>
zSg8UySt&v}utU1pWV#$A+~Vf~jnt3H=#}|1!_w1OkMIi8Nkrv{0pHuC6|Zovf*{5>
zZgV&5!oEzJFs!dJK;Ze(10TMhiQ)pVK@%e(>X=5kU`c*$1d?iRM%X5(cb9w8l|Q2S
zy%($hN3UES@%r9wuAJMJW4(-gMhgknrFW`UXDFL%DP3olyIQW;V76b^@pTK8o_!pi
zi3dscc+jkI02q7zkQ1rdL{`fSidda*F5s9h;9HTIQ13aIXyryyoaH2pi9XSzCd6p8
zI8N@Zco8rmHzhW!f7{wEolUC}&$|()i}>h*3Li>p-H9f&tk%oPC8zFOswQ+ZZkYI_
z*a65@<Db83Ok=>P(7Irg@GMv_!-IRckr&Ye&3?84B4UaTgsZygQIN6xx+UDRtaZAg
zTJBEm8=Ek2IsEACC&=<ZG?)S7C#x+CxEy2bZb>B`cGl^o>D?U)9U_h*^OMmB34ssx
zh)|z1MRj@`LsOSj(U@afibLJwehNZ}?riWTy2=AJ4d`Zj%n2p)Eeuf2RdziJ^kp1a
zGGyfKW>{vZ<w$-k)jI=g@uCS2Vu|`9St&HnJ-2hn;<f;7UKU+#nP>qo;)SSgFwSy-
zfzXJ}G}!S}5LGON#^J-1V|sp0WM$3pA{Pc|p2Xw@IS=RX!jT>h$ZaCCkmC_*CWA8o
zKGPchqEYU>%G}uD?bipWA-k&)vH|bY*1GIdv%S8Zm}fCy9%L*+k^!?L1#MwD#<6?P
zdrWT-x_o}n#)bPH>K7VUdR4aSO~pzaHe=p4%8BMu(lM&<EK_-4Kb1NrDIukxdABU>
z3>z+8NjgW*q?LhrBprINZnf6d5?&5piTJ3q7&*as;>}};4jv22<|r8xw($|CF4l4g
zLh{L7gDvE16g{DilMb-r&AFXpgE5i1vj?u5Z*v+`d;5~AhyqPvokczx?P_<;eC`o{
z^V$zxt`RO?b8EbLZ)313Mt203AGSx4<p_T|r1Oi4vR&fm`Tp7C(*)%NlZZ^@xl9C4
zH&eN$6`|ejiVq)`tZfyEFns+7e7;(HpI`1#2o>(cL~exC%NnurF=Ud3e`VV0e)_Sl
zj=L5Tzkobpf7aHId-Mr=Q6*sZp37qFDtApkZ6G9UYD)exO2TM9H5QUAQ~YvqToxWZ
z7l3V=ph*7mDHT{g!*!x8dd&lBk?Z|_vg$?^ZcUWNW)Is*frCVH&DS~Pz-u-bWj-5T
z>SphtrO~(6jjaPsM-3vsr!1!n5!C`B*%&!Wfj5PhlsR`P(Lo2A^sPk-=^)9$J>7gD
z_=0$8Tl*z@+@_m5U}yGC+zPIgm91chaA-2P(uo!kfzH>KE%Cx$t>;cPt!;+g15Qes
z-ZKFb!{?F_BnO9TmbtkVuPe`6`p&k%fyI@#riW-YaT-BhYc{s*J8zTE->HsmRnj(f
zN4JPbV?%aAi-U0mXLzJ)U7A0t46#OD0uIpNW--We*9UkG2gQ7?{z2S9pTK*&lCtp0
z)5hazmbVzqgFd%}JfBU}SH|WBJ-RDEs@Tt2xlFPu7H_(dBC~jvP77RjAo{8M>YA@2
zR^>P}C~`KEAb2oNQE)jTv=RzJ)g(m627X=UE4?_U7@<Yj%Ei5zs2|QE)p;M8F002X
z>rc5~Xe{or->^jDagOXUg;BP`A3g+s8YpUdjyh0T?-cEeqwK(|+jG_pU8B<-NSml8
z#-w43*U<_}^Lv(~nh}{_+%jzQv+6|U$y;39Vte=+rzGrOulH|XHf=_mV+Ve9h0XbH
z*W4~Jux~j&c}pOP@=NCd4q)VIUb301zg`5Th-^k}v}Li{(C!-B6O45wmaQCsH)Y0y
zm5V2WlbC1l8+Boxs4<mwyv_i<9jPzSD7a6rX$v+W_}xiDR|@%OI|W=qwTp4>p~u;y
zcN6DOvWEnXuxsFoWoxmYiT2sNPnZuk#g`Y*yZG3&Ph3;CGQ*)jVtIDbgdHV4vRGh|
z9Fmcp;<Nsh?&Rk+X&eGr_Z;iay>;8+lM;wJcdgVsQDm!E=7K^*<~e>m4{*9HPw^6H
zGR*b`bl5Y5YuC%;8il-Thv}=#ntcRj-*&G^9=s`F-WdK`@%mNMUFAC4{QES-wR_!D
zVY@nmOFPY?Ru+&(TjaO$sAp>BJPh}7v_)}u`WD8%o9_Cgx7G$TbsVLA63KjRg|fJ<
z3C?bWBtxbBCU#l3v8fR--s)2cP!>caR5l<Z&5sM4-+v~Mi*q`wcZ@3L4msPgny9nZ
zsXD|FKWQ1=G;-;=sQAz7T$-M)Cz>`Tlmfze3yMcyfHE1hYD6U4GyV&f`<UXf!Y1kD
zQz&-x{?^b7Ey(VjE1hW_=~-;AKXIvtD&L(1gXpph3N})2HKFU;<1$Z|hf=2)?C!hZ
z@Xmf%Ryx_PX>jzHl}2MoffUt){aXx3Qq8K6nI)zFB@^yD;-OEaK23)kGN%>BY&$EJ
zo#{ZL{9I)+q`qwJuxc`!>(!JE)knkGuG)3YOwV)E`X8HJPY6zN_ZE0$_WUOgP^_N|
z!VG0eLJ;46pLQ&w6c0a8e`)&WcyVy<VEsCvZ4Xjycm+iyeW6T+*6#XIa`)Iy{P&|q
zZ3D6Otpv+mb4)i&M@RH~`;5z3>su||KXWFsKb&*aR`uWh#FL(8biMGfu^+ZNITJHE
z*QV3jeG!q;1L@4^_{a6?#E8!<qfAV&E0#0z+=>~9IDGm^+qT)RC#`2;U+W<bMsK3b
zU<6Ucw0LLG#s`y|69b4P%Q@fk^hZ^;{I0TqL>$PAh%vO4k&{8pEYuP7xib3?815sj
zAJ^NfZjw&Kc0^x|@$jN>xGwM_;lPW^R)UM!zp_#771n0QY+X?&zBS=X?8TPJO*oQD
z3Y>p*DedbOr{GRQuB=}b*^KjDf|BC2N@J|q<eKFsjeH`V`=%O2Do@FpTF%N{$+O81
zXXIza3b`kBk0PeUvkGKho!oeLakQ9JVfJK-;}cdF5-cZnnWBgTZko*~Bw4x9xVK#s
z%IZDsNfipXg^tjrtsH43C)?Etyo&ue2j}jk*`id35!C7BsSq-O?+B{Iw1zQpn^ac^
zptM@;{Ao4%L(hc(M{f5-hU!GGs{DEx;W6&o{0x;Yl}G+r)=0UeIh=gVI$>|~*PMmS
zJ-!c6szdR)<WbwG9iVW1x}%0uf9pepM+8yt;$W&1ijg%2N53R{u)&g{Z$lGtn0_P6
z{Z!SgGvM15c}kq+hL_KQtJ~|80)kt2NU56C*U6~RKC6Ymc1q3CP_^X%OE;FV`rCYw
zfK(REF?Ah&q;+Cdj8*rJdcl=Wk%=)X$U(c2g}j9ip`wyS8-EoEQ0C`f;bI;w3HVm~
zKx28Gm<*P(+%}AFxEMGUF~ma4jNI1M=6m+qdjB_7VdGS5hi2JzYXs9X!vlA%+&>3y
zlr!Evbz?<9hfVHC_#4}X5?0pt?SB5WCVL;#JSb>$H1bAzfxH>%b-P_m;ZRxPx^8X%
z?L~^svy(JFhj?2v+=EHtidz#d!kFC-Ba~ay*DwQ-7X-MWYRMa%G4}_1UWnRvF_XOa
z+bp$&QO)QQ&5R+wj2y?5t4eQ_cGrY_XX0yYohdVZMuiU>=Su`qq+UFRbhggUaRp2z
zZ0+X67WOMyveIen7CDdtDYONn_GCU&*2svU)MJ7`mZf9tGZcylxUHTMRn!(V(z&yW
zYVw!7+1i{yfq4{c>sti9crtLNN4sgTAXd}h>~2MHx^zS+wpZyCI5~ARLd}3#BBOnI
z>=I4iH|-%IwRLHrCCIdJ_cMpDbr0v<$Kh2NA2yIN-mgkl9Y<8Ln}aPAe!+lAwiR@h
zAu=Pnv+KG@E;U}J@7gg*C-%Cj<a;E2osN0`PauD|{fex8;%9Tq{`*@ml^;>0^rhS}
zA)P>+wTxFz7_Eu!i}5TW824(w5qN7RYhgKmXBR*P2M_ZFLbzko^M=dj*Op!!5G?h@
z(c8$F>qd>$3Q*&y;gvm^R-cN0NayXdeXGZt?F#d^*F3jO|K_<4qMM&sZcbpnu|Vu`
z+N*xw019Kfr8+sT9kC9Z@&JP9FXn<uO6~V%WNxkpid)Xwnw7vSor;vb!yD<L30*Lr
z8GB9tEY0%TmvT77BZ6ipTa0f4jWpV>`bD?;+aGv&G?wei9uyPHn4K_8+xS`QA|77$
z8)W3?T|x@=G~RGuYg<wd%gCLwtDF1CtQLePy|A@b>}<2>zL4j^_gRNkzuWt(q2DJj
z3n2lPYyV*xI01h-IE2pR_G)7DleE$1R@cj*@sYTxbypP4WKGD)w2{U;XbMdu%T`ai
zmV@#1^fzB%n=|v_Mwh3yLL&ww=~}B`rRc~Rbcuf?r;cbY*39GePm_m;NjE~H4|Y^1
z>Yu)MCV?i`EzoA5VDj1(5B0&*vRE0T7jVY)>ymGp#~8_0nHuPK>&?C*EA~^xYGQ`p
zo^kMymG}g;dw!@W92Z+RSq-f;WpK8QS%o14X#f{FNR-xuE|Yi7uI>rO)@bY?W*luu
z%qS2&ZXm4Y_77=WlhN|17i14)eirYC7|vrdXG*Q9sPxWP>G&M>Y{vG)RL=AC4W})B
z#=67T$~>Z?$R&k^6wWNK>IBxxKFf|JgR~{E7za~ssp3*)%_Xn?x*~;EUlkj--t&{~
zZ2^)-mw+4E+S=1f<r#BOjeVTP)wbHLkIbO+EoIeowbQWG`fmUW*)IzF;^GOSMulzc
zIN1_`WcWp#+;f`7UWG}jjHe4qr+TrN)b)B}@QlZ_s7?iE(HZlbdd2DLz@Uny$h-23
zrZb=Ukfor?k0|-Ye16eBgBUZBYaF~N{ucf96j<>j?Yo3}tT}$|71>Fd*#aM)v6ro0
zP(>mL96_~_U|P3BPafQyD~ml|h@dYiU-0ZcZbp-2)3Z=ZiFJPQGz`Kl%{_K^JW?+a
zZQpGnKvW8O%Eq0QNo6o#s%)9uWQpp@33u&N^<A@@cN-^KKGoo~N<rE*A(D6Mn`p}4
zau5!<Y@V`!ZJq0mqh)GZfRbkUfmr%OqjgCHoUd|1rDu59r>E5o#4?%RR2=$3`CJC!
zp+A2%en20%#>l{waC^Gv^XL3<-gUCUPjBZRXD@XQn4oM5dxA{&q)0iClCNOli!Y=5
z4*K#R50Ks@$?7T`<Z8hOqziv;iBeSdoKO65HT?a^je<wIg##^a2L=h2&5BCze(c4C
z<-7}J`!+#%BUFG55B9^63Oz7|Q~q(kbWuxz`)Qf_*YsojjyyTtA0J=b=ie95rUPo@
zu}3%1>c4Kj<!)-`P%RSf<2YXpy;C`MSjaifI3lB)SKbn!Jqnb#WF<TACw6@8h+BW`
zZszD|5%S7r3e%-BIo*Q3RhJDrEgc?@)Q+%z7<XNp=`zV>OlC9AqN~e~8V}Y>M#}UI
zWN)NBFcn9O8E^<~RjzUPHAHv#HnV0(QfGg@^r>p%FKa`F>9KSIt$_PpJ2r(Q72n9X
zln%WWU!B+$_P05Rds|?R9&L-nd-x1o7wZ9*Olk709}{^f!F%)D31&a)7tBQpctWVB
z*O*&O1vSfBUJ4A)J1EZR=S-jHEvD?O!FnB92=Mr{x_0exhDqICi*sjn*F6i_{eTGj
zMQrQM3c`qi!p6LJBp%}gx?tP}xu+>S#v?{5yA>OR%(ZRPW~sCHIHYfPq={n2vo{Nh
zddbwJq-|{HMt}J0R8ujhe)9H!Old3D$Gc)ixSV&{Flkp9s3eKVJ<<5g9NW059JVOA
zC)x9>IZNbHFd}{3)+tIBJGN^tEA-*$(JjciZ_J`-P#b+uoz~&65azAHmaIp|>3PlE
z2ag5f6_fa`euxM1<_DJvJqR&KBWgPyoB*NCTw2d8Oo|YwAb`V}vmO&n(&l4YdVSDC
zbjNyR6Dv@tL_x2C<)#2D0ykgbb(`N<D`;))+fMg0vpzkT#%{~_29|Rj<#A;9rjU{B
ziWq5Ha+>Uf*qF2k6R}K2qMKDmfAKp;FYX9ZKF=@MmC~r_VMGN@Yw&3=`C1E{{`jZ|
z%+l|RK^gyi@Tx-R_}B3SUG`$aesE>8jO=8SnGk9@U1`_pCB+_?<`krcQ)9Xp!M_<W
z9u-j5nxNVZ>^gLV*XFNNn=o8$Pf-Uqz7naiq*xZ+46K(nUs7wo*UQ`3dY#Kn*0V}1
z4BB;f9B`s?s;Cx|X)x_Rm_9M^1L5N9EY22lTT9HE9eE&m@h)?3ddirs=FuV#%UDfF
zTBv+C^H!=DqOwOMtU%!ICpTTLi|m?-{AV+7DYBdx6Xw-DZRHjn*+3El5s?lYpqYOi
zETh|G6m}>CRBl_tyd+10_hLryux%zoOx<A|ZgmXlV0x0o#!*vK9Xssxp-;29Viesn
z?AQ?bV2&2IjNJYAxy<;m9#H|PQi>}v+N7|hTRZDl$w7m;{UoLisHyi`A7_6EaWd#$
zcG)@mN`Oa$OR3FP2|^&(g4`S?*`7;ZPC016v^U&G1|k|8YW41Oeq0j39MF?tcwyi0
zvCXzIE*oc7N9FQ8Z|af9!wVeDSCgL6S*C>|XdiK2BhV>UX-9u$Ex5(Z;{Is)_>)i}
z+lFpWAVd2)*;+Q@BrWOeIkhgBtMn*$xNv7gLMO;Csorh&h2EL``pP?LT(uaE`nCpm
zKxzo}Ss=J`+wzydcSie%;_f4HcZ?c~PiVxzstMaVD(pO)!!hhB%gvjnbhjhlJKa{K
zLa}L?y#k8N;&}d>0Ui{i$y<Q@Y6uIKWKHl5K5t4Q7%&?mk&h48N?H@lvfmS~C&FQ@
zGi(pb)a<aN;RUrARj;tAJE>O1-%Y~y<5TyEATP>@F?grjcwSc*wH+=6b8RoRosvp=
zF3^6G{Z(({;?uu(_)0jfb;Ib*=?h7FpIi=p%g%tUu<wH6lWYc+tlczXn7K}7x1(1~
zK4QW9C$I?Fwl8OS>zq8g5%lNnoylx^{-E!{Qxj1&_mK+;5!zr=Y6%Wa4rUH~m|mY~
zl9l-(O;&qn5S;XAi9i1G@l%4xyn7_nfU{K1?_Zod6^5?e>#KqanI|rYZtgb~MjzJp
zT&o)3FgVA}9lA@KzdEpQN;foW$%O3$S8|aNHjX`W_;H*sZT`}BpP1M8{qDViC3Pk$
z(3Z`DZPG!d&cya*$#yQt#7()tG^2{Q#@(u@NGJnl;2NXtL2AWRa~}3E#zhPp0Bue1
zvXEJ|@jz{ymcw&olLL!d`FPNi@y@6jpA_vQ2i0=kExjC$y_<Fd@*&n3A-~Q@jT653
zv_p=}j(y%4I0FQFvY*Bj8aBKD@6LowujRBH(K*lTbla&Wl({e6Qc!B4ZEh5B*4~tD
z`n6S1dQansAJ?96Kr1m2m>>rZKbV7a;yP9bcHoIzC$(d^C>PxC+*tv9shzi^bT-{W
zrjsR=%0&7`-y_STDRnTxivv&pR|_UNYkD(;iZO)k9FHba9u2XXc|<iU;(US{(1p8S
zzuN!@v(q1@?c$&2w!$R1NHSbL-Rhg%yC<OA61uk^I=HrlD=|Hm&fcX6KK0)f4WPh8
z*KdS1h1;$SsET#lOYRLg>b}^yT&i|DBk&Egl0Xn8;*QcH;=?Y(<>Y*kKoG5dam=EX
z=E@rtpf0X9s|A1T5cZ{VMt({e6=_;j%qSTn<u_KSW2<$|J@BWW?7?{G(seKK5y|hf
zr?7Pwl%mOvU#V}hKH`MDTwc^?RB;FXxan~yg)Yx%$9$KV*KQ?+Q<3|%yv=a4>Ir))
z`hp<%)2)~`Uf81piv!w@dA8a>*=bBy`O{%?HuWA(W}6^6c&{lwB+&Z(>%3DoC)0ca
zNg|n7!1<mc)`;74x17=wMWMiPwbSdw<Y<aD!@47WVhsIEQB+J6B+e&;8PdL17%6>v
z9ZLeamgo^ggKNhm`iA_ht|4Q|B9vL^_!=3b7#@isy@?iB9a}G37}hOY0php9!22hG
z&L+*@8BO@lS90v9hZK2cppe%jwVMsx%}=cJSg0)v-hYiAVT9cQ(S_<!VN}vIlTdWS
zL;SCbGe5ouPU}3x6J)#O<$@0TT)VJkgOfrBhI3@K;DicKOCl$l+h^Nk9HPZCRz-pW
zm><Z7?0OXLaQKk%!ET>Et-JX!^j=Fp5h!@?7UP3`A;^z_>jq8HFXJAR|5I*Pi=bz2
zXHk!ODE3gFg;r{FU+1iB#W`boJ}A*3d!l9e@u<@M`7~L&=0-z2<?lPbqTQ9Un9Dgu
z3vLLruZ!=USuc?I{Q1NC$Xpv#2Oezrc=&`PV*Rm<_zy2AOrEWqC()ODh5WV8hL`yd
z6tbRzjLO{rA4YkG6w?BC7iTlG5b2^3G}&Qqs9D}MLISS%$xQFwk2^Rn&T;mq!0alm
z5<St2TMMKqp=m5&&OggrjHizQ%R<D0DrHeE64aB!a#6=A6E63?ZVw=`uRwnPVW$;g
zM&;?6Oj}Xv5PrT?3)TF~eOe$?rHCwJvkXd?>zJv4hf!r8AxB>99b2zIosii{lnJf!
zB54vo)%;4Zn27S#wmqp?cGHbOxm}am4m)<7Ay-;Kxmj5+xm`pV1i{BEnN;|5IBa+I
zx+KlQW+v>m<DN}08NR@(5RWMG>F{8%xR1JpjJoVAn@~;Mm3CFC42<sgu#7Ic8))U0
zy+Ki+=E($d!E7}Ijfq5?J;@}mfKZ{YFGkuMz6VWKPUkIZv(VouWf>YwFtQin7NF_2
zoufhL4y19*AQsm0vIDoi+HP9`HJC0*83}Ai8{80_dV;{Kv=~mCvZ3DGx9SRp#wES#
zpoBG*b;X^USJOzY?bz){)7!SqcRe{(vs>Ji@w`2hoUI`Id!v#tqvbT*{@@174Hipn
z-I>$kfymp15nS0b!=^wOyR}hX>4Q_MeSJ(owh`^cTf30P^ye(Vv!Q&Wp0{4Va^HYc
zzjWNGvkSfUy$A@%eAc-%J_2XovPVDi3mEu<<hBB*Z&i*(hWObdu3}-bbNZS^_$?c>
z3_@8SLXv4~G}6B2%IIX<qEtnC+0{>ZPZJHo2TGTy7o`g6FEB<P+qz<dR+dVAVGd?h
znxpD^0_P=bY=xB$@SagbuTRfpUN=|A3}f;uq@<L%vR`U`=0(ar8%8nVdO?!rr#H|^
zIs@}gSul5jx|Own8d)r2+E5YyEI*UUz*KyYG46Cc;BqDUDFxsu*2y4ZUG^Pk@7Rax
zsrytWe*dW>2dEHwU;*KmR19Hw7lhnAHj*-CMJ^bJkC3Dv5v$aQ#6JMz9mnE79?O=w
zXX7GxH=zBcN32Mg&00=$C}T@fR-pBAbVG_Df4urtxNliijud)GXFY?<D)rNY^^jM;
zK2*;HXXcl2Ww>JP!(rB4arCc}Uy+r{{(>vd;+oOOsRlD4^+=+x*oHR@7`#KX7r@e=
zfTuHgotb4@)MgThKY%?EZnbgVgsC;@%XTbp2)q6t_TDoZ&hPsJWsF`%mqZsKB8cdn
z=tN1>L@-+PnqYLIcS6+Y38F-aZnWqG5pDF|NAJdPANl^izyE*Tb>G}~_pW=_nm1-1
z&v~AG&faIA{n`7oL9KmQ{$3K!7v?$+(OEp4Oyy&vEWRV#6FNMjA)DG$tt{QJBka|O
z<=e2zf?<9++Yb<8i%Nw-)}Lz<0?&W>xLC36<lNX#R7H+Dvd2Q~g{&{W0Q@!Lz1RMl
zUk-L8B0yr%M@g<g%G-(t5HY{aAIMirr=DbOfpS|Et_uHTXQ~_nW1?0vvb1-3m{$X1
zjM2ICfj(PqWjf{+rt@Ps8fV|8o7buxD<L&~%gR6oObaWp@Tr#08b;VJ&b48kw8rVU
z2CIzKz9X<zsqGQ_cn0Kq4~3#qhB;en=u4jWe-7iNtyBA#I`eVGdLRCH3>?@c@a2db
zHSM{cg(>OZ3EPB4(llnSELYo`#-#nhoBz#a8WuKvM*uh}c&b!9lM~%rf<WTuY-<-I
zvj|zJGNBSao}~tbfT=s+Dod>Ls4($+K@Ox`-^ITzo+tg(`fd7J%qHIEIs+1n>-9D5
z5U&NcrS2MU2Hz_4J)mj+z-G{Xm})22seDOarns5-^h9qQ=~1DPo}w=M46mt_e+yD6
zCD8uvdtn>cEm@BDnRVA&*Ex$g-qVId(m10MZO!M2${4!fQ!u-_TYO`I)&(p2jb}7h
zGz8D%knl$qNNm0MZaRROC`C(?=e)uRAl76P8zGJSM*P7{p53UrhA00GPukm-hvl<4
z`2eoj%Qb!63F(9+=s0wX?YJcQ_vntm*+auc!kPx(WD=OzFxEU5ssHf~71jxyh6>g?
zJRWqImeuPJx7TZsP#k5_r9r<1PoLNS${PD_LR2$t5mpauM-d7OiS{>CUISCyp(V(0
zJptfIzCzE)-rO4FxtT1fU0`>_W8B1j@!T!f1vZrh-(E(bhmLTn`b{`dbJU16a=Fv$
z0-v}#<2<7h`au3IfoQ$q!SKRU{-jpPuc}MopSr?FJoM7fM5R!od*Vv(|6of}>q+uH
z{)6q*Nx^s!{)Xq*15*iSAbp|?_UC@Hh*UMx@(e0X<i(KUUv7ecXQcbUF}SKf$9H%g
zA1Njk^U6$>*KlSrtXFr!o6SHXKI3CkxEP&gz<^u*gREvPf})~`MR3R~fJVfXt+42c
zJgo|}U5r+-N2KvRz2Q)X`-xZCqDSW-vj@V`hLP_n38Oc?OJ@SQVn$1Si%z+)d#AQn
z6<OhJYQ?>SJJ~c<4IIJNR1{?aS+S4_d!+j*^p(90*>9H;kOAO_@-mN2J;}!BH4SUB
z7VL&iG5SaA^xh}=7VqrhFtJT|kb)0-+sDg#9UqfUWM0bH{dixaydB7#e-L30l_3yJ
z0jeF{&?7cDLvQ7wkp52Lp!|(R4&|v(n!AfEHYzWTDe>}~wHc_lq{j1|WBv%O{Y_!^
zBonqs_Z#<~(5#icaWK^mpx0(_os4NDSTFbXL<<I3QcODUB!B*xC?wI^<H`J)8D@bN
zj7Klh5_Sk+vWWFa(ge^~`vE2Uq9a;1?tRLJz=4b0KB%(Ha<JvTcn7P)x;SsiMNrSU
zq!y|b)hpl?aih+_7^%@HP)p63iG+;xM4oNoXgGho{vsfy+mgi0!jaKX0wi29S%UUI
zc%oRnfCOvw$8^6lqiRz>yME^m>~wL2#td(NF;9v2?*m)o>+0AJWuF@$y~dzo@1B9A
zD$3UW&+rym5{p5pRN;;CB~6#*M7!=m#V2WTF|zgV(L>64zZg7+j=cMD<Gat&l5OW%
zlpt>8lKIX99(@IKZvdED<B`AK2vfr&W?~VKGA@vmHLCdT<;kXi7lC&j+qSu<m2{(3
zOJ;A!m(0`hznlb44;F&&p105~;cxr%48gifnOWR_xjbUjZc!G_nmNlF;NDB(8Q5SU
zMN8K2Nr9#zheUcE8>sLd_eINXzc?Q%XZv+pwn{GJT;9`(t+p5u<KM<3u=>HV+_l@V
z?Qr-B6~d6o!M$`=1pE_-uE76nO<Xh;StFoZv~s)bd52{6`Mx<j;^1a`<a5DQfx+7(
ztXpmjf4w?+<^HslYvs0<ba)A=KOnjvBIoyC`*5MH$S0cN^}~UN7iN(@Z#B;5WvAy)
z${BPaymEr#9p~R_lUMg-jBKk6OvE_f!_^t8zw?gMq3dxV5Q3KM>kYfSB)#q*hvuwc
z354?CI4BXl@#T9TMZNc*fxQBq8A%awn#KlXNarUkTZNw#6CBl!RP_iwv1P{;_eqQF
zy~PJxiRq{nC*F1E$1y>nY!`5#mggVR8BIzMRRBHDB(|U&w9=fAY}nRyz_JpD5RX~G
zzL%#e;iOmh9$oyg6Rm(>WS!d&<~Qb{6J|7sMGJcofac@}r<^jZ-0+mgZH9>T&l=1A
zoA&<V0*D5Z{97jLX_?8sQM(sOe8v}}-s0jmS)L|@^(Z4hH=@#URqM)m;RU-<+G!e0
zu{!kPmXslz0j!S1a&&})O&)gUlwdN9M<ffpYH%o-{|As9ND~m+WO9>uPZf}*n}fat
z9du;;=vbNfswnnq-rTwhKfa7_)Hb&NIPt~yT~x4dl;~>HZ}km3!+vZXyL)AtvILnq
zZO`Ny#_ff5TXs2(r{87W$uxi|JqVILGb)&G{+5*$wUwn>*rie+j+`D~9rX8mZz_7!
z(ZLcU@ekXA2ZeCO-n^M3EuqO41;TxhTw^BY&Z4>T%O3=mrA8CpCa0fW20XjU30%d+
z17;Oq5K^OaC8F4m#f3>bxfw6mTWHb?N{zWsj0%D`VIb7#ndynaVL|I4ib$ir38GP`
zLFAS^`*?1fZs*mqryo)PKJku0L+ILTRSRu!+QxZxFgDq3YE~>=mBs&6K;!wZgsHB>
zzwSS70L3Nzp23qHH+@JRF6v;~vWq(CWtgFq1EKMm2I5l3xas@FPq1K2`XvQF4(aEo
z>Rx|nk9_DRE<L)_mP|6Ym>`#91#nug&+7Em&0`7l+IuHvw%r(LHB(#$B_J)ZTYRW8
zI^+=Q2YV)(*;|NJ*>&Q(cR~j%)1s~wY<vW28TX2YzuGShn+f&F_x5&`G_tFjcPr(J
zM!VA2R@J3+&5q%${Y^CRBp0q2Di%ONw^8?S(GFCIIhJmfh?iMu#x(B2A)%N}k_OGJ
zJ7$>XZ+JhC>8m)?CR-Nv2u39<Lt{l(X91vI4FKvn-+GKqJAtOB3x=n8w7y&PpSt52
z;JuMhlWev<dfi|*t>`yFXTNVGWrPpu{m}iW06?b`x*}s0PlmoUu`XMaw*iUJzhVUx
zQH&*rq7{=Qw-wi{%ot@(tBqt_A4gBlW=TRxcV3K$|72%q^ie3e{KBe;%IijVO_Wm9
z_;w~Bi+m<%59wP@IK!vAeJ2~~LlDT<JnzZJWh^+w%J6tMPq3FpZO4V)W?Wr*JD>FK
zbu#db+HMVfnOKhm)`7t%#K*EhL2FcIt6-F#?(?IfS|CMrnVX;MYS!&R<r?I~h`mIr
zL@KOlx6;7>Of>Lx`a9J^XC}YVZl9J(k_@VkioeP?z4beZ6$rJ_Hn{z?%MGwWf7lj+
z4Lk7JsO>u(Lhs{D^OQ5T_=GGq#?VCBlbgPT7N0h(MbiEN$uuO@-l;HKc-B+5%u+k+
zMd!Rdu<S2v-`Hcs^j-2I1L3XF^cKsjE=-rFOK&}Y>aOLSCbT<)1DgZ4%sKNL=QBQ{
zB|#0b=SHI<u@D+#3%bn8zHbmhJbM8jF>82=tLu$;C{q;|MOIZ;C<9XS>KAZ)(9{Gn
zpghYC6L}aLu1O$**WWe|#NI}9J8FSzW=I4~(RtmDoA=$WbSYlf=-GcCO5-v0;zo!5
z?&7o#ifwJDXKyoj?0)}%LGH2l_|%sK;gi=t*lAtg_>hYa_6hzVyCejX`sa&jGLb1q
zZJi7wu+ByOFHeD7j!bXw+BJ3=5wLS!(oA1y<h0#1gywv*8sbbGU&@YWhqt5B_uXgW
za)M4`+R`ktRsAhcrxefaS_Kr!F%bk5wF>&wztA<maLHmX7l63wK=Yd84rRIreqMZ<
z;t?S*A$stQ-~hbi^;77Jx6T(9xpyNmna$d@sAAv3d}UZ9GdtR{dC0d6pU`;J@yJ}S
z(@FY*38m5GhSk_3xtS5MKjc5Zad7=R>)}y#m<O#YlyO2}jj(KkN4x<ksq|g|R>n?0
zF=jFB^2qJGYoHX)IcJBFRMKGcgbB~N=jXLEQ@=ocWbtLepO*4d!<aH_D8I;857Q;%
zjz|pqznl{pt<L)d-On2tn~MO?AN8CEN6fmRZ2`bcx6*jNNt`^|>-@kt*ZwG^?8BXy
zRCPkqN#!l#r$C+q?*Py93LFZ=K9p10U307b<HC8G(78mOkyV#jyTNN^%@#dn>5K1;
zX3k%Mv)rLGK_Jm|sE7T;+#h6TGl7vE{LhHd!!JEjQL*9<$52%T{2ji5fS;c)_=9e@
zOAt`Ioowc5{vhN>(S*V$P$S*ZfXxGVclc?%bJU#;g1wVnU*~i^6h`@Y^xM4?z1T-6
zBeBy00)B;S9d$4Lsu9zQ#m-DuiyIcXFua6hk3SUy6_>o1#e+N}cM|_6jRC=B@zD5~
zWY4#w2xMdjWVoPHXaX}H&kE<b*+XpjZe>s;uuoSOTn>5gb-1k1t?)vl#X+{19o0uM
zA7fY@&iqLBj><<*HJr(*2zzf#g4-Y$xp)F^b2+6ze%>|%md_&d{+s*ac}6>4?DFbp
zJ&$UGcd8YAn<4s0PE@2Ln?_Ht;_vfP3)n~;bwRbmaZBgJRuK&fKm<xmiLK5C(Pbsp
zw(8>o;UUYU6Ai6hKbsVp%hTy;#x7aL9VrGId~P%Cd`8-_I@VT%*3u_16p+SmBu!Yv
z`p$a=J|dX0PtrbeS1ym14e}5me`{4D?y}KOmwIF=A(J_V-XV`T&W5!8y2MC^s(Za8
z4)i;W*vncfAr|Fm+jRH@>3J;i5d4M><@xzK%&Jy*r*F@ZO>G~J;JP?*4(px|j_n&_
z{lIy|>VdM=g3_QqNN)oVUILDpb$Np{)OMH3Ef@|&Z`hCIA#-i)Zu0RBP<A1uN?YHH
zgzg>E|5&Z-*x57LnEu4xyz1dPcDlGZ?(UIsetFfg!>LN-bCTsdtALq_tTl~ZpGucD
zcQpUZ{;8IHq_~?LX~TJ&89MT#LLAX;!;82Zm8lH%nzI!+6%BN=_#_wr8P+cYJKLX_
z-luMi>18V)c@oY5kYrVo0C62p(!wCahun5qWT*0v1OrMVD(WJgo<Dm|U^mvW?|nc$
znR3a7T{G3Jj2vH!obXkpT{{HiSpwe_W}to}@AmofMF^;o!O|nbUR|8cAbyfKhdBhX
zT{5jhR_c==^%!%>_cX6>sgE+XL3eDKsKXS94)B!~?lmLWjI5)Rzd7g`{Q_!bq(LXF
zPQM%%sC2PwP`Q*t{a$iI_m0R4t^jc*w$xAPacKAYjd1#S>&ILS=+77Vc}cz!H$vq%
z8)8BPYo@ed8P2m^&H6hk%^m|d9k%n_P=hTotW2bu*oAP8JtF(?{Wpk*CgYaC1B#o%
z$Pz$YLl;>J)3+uM_RFP$=MFbT<urr-jBxhbH#VL2ZtRrz1gc|OYVo=N3n-ey^qsl#
zM4R*NQLW=ndNWZuN2&xR!un0FKJM)i9<K_|E}2-vmPTkN;5ONlzDd%xLcOlljcVxt
ziC7LZ0y!gWil`8uJa<3_1P8Dk*$oyuS@g%Hj)`>+(EOaFT~}Z$6?^mD?Z{aD8Ef)M
z7~f*&1iQYuLV#iH5AjYx=C#MDn%XNvUkqh+sntNGr(yF|dy-p*>u+1m?qr(roW3e!
zS3sNW@YEK}2WDELOioKZ^XDTC9Z_}+$gLfgpXb|X<L-Sy=FZJuf0?3~_&|#7oOFDJ
z)J8^ES`<rVj7_ed@-%&vdDrR2Ctl?e2JwlP4uY_T*f~?XrPDLvKl4I($ngE=oIA2%
z-%CB>%Y+xXFnK?Jxv_OzJ7e{-BO@$5;GblgKDG0;H!^3)zn-3oed-7JLX#_l-<EKW
zp_Z~W<P5o9Wr{1*X}~dFq7=3h8UM%#*>Vx}tswd>#7*?qb5|NORx9jV?*dFw7%_e)
zy98wLij*erby?U8Vby?A?OOvxpWm#5UGp;a1yq%pq58!GDY?d7`R@d8WSeqW8t+vu
zIcQVcag@(q&^%qoRkWlDv_CRhr$P}0MElu1oA#*Q6J01~q4wID(noquS>LOzS_=o(
zp!$E;;3zduw}bD{eXqL`h}fB;E@*f0b&?+Hk|52_b%17!Kx<whbN_8;VCfgWvU$XM
zo8W5Xlq6UXs8#~Iks2g$ReIB<S8k+R!*eS+USHojfllv5GnIWvIhSh2y(Cb>-c1vp
zsB+%oYqr!5(uv}GaKuTaYeqVn7bqVwEfT{QyAAO(1;Fv>nmYS=lZ6QuS<08cJ5}IY
zHZ?y9ps)2w2kI@Jxhh+w;6+b2t3jnax2swY2q-2S&@!i~TPjbDpA>MEABq0pvsn+!
zOCm(LPu4KHozG7+b<zRj$CIU273@tn&141=f&A)vihYhGm)soKj7AhsY39|vAJ7;T
z0jbSET_eW;g_aaw+EfVu+W|%J51ate=uD9G>c6f}dWbxeh~0Q_DqNYoW|6_h&}@;`
z`ubBju+=-FQGx(Cy2j&C(NW}6d*_h8{z5f;de4s%epKy4>v2VEWLG_Poto#jdjyRY
zz9#0y=S2)u{P`|EcC~GX134YCotzU@6L*=e`hD<BM1mU*#4SS37pgtfy&XKN-G~;N
z7(IT{=Ir2}0O{M`)Hg)6$6*Y}#FiDSLnE)b<-8;<nhUm9Z)o))OKEx%Ba9PoPO=MT
z=E0Fc#psQig8Ai}few7rE-EjJuHLt`V}ThUp#)f2yT~Bh?XimKDJCAW?%UGp2_f?R
zGdUvAG_;r-G@Q)p^YQU>pTN4~(6IB)5)NbSE-FY3Te)L8^&OVn8Zx%Z6W@)~)JuTa
zV6?gLLT&lemu8kkd*FmDDd$M=QyG1H+JFOj*s+rgfegt*c|!LSCD4l;9@UJ=1>w`j
z@m}GMk|}Y7Le{mtF;#254Yij|%ksjT)>ya75Jcu*E3_N>_EfyGmWC~tEo?jdCbjsA
zV=hz|Cu*+4@-jZXWdk)`>NhXQY79SB^PzRV+LjC;7ISrUwr_^*<f&(1A|ze5wM$!0
zFV$*#e{u<?^{3Y<*th)AwMXZBwy#+Y#|mY(syoY-b7gXzPEuHjJScAU`_jyqgumS!
zP7g<rPI|Bvx2m_{Y0YwI_doi(AHM@}fy6F-2W~gw!9NQTt>3HpG}?5@zE-0QaKjN*
zue8D3)Nu`7r0w!<_I}SH)El_)i4DJ(L;66WnV_G6PxOQGSUDoMKi0or`bq?b9`-9L
zgiXd0X;jlsuiAUyc@KDHSfYk`8mkLh!sn04yzudM_`5lJ)Dw~~(20QB`gvp^{tYJx
zFHQKCmD~EDV-LN`4g0%#Eh|rI{LUqS6h=1=zANDtT(1RUUr3Frq4S~i8!7L|-8Pak
zjvfU(%e&m5vU)DJ>Cv<OB(%sOU77G{C&vgB<aHq&6=jh${SJssuq>k#^CuKiDz@h?
zgLw$41)rHGGoR4y>&+(t<?&t}j_>&9JD!yC@{eU0bR$Uro{yNE!0?~E67*<d05p1z
z|CoRbFTOyeTt4%|07YuwlDt#@5pz2Q0*@@5*GQQGEPlFg)NNG@h-U1~==SZ(nIqc_
zb|`UAmuhw!?!aG44=-DJ>b5g}9j&i0t#OaIV6wYJ421F`Ip+EO>j)DQqT;C%nPVMe
zK9G2FOW-Db4@`1%Lg=>0N?VT4$=tDXgWx9Sd$#RghhC_zuLc<a(-Y)7z8QG)i>f_#
z4D1`Tljp~P)loa$9Q7?WLC_aV(UE0*vg94Bw$)y|LH<|`?GGP>4@&ANl_y>_^~pOk
zAfGB(jRuTAOs$$tZ~XlR!-V`Tem9G=Gu{XfBg0~BKsZ7Q-CJpsazE?g>SCv$#6#AQ
z`0Nj7#~$Pf^PaUA^G{fxM9TlwIw6qa)nzaO1#MTF;XV~Fau=v#+HD@XT-CegKC@5C
zA<Ms<n5+7MI4bNj?XQ|v^kKZRG!o#yUx;=UjAk=3#GO2PO}IE2SLNsBVItuGVYNB~
z9+@qZajSXJLn5xeQtiGmPz82BNy8#*)d=fGSNKI(@4k@=I<le6_2bokN1$c=%hz-h
zLh#jxFQu#rZ)XsJM|WMk?nClIqHMQ(<={2QVi}7^P_AYmos01;VDTa*hWSzMD5+XU
zS9UX?1eIT*e7$wa!?1X6n_o2L9liWgDx0Eb`MXRdyBNT*2!KLwE-$7GFF!UYy=vwc
z|JvF`i@|DFrcW#r&-Zxs;7hCe&S<HI{2oK*AgIG)eDdY-z4M97_dkC>`uVI`+Da*$
z0`|eSNh|H~L`w!U%L#)<4M2lT8ry2p;>rD~)3!OT?aQ=Ag?BMsve<RCEIj=6!b`xt
zQCEfbA3XlR6vP#|@0_F?m$bKM?3AKcOReVpz%_;v;StR+4V2|7r2~~vsY*=jAor^T
zkQn>uBtKTb>?o^Ty5NU@SWN(uSAe61?Jq}52|nGWDjt&Z)HshYosNEOIOArDcbg-_
z3r)P%w(Bt8rI1@|&)2?81zOR16|?(<al8e6G^1f9sC4V;S(6GQlZQOgK|O?-A}dMV
zy#+3^&qbwn&BK)L71*P<VC&`YP0P0@uxj40fq+bA>nbZwfZIc5;kU7PF`nIxLLZfk
z#XMemcQ1S2Ro(VH`t>Y60^l=oC)u9c!il4Q#2rAqn~mF8mnYi~SgH?rbeH{>cU5{d
z`+muCSoG`~-n<P{`c|g2M>i$$$)`L4iHc$uO>!I|T`phDh-%|L!4B+7kjA1AUZEM{
zciNjgf#d%MYPt^+r;o%DTLpnH=el_h3KFd}itl9+?|#7*Th&S#1JcA+<op52{kH46
z<-<A*-#^XiV^QReIrV#)fr`v;u<~sOcuQ4%djUe~-{oMEIpk)@j+j`cR6wKgG{=ns
zpF>5CX}K-92HbDR``Nv7KQ2C*uZ$RA?KwZ}+yd03lErDCC(}X4k@6y>{^FX8{dwD5
ziWbz;m2F*nZ#t9-Cq2eMv`EWU+rZspHjDxJdC*P}00ZL$0|Lb%H5~abTLL#CqPuPP
zo~&pwL$w$_<(<K6-c4!M?VboE;iBTGh+18fOEQDIZ4GNyv{YLqr3B&IKN_+Y`2W&&
zE|E%yg*6PMz4^=&Ozv0qc$_^p!bx3}5r}Ml{)+wRXuNGEzf8J)cuQ?^!=VdWdnxl4
zS2_C=xv<qp!9ymF>~~)Nb!SqIRSkUK05s8&-tG`u+rVoPO7IMt*9dSt^l1Jj0vw+(
z@R!!Ln#$;kQoE+^RFK#b{_83vDFR3;%~hja4O-k=i68bx0QGdah9E0|Y}WsN0G5!?
z)2z-%Zz$yk)t=3uL?sY01#fwO00HD*&eo;6!-2D}6_d~`0pl926u0y~6qtZof--dY
z92tU0$#(hH;X|K=NLQ$mC%Vp_$gvi`OFaRKQ_NKt{M9mhYB0yuK?DK3WqVUwFn(<!
zw_;iex4&5qx4R(l$#w!L`v`?tZ;49&`R4Y^U%;3B;+|Fir4#@Eul#?4lujTFdjIAE
z{J(9!f?%kf+D<JEiPfB24%b@_NcqQiDgLs{8u^^)9PIhs7+f7?-B9}7pyoRPnn504
zfDkbv>*i|RbU9jx8sL`Au$pi7=}Iy;khpvg{26|*+#Ly#JeU5JCZKvt0Xru?4X~GX
z0(bJNIA4miw3UmgmbzF;So)-AL?+>NN~y@;Vb0B^1zrD;8Vzicw;ySK5H6jQf8Aa)
z3jU1r{SV6_YE|xf^D32;>D1QRd0$QvsVk?0RxAiO>6LA1bw@iy>hbt1OZxSO$V4&-
z1cm$&oAT5mVyr|*_m#Z(@o!mEfJ>3*<7S1u2>N)WQ%BG6LCuVd>Rt{@tXx0_u0_qi
zyw7BKzf$=W-|tLS=Xd1AN<MO%_c_C>ep1YdDGpyCZUY!Mi{t^aSxCiZetHBzAgX&y
z9=ilEfgX!DJw>0C`Ekt}1eY~ms+82uc`ilrH19VY_}!fOnMQKekkX63CuQ_Gj)$F2
zT6X$fA7yRH($D3#ZX2A+1sI-^0V!EPoc1=G2o#X+*!+s_-7j7NfgOMdbt%^G%8a1;
z2f-(dpU+4^EWr=pHD+B=2hZ3>!H~1o0IXYnSUvR77v%(ac|_$GU|fA725|)6*)6*%
zEKGCcmbjF=<?7HTb2&y#J&Hl1;qmN`DP<sen)!XWM|%QtL_=!lRpW@dSa`JHRF9R&
zQu;!$v?#z5E7$0@<9)Hu?*Xh7FTZZBRfonM-GudnZbllIN|&;@^O9V}PXf-c>Iox*
zD}eZwT9M8<Xk+x77OM?Fj9PX}3XE-Zg9IimzHglG2vK3y#J&wo{VO^zWW~2sm(@>t
z5%urZBjy42;mm>$f5}iIq!;vBE<c@5v|O)tqTIH})x^&i0yAIL6};b_nVjsnI9iX4
zp%=S%v^=%`dIBKsWp`?Mc3opXEn3U?z)VXk;d~`Q1CE&Aoo!U)c%<nz2lp66zu@fl
z(QUqqc$;ny_fpfms(AF0?Bxe9A5D<u69do9uNkN+Xd7s#m`)&vE9z{>_mt0U7+}NH
zg&+S>&2)=DKznv&`CclQRQ*xOOs0h}gvr-Fz;o$%mwp^w`s-&fVdsRgA6JrrL%ovo
zoE0Iu{o*%}3zD|ga<N8x05I!%xTY;F+k;R?LsDmb2$=k8*_vfon8MJ5HT#)5=Uj~}
zNuyrAL1Eb_I*~s@I4NMmhWFpD>DiGaV#tMl+=HvedGsJkOnnOY|9O;@ksdv4AwY-O
zk#+?b@xja1X1LWdK0TpG-^UOV`bUG3C_4>s%juNux767@MabSKMg|w)PUWLp7V@`C
zj5N6wpit%%L_o31&S%}{ckpq9G2@uln6{3=mTiXavk!ca(&xhf($;X>@AX}gIh`lO
z6J9fx>Jlf~8rh#c)>7x1ut5Z_?G;!&U%6|TKRd<B7&;yHR9zkRdrhd0;ugd{C*{3m
zEw!rMt6Pq_7mD*)@s?MahL-RkI7skx*4@~-_d)V`5Zh8{#gn}cgxsXIB^4p=^FdZ}
zuM*pvs0Fu~1qItlSpqtvl<Hc7L=2eLJkNFwiGN_23Hv>9V9$i*vX8f3=chXy!aFJ*
z!o~nPXzk<ei6JY3%O~FF`;Tysv7epaGT9n9Ho2<Z6`9kI3p?mYF?()8*hOh3Y2HIx
zG5I!qEHU8>evL*&wxD+$$1Cm$+NIFkKo(1EvBiI7J31kH<L(LL0gKm5gCg~r3X?gY
z+ctYfob6h_h5P7zj)y^+F0MY9U6@C75K;ZlVZ02yra_iGTOe9iCmbzdNsFK9xUfx#
z=tg!CsUEiAAoIT0QaF1Nvy|9wU0&T%1ZPJGt-~ErKSMrEDCd_qW^>o5`5WD=1^W*W
zLZ(rwd01%>elh#!J9o5M@y<$XrutA)+##g%O2Qm3XfijXuFuVY)=H)a=08~{0c-TR
z>ocg4ngY9Kq{@U1aD3?STT?L#K;+`TN$>VQ{t<O17DPR_v8haehX=u<642FO3tsSN
zddlU{?t^od{Wa-zUq1;McECG;@b|S>Os6lY@t@SH^-QnvnRGjBW>(bc&Nh8WPXYvz
zf3*P#s=XIdaecWBl;L}6v`$AgJjXv<OE&hMjLafYaeCVp7!DS@K1^;Aj^^)RVIYWO
zvSUtT23LfU;P3RuQ8Ycnlb=D2f#V<2+p%FeG@a<~l~zA@f%D?*Bh$JlpV2O389kLz
zmCj<yDU(5}xwRhMQbX&VglFQ~OP<ZV1HG1I`(+}2Zt}}c8RGX0E;cvEB;!5r)J{B>
z`w|)`)zy~7l)HLI*{Fw*b~W(xYihr4gZpy$U*aE@Q$@Tmo!cJ`vp0@=qIszt6-O%I
zfX|MZ`R9Zco9CKjF(xuyv|?X70`?Gn(rFeep&Om?bL1X1dmSqQ^0f*jg8N6vEsy^p
z3q}Rl@gdxsv|}H7zs>A%CwB*>cp;G73BL9PX2XLJK{_7bsg3E@!yFoxpdtCHl_FB8
z{H0Ty$9;*+eWvRrnwI@EY5h5Q8p9R*O<-@GKe90f_<-jsymsrmy{03AG(lmE5;CKz
zxD;SM@g~>+#5od`d@SBhi=P9rq_O+yLy7<FGML7w(DVM+)});UlNE^HdEnU-7l3tI
zcW+?7H6-|15n7IMk;+|}G=ATcr7fM1r{q!jfxB=s)0c{Aycii|FK$+E0=w6oJF6AG
z6#?sL`1QgZSlww*=9oE04Hh1Me9(0#%XR#fX+<YB1x%L7qn#VUP64mo5_J8|Mmh<N
z`aMz}$9%E~L5l#4<`SXzgTxtnzBuW~rjCY^Au4aKQC?|l0J-;mm#QSIT8603@zz*B
zpU#-fIsFk1<W36D1}8)2!ff&pmZPZPq&bC#<>H%o2K%7sR*`Q<q5!Qh95?tulK#)5
z(RLEn<Mqq!GWS$ajt4M}a<|iH9;C<Y!UA<EQYH|BU&m?K^S%AGuYNCepY@?x@O}hI
z?p=HuI3^Yj>?S#Pn*U>pIZQq<2*GFYIpeh;aR9xLFM%7l6Km-XoIf8Sq!oteAQ#52
zSaOH^5jTE?g$+>Dn(?KDTkxM26iT2X#K+7RbXqqg1%yE{Y1)_pUSV)4W(eGmltgK(
z38zK&$+BcH*u-rkC)D#MG%Q58U1AF$$S?7%aV9$Be&g<JA5<v&@B<ff{=J`yA=s_O
zk@NARLUoM3=Q;X5Cu6on0l#H>u*r90U7|leDrbh1={-)k7i#bIu0-%~UFv3X`sl8*
zk3L>{ypxS`z~j4xAlmKE<@u_H?7_ICVfui{*#mCXMu__ikL0K5LaE-~3%t!XQ69W^
zcv_E}<z9AAA48e;PV#G!4G3*iL_LP1xLi?lGZDnvC2HX+!SR*(1+a-V-7~@peeld6
z&U~X(^2~{7kq>WJ=H+}>F^D$zo}I-TN$RhrBr<Y=d{doR>Ca*9_vhoF-ehFir*|P)
z0I$0G04eSPK{{d0G9_ZbJhuz}O{3`&x`?l`8yk*)KkNBeBu!eURyzC%)K8(~2lJw9
z&n@*knvvxX8w1&Ph;m>M_7m<hfh7WD;ei&cAt)4VdKVp3i$y_Cqxbo7U3P{`AIF>)
z2RBK%ao71`HK_yXAxqTtHxO;{#*13-K>y{3d^V$nHZ!@Ri_AaC=3^2_AYyg?3%xXR
zWa4*HP0RC6g?90KTyA&4Y;tLD-tVDxf-J0>qI9GXVlvDZwx0Kk2=HL}W5HphIe(6<
z2?+h20x&|XLSc$&BJcA3H-e?L%Q}T|H12mW^?}3n5dpR($E_+A_feembVW|uuNFif
zo52@zf+on6iOB*;M<{lK>$2(|OD96e3)^dS`}k$sq<5c!8lhQ$BI3}Vxk&Urxi=G<
zEvEgVNK*6L>V7%6fPtJkodv8!?<l_CL(1}M_e+BMp_^En_|qnx)|45)8}wW{z;b}t
z&%YlVWzp?JcV@&Y-0?i}$pJG1o^hhjTB;=+eopWBa(`Ujv+!%iR$$&G=~n_fgg?wX
zb)h8Dc@DOWL7c-5n;2&65cp}TZ4^n(b;#A1*wEj_Ij9o>YD@+4sD<#1;oR+=BxM0i
zUo2i`H8?+oI`M`-k$LjM{HIonH;^;3#Z37X(RDz`1OM$69j_1pqyu+oeB<4y5f*_H
zbaZM(vnTrmO@N<&36&<WqpR)ISWNN!u;ea|gtkR;Fp#l-JT3z06_$^MqAN^pbDX2q
zFg{3oE|K;V^5mpB@x(bd?T0Mgdz3&)y1yYqSB!6}($!I9!t^wjvVpCPRlKCGC5JBP
z&ULT6*F#4NMA)LjM%a~ROhXvss*_`4qYaqrY4Q@IYg>C1D|U@Np$H7hoHRyCJN@ee
zUSbZ;3vonIvbN}uc0g&!yF&Z>lroYX3(=1lL`nUkf=Ka3b~)}y9phR96zisAI(nr9
z3I<_?aLWcfg&9WPtObb)Y@yG3q}Q<DTC&EjkaFaG$v=T2rfH$DMt@v!;f6R|N6gXA
zZ~*;mnbn+JHlbXUF;O<mgL*E+iM7}56WFRU6tp^=l6M2%w{k!VFYBA2F9n#>Xy`O!
zJ@grY1D<ThgI@2aF|>Z&woIGfe1R?5Mz?ZF*r-Cf&@{*Y-rFV7-%pL{0_fR&Rg71{
zBkvpGF3DiB=SN)x8rCT<nEDr(fBt+}ov<|qxE*~9o0MK1ET{Ako<ki<bsHG>LQ@+y
zLsrcv_9vMxylgPxpDBd~oZo29h0)QXB>yx+6UBtr^Lt3BeQ_dAG*Y8W2K}s(O?*`D
z?DvAEDW^mk+TI^(`vjh}^&Qf{1-zzcoKsmxwc+e*;#_6!H&q@E!_?H*_d^U$!c+pd
zB)S{aUVv+Ca2cR048tZrC?ZK#eH6K;w6SYA)EQitjPBEL{!9(@idQR1vy)bW%*EkG
z3-!s9Aw0!M%kjwKGk5&1mKo=;(pK(u;dJL1l#ely!_f$O`Q}u;{$dio^wuQj(Mr1U
z2T*!U@}EvCF=8@q!3ViOi=(kS9!p(tW_{z`-mA5AN6!NlM3~VoE{9p%=pCWQ;8tu>
z77fp@u0w(i`vpK~`BFQC{jnWMECt2~gL%kPJehwaOoi~Ap;E`YJ009CP1=9%>>2=3
zXR0q$q(bOhM<>Xr^|04YCKQ*BHL0z#P*xLhySPAHbfDdvj#1X#EVq_MQx=1e=xgZf
zF8S@Sl{5xC3K)FVhjl~to-<gG?oM4OGczkTA)5)Kcz!u?V`{chLaT1sO&Dg^F6*Ua
z?|zz!W&BQL*p?5usqWN$>>4g{rifOBjp!K>Z1hibuZ4!WYal4-kcrKZ3bDna;7T+m
zpzHLDS<)!Pa3Kdg*qjY!C!<p}VN~Y@0_?FC!r0HAkJVW;slk4%j{B2#r9iewSX~ZE
z2Xv!^)`-UAP3C$$2o;&<F3pH|%gO^I-{@~XDksDDFK1yD_m;s8{`$m-5@7;1V~C|a
z3h@!1FmyL8(-FZO)4$z;d0!t2BuCv3)T63UQMx=8tE8>NSRA8x_RyRteNO%jDHHdY
zUa&PGQush?3tQJXC|5Fwi4w<%T)^Z2_w=2PP@Nujjr9bzfaD8Lw=bF@dbAo#o+;4{
zO7c_)=S$jmTNQV1BLpz8b~jcKHT7UBxm##lx3<j3{8n9gb};?iXpwC|c@I&=WF7T3
z$e^jVE#Sk6N*&HNzH5)Dv(H4kNt|)1ss(Vlf*8UY%;3f<p+3WpQxvBwt2f$`-uyAF
zp*#?GF7szExcl?gLZFqreq`qU8f^~q!h;MglMlnJ<zpEd$8~R;2CPT&b=-^EGMB<O
zyWk0p35AymT!dmKJZre7-*s}nH-Ad9V1lpGQt1Vha#ITo(Es8R2K;agdVkW7w*tKT
zCM=-?&J4!n?bvctd75Mp8~G9Q`0ym7;X(F}vfd6i8v(brZ~!m9PFr;39XNxDMsp!g
z46eZx*#ln{Dn!1X#h+~l(Zv;PB}4RM9%>hpFzZJ>akQ{AXXk`DrV(1uD~3pZr-Ub+
z7z&$?I9drhKmd}T6jKL|_(|xGbw&ugjvKW#NCO$TN;1jG?XEC~%2EjzwRSZD1R(Wm
z*cDSQ6GS7LeJHZsWLUyCo((<Ox1)P<U%1M3^6Rpe2tzM_s#{APvT(mTC5sWPZvzUT
zPIeA78NAJ-s#o&4lY&SSjgi_Oy}|KYOXE-4tjG~t23W9o=d7C2y_fU9`$-v)uh|$e
zo<|B-Ajlh|va?e7Qp9Y8L%m1JPKoC+<GnrrjecAU?g+eB8ZX|0h_@nv7A`>YbzKr$
zxJO`<i{s0?cX%|sB_!2npEKq%WEwm!e8L5GTJ*2ub!8{^F<>*GcLuwCKId@#kgf|r
z{ag|^MNKjwS{lLW<ew}0J)w6vGEXWrr#}`C=mgLgv~ZhsiQj4}l*L~YvqYw?y?ICW
zsf~z0B6yGnMmRzVJidak=t6Ku12qh%LYA@_^zck9$&tCjicIWN4-cx>CqxY`ua9A;
zyBE1H%<|?Lfh6*KK<W7N=YOaX<u7jBu*a960pd#?CKS7buyTK=B%g`ehofh0UDMX^
z_|8BqcmrN)oR?&A4)GSldeJ&<BonjrSNHkjMast^o#z|9)Pbcn!A``;T+oZhd%a=l
zAy1OTY8Do8NyLMkS!S@12N+>3W(URIb<*M@h#p*UJ)Yhy7x6o6v<x1}8sToE3rY!5
zw(FF)%aYp-z0b2WzIqyGLy1un9JG<d%;C}<SB^{WS<Y7{$PUO?WQ&4c{mumy`^6}$
znyyqvjGpGc)iQ^MUti~U8W(xq=2LUjmq%Nj9r28H!z~{YlUieFr2r3OBuUsA+wC`2
z_?tJ6UiFmIb@Ub+2fUozU_jQP2cR~UD!{1}hdKK@O+_%#6x`PZH<BM)aOz`@XQiRA
z(EgfsgepvHb-ajlhE!wAcT`3;^a&Qs>45r9rZ!9|eucfcqCfD>=a`nZZ@D2dZvnoS
zIIQ?!o<|L=BMl6O(0)moFU7{Lqh{UAOl?|~o$0UbWJ7DmT>>~5;G_;5Ldtj)QGx-)
z%u%6iKDLtk^03f`Y$~Kl;3busz%MX5P?qpud}~INCd;%~!Q1yu4X!1toXDIK(_$t`
z`bu}mem0h*35Yh0fbrSO?cfbP_c|G?gqdaWC>rdV{*u@@cI#iXX)n*rI<yjIRJvEH
zb@XKWy~9w?i0YoFn7cUkGMPL)>K~i0(Nh(TDFg&^p!Evh?gE;_lhT$TNu9c|<j-z^
zR3mXD;8v<(_ddx1kiO+pp`TS|Ko0|;M3dQ{r>~c5W0YrM^2s;GtGMZozSx?S@9taf
zv<s67wxP$Uu&ww`TUeN#Yd8CfBGHp^v~=9h`<${57ABJz&+urCPP7)o&O)+3Ry5hX
zs=^LUocXT9kl@8N?S__C!jNmcN>NRb*m9oXE6@H@BgEgqAr8+Eb_FcLX%H;zcWqcF
zi_fv%P4+!G!MV956IC_R`W}cznddy=J;%iE@AUiL=`|UFgRKURK0h$34eg%#3qBWn
z50x~D&+%^kxcZw~@?&UimrWhS?R&uBu+*m*Tt0ElpSH2M{D|O|#Q~hPge!l>-R;A7
zr$x~zd5CSgNb@o9Fo|PJgOBkYo{Mju4kI+HcKAK%{A+5u(G#3oy<rjpWbI$skv<$!
z-5jxtu3ZtF-}Mu8#zO<TWHEfxK3+Q0eSUtp9V-LNCHO0DpaGPB2eGo+mQntpt>)I+
z6%fR2NHYL_M5|e=RQ~O3^N<pACXm!Js`hK0Ur%gIt5TR<7#C6@Cvu@Mqt$YRxr20>
zC;)5{n)Sl1H)86ormry6Y2IIrv>kCsm1%K;CF$v*1MTM#%9BFK(#>dw?)Y+Vf1tTL
z=jAOyF@?dfR6dm4y(4sq7f*x+aeb(5hLXho5FO0FtY{~kt26V3GGx;+h_1vu_Pi^u
z)D{`Lulv|nE~@de6~mx>`QCA?HP3#w<TI<lyK_l-4x{nowX#c<^7SFJxMI;MLik3$
zyvo-Ouj@k1wse)xXKSDuv+NY?_iK>t%53aJY>zU5xR`wNU_44YL=DIF1-_&eMPm5`
zP)fUM+wu@tkH8TjYC;ia5mI3O24k@lhY&{N#M>_a%BK-y9A=BbBSdZ_!qTkH#!<f9
z6&dWj?tHs4nF7YuT3O2t++!yjnLxyx<s)Gp3D5&iP}Xu{Z_Ppd<%!}-a440Lw$?`j
z+@kLN1|r^{m$rB7=WF`4_0D#Q`eXIjU}F^QzK?7Jh^G&>hzNN`^_*a(qXimSHWSCS
zIAMJ4O9Us|FM1whyUoBVo+OE@|BaLXZU9>F)$SfdPc?>6A*?&#$_QBXgXO>lXNAX~
zcB+$R((hWF40#p@hNhTyI59i)oKkT;7L{3$lw4U#t3jAXrpaT-tTL%r>_CBi0y!I9
z8XU*;`eef9W9;T42BB0%<*Qj-gRTS<4c(3l<`^|@JQ>=BnBcGbP{5nWQ5TT;d_NHk
zAqyKzAPkOUSNAi#;QOaJrt~&IPd_W#E#OdgPZ!#ao#ZZJmmGA58>t!*J<m);wjHEX
z7beihX>nJIssIAR@Bp9`aW?(^Tn9e$A_(v6FsjeMQ8StGz(<Dnwfwdtox*>*O~x@|
zBB7Y<)Z}v|4c_T2Qrn1^a{wxM#5Q=#;`rasYXP8*n63mIN%t2``46V@fA7j0fQkkq
zIal;%zdk%d<r9m1dA7fy40!ZTbQgIZ@3q$R=ce)z5dvv*#k_8mn&l7D=J-4Bm=zI|
zA_)+jVF(P{k0?LiAMU4vgM&!*`N`BX@z^2PNv-B1UrS5BqaF7_bG6S0Oc<DW(ik98
ze+)2z8b*Mj)!9>#f4-1*#@|S#_M{HZgygUjlH7gTA!=c})DgZ01e5uI7HIveD<|dr
z5|nDEzH5A0y<em6P{m?^#2BPr0|bD#_hX9V#gy<{8p*n@I-v_xkROss5%+NE8W&(x
zA1eQ?m34wq4}{qYJg{u4=rO@=)AdAw%>O*iDqD5|JEu!&Zs<p!^L9qTKwOC6kR+;v
z>h5^^ATl>J!e;@Cv4`pj*zNmFd;~8ZQoH;Q2lzj)Voj>)8JuZea#%m)Gq~}sea~~E
z(I(_i!bgb63hDN|LJXa?L<yIM#cJQDHK2cBWu^-pfRfgF`R$a$fahn9dyn-Wkw{;H
zeSzWA_yBH<dm95n^ZXK?$NO~J^#fAZ2eGAR$NT{9hPu3WHf39uD(Q0>^z<5NCn)6D
zbdoe_l^6Z2n(%e~j~^rAH&;h%0D6~oSM+_M$64e2Y}F=!Ju&97lR4HchNx}7WHtoh
zA>Uv85&QQY@X1poeHv0FylTesz+bcWueObEY!V}K4gnx=X6kC=@huoQ0P)?&Is#C=
z=@O%+DLeQ<*P1^T$rGSgAAIuNkc92lqhv3j1La!No=@4uPnu>ZfQG#Nnq$|vQ!{>l
zSg%Ci<Q9QD0&YF^E}s#-p*T=!(f<qRIQa_zhpgWYq*+W>0oa<s&EDf;-O{JG*ulk)
zqn|AhSp|T(DeseFV*vxZ3VAgj`~#79Yx+VI0OD4Bl8KxG@SuUamY+=ofu4-u%@G|<
z;PtY<6yp9X*M9sru*KlDQ7w&X<T((8wQ9aTDN6?sG@(SpTNG+QulbN_UJ&TgSgp=n
z(J$0;p>|YV<}-k-=w?XT0N^;U;%9DUO{YZ>D*$xaK|VE@>qjeKlX#*L(X4uWxe6_w
zN1sj)0o@V_Gi!($C1<86CtLjdw$TE%<0<!J#VgZdcO6C>-5uWnpkz8e1zXUP?CLp~
z6mf9(57xhPaF?tO2%Qc9n2jdA8q1+p)@9<P*Iv^A&@<3MA?nWX?~hXGO^vneK$6NW
zrC+|lgw#%n16@DYN`4GJC8T~_K9}%Bhf=?j8sXL*A?LSppOF_3M|5@l%by0TGw+5<
z6$W-1wv1mmQrZ8c13-_0R$bQDr}NI;^t!VE)Y?Jkxsmf0eKJv-JLmQ~Dt8))KV<4C
zqKo{f&?tQN&(KxZd7#<h8p15LRH60LUWV=?RRssfMiWwm{rXd)5J3L`WlBtM<?*{v
zJ*tTH`9<;Jr9@TRL5f*S1=v<mQL%bXY!7Z$10XBgGf3qGwpW|XgOmxk_<^YC9?<`j
z_ZCO22N0}na7~wvXqV@9sbv$p34Bb~AQkAS_e*rx{QBxbzzu-t+}7G~8TlEn7I32l
zjf-IN<*tt+)D>Td0Kv##mQtw6G~c<i=CiwBs{!0|O7zHJd2-mr{<JE%X4dLpsZ&=a
zq7T4M-hOS?ti12vIv68xU*=yELW&s<m3R9@Xs?(tYsg7+QB?fBGN>#<>-`qd4*G1q
zW$@ltCj^<Py=h{cn?iY(@1UW>r+;$+F0J#li7hV%-J8vtuU2^sZjL)BG_;R0si=~(
z^)ANBe08XP8-cvGM!zMI>b`1pv!7Myylup&P`@C`E6?$`Z&ngO$xAN*#HnbVZ6L#K
zs#nGG#g|*eOC?Nv7R>D5O7bjR^slW0WWAE)&obmb>zZ7@Q!`!iutLj;Gq=fVn8lWF
ziO2VV@aQ1cZze6&rR3AxBDW1Hx#g<!a-BWP`;Vx?5H(^;mG<6j=UuhtjoipzK-<rf
zM{Z(YD;}1;-eh=W1e&JLalk<VPtTuh<oQiUt$xF36$qAmquLxN4salPI7ucAwd_ud
z|JR!L`1=b|KWZrUwx#lVw+M({!kBl<Vq6v?VV-epLTDi-(O&#r{mzTTR~HBsi5D*j
zLc!k!Ew*~2-44hR<S6pR2F!DyP3L&x$K1WsXz3q)<maLhaUXBZv|Gtt{C~_lM!+3#
zqL-aw_NM~mrzI2jGX6-TCeK$q_QRe)XHLD5N31neV-DJY0zD~?Wda#|d)SB4eQ_Dl
zQJH~Ny3v5X@tjwM+U9+o+AM6Pb%a-NJdkKQbZ<dr=<KE0ez(>)UN^PXVtXJ47!RaA
zANjv}$&0rUCXNbtA{sg66H?V^YfxolmOGf?mdV8Oq9}B@E>e9)(<V$%%BDR}g*2d4
ze8U%g`Re3TLrx-5IBYe5lV<uA9AJ0CWwg8A50%m%gEM63(b=37)7cHki_BYQ`PAqb
zYZQ%AaL&pf{q{CbMqMHAIAmL60FQwYR|xvohDqWftZDi}n}Gz065I|L)jE!>gr-9G
zj0Awe=rG$vI=D|md^TjqyOb?Om4N5)MHVPNQj=TKC9}3vuaQVfZXFkyzNaV;i5kX#
z=r*kU08qvs)h5G|-{ja+5kh$6bDkKnKQ^N5Dqgapf#~zoh&iqQvv!asv;y5?U-;lf
zbyUY7N8-Is+ut4+?r)d1%vn)nqg#`1?|E5H_0{=dhOGR_`!892z{X*`O=nB*QIMM;
z_r9h|MKhrE;g6T%pDiv9S6$ONn!q)J8n>IhP0@Suui-@Z_<KA{`6?cK)S;vTQck2C
z<?CI+*)DLZrt4+K8-1VGUvoFL@}F0*%svto{Vl2dfXz1zmlaS9ya=2BDn?-IVkn~#
zRcwvC%6i<!=-r9IB}uH;AM}Q;QM@ZEi@%pUKC#;qx=1`i1L!?3(0Nq-VL+*3Eoa&E
zuA<0{QLM(9*T+1T;RfFF$e>f8jjL(6l>y8a>nj6WUT)~(2A*W&hJx(HxF~*SX4XsP
z=95y#)pq9xm7oAa7E3;z|F|<`cn_z%XI&>=LCg-kO3s1Kpl0@LqgX~W@+@A5E4^c%
zEm1xhH3xuM81rPw4JtBZ)jZiVx)|MUrZTK~mzP22Vkt3MYE=)e3TpacwVeA>$}YgJ
zrGTApi)>Fel%(`q*{SEl7*yA@VV|#^4+-|XQ`E_>=1Ja3Lu&(*%gO%L8BvfU{2=62
zja_PWuLcAbFFl?*1Z0xnSAEm)_|s==RPXZj!5b>f!S?%|u2?yFIIcE*KzhkQ;fuVY
zO%|hm>G*eJI_eFXx*Rxti@U>lxW)PMz{bS|8Y=%++<-gR3CsX@zHutmze+>uFCB@;
zRBiyyH2IH@b$fM$GT`w&Z+Xi3uM5b85kL)?l3G0R_GkaGz<^<+Ouzs&rubUu{;v_Z
zSo~WZ$Y3GC|LiljF62Wtz&!Ax`%3<`Lcj>G<uC$fS@wwt|LbKkX+8%u$@KEmtAA}g
zFhUjJc{R!}+@=1Hlz^+VQ-Ig%Jm&oI;eST3A_GQ<Y~_3Wzg~+MpQ$`@Q|~SI|BUdP
z1sH)kz*7Hzy_PAtG?Zqf>=(iR8sYzQf?Ib*ymRDxyZOj$5HXuFjCE-9!0kV?a40K1
zpMJTwFnm#guliaQn6=l}^|bT>8Dhy$(!b(f`Rv~;)=eY_U7t})O$%)uq;$W=m4&X)
zE9&F@mHh>Cc29M)m=4L^z@EWa%h$H}pvLN}cS52dF?a4ZroWTX!;6XXq6o+^W3O)I
z2fGnwuX`wg-7=d3?f<T=ICjwBMzuZ73#7P5p=%AWV7n!g@82(fw@DrKcO3-Kkvl1r
zks(ChYZ9tGgVvJzGK4BX*M~U~;J?q{aeslTNx^)5K(+J-E^q)mt*5&ikfB-&rTpg|
zqWtxa?*(M=u~+}51BPE*ceVn%F*JQp`*-;0+=(z?@S^|g!O5&Bn}FeZUU2ba2h2V@
z_n-rArdS50_~-7y(s3ICEMh!!HW~DI$nlDy)gC<Ln+EK>zZ${B4*no_`|QrTgad$*
z-9CG!r)+1DNa)J2sNH|oc~y*b3UHG~SKq#N;J?LT%!-0c<?mLAo(J42Lckj`Jc`?A
z=yOe_4Qw5x^JvBeres=5{~zzVlzD-sX*_|}QU7Iy^)ZH-_K+d0!OYfsyzd1WqV!8v
zd&RBr2-yBkyL3N(UEYNHF!E|Qu{CMIjldr4)<2tE50uONieLAV2D>$*16}_SjRdCU
z@s#RgFCX`YU_ll!ua;^TIj|e&=DL#|*o`FPgYw_Ye!m1o7{%VT`qh@#G+=c+YfZSL
zuwx)9f};@(oUN!zcBVN%jXpl1tN&bm4<yqpwv$M<YONKa0oWpM#?UmAxJbD|l5a%+
z=<`Ei%w{pd-37c6S*W7F?h4x*)(E8G8qVKetw|Re`G|{lX4yfFP3YvhlQ*p7iYlRh
z@2%+s@^+`5X(P)IZH>Vw?NO^!qMU5}Mf_L)|1h<>Ti(;2Zqxv~d7*fmx9gQyV-iXJ
zn#Sw}@cHiJy1@I-Ap!K5ujA95;vZJJr_%nN;x97(dxQLiHSSq>$kS8frSW(1N^~6b
ze~qPd8~*<6D<@pV6b6tOsES2sk>!Q?-czB!3tuS^V?M)L(|%8q46(D*(owq3@_(@R
z=J8Ozf8X#oO(EGyg=i326OpWyLDr;5G6o^pvW=Zai=8Oh$zIvUzKng1?CaQNU&hW@
z#_$}f-|y<W?(2SD&-2gyx}WED|1p1^=P~E!{4DR!dK_oy%?G#M{F13R{RAd|f-3l$
zGz1BG4zo&1S6#40ySDURz%V&}YNhy%S?~D)`sGOlbTX4*$l$8asmO3|<hm(;(e=?E
z0O-RNDp6esl3jJ?%bRLJpM)r`U)MN+HOKLHK)2pi3wkrrN1yyF$xQ_?E*OqEsdf&<
zN~R^jdl~)Xr<p1FFYY!2$mIT!PgZdm9Wc@GX7*LJIvMBauVR7RSKv%kW>(}rz!0Rh
z4}+D-aCW;<y1&_w2Y|bIga3{V84l_!oG8JLrYE^4{#z)#0GS_@N_IY@#iFi-C)0sl
z&z`2AeqH<j;p=s;MqIS7qcf(uU<?f6hw#5ROXCYf!Ww~CAL2j<%=LU1xr0ztP`vv~
zQFw%bl>OpXMI0ew7D>wgpxTU%Ybn4<zTpO8RY&H$01Xzl^U`<kGWu?H67R1|a-ReK
zA&E(yxbmvnRE?&_l=4qW$B0G_(ez5EGmQ-AeM_vRz!#yIsKEUDIg;QxgF14=16ph*
zITV}u+umNuodqH~zjkJb0i}PxNg?VSEsm%6`R|g537|lbaE9Hx?aXsIK-tEBrOX$>
zG+K9g)~A~4M8LOSQvC-dNJ3`$$vXzncSDm4&?o$dwpw~QgpZl_7WfiRlH1Mt0~+jQ
zgeK!}RhNUr+?covp3n`Rb@9(r>e=NWlBdhP#b5}g-ds%(_eh?(G4xv>2SF6@qmpEC
zF69570qqrSk*OJh62?x(3e>*cC$0X(Dl;JO6in!dX*-V^4ZQC+rih66KB)Se8ai-I
z{j7=Mtvd*&#_)A+@9N-=_m_Sx{Ok^NeP+`o{{ja(hL*RBK!&4}i23^44vfGxzeIjj
zMKWA%$@N3|zsd_AL8T1iE@LBR3_*(A;c{jBD^gVo1V}0T@$CW`O8>l0V*(k8q|9B{
zUpzo<fZ!~mW3J6Ku-aPTi~K4FT4mZY?aVLH`GITP@A9s(UPe<)wd~U0Ml_izQU5kO
z86eY*z4F08T5KCx_`C<uu-LYTzu=Bt7+kBre=dy!f;4=3!3#=;+daE*;+Gs+6agm7
zB#6fdlVC0+(p7|13x?)L{Z=_n1%N8&TWTEu)CBTPX+Th{374gROJfh9!;iU5QxOG(
zILE`J9a=1xotW0IP!Uy6wnmKlYuy_PdG~i)K)u1z8II~5vpx4Q%SJMs=^N!O87AMq
z*|~eD`j;5)Q0e})@c)SKf0g(EoZr=r45q=pwKX~LV@FSkq>%nb6gGe;{~^7N!|q3o
z^CZHquY}ET@UVL#YQOG!B}W46f?SUOF%tkK3DHFd8mwk>7u9ctQwIu%XS^@#1;DQs
z_$JfKf6yWcXt&~&_Ov!|DsJNSBY&gC1UtA<q69#IF1<Wj_v9boIS-yAJi%B1B970&
zl#&8atf8MK+i!rm4{A52T*pZ147^<awLdV>1r#^gmd}n4iiP2=eM|p_*y`H=kL-@|
z=r2s-R03AO-s<fDgJ9T$10^Y;SX=V$OTS+RfVaMO2cd%*)fSBg|Ex>)hqC8@vaS-w
zQbrQY_c2OgaR`#^@xwov)Xn1?sjLBL_Cshb`~M_A?56>5&pMy70^j%kVqB*lK!$v5
z)a&#6>citD<i~Fw5B`|{>>oah0>gej;y>a~h77G>HnJwe(V)Nl#tNF3z%k^r_#*O8
zOOYRVeiaty7oL4D+{hwzQRz30C&(ZGtf`d0Np1TgBANy$&HVr03*+1gh#19hC}F1w
z0<d<m7+MTabP#iS_T67T;skI%sME)^Q~xJNB#$<(=6kLMLEdI%Mm~{8*U=@*{PA~p
zfH0I_0vD2h<@hcB$WIt>;(xZ}6`7bt^|2cYzYV<0Z@{7Pz5R;pf6CWm^*H{C9_yFO
zzZH?)n>9!;RFAesFwg03D;QxVIrr#KQcZR2>t6rzb%sD;^J)I8UP1mxQ5<X2^IzT+
zP4;r9?am)>C(lvs^jy>$X8pGM*K>jb?*508{F^f1nyeLkcm6zn46;jQVp2j5E~`C;
zl-xxB$Me@%FCG&OLOI+hjs4Ul&EG`3`{e!6g_pJn!+*c%grw-Pz@Xmx&sN_>GBf%7
zhyMIc^nX(9U8<nQtnXPML^-w}ux<F?fxxkle+k+Y2)d1I{f{JpNX8R0&x#*kA`ke7
ziS!)FZxOR!JW+Y~mofff+EbQ0|BiR6K^%Vn(@9_;ueeVLQvId#?mh~~Fd_fnyy&ro
zP#)XLrT?Os<B5M;qaf9P4n&TFk<P&CUS{4Kvn<`2S62Vk-<sf*d+)zJapm}i|HtC~
z+wuS@=l?4t(EgA3_KSd5KyzpQ%Ts7-g8yRn-(YpD?8m>)7XWUE+$pF29o?-R(;EKs
z|Em;#%D%3^L>evuaPK#a|AV>)l*#aUc(UMeCSiS3MGp~j3DJ51bMn8xLjf^m_6Hu7
z!OE*Bt0`+*tQD?2MU~q-j^W<^?<D&=a0(G!OF?siAe?+?kG@B1_}_=E)d#)^(pU0~
zzyI?UH2^%7I?zXLi~h?=)C2qoK9TcTjTU>#(K6DUwub6%K-nL`KLL=TeT?*Spt>#=
zK=S*=XyO1`-ohjmaeC`N?6?Jv&&*0v3xuCS>3hSf8GZ+DHvqo(b{1JRk>QFQ^>5Z~
z^K9L1Ja4}?zmL2P!LLSW54jXln~@j(0f&a;RPU4Qhe%2iNpgRyP9Mkyr3&x6vbRVM
z)Usuhaqn<-SLE+XP87gZvtX&6lTft%YSQ%ChYZ8ImWj)tlT|QuZW^8>C6NKXIQ#1b
zI>!JTK|(8<sfb9weIwoDR&tj*eRz!3oVkjF<l931ka<V-IDg&WH`@V{KVjINPJ@cZ
zT$lr;onr3mz}W~4Yl?v5AE<;K=NM%^bsZr4j@Q*IUJEc1k7npvDnd$tnG*0&xt3$W
zowTl70fL(^D7oU}XOxhOIa>F$UH&Zn$32jNdthrud7%0VQdj|3ii-`})<qDpQ-Ad4
zgx4|KeE?EpQY@fK3^DVL_n1g~es#@I_rc=Cm*GiZM4Z7oJK<SAk671InBdto%3oHL
z2m+0}9DMF4A;_QlIN2HnP0OSKF8Fy>)?a^q2LQiM?IZsdkm;5Tx`hR`H(c2%tEYJV
z^*8xEfCu+Wlr=A)^v{U<&|~FuRLXfGZ~Y?t4M^aqf-=`AL3HJ0J4IfWjGcx@xZl3!
z@k_zTfM&5?)cwiKj;2_hd`SYRZf1h?{0ak5oySy%GFF}-!K?{d%iNaqSKBI+;Ct~0
z&PTxIOmcCcV-~eou<}O0zZ`QsP&KLiq+(DY9j!YtSM0zTB2Vr6ukt<WBH+}yze17U
zb>Rn`AQ^*|IQ(YGFX`U@on^#c_!m9`ADeO<A3>j%{b@%Y)57yROl%MQqnF2PAAowb
zI<27oUn~ElNM?<{{`<GPz6#7Toh%~zua$pN6cOX!7Wk{2!T<!M^+sjjua$rDyC~t`
z`teJT`~gR<)}~tgwenAX)q4J4YC<N*4g>OH_}P8qua&>^8++3~HL7Ee{T>Q{*8k<g
z#s66OCpnZ5`RnDCLIJb?58M9D^8dZr#*<bJCwvl?c1!UM`djJPC)7T_C&Ab^WSB0e
z3)Rlie19XSm~$y@&ZfQP8UN{HAM*YbYJggbC&2LhNs@CYN}B`YpGpkch@8FNw{Pvw
z(YJ7;oG4e!T;XnZGC_5`$NZorEBCCvoz~-^t%r=Hg4b~rZg*~Wc=@B1H%C)CNifOD
zbq+}6#lzamZH}Nxz5}CL0_ET}2t&<EB{)aF%g|ZBkA6+bReI|{gci4!(0#68cidm6
zEt*4ctCStfcD9O|Y*k0*=GuDYtKOUtC&~pgSA92S3hi5WkLwjmKGj1fWe}OKtbBe7
zu{<y!m9~L;$F*}y{DgC%2au`0*aQkUGPsTm_u3a4B_ru_i<brvWNm_B*=x||QK_cG
zGLSu!f5i|QDA&ZAMpskGZY^HmBgamnOuOL7N{f?2e*q=>f>Wp)1QmqS9Abdk%BP5!
zR!3N)sPuFlbuiX*7py(6`<(@6jcT*eJ1B}cv~eTDU5j8@1mrEtA(ju>&|)`+Vwm^z
z2B*n=9B#6shkt%U1cp|_iT5PEm$}in=Cw*EJ4Sb2NOTT0Id1HGHmAqGW&va+3e{v-
zBabVapCtedtn)M<@x^ZhuDR%wkJlvI)zNxMZyi$5;${<CSbD#lu_VDl&^^?M7{DhB
zR|C-Qs8M922Mm8hri9R9f6s`5li@P&H!&-c5DGQoJ7&$qyv*{*;j}mzdGwUWb8`TU
z)Be?qL@Fgyrkj{W3^BSsd*6ElM~sl2dqLzjR5i3m>v(OrFDVAJXxzj*CJ`J@U0SW<
zKHPT}zY4wgG+_QD3C(v}RG&6P@^!*L<Zo*R9WFwU!7>Lys(V1LtriI{&)}^6tmae)
znW*48cHbv7_n>}xmpIXcgRKIwJqN@U09mM62;A-H1PcEd?bF1^)HgfqPECEld$2#^
zuC)mpG`(@=V$G-O*~m&Uy#OnV?DiT3L~$138Vd={8asNQNJ>*RD<K(0tn8dKeIP$H
zc_)Pop8+UJ<o06_og<fN&ZL%Z&K07?6_tn~I3esbfz=j-6}C)hA^ZD(P%>Uz-f{ml
zZehT8mKUg-$hf#as|Azc!h}fDs8Qau=m+w*B!d>_Cw}Q08BVP9l@g-LZr8=iNWip6
z@&q}~Q&zHKG#y1eM)GeE_#+6jVN@A<`gEGz$$_0uRSYXVI#?D<a!Z1r%2*6pS;F^v
z!Wikhx}3a)+`;|MD@~Q4^rp`eMFVM3{R~B81ii$723Jx|XkLCl;X1G4ujKaBI+G0F
z#77IhI;7#Xw)IqF_0k;(MmqcKW1uP!uC+xO!aA{;2s7OQrG?j?*Y%#}@S<J9IGQ3&
zUj}A~NrXYWC#j|DfaCI`dtaR<$Ib`bMW#{{3($+1khrCtA2LVnL5fM@m*}v}#Dl=d
zj8C)2Z?kcCB7El_!i*;IJC6Nk<?aTq!_x~RAsZljS>;U3YvM*z#|%V8@M)Ag7;)wx
zkxb;HJ1)JKvak6=vE2in4gDGAt7`wqB=&1mRpmAdGqD|*D)4v{!=T4@C?_X@CBvPS
z6M+CEx`5Id+c|tVIk2=+{z2DlE-uq0Ghb^)D76qWR<eJQk7cKQbf<uyznGR5*DvV(
zIeD05*yE&b(ZEvBXl;4L?mBN#UYl&j9`yMAzk)VX0R<2ZXMp_nz9OqG<G?+<nn5$|
zWBZ{Cv$9U(AD;T0aD&1)*}rJ(5XLujTEB%5(XQO4!ym#YTI|XxLq?k}T93vRe>q^)
z+go}xX6w6Ls554?e*2Zv2mdk|puI<v`B`v$;Bm?VijzXC6*fj5Rxh_SO^L}Ns+qF4
zlq0HRbo7nKN){I#NNu+(yT*^A7o2s^YPYgj>LHlcPCQ(~mA}<|_Qbm^G?J>!*|JNZ
zhM0h1n=2)uz4R2+9m<A|N6`u>P!T&ol@G5pjWNY4_Lk|#uAsFvaee8FCteI%Qo#_#
z&Cpy9ETesZEgiBWTWR}U(?e*#IfEY{_^_`$f0tZwr(t41I&pe#Gy5`g)CqZX&*QKy
zpf?4+)hcccAqYN!l#aJjk4j;Jfzmi;|7QkKYMhuOSzkmG^6@#=-ZMCU1y!3s{x^lg
z`~IDk4L7xvyJHLqJE{;2(c}ABV7yNNdirgqY&kZqJY%T9^U_%#l@hEs+b7+eA2<hi
znMWjitTncgawMo|;`k5VR9k=G>+}kTZgklX)jzQj2|vso!-h7V!x~<h;ts4!`}if{
zh7M2CXocqWKvt8ld?@LO2(wQnWv%oeEIWaUzz=bMs$OvmeQ+0<&5=4XHjq<t(Qwqr
zaP;RzuhCpdx5J^&%!xW0GSZG-l)G~RZwU_>uaja%Pa!*ucPRNY2jH5zA1!jo@SFYu
zd2T?wdqTeRo-U0~<&m#LWJoYC2VhqqsBZc%DZcU@H7oW%_Z&4f{g%YD%dcox>CQkR
zY-1^dCA$4hF#*;^-LqXsY#_5KnFpA#8_E_L98A@-up9KlbNSF>JbLD*2P~5d%^dFk
zWkqzK*~xQ=e{i$JBP-}bP}6~hW4Y8OeMsiA+s^x-)@lRV8tZ_7lM29(pvW>^ZOVx<
zE56f`0jpv;aY<_SAEoH;x0fdkwnM9$z0A)+vF6=sXd4xT*H&yGzVeE_LAuh00+WU{
zZ)SL2Xk$D)2pp1|Z+r-k78Va*Pj0#w_LI%b9fl?igN99TM`i=DY18|1pewpT6rY8E
zj$Rj+n&ru_5iZoUv~qBlo@oORh&VKN5g^Bf`vWDT)|74x7G-YRVj56BdMqu(YPfvv
z(^4?2xhrdNNchq6qcQkFq^{)Zxy}B`rlEH>LrZcbZk;*pFZRls{yB~u?$JIjoFlx5
z|9ELu;shPmL+DmjBZFT-q0ZAs#Nunjue9412~zRrLMTI|hm@X42Gnme>pW$2k%p{~
zS9=i!zNW^+cmmAHVhBZEeQiU`&iP6=U@?2@M~=E(B^@?M{>WdtGIIK*)o29cv3n?_
z76t{*FI=C=io)%5C?7gTs!utOhI=n;AD+GhZ99kU+ov4TL$Qs8w8~OdZ5Ir7Iody@
z#p;may*{pkoXzf39u#}zgwz|^#3x7$W{PLaJUPH8HMK_bSqs|;x%S?c&T`Xs^Bp=I
zU@lHwaKy<};wv1wN3vCNoCtaKEFWJ>&kx9>ho?7QMS*ni9}=OJy~^()p=$x&l`^Z}
zS_ZuJ!@T%!zaZ+lG+RB(d5bk!l?+(1ZZR9R-L8@W+LUd;_8?Z4M6%lFI`yM(0PLvL
z+TlA@)6N|a&!!rdJ50`$y%o=Gzo-1AA|bAY)Ielsb_6@f3mm?b`(iFgo0P&{aiKZR
z8K9PxX#KE`vu&K2;n#nT?M9SdCO`W{Y8RMDmZ1iGLHZFY?iHn{{&6}I^K5_)E5w3C
zE;&`*P&!=p7$K<TOf70qXimHK-HT|FV7(gdLKw{03h&#rZjY-FR*yK-wmN#35EbM_
zEai;2=5gGze|{AezB(wmu`3-8wZnDYSY|xoIEzqRk(zo(6s-JAGda}Q-%3q~jn2;(
zwfOKx<usA7de7lQhRm@~@eYTEbtHX!e?lZAM<km!d(*tgoHx(@h0~DfRZ?bDoS4Zz
zNG0<)*CyQxnsaYc71_=_lZ5Nh;%=d`)Pi;P=N!c6bHbt~WZ}`POq#n3v&|vtc4&et
znWZ!f&!Q{YWCGMqFtZwNi`}tzYiX!fNpqgPk#lSP`euKUdqR7c#Rfqjaaqvch)<uh
z-PXxG0UxS;v~+gxyX65h6szmGCvpzBD?wDaTfHxWZH~T1n+gf4wZ-Rz@`k<_YeU@9
z6d{r(<BXy9hNtipJ|42$+|+N|xvsIAzS_u^7Q3PRw5mcWgtMbcp4AnD?f-OR(^@QJ
zZn5CQ!7y8cP0(yA3m8?1@vtxwgs^wMe-#d;Ten+@fg0J^1!8R;x=j{r(s`Q8I&d|o
zE`&>3lUpYEeh`z`PxDQg2Nn7-xJGWyk)YRL=I+ZwNRj%?dFO?X`}3<${d%gVH{Mk*
zozeT~!pT)IF73b}vMZjTVGHXy&KXgb<mKolxG)4SoHl1$D1mLMf=lkSqzGc7w)5Am
zj=r2cs$Fq25%U~Ln5-KTLRECNQdrEEBjY#bastaQd5=su4@NEfYj_saDxd{WaoXx~
z^`2bWqg@s=`c=-8CSL_dL~rt_rR+@aKMb9_;!%0oDK2N!I3l!fuhMbAxNrZKG}m`h
z;h??x3pz0@wAf~Y*m*FF_M8=U5w&dgj({!7c9jm1Y~=A@=KoY3?_^@7A+wwjZnsvM
zF4x!QqfCX%kid5?r>h&+4(0ed#Z}`s^lLZAcl-C5qx!QBpD74_srDS?FNR|Gu1Yrs
ziJlaSdt%lZz}=d=kv*Kd6;*B!_Z=?1W4am57_=(*EuEP{`1!;7+o1=@sYHg*%T-+7
zqrn#EV?au8L*n19Emml5pU6r|jvu1Ku8`r&Gg_lvbmSL>aJ%>V+1!U^m;TAZdgNr^
z)VOvDj^Dbqa$Y4dM;w`{*^3ptmGNYoQP|V1YZ6;tJ5)7Rk~>C=bJ0<NQ{O%i#!f|e
zBabYhXpxQ2^@Vx}SHG^n)_azbYAau4vt|bGg;RP(+pIPdZZP&+8xN^HxA-uHfFO-5
z{DXlA`{~i$?9g+vD1D}yV64}tHg_$4=*6E6X_`9PuJ0r_*o<&!JR!}u9(~!jG{qN^
z`0@3vmKx8)&efSK>7`920&Smlx4V|it|<Gal~}O9e(EpNR5i|XXPG}|;ipJi{>pfr
zASL;7c#qj!V~A&|5FPfe=gwPn&#!I=YJ~1_?ywujaK8n>P5(|LlVAOfmKy8)>$}Jh
zG9*L{u3G!qw?!zEs0|^|IZ+|^D>w5*&L&9p3s^!3dv}+O_mhs^Xx%Fe9{23bG<Vb-
z3GbOZKV!h%<@GUP&HLaPy~APM>cQ<77KAKVNHkNr!MT0z7S6eWz|~uK!=c{Q>Q=O!
zpl<SB0>y}_DyBQi4XD`RsRm9+Qr@foy}-9szWaBv^g2(6zgx&7tJmv>R{7A3HNhp9
zymzTlaeInVL$3g3cgKIUU1|EcxpZn?gucBc$iw#Js7D%(iRX#cjHy$!axgMoSQ<Il
zZHG>p@ZTUX`r*QRW~V<zsMB6hhDZ+igoEirIYDwB@2r2`d;Bb9Q>B|OgqUzOm0*-u
zvg6%gDTiBcX-y9}m#9mL29AfimBaC<<pr;1m_pKxuX&C8T-EI+HY*8ee2%zv?82%)
z!a_CfA9_dN1brgn?g?8wl06lS;De=XH}FZ<(*^d-6^xa<;h(p6H%75KR0i#b@^~$8
z47GhAk7C0xTiMAYni`cz0ZGAR4<SWPPwT{bz%~otEHPX~#qLV<U7;lWxa9%oxYIb#
z7aK{Bv?!vqw6$og;HQ^;X^q91ZGqwc*oN2|x4BLsvsH3!$1{0G(*}24y?hn@1LAs?
z2gc&YdIZpXOPB9e;>#;=tzAu*!>%?kU^}WT<0ZE+p|3bcpBtz8IKW;kR~kgh43|3&
zB;TX%>ptASR8<u!hh%Eg+N9JfkNjEz!DmE_Go)pxE-E9aF^2(Bfeq}(8Au*G+Pyp8
zF}<@?BX!el)M6u70gCwovwV1Q{eExRQ7V%Q^!-h3hO!G9g*ySBq}v^xl8YQ`hD5sF
zG1E=+t;6>a+*!$-f+Z#`gpk*u)XrscoG+<1H`aPeS8EA^?@^{U-)sxACJ=c2m+7#h
zlefy*%1ajN*0$b=*#Fd-J1A_n<sp$=wqPWJ<mmz(8uskt<sVQqbM88QQ_*9}mc9^^
zPR}r!?AuLeZgJ<h-osunI}jZ@_W*IENNcHrD6X_Dn~1&0!FfwZm4d0uipcM++v(JD
zsBlMb<`FDLD1gZdnXmF~9Fb2BSBYWqLy*qFKnI%r2oj(0g~zHuE8CULD=_pL{|gt-
zNw<rqT|Z6=Bl;U0dvtnTw`XqM<6_Z~jn7EyxMm|%hB5TIyL#YcDK1|q*(&t`ErOS)
zU-^7olc|erS2upL=Tv|21SRluZ)irma3s5+WL|i2k~mwdXl%bKo+`6kAMBrQ;`Py!
z7E5jrJ`Y;m&m~UqovKMZxxA`LARSZ4abuE#$&0fE&B|7D6yBAX&qzynN;H%{tFf@2
z=+vL?%9Cel#o{>6QtVYe^j80AA490`Qevn_Q3c=%5^g>qlv(YGf4^FP&e`_u-u_gv
z=xZ~Lob|+{vKEeD==9`JPw=w1{#spGN3|BlQ%vW86D?l)Q^nj%d*QerE@uj1NDbPT
zPMvpLowDG-(nZ>g7M9G6|1hi~9o>9?GCpQ4{@v#JmkSN175XnUs5A>C+7Ae-ns7|O
zf_^~TH+oaitseB=HZ86%!r-TcSBQQ=b6!8Puh_0p>+ECK!Kgta4fD^nXK-^eTdYgm
zu`Lok$Y#7_h<?#^Kxc;SsK0qW3o}c8VS1lbQsB5#i>CrJPaI5~Cw%LJ`<fP&7>Q&m
zAHygJ-vut;zxUc#n^Sqz2pwkn*?4~_!#Pz@)R;b1jfPiqpK@4Xawu*r?Cq)&EqNY^
z-F-y~EQqknGOK=kGF^)uBE$QC&2No4C3%|@M0{ttvJL#A#^X}j<k25e?im0^Tq5I9
zX1?On@ABmpq)2ju&$eQJ!=-dMWej)ijp3$EmVJ{wJ$@~&$rTeQa#DY9z-GJ<TYl3+
z;aPkUTX|A>+rh^-M8@%jS)QjW&XN0Y<m^v-nx=Qaac{Dt!|!GWd9{02Q&l|`*Lxgu
zC5f5AwpHaeVy=N6d*TEcC+xF!$=>#&jC0n54g&;+13R{iQM4cu#z^{tR|baDduhB-
z%d_XLJr@V!T%kV&Pps<SQlrB=QQ(~M1H)KpuLtsB`_pM7Ay8}w%fa$TMe{L_s;{Ky
z{VdINWo8~gv29&_z31%)$rVB^&0LHkMDF0j;Ev?DpH)Y8t|vQ1j$@TTaw$wkQbCt;
z!qp}h1+)Q1l@^ERjp6?if)F=KW|>9hoAs+cC>;<|m%NIv@5|YDI=7v1NK~f7t02;s
zC50r7Pg>ZLz70a?kw_k_|1k9IdOlPoCP5Wte<vs)d}yu3#7o^FR=Y!FdA-8=Vf}g=
z=2EUY-#xbjQz8di&z;fO8Ca+-iSlc-Sm7SmX>7WKOZhkkRh^9=_*}s_(ArG!Bq<E_
zsFRZ4v&XDx#vo`7JyH9G#I8QC$Ak)N8c@qI*)$q9_<)#<1_Azh$je)-yxzpEn(^zb
zeQGc9rX{#Td`wx@g80m<GI9_vUY|?LZi^Tk)EdMM#!p#^ZdaEXkXWMW2KUc6yR;`{
zwIydo&fU68h@l0^{ob`6J`g$5k#ww-xlJiDw(uq>Za#uyoBFU>2TKF9t(%_xMfxJ`
z$^S58wQg|UIf~&g&kC+;NUL!USK2IzM%p@m<Ji_=yI}B;`NB@5!DE73U=CZ;Mx3XI
zZ*|A!;Nqpjv1hlX=RWZtKu86U5Xsy3Z<jqtdGz({io<C$Jw9*gxsKaq$?8lea>$C<
zVzpByK%@V7*bK&TY!*dd)f8L$C@fPiv|3@*g5k9}P&CmCs$qQSk*1ohf^k_AB*!(z
za03U;HO)sNIeJ`+6D#$8OpBxT<kPYce^9yIyYE{#>^m3!y5hd3j`DdDJ^oulFCEuC
zbgyz=u>DkhY27CWQWWC<tAeFI5w)(bIYjo3*E{Pd7Dn4yu<6VZIaJX65`-lpV(`rY
zIlgpW16R!+;Za6TSJJkxZA(-`;H@hfTWX!)$akm1^G^d^G2=qNK4Y<`A8L_${eCU|
zW3K~k)8wlJW+LU2Jh~yUbMR8)CBSw;NVMN~g-sqz^*Lst8XjALP}U-)rx-1DZ~WV8
zDiz7n{kM!*4c4u;-h|M~u7Z<65M=U3W36JQ)?IkKhw&o5V3Z@TR^~xQ#^Gs9@bw{&
zWP`I}Wb7r|88yrlpHdsW;tYvxX#ff^yj}F*d3GcnxIDe-kHa!r+-|@Y;zY!sD`($0
zV$kwDxg$H7J-p<8S*#7WY4ll)uCWC+FmAfp6E)<Keo2QryRW0=DtEN_>XY7&W{(L2
zIt2%LDlcX&Vd%M5s~0x;d!nvhC8TqoyvU3$-hYZB-nO#KbeAJ4$L?@tGW%J;zA@&i
zTe!Df4JN`~2!&=%(J=d2?bQ*NZa+9+02z2wIb9bh(0*q;!RO7oK8UTP#Yxy}Q8=V9
zA~xteKUGuFuy3d^h9+BeEe?bv$Q8rN7|E$8K<Kk`zDh;^mhuf4XSMU~66e97>h`{-
z@$vIB2w9g-aV@ZAh*>_HYZCsT;Nl5OF_x-umx|k$93GGiz{%;bWee-{L+az43ki-~
z=%d}fzbee}pM19%AL5x}+t>3u^p*~Xom!stn7#0z!e`_Qt$rIX@z@ztUOmir_o`2l
zTtrAqtCQ%_mN(+9q~_?7wInVw@^NE&B8$%n6zywyINkEa5Gl0OGpFrH*EAjzxX|KA
zMZmZlIZx7kv72gRUT~zCLF!(%CYG#73&HKeQe^kaN8d9kUB~J~#I$o4{-xq5fweNu
zS*de~JAKzrFSP{=3-ushEx36DbK*gnde~E1ET|Y5vVwYbyc`VSM1HkuR%Ug_>OFK4
z*P`O<Q!MHn@a<Y*3?y>g7q)#BdX72#^m4^{NO6IS8Z6u(F3SLNv3FVYN+ywR$B{(O
zcwvCliM%=|$^%b;f8}qxI*n1VJ%uN&{7HKk*`!)mF@`wc5wXk;DT((;b}=s!yLRit
zo!V`KgsspHJYAP|f%6b5SG!ogxZb*WSKYeu(|3ICYH70wrcu>YD(-c~U;?NZJ~=B2
z`iOS0i3QsaP*Ui}F?Q4ff6GsgR6f$-eiQh1_ZzfP3;FEw+tJdF+av-puJY)Fi{j1V
za=jYjOxdOB65K-B?JjQ%y@+6oUqpW-zwL5s4OOjx<v(pd+C@uEx}0)PAz!h4WtULJ
zYar@o<ENuM5wL7C;??`=+L7x?v)5DmvX8c?AIs7<F!sYK^zIP2;?QA;;0Uq1uEZhs
z+d`pn4BS?BBY_N|{MkBzz@<HtmoujcCv_T3CEPYa&iAi+Shd;*s9NFNOxkDqPj=w&
z${e;7>!Rs8;FzgQXBhN!R6@jBPn(YpA#=_+-__zLG<m+9`1!`%K`k~1zeGs&ZSDHN
z!bhD+Q71INe;LNv7M_3@2btDnwGHP!*)k<^u*LFv&Y?5wjGmsvfcZ%G+lo`Fxs}k`
zeW5n!PeOMla~rekE#o^<M4WoJ&C=Q7@0N$@IjMf{Dvw*r&y**==F)|B3D$e0_bH+o
zPZipsSxMS5;L#tR+8#J;e!7bwjT%o2Sj`k!_?k;^G23N)@K|JbLsw0W>9shM;B|kx
zrGjA7y}@reuDorF%FmWgH%eEr<0U0{NZr<EwrMT-Sh*%$$-3Krw5Q40!xPc8IPOe_
z(CL;dm%1#-Yt0zR1z!3=GvoI9@6b>4NORYwl!`G93KP?{<iRN8<?i1`pL$!q&3TIn
z8!R<OWem#^2|}=Wd56*zDp#MaQDYjgu`95aDH~GREj#sfIJCd*tzD%4g%rH00=YFt
z=~V_chHcqvHFxP|M#Y2s7yXtQ@hljeg{hb0#OclTeA&hQwaHZzvuqg}+Q6$Ivu~F2
zoDlc+^c-2rSSf@|uDQ6fm|MBvO9Cv^o5?_@=2pCZVjqz*@(?AbX#sm}V1RCQwKGaS
z>k!AAw9{up(-p^Qu-74-hJ&Z}#%I%o@00;&+GfM)&H8iyE<Nz}>5%w><A|fmylH^k
z%&$NvlMLw=-X;abiZPQ<DTFQ+%;Fjb?mY^1)%zlzH~xbjZm(={seQcyXPFcJz{cwK
zDg2Mw^^;ZBGiL@R?%E!@`ibzhxQ?{S?`yQQr|b{DJmBf^+DB2s(BVeHD(SWl?edZi
z`fkF_#oJAy>u(l$B(IdBSLo4}=~~cXn;pyw`ViC>iORm9=_E&a0%pF<GNYWN<kW7L
zKj6VkhFei>oFLv{7HZoeLcTeR`j_#B9n98ZSjdH&+jUC2{SPIR$JI%P4lSNlMR*Y*
zMGxeYvVGVOZ-YYbsd?Fss%MuZ*)O0fYO=?=mQp3-S@a@djA`aYn=v`dt}yqhGZw|f
zlj&^F$X%<F*5R?+P1th9R>{HVp6y}v?wsi2lJzC4jfHB}<GODfxm4+9y%LIEe>@zT
z#FLS)^tnQckcS;u7p*!fCxOL`OIK0#(@SbxyF1&CXDIe(5lWB}$amQvG~C4JkB3a1
zZmEgai_yq7xKwruS@7zKNR`XrpnLc%M&ULGRw$~8`irGq0aYs6V<MLvJxGXYjWZN;
z@Vm}eIPoCvB3;#y>6F=?r-<!xY;ncF<$Hv82AT<th8T6ITOUrgZ#kSy<nR^!q841c
z?Ez;cpBiWFe&_BI)i4<<Zgq*JACxmMlPe(<rOAes4I{PPR1+XiJp7fsNw2!K3wa*J
zxR6=4HAu@+8pt;7PKis;4>>&c#`1+_sip4UsL|)GeDt-r!ykcx6cw+Q4-W)0x*x`j
z>Q_aHPKUMWZ{InCbBd3sR=<+;W$Qhq6YHa?60?tP6$ssx*b4*fIi=q;+8)`rC-KPY
z9l3;amV{L9B$Z`vTgb;IvET#_V_RJVj7hDIF@X~{;TLyBe&yTv*3=RdOE-|y`l5;j
z*S7jK1mT9#y!Cx!DoxS!TybJVoYBf5*X=3MjjRV6?^-iLKtPQ796M##k|#}qIblU^
zu`}Dq-(dQQqDBMD`?j`}_8LXZML%4L5q9Yc)Eew3;@3W945X?{cmJY%uht;v;z(^a
zFIr1VUF=&$(9kJH&mY_x;x>XMd|gwhy4EHSE#pnN*MR=w0rtCkAKPRo)QGrGv)tP#
zx9n}#z9B;6lxYM~u8*&?v{)xS!o)`$3oh8gmKQG5VKvw?o?H9#38al0&PlJmc`cRP
z7+%Ud$sCyMJoprDfEIlznR7@QKf&7k3G1b~AVItLBVomWbGqXuo|n{ZI^l!#x$7&W
zG5F&!aFXW!$9!<g#ky2>aCHtrEyjp*Hx@>+Jfk8M&}%TWXI#^yk#~4*NAS77W|w}O
z5N}QjuF(3$Emfwu=jCGWtK-En{Z1EJg~;a8g1_s&C84k+aJxBC-CrA^GqOgF3anXb
zoL<f8hI(x`jp!sCYI<?}lr|tYWc8Xmm-Wpmy^E)#R5JC-?m<idZcVCUKXcpsCBf1Q
z46Y#`)v*A45ko0oyuG^=_Ok2szh(gv8REVCznkczB34#EY&V5CVJ})qrJ9vg8H6u(
zem_)>nVquo)G$Wr$6V|#uNsP7Jm`y%-B-(LOYk!Jbm={Ppib`|ZA~ySv@PwmQ@mTV
zRN2vhku14er{8wyXnJtz_wwAAx?vhy!B%Fm+_lt^p6^5F9U@FOw=Cx749P9Y2MaeN
z-bUw)-=wyY<#;HIr^i<8f6(U>+A~f$<c(n=#0VUZUbLmhXo8fCpG>N9Dm&C?@Ohac
z#I1j3c19OeQyMbhA8#kfT0h~EuG4(i9%GfcMHZ4&_JTe|G$7M8h&9Dvv6t?7V=1c(
z<4teYqZ&5&S9;|ro|e;1%5N$?UmGM#>=%-k?Iy2n`lEG{+P%)+vMh{`AZilw!2V4<
z*pm6&pcAwkz6*h=rUvn#HwNbu;|(<C>aIhOG6$W#{>l(ShT77N40aR<{b#-!3-Sk6
zk8QPREk2NR*!(Qv$|!WH?fk8An_j16&x1w}XTpctvo?L<)&1phushQJkDboo1dcY^
zI*X2<@=6X)E>-ke#E~O5oH_1V1JA8xet$TKYjn#O-!gxFK-e=*j}{-H#qrIapP_eS
z?0Xc$ZZhpb;gRunf&2Solk6T}dyL&xO9%$EsIA&JGsM^4Q1_>5JcQsmLd6GRqp=YR
zn5@+V-C}FvY<hn6Xl?K4W0EIFgL~MOa?8{>`BBx9ZQ{1e<PbQGB-M*-#w^E0exYe0
zMA@H=1fwtHjRnITz4Z4X!$SpgJ1KCtp2Q{sQT=A6I>LfuLM5VoVI?OyEMxiHq^A4j
z+=E$f*bVB&3&;kRaRyrQshK7<3ehTs+762m-kj6!nWRH&o|Ik?<j3%FZ!v#_Y@WdZ
zS&<!j6vP4{f(j75NvHgb7aXN@P0<NDgR>}CVe0{{Eggwgc!MeSi~4)6$(aBi57#zH
zWm)wYE;N|VW~~qE1tUj8Z(bc&T}eB{y*-*uZn#ZwW)nA3>JY9b{U+gLMRoAO`-Ah3
z4GIi9{L@Gy$G;OQII!AV`;lKYceWk{p1J0^^I^kZpAE%o+E9$PeuNl4VLANieGWLE
z>pk(&$wk`bdwCW0g_5-gDM_1~tkj(g(FshXYKiKRX{~iC)3OC|9BQ1^yUf8kRk>f<
zIpo}yyyrLANHA~Nkncd?`rz_=n7<P5JMNLM32U3mD)*e{A2|9{ThlwKAcWkGbS6!G
zBjf2g8`ZO-3ZaF3;h#EZn-Dh0nXml^u`|udLTL59m!|z&1<=vLv%P7IEMl1bha7H;
zmi<~cPVRHem%qlRyV7Bktq-+h+;3e2{p?qA_9P+JtE@z;vF^x2Zq*z9?2-Y{MrB&_
z;=CDRVfqIwUe>AgV_EqsGDa^Rw>=fh&0IJ10Ly|iA$X*QEt#-=v@uykI?OyDbj{o&
ztbAE`Vnrgg?=48|EB6>#?|Ht;70tI<h7JyS@Qk4bc`h|f%699N-x{SzRglI*b@wa*
zy8V{A?D?hH!_lp8TJA8{_jv7<r`r)_{zn7D@>ii`I5ZR6BB*`tajjwTQ(3DgtCYe$
zDz;p!K*ePL46cQ-K$9R<vC4h$@zTaVNot7m>h_C<gZfcH<YG`oS5GPV!}NstDyhMc
z>h{&b&y9I6Ad)BCiaplC%HWqq@bwT^Ykekos0%Ecu?EQm%kkhCy`WLE!}M0ApiB7i
zy}AT2&yt%CI&PgZkV~UL^9b?@WOy#C^EIB;+}<7zGEgj0BQy5hWMv|GSvP07!OBJe
zf%DU64^B-R6}I+!Tch7({F!UC{gp^eI{nx(116p<&|a3;Co$z5f}Kx{e#agpa-mq-
zQ~WgC_)TdpnK77RIV<pcn5$ZumORpRE_*Hp3cbv<`ZA|=m_RPe2YYs?A2n>e`2iiw
z`;FM2z*Qs^*AwP)`S+lgCd6%_(m=g_C`co$`VgUSKy7J%2TCkXqR)|#w*9z~1G1VP
z``YLEdwqp_1K*O%vUrE39n9N04RKvhMY+w^qn)s&;3L|HOT~3!|7xu`Kf~DOLW)>*
z3%S1>EJc_WB~*_s*1*2*&Ig^MXv<erBNyl-B#8F4*lOgLJ2b~CSGw0TXYwp}PsUzJ
zH}zl=^R@zY@ANwl6CDek0&Z1+=?4mbBez)IpVkS*1C@8|Yr3QNwqkD%S*{FCJmz>#
zKgs;A14-R~#<DPL3@3_iS~5*c%Yw_tQj=f?P2Pc>94I8meGW7+(1}fC;E~4UkN}AQ
zYFV9j-Q0jxkaRVj>)-_h`A;QWwFj>CD3P^Vri1tLL2=*7g^}+m;FO3XPy|uI6CZpb
zeJ@(}Xm~f}b&wcV0<`=oM8XL%KLy}-s<NzXx6K_xN18%zRoQv_8p}v?2MX(zK(Sfz
z#W-8V#MNR?wdXj}9AuepXZc+pnx~$RZLt4<%jN#UVxSLn6Qx+h%CtA!M)z93w5G_A
z&LTsw>$PdLe%9vp;g<p^c9SXEEI6Ld*M~_%$fru!E738pd5K~rZ{Ne?ur~T|AmLi&
zzH2qPR_kf{XxS_gzN*v)iFIlPUn&ZIbQO;Iy@OY^72K1}y`rju@5b$;G#>mJm1jE2
z$#@r6FSO#&k10ic1U#XtV8weeBJAhKeBJhOzI`|?_V6H_ZmRP31CLanOxu(O`R#Gn
z6yG-`)AzwX&gY~g>Y(45WALh5<G8qbnIty;%Cj!dS50kq=ng-eFFJ+fsBCL2hB=Pr
zoV?VLY8zrqVI3#atz>BtXcm$!jnwquYL?A1I1{$^s8{9;ADV4!P6f4c_H|=I77za3
zb}2T5)ul518s(4;-y$VGGGJV)$je!Kbg0a0X(5z@*>-NJsLB5hn@eSmG_(47D+Rdy
zlTnuFLJH$_2tHD;l73r6N%A<TFXcd6#^i=tU3}Rsx=My`9SkK{n%wo%ARpxnfVO2s
zububYo}ql3!>F(B`&C*|HqmO7hQ-l6jO@k!#qG|?-hJywO}}(N(_bl11G-HYbMdZs
zkKpp!w3ZMm%OQfv^ssUzxOb_sHakXioSnEwZYgxA%r%&VDxta#rvZ_Zp5va;QxG``
zko+iOWp)YCWJj^ucBnX3p0XKNdaBbcW~zt}Y3TGxh*-6p1;-s29+Ke-WSYr$GPL9`
zd5$xIiN0%T`69VhugzE{FEo6bcxt;&=@;~&V07iMeD<=fRVt>$`D&azbXb3dSwvuS
z4<CCoP4HrtQbE$HHD>!-T&V1=QG1iGheMJPoTf)*F=wyo(buT&YN<K_ROch-54uo;
zRCEvbihEd482&WxydHEw$SD3)6D4<`INdIsD{EbmzNX#Cyn(Hb4y#X#lmGB0P#E52
zp!<~3)q3-T>Vu6t^od?D<fu7)zglhU_&`Xfc`KF5Vvqc{ZH_<#5hY*z?PdICXk%84
zneV!^j%j*s{Irt4(m{v7@dj6L&ILp0wXb&V()>heNK#U^P<w3L^F`B#gpCpF&x)==
z+HaGZ=!*Aa-V*5sTT%xMoI+WJ+G69rfHNTu-0{p$Hi}ql)SKZj1-H_6t^WH%*LG?f
zs&WQzMud^)Vn%K6c?gbF_$#}8tP!CqvgRLwZF=BD<{FB)o|D2yZd6uiYRU{cH`c^g
zcAYOnJ+{qlQj@=b(tYtN?AcP4hq$Sb=<$Al_iQ98#bXkmUR~T=8@=(N%kP{9o5Tgw
z=mZ1fjBH4WY4#k{dG>p=Y1Y!i_xx{)hC_;M?+s6ht9#1O{uH=sNrk_wOnWcanf#&K
z&GdPdt~ZbM-TY=1NP1O9(zqTIugo@#v<<DAva9LQVsk%1g8*!?fceK@Ed`K}?fVa#
zvA7K-F0Wb4x+(;6nL57i_BTomaQ5{~C2&S<OclbP2#<3%@uyUS#&BXq)%(S`yi2ut
zGa>D3+YQl@5z$PhV+if>Qqf0}Nn<s<)Otp}x(uWGp6isA_>}?&^}@16-c_l^UBh9Q
z^>b5-vi8<N74YroHole8%q6Sq)s}Z5lFdtW#}hLGSJ2M_AxJErqZ5%<Hd=@K9M^Yv
z`Qxg1g;nttdy0)A&pL8UG_CBn5V%g{RW*?n@kd+ulV++SEfh`>oJ0xJW@!QVdNZ|w
zC2F+G@Rp>cn$N<uI54H1vgSH{BRvLAZ^2fzjQsHCbIX%~4`6?y1bV2-f+?pyHCwNR
zwD^tPhrL^;@<->SlhgM%7Nu=f9qW?0EVU*U=7jjXS0*#(w-+TNdIu%zZ8z_i(snNJ
zEbJQKq391)*Sa`>Ykoqa!cY^O_?jpm1<lP6jJE>W*){DWf!>&}SOMGRcBi7A7n8e}
zud2fjRl6&NRbFWMKf&yOxKQz##4X(AxlkN5sg8@cwgvv#y!?{uhR<SBO>+tN6Cv$q
zJ3Vt^aYvtIWs=pwN4@l1TJ)LvMV;SnE3V!%mhuwlY<rd9K{pt!at^e1YzRB6F#B^^
z$6Iu!-&cnTOX~WF43f0TeB^6gI>D_bPG<^lP<ELY1r90os05$db-2Ap(YoX$n0aZ8
z@lC{=?KHr8pM|d-EIRinZCT!(OR4&@9e#2}9NytK733NIlF90+$9j@(;_Q;ic)yAt
zVs7pFeVgv#j;!m{%cJ41S*O{JVcyGhxs@U>hF&Nk7vGpDzTVp%<o|gwLNRQ)!W#0;
zK5#yVbGhd#bQqi(Q-Qkx8k<V*!I+i@9sP(w#ENVCPO;#G#!=8Ur*wy1(z4Nm@@{iZ
z2QG94on-AA^^j+0;DYwW?>$9dc9f<sTr)1~y2{<2w3l7(3_d=iiQ}8Rb=4F?7<@Ea
z1JrdQ^@_93U3HmyrIMn&%u;(l7kOITKMg<NFwY1Bhr6%(7j)LAE|><J>)nG$TGeiW
zQPyW_6F<8oxx)A=e%9+tC+F*SaA&N4G(Mbch<Mi$h4&wO(zPVX^k$L!#frbD$@!bf
z1e8m7ZsAvuI$JEI?(`?RJ8uQ&E^jT0^ChI-P_H>vG@kr!WXC}aUZwWW&vBi~m$2tf
z(Qx{vlo{C$PsUM?=^oiFuZJI|;P&5}N!`Y19?BO57xa+w9~@Z7Ms^Ja3~S3;mxmTy
z?|4om$h3SDH0>+_NlDs|m>Q6Do&`e<NITe78fNuOSuKfD+KnzP7-B$HvbN)vux+}J
z(unf3sU~M;MYnSq44K6U_dF{JlBQ5-*xO?I^Ha-aI#HzfeRrJXH%_NzZLxXScmp%O
z-Jvaxn)H%}#I!#HCLjshVc_5~;TaY`{>4IecxzTZ6lap~pg^Y4IyTZXw0dlXZCnE}
z(|zi=FX>L>{QP55So1kpK51K|=~nR<*re+WtmYKnRJK1zQ6Pj{)=Dv_CslO*ncvdN
z_d<KoDi`NMazK-=Req+-_4pNB&uRrIw*so}c)aRv>tUS`TqhW_mA2X!-YZwGcm2e$
z7gVOreC;*t5Cbdv(ZaBtudujia6Cr6C8QmATpd=FlO^cI{DV;*U9IWAOwu*JDq%kG
zcsU~ms+A}7;wZd;s;6Qh$Ik;^`+$THv`6t^rbqRuim2P3j`+#4t1lyb6qiBA&*}R%
zs=9q8pVcB|g$y}EGI3Kr#j}HLRnPrh?7?M`UJic&MV>I?2yDR3#z+Y@{ygD(A+A&N
z%`L%BeTS#x90~h|DhI=NX>ne3HNo47smGH!d?ebC;e8TEB}+JWyK#)-O2#JPZZh(V
z{L2TE((}{w(el|CyYC*2<EBv&ZR`C3Itiuwa`M;Gs%b4#eec)Otf?^O!jN40oE1sF
zh23|`mARDln~U)(thW94I$HMQ@6k4gi5UYl)ujQmyVDbqY1VHIZn}N+su&E(`C^+6
zo$yEKC~trojD?wNz|Jn*T)=h!?4{tB=_3zJB*PO|iBDgvc?L_`b*Q<|czDfU^*K*&
zm6OD?zCn>wd}-yuRnHiux=m(Rf9U+-l%V8fZ1lQ<zEheFC+2~;F5%)fH>!dt+oArK
zI=tkAX<jv_oB!$%U}13z|AZW;!5Y(orW;VET<2|JHUPRf&=z3%X}KL5W8&7Em!-%l
z`@+D*Tn9^r%&Km;wm0MxALc4-ehFyVPYZbd6G>quop^n0wpPJ=?2^SGt^d=3ke;W{
z%%+?mNVuTc?-o7S%*Jr<$TR7Tr5=wDZNoi3i?+rLAqcV}fr1acI=pFrZ=vl0UPM)5
zFx^@4<FW~7BC(vciz+dH`<cRwrudS<)vF!)FFo!aCg(`^e35n1^=P8Y-_n|^?>j;b
zsUTL@grL|3FIHi&1sd!yAuS%Mafog|ZN~4o=BX<4T0P3z?~$1%!`@p8p&P7?F{_Q~
zJZDBn(=e5UrEeG_yAJc}`oS=!YOG@4ZNt~NHCmGCX1_|wcJ65Mj#*)W2y=P~385k(
z<K|H4o%*GhQu{pI`(+|01r+?OmI^}KmEY(!1hYw=LK|FEij&iB-=>{|Y>dw*?4}3s
z6Q?Em)UKNERW-eQAWtGd#|xCf>TWd<y9W77sf=M6`0J`%kmp<*vqX-D3!<cdWR|am
ztr#n@#De24&rQGJ54B>Yod20~J3SW5E>K^kzkQy8S{BUAjR=qTtgtUV*8?XpJ!Ss*
z+G91|tdHFC$Np*Wn4P7)=Tkq?T2$MCbm<ir8CbpW-s2KTD+0l$)zNHEAuobu{k650
z)>;(=PjzG$7%F!Dc!HJv{dE*+(a6};dBL4r&GKyNG=7$lc>1Q8wj9j2#t$vVo|7M%
z9AIBw5QZO1^rrVJlrJ}Gu-FFb>M@ptlj$VyYflqM^u7<%<|6Pmp3C71P5ie426nfb
zO7?cDMvdjsT8B#9Js!o?MP5l0HZ$p!^DM4v7p>mK#a48BuGB7NiGF0qi_;I<&W=BK
zXYKK+R-esR5dyKR%rUG+tZj(+?O2?YvsOQ`Tk<v)d@%iHTK5M<Hz$9kxbMqD&#_<P
z<Fx7es$vYBOh&ILT2#nKR(U9$y$api9T6|ArNgdDWSC3yzTy7t5W>kZ)Dm8#rTlJh
z+Fj+DY`PNi)%96!O6XvMDtAjJ3y$?DPJR4Dn(D6&%HU(uh-u^vGs{xa@ADGy%1z#u
z-C<e0+$hT`TdDr&1^sqq<^;Q>&{ufg7sK-&Gfq`6e{xY0bgF`O_XlwW+?ihG`>O7m
zW+R4R?-JP2launrX!u;8b(a*b_pX|xKbWrFw+NyIcx_28b<K_-SH+UH{R5%9zfJck
zgw3|Vg&6#na*tZuy3pr4+^xyGY>U!uM(Jrz`C9j5&*dBD-kOkMUD33pmD`@?_)RdO
zFx=rZ-NjH-X%-@);<B&Us<lZH7yYv^t9++EE2Er%6HCiZ7_c@ls;Jt>`!MgDe9)r0
zK{o`SDW&i-i<hnfUFGJlTzYz;xU8izU}|-<hOoT5v98?+=8C=!*E-V3xI?Ri3RaiF
zZkpqQku}*!)mtbwytj6r!n8qkETqG1?JIX5EIEs3^HhZB45mTjBZc(k&gidO68Tr=
zxc!fccANVgN#Ld9A$&F?;r4WCN6Tzp*E*$!zCJMI!0wc%FKq=(v%Q(dEMzbF*Ae;@
zmlWJ+`mUs34O`~O6WWb)!QW9VQ#yGBx_sd_zSzU=D^0B6d@zU6I&H8|jr>IF#WfZ&
z(v<1=4DE%23{Y6g(%88#|5y{peo(yI{HT)F!fg79`Q_XD8SPlJO8AuYVRJGcbyU~R
zSN%I1Lx=1852KJr@6Tx?#=&Qo^_PnEZo3d-cC6k;am&QSx_;^Mg2T82=BxZGf{5a?
z>1I(fmqKv^E6!N{y?W~CBAfoIvDMsWx%{52<Cd7wua=lNico|-$8v!dTf^bX{H{ue
zU~TK+r<>SwhmObpQ^>)+<*(d}Vu4wnrlQezNz#f_0_eyrufy_O;te-qeSk<%-?gcn
z-m8XKc`hahZgg^ccJiN0Ss>hkK~SS%OH8l9Jj+#Dw3a-M4`Z;xzp7JdIJI`ceUZGs
zQQk~bxyk>9vf|XC<Foh(kchiBoN_&Iks{#m@T*t-i)8W5$wqAkV3tU0pPhSjS+67e
zy3^|6U|Q`L{kLXOxUuO1YJx%@o6Ldb<{~RK>BeTiEHQQ=U(Z9mh>=qEs2KI8jLnH0
z7iZHmHFEX1yWxL(qOz?xsL(u%KZfB$WO}#!>4YbI=t6%67v!vw_>er-qFX+H{VVr*
zt2+-hF*8i9fsRr+_EOuj8|h%;w@JpfK-a!0F1KlL-OtB={r_t3EZ?H)-aW23K7vI^
zC|!~w3JL-eB11|@r-Y<1AOb^!fTA=5(kUW?(%mI3oihyGAVbGU&ROFxp6C1n=hc}v
z`?~hEXYIA_6??^fe?Lu*-5HVOb|hF&I6n7b&$)IrO#3|#(YS-6h{MnxSGNm@)Bag2
zI+)=euL}M!2z!|1k|OeJK!FU;d&zSdthL_PhzhU}e~JfQ3++=G>Q1LfN#9f;*^B8l
z0|zJ5{#((F<&2M_yQ#l?$Ft{8(($0Io#r{i^AqV?BpUei#U3|tw3k;-XtJWMH1A$J
z`0{jJ>0$wIgaAyCu~}6^<=}%jDoy6V)^%m0qN;&YLeH}{QdE=jIAPcKMs^*_<JWyJ
zW<so=z@J#ZPmOg+up6a3`xMOgewRjjeL?f~qE?ymczw#n;lH2DvWf*2&qo7~nwfYH
zCU~&?uM793vLK1j;xfk~z3pG~W#ddjq~3E_OJ(nAPAI#8C@rXak=w5~m&VyWl5Nrr
z>zR{YT~22E#&&$74$bw#Qg3bFKv9fRpcM|O{8EOl_>JEo!M4_L`zv$Po+mLsUDjfJ
zd~z&nR;4#~V3k(T)n5N{Xd|sEvCOrB-%tGD!0GROze?aldQ4+{rtNds^R`(<)!p}l
z_;>5=byrKv4@={=gZY+SX-4x^veD)34pUX9Zz1<`3kj3Kb5jmOJdRNK9Fga5DZyCf
za9DNXJvtCA$qF_Fs3FgyFMlkDNj~*bhc2)M=`ZS7&Bn>Xxr7aEcoi^3H@I2X9a+>N
zo&%Xf%5riaR<X|XsxKSh_=gNJlY_O!vm<|bB?e)296UQv_!@C<mmX>D;bXrDU;biz
zOn`VeI2kvjFQgzMBbJ#-RbEpyx;z}ISVW>bcTgJr_!v=Wl=?;m&fCW6&)_*`KJ-L6
z_~SHREbQ{8=dxPa`7}$`aYY)(Llmz^o(HMV$#EIIbhk0`V<c--kJX=}COe>wQZkDb
zR^*k*x3hV$kvP7bBu6SKKy{Cxu+K5QYS33}O+6-pcI*v9*p&9|izu_Hh;?6;oD}0U
z_;I+p>+=%Z6Tzk;*)8a6FtGM&0}k<3GKr{}uU()K5C?TjW=-x_Bgf^>Fh7PGVZY`{
z#FCbx>{&9>S8%@$o|A05u0`4T!e^@0$f0#!Y+>(KY~=wj1uDYpL@>N!J`BY$@ZGs;
zcSuRUba05SJYEE?;+MiG=Fv-XUUHVc<*}GJyS!0@C}!bfWBAj^axkDz5j$VO5;2V<
ztf?JEll_T}Q&w2c+rj*=BD|+;D~yy2COL#CNA=^VSPH%nMR!-{FTQW=9j9t+XM`4R
zCOUg0>4qdIkVSTk`kHoKU^-59-#>6$b^u49G(bygKm#l>JMM!5g|12*G<5a;ddcnv
zBku^76GXuH*@Cda%=t297HOybx1c}vt8p7Q@^G}!oRqG?Tenr6Kx8Vt@zvxkmn&H3
z4X)-1mMr)74-92z430<m1ab)=^{a#f2DMF<*hGEa_+57r1cLjnT(AUI^aH2n8bGg=
z$i2fxkTxrn9R`D4RvfHD9e|leoP${%I8jM<^N2fhW*^b_$Sql;S1{1o_IcP@ea`Dh
z1%nBFG=Fc%wW3XxMZ^9;WBD|zm=XJ-Nj4dO6l^l>?qjwV2Vx#T5MyHF-0T+v7}2~Z
z+0E~Ut3y_qKV{t~`*fUYG#I{P4$)SzmV#=5Unqqx0dLPQPP4Z-lXh`W9XAAR=mh6N
zNl}pG^`3AFl!635h`k+Kh@W){`3&X;pGfX7<`cs`L@G{*=r(B%J|olY0+TlyxbOem
z$tGTNcFH?F32zLaE21v_CR3<t+thJYPZq>M-cp6sgyviIl5ySfYfTE3ebKJM{0uLY
zQ6a>g>ZAU!LKN%&DSH$)yyL{{JKuS>vfeJP1QE;K)K_mXFga#mn|~o)p5UVtg5!nE
z%*O?UHQIN|r91%}SD%QvpqbU*dgR=<eQwVWt0q|XAW@k?qbTRiNe<mA%*OV*a-_aM
zjzgM*_B7ne9?KNcsInTJ{JMeyeT5?#^TV@9d-8&SJ+IH8Cd3nUNW)$myh_kBlUgIb
zgE80Sy^9=pn(lR4R@TraUXkk(BK{R|B`KiJgovA!JMUJt3wbuNosdW|5FzuMBhxJn
z5)vsFusPRi$Z<BG3ZhV3N5E?DP#coOd4Grf=f+d%L4DG-2xk9DYMQ@7fq*E{jY?Z|
zcB9KTV!uiVoW-Ak##Cq>=GSxTkg(xvfa}UoAqTEfNqs_Jz~<!`neGES%57T;Wx?^i
zkBz-cP7I!uBv>(5@mA;f>q9o83|HQvw&Z=p<xNy|Uz=iGlt7RJ2v?S#$^Q)0qsY+-
zB-rgf$*8!mY4Hs2dzw-k*0@LIzOZuDyd0|ylp9<#J)I5ces|IC%`@zG8988tE)rdC
z*3p2<>flook{3F}jcfz^MOTPw7Sj%;{sO+I+eqi-tD5}8Mj~Ui8`V;c&6fvS3`s$>
z7Yh&#U{d+B(s*Jr+n<N|p%QxMFQ5|zn`;;KQx*{FM048*qB!J0VEV$`pIAU<5PU5a
zpZ$pp99v5>4{a<d^ZI+gvA8K|YC+d@JXLdH_J-T3Jn!cv)VXu?mlb55Xqu=Rx;@8q
zC7%6p0FyPDjpVcSnQ<b;`h?PLqA1>~LVXUYgwu@TBooIly|2=xmrPu**h!<_<!f9u
za$P(C-(^;ARz0JVo0q_7@b)cV;UV>+!GlwW=P$|7x4g2WZ%Pv#ha0K%+TnO<(%%@r
z1<{MEcUjR2Uhq{yfd3`Givbl2PbePCvz}g3&{gb-H_{<%>TTz22%-X_s#m6R9o#;#
z3ItIi{*JKsXEE4;MnPAE*7$Ri!-3f5L6x059~fzqnz&gv*g0RIINslG0ej!BMiV<O
z5$6dN7{z+ecS{}uT<J?VE0x`5i!x*F?T^4lFB~|5t}@Vx+_@(7xqRR~?36q}p1iZ?
z_O+*=IkFSqx%pTiNaI;f7CU8Mdc$2J=)8#OMIy1FKG-jBE`RSDR<w3eOyYE5t#K9f
zeT1;z(%RD`dRGG(h}b@<&;`)o63F8lwmZyZq&}LLy=UUA-Ey<E70dCvOxLtQjn?~Y
zo?J}P&mjka>(%wuvH)#xDnDgEDIo~RL!cA(Ihg#zunI-TpDz$YSkmdSlQcb7)noo3
z7cl;fDFNlySH$iY--K}FvxEMST6$6F8w&fplQqUb1YHx&I!KNB(?$G&CeNjLnLKmw
zg^LCVRDK7E(~K(EL{Q8wofwcH*!pd|Y`H7pWtLA022T$El%q>Y=Rx_qf!Kp99G*ys
zJ+=`ATfZ|8AFCUXMr%tT{<H?OCE)3vM2X0yem>Uz90V%VU~}FcK26t!043C}H21V?
z<k(uz>@Eptp#wt>F_0fxy`hWj3$!d~&wu92EDI`zIg;E@>@WM&0r{&J&cEcSlZVvs
zjW+qd@SK$2QzMMSz=nhhWR863C!O`t{2F5WpLb0N5_r`Ayc5X`8o&R&)qg0R19riG
zl?4Bl8U;achm6ArEaU$q{^vb@|CL((^G+#$Ado}yBl92X@aGBYY5&$&{8!H8BY~jJ
zlX&NU$giIxXbk-`T_O^Kk}z>J2#x-`I6zYG+JA~hxXt_o^j(PQ;6Ehm&k-bx{{9De
z>R)n;&#M2S3ICQLEc=gi&-p=s{LhVd3OaumjEJCi_#chHe;M=tjr4zOBy}1zZqhZa
zYP*e&FIp~))<WWBmXy<4!pNO`1&e(^fXnv$cz>nG|KgQyaoog9t#KP<O82ON11wzf
z%ncyL<Eyg(XC|o%5Q%!yp9FLd$T6jeRRR=H!C@=EkEsW41J*0Lc4v2|i$AH#X;~j`
z4>(6l0Zb?9NI-7#D$%QTE83s>AhE~NSG8700PNJB9j#?q^`$PoyP;yedIGrJrcUc+
zC_-o7B~Ty$$48W}>_ZcnBFs_Dc#3*X%buq8P7S_hI|CS`lG64_mZ#lT61xen!>(wH
zx%i!aQ}zC72mmnDLL^^kjJ*bO0T1b7b9~xr?a{BC*tfA{Fii>kVP8@KfXrmcMKF%M
znm$<)?m^WbJQVcUvo103j5>Mty^DgRSJn4u$PysQgm|@cvx80R>gL16v>n(d0#)Ph
zHB}F&9sbm*H+!J!`rNmgIU5UrNU}6RTu|vV0=0(#%c2#2bvU`{qf>Xws0N-l_PY7n
z7dZ6K@$xm2E%B6fqM%*zl)SIAa$=`@Lp_JfX~wve<YCvBZXx<8RxQ8NK_&hKfNUS`
z-Uy_#zjukr>-CzY;S3^<&%pBf<1MLO03FgRp_lNg6j@0R=<XHUw5#*kYP!_ZogkP4
z0d-}1w|XVx*Bbl=TEGi`iWBxd>@v<30m>5v#tpQj4S>rOi!SRTpr(vmC$%arm)@nC
z)czN!=XWc=tUfouI%OUXMEICXZ26JuHn7U@5o5C#tbuIDJC;VA^G*HjwYJmLaEB+=
z;=f6-ne}u-WfEgk8dT^wBX~lBsLQLcRwn%K_MSeUgA#MACl1u-k!a0K9d1(ZqrGpR
zcTaZv3=mpSJ+1tPGY_W@mJho4>2RXsWT)PuL8vBs=`{Wfhw9crc;$&$kzWwghvAQD
z>bEZLo^JY1d$=F3S0n*m5>#JH!3a2JBesT!!IDhj?dED^qnUQZu{eX%@8P5Z!>YlR
zELgxbp?gX8)iy4*AeS0xQvMe*c?#FlmT+TMOoFdxq;?5NF9D-1VT|>c#-aW`ZtvrR
z{oI0Vi~jm4k2SuMS0g+*^~q_n&tHrHsF&4Zw<sI(Nt^n(&I|Y3TVBcDQ_e%m1nyVi
z+3HKCW8IiCRAmF8Y4ylS?2xbJHD4F&UMV9$Ub43cw5P!946mm4^Ib0{=x2%oWEDP_
z-ux6fr$Ro^z`ftB()znixZZS;SFCHHGrFhNeK)r>?yFLqzQgGPr{w*#-z}W4e$_3D
zZx-$JX-)YY!%8-)*G6mcz+5QnDaDa3gOFEbd#pQY_>=a>pk-z06ui*xt*QA<VwdMS
zHuG#f2ofht7=J^H^3$rrcf=X&L`si5F|e=oAyoIG+tg|8`!hC60Rw3ANsi7MG{v`n
zvn_j<L>zIIHj|@}$!+F*2>^Q;XjCpG+TLkb>i#CbMem6%av1_;+wC6FF^0jXy<K++
z<TpiQHHdnM9C<7LxB)MSO!fF4b9sxvG&(u#^DUQ&I2!${LW#ewR3%yQj*-vdqPB5)
z<6z^@dGV$Am$_%j1J6!tw^0peW!y&qI5WsK*?9M-p2T|TP<I3V)S<*<|J7RB!@zeF
z6@WHVEx!Z!Huj|mW&hVXdF91#0zmU=Fo2DyAauvDDn;9Z-P~lYFOtq^slJAvtg8AJ
zx9Qh=RoynDBe9!Y;8H&spFSHkv!{VJEDHBD>3y=_UWisrTpdCt0l@J{LdF9Yl5PTn
z?q?1>me8uTr|NaTb8+h1%4O&zabW4~>Nr1R0N*Smsh&BxK3WQ;{1zKS`bo#Ti?2eL
z?$M%T4VsQ_Uw`+x=JZ`(0JQ5S_5J;{OSqR+Y+<wLWxGB;H|&#DvSZ+Y?6Vp!elG%8
zO`&<<7@7P=QQ23&LBH=;U%iy*#d6jS{VT<-8^Gt-wG6##8BAayF<(Akj~w6h#2ij$
zrbpE^$m1p6EXcE6`?6`sznwd?1Ta??N@CnGn$?OJ1^pFlNnd$sZ2j`O@#`-upY%#B
z_0CH$WT)dvk0!G>D++gmikC|4q7xh8XA5^7vp(jlSg8?Mc0H0{+^lxTREbfjVTf&z
z_bcCrv4+7@i+06>!U@Q(k(JbqQuc)c;22<>6>P_ITZ&Z~`a|uovL_f4*Ag8pgY@2=
z8By6q=nix9z{kM1Avf7NNUp-IWKF&i4@gFZ8OdS6?=nwK2R|(08t~qNyW-Qh8)#DT
zy~r5h&DM#H6#|8>hvYt+Y-r&Ll8)HhdZN|Gn46Izj%O!M;$-@C!&Q9!hFp*Z5@4_=
z-E6$5toHQGG&zyk69DNpiizZk`8dLV5x!@%rXbA41HKPMBCDCvxp>zzo|#LUG!@(P
z?FPdB8=915j!S0vJ*4Erw37u+Z*QlS&mZ)6`+LGQOq8<4-q(}_7@zILjTp1Bill(f
zBxM6e^vU%j_+e^nD~4?k(Eb2~O!4LFu`Phd6^st_d^)gpU*%ax72_ulQz)RwN~gjA
zFJajPRWUDX4RUlak9~0`N9;}YOjU9_s>$19W;$lD5WezkQ**JlGdY-$22a4C=x~I_
z41>$?^Ci$U%T=P(-aYr1fwnhei@WZQ;%x<!S|WlsR@nF0GjHFd8i|cpAIN$j7A)#}
z=C$_jvMYjkh#@st;-h}<k%BBTV<mqe{ITtQg_Sjx=RzrNb3xj4BsNghb>~Z-vzU1<
zyv~69WT@Awl5ufH7f<kl5QW9}FQkExoM6ZTKpqCj+x97$DDC}feuY%+h@%*%K#Gp4
zx>hFE$mE=`aqs}jy@n<aQ9(+Ffqm6imzGp;+~ri!ILc2WWQD|2>FH?dm3K1jB-G71
z4P-z^R!T-AD!<8hY!o(Mm*sTjI?AhB2bjT8$G6qDG=`0;rbNF%7Xk9JWJ<&P@X7qD
ziXm)IDXfhV5c@1@QUutK%g&~br*QgbqphtHHgdwY6c`n1TDi0fBSQsz)hs6~a+0sY
z3d(RRUm|38gu}q1Vh2nns>K_S`@DH|DC>sPgOYkq7i_+e>aV!ou@WnT5dG=pBMU?5
z^!(4OYUv7#V00*dZjk49g}=6t<Lj`J$%g@M;2Dptx&PA(v#602+!*^v^Rj=iPq3PL
zL-6i2)z{(4l9ERk!64TXY_z8l;4M@nrpVi5hm=`C`W|1k3X12}$kJt%3&Qo*jsPU0
z?hiR4MY++3)pVLFW$Nec{FW)Lg6mTOoHI5d;_=SM+r%kQx@+qnvst?i^m<f4p!;b(
zuC4&no$w(q&DPFzvm$%X_AP@likqbzeYJ)dFvND9uYI*&dBkaj_+6%9kz5Ywu+`^Q
zEamNP)82MoH-7ve^)4etC6B$|`bol&h_9z$C%GKG>7oPgV1b70g45(XbOz>Z<j1Ws
zc(0PMQMJt*YOz*Xd_Hb{F3u`zFXGDG%Es?mNmNEyEGq(*=97^mYqXV2WI!VgWlM$%
zo5C}v*Y-XY)+2$)wAx)FFICs$8l!sTK10?fy|=33E?4@(glZNpCiWH65N}V0xJ0kF
zPOq^IRBF2J@~1J_2?VZ|La{`N$lkSyQ+>rlWYDXAJ^WpNNuPv)w|t;az0NxgqV~01
zLSHw>RJ~r9@WxG|=DxSisdTD2tA!|JOj0uj3n}g?)}pJ5%U?43o;dRM$-`)abjLog
zl%y>0<rts-R8%Mo;bVu9FT-nhy(|`iB7k)3;ZO)Fp{trrtG80!kdg$ZnQZqdkooL+
za9rak_dSfo#=+MT-*N5b!vWKa<vRlvW0rI|1`YJy$24T1iC>gP7#$8ue3cbegG-cT
zY#jLE;7sLtDg$}O_xEfAgGaOPzBp=qBFullPwJuSZF`L?YF*->Pt|1nG38jfQ&-B>
zR$Y94?L+AI6e0r=y8}$c_@g0Z%BE3e5`u89lp4X3(XZk*SHbu6r(OA&W$f%xZ=tV(
z%h3dPR*czqW5qHWMFea)mDh^SO7yF7uspD%tchHTYX8GC{QBgRd`dYoh?;Q#!zGix
zZ;yyjQfAFyJNY6R{ki<NktQ~EML&KTYxbqt(AISIMn#@ld3XRnUSviwD;s`&{yHam
zfgVA^d?Sj=R%4<CAQRaFZr$`?UZ^bpMg833oCpV`4cBVVx7n$vZ1Gg!FMP4qTs)tD
zSS5?mSbc%PU5WM>c3Pyc!;~TWy%OpjV-iE+a=Nq@Q@fyg?Vz5~9(4!xaVUi_uJl$D
zwH}hZVKgFA``y7BsvxeQKF$PX{Zl*2GLxCD>A;(%+`S+*!a2ZPA*V%i0qxl)om0cq
z)OWwUaAi>v40?!{k&L$y`_%q0(}c+zHMbBPMs!~k3#}lScym;<bndTXT&TBi7P&R#
zOp<u-@#(H^!97*BZvUs4(arjFv!x3=PyyNVw0@Oi_SsH|;1&^E*}~0PZX6l54ps6q
z+T&4ExuU?$iU;FM&c!yjZXzs1hcG-%XM3wd)0tfD-NZucq(6fCHJ3w*91I{ycI+4B
zWMmN~w4J%aZ(@FgE=M%W)m1$$gqA|f+u@{5mKD+J7{txTfemy94_<s3Dh_+VhCUqd
zyP$lM`|T|L*GEQ8lDG(RyR!-TS5fpikd6r7D3vwbD*yU+s7Z+W(4s9d_qUHl6=8ve
zNG-kxo#74h)`CkHnfDf+vJ92jHoP}kQ#I5!T<+Ggc<g!`&AOy@cOK1wj+mT1^<nEL
zwqxnv-RtYfy{Fo>sleP<`#?}CJ74!vsK}k&?Xq*KOAEJ}>OUYSo)#`HtXHLKrDB^&
z$|21%*%i5SG8Z0_tD5uhBCmGa(Rq_Lh1WK@A~NMEha|^Wk2u`>+^rxr6!h%D7g}}m
zt2t=G@6uMC|MjyU9u8yRgLrmX%rpA0drb(~?N$oK`mszH2%Bk_PSFG{V+7dH4;DWz
zSKj=-9J9C5R3Ju*B8HE|e=tE^>e+bj6xQ>KK2Xq~uR1wXPwcu6*<Oue;G6o1FVt)u
zIg=k8QJEC*X*r6y`ga9IUqW#6E?1iJ#je72+Kf`hZi;JLXOSH6NES`@$<BBYYX9{!
z?F3|}q?req_r9B}R{p2jZ(Ct`=aL_%Ldt;C8Dr`jQt<zuIK#ff)NJ>N>$lNNl0LP=
zX{h2iiQar~%(T9av^21hz$asoD2|ze`baHLF$(N=Iq7_PBFlFLn0XjE(jz~(a{wYn
z%NyT&`P;B#HUgJ;PZYR8_XVSC!HNSpoBL>#`1E0C_(k317t)2R5qxf?2}|g;kKYzr
zZZ#eFP+vGg?5w^t3!Lxx^ysHdMd-%}0~2RkYOS`@(_@_EA>tUZJOBDmISn2ue%kj=
zWt#7Yc*dmlZ&<MvQWJ@*N`A_tt<zdsRZML+Kb&~~&{VL!<tMzW4K?wycj!#PzYgc2
z?LG$zC+|ehZz<$;{;Q~ThZ~f*>`%#<N`SNdDQ<VUkAK>Lq+E+~helOif1O^KZdkKP
zdek~Y)(KZlwagJdy)ytYxKGg;SRNKBZT<)|hjG{pS@`f)LYt@VD6`j4y~72Kv0-ON
z48Kd)W?I?%B5Lx^L}#__j%g`o2}W*rSCIW?nK%CI)Q=_`$CJ=kL~T-3zpI~lziiMV
zJkPu8y~(j5A7pR7J>pWhkm0Kga@CePLUn!y)oH>9@ko8)nwpPT(rpQMHICBZhHTv&
zj1XOddq#7umiU{q7a~H>q9LA}`?)(U46=o{DZYz-Y=luoeM=wa`;HD}P$(qNkr$0*
z&J5-aN(wrQN4+jBiy~TeQMfJ7Id}NXlG)vU)H=2*dYDzv-VMSZMWgLN&t(};uUxo4
z09Tt3IO)k!la}$ShK7$_mi-|}F{THp`Duc_P_!PBR^sS%M)_p+VM_6SkkHyCfxe1p
zq3&k7yi(k&&j~dAFAPhE^o=NQDWwI4^;0*&H}uC|=l+a$%&nnwSEjDo&9d;D**pp`
zpXKmi&`EecZ)BwNXk>x0bfyU1Z(VQP;Ny+ht`yRaYEw~a`TSp#FaVRB<-nVM?mD{|
zC{euJkP15L<StfH!XQNMP$+tJ7zWcs@)y6)t9soKV&c#f=9zC5!?|(KUpYWYB|R)a
z;zDz*8_)07x><Sub+JQJ-n!JRPeNvtX3B9XJFCRP8Ahks1=lj<>pFyy<ShzOUo1zs
z6mFPa+1{h&4F2`?M2z?Vn^=+m#5|Va1#!`QIgg08Ld5)?^gEixWZSeqK5}Jg?Yb3w
zy*!UjQ!I3kk@P&kK6!G>*Q$Fa-e01`Olss+C(clbi!!e_IOWcK^9NGWYVC)!RhF^Q
z+;Ght-XG24&oTt=z5)KHTu-P;dRHY7ZxfD-IMN?9y;$TdJsu;@4Up;^TI(AM9-k$>
zZ!h&}{YCVd`LfZBoLW)urvJxB+WJdFjy`8b5KmkC2~Tm}$1WepvFOaI723`TqVvxc
zp2v0&tCw2DF6ib6C`N@^z3FA@ap0q6OSs;t64Oo}LeHY6y}LkB#SJajC|oRR%4t!P
z8CG=ECTnwLdE<!aaF6~ZPul(drJZ6T>-ted?c|W|FpF);;1VMbZ657vZ&g)7W%zxb
zHE#h%^35U<raq@rhVk47l}r~}bXZsruq$~-{n1Ly88NkD{M-nt!i)XD+0e0R1Ru>B
zR*8&Ih~L9?V+MY7R)${ZuOAOi>m6r(kCk)s4Zf<&zQVg+p?zDR6wPCOYq!XK@{~!e
zL4U?-?;UPT-*5%vGUYVAR}?12wlyuAzP!4>Y~#xHCX6m~&Z*9}CvB->*e`pN#Eayr
zCC&JKxa~SU=Z~JjM>Tn#Zi;RbTxqpJ!W(s|C6al-UV_HiF)7j<cVO083VMT)b_*X}
zan!eJ_A$9F)=}h)qSgaC_`Fe{iqtioh#RKmugN~+cNV*#PVXP(yr`;R@nFqAYZ}~d
z!X~~9!rHk->NQHU#K>EhAAR0D>e-yQZ1}#tL;c{udvp0wqWqi8q|t~I;zcjk={A~j
zs!JX&sEtH9-rLK?@}VbzR;%6iHV$dWPM}!*#JPc>@^L*w{!;9WkL2DI%9LACSIpO$
zT&E!R2GCiHvz^1&0eXvbY@1*6s<w6VmpjfF-1G4ln<OX-C3HXn4~YJx^MELa*@R|V
zrIML!46Cd288gViX&+-N<|LV9lIHGQ?eOoX{#;Ioh|0`ZcmEQAhFfK{nTI2QJju(6
z{`H%XL=&cfmuX+Yyo1(HHvP|Kh(+ph7Ym=r(>FovvQd&8oiFOqHLjcXQSr$eM5>t2
z9B594_zmrUW<`#<ac_39E6&$ob}5;HA%U{iWB*rF$mseb!V5lFq<#BeFJRqTAFq%c
zwx0RbG_nSEHIVCTzZh)&>yC)wc)I^&<4<l>-b>xUYFv|ZCCrTen?qR>7m#j&g#RS|
z-+BJ`MT4aua;(`rkYe+XhttV*8T>fVApRQH@V`=-(IkG*Br)>Z+3N3<2`12%n^CRD
Wo<F(;wLCcoehN?(nS5yz|Nj9!$^|a~

literal 0
HcmV?d00001


From 8097acd75926e605b8fd2e090b0f8ff7de61cf10 Mon Sep 17 00:00:00 2001
From: mickychetta <mickychetta@gmail.com>
Date: Thu, 29 Sep 2022 19:15:12 +0000
Subject: [PATCH 2/9] fixed pattern prop name

---
 .../@aws-solutions-constructs/aws-lambda-opensearch/README.md   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/README.md b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/README.md
index 72d835556..8370a5b3e 100755
--- a/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/README.md
+++ b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/README.md
@@ -126,7 +126,7 @@ new LambdaToOpenSearch(this, "sample",
 |userPoolClient|[`cognito.UserPoolClient`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_cognito.UserPoolClient.html)|Returns an instance of `cognito.UserPoolClient` created by the construct|
 |identityPool|[`cognito.CfnIdentityPool`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_cognito.CfnIdentityPool.html)|Returns an instance of `cognito.CfnIdentityPool` created by the construct|
 |opensearchDomain|[`opensearchservice.CfnDomain`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_opensearchservice.CfnDomain.html)|Returns an instance of `opensearch.CfnDomain` created by the construct|
-|opensearchDomain|[`iam.Role`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_iam.Role.html)|Returns an instance of `iam.Role` created by the construct for opensearch.CfnDomain|
+|opensearchRole|[`iam.Role`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_iam.Role.html)|Returns an instance of `iam.Role` created by the construct for opensearch.CfnDomain|
 |cloudwatchAlarms?|[`cloudwatch.Alarm[]`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_cloudwatch.Alarm.html)|Returns a list of `cloudwatch.Alarm` created by the construct|
 |vpc?|[`ec2.IVpc`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ec2.IVpc.html)|Returns an interface on the VPC used by the pattern (if any). This may be a VPC created by the pattern or the VPC supplied to the pattern constructor.|
 

From e60d4fbf9afe6a4ebcbceff122ea012a5c8a12be Mon Sep 17 00:00:00 2001
From: mickychetta <mickychetta@gmail.com>
Date: Thu, 29 Sep 2022 22:05:31 +0000
Subject: [PATCH 3/9] fixed service name in README

---
 .../aws-lambda-elasticsearch-kibana/README.md | 32 +++++++++----------
 .../aws-lambda-opensearch/README.md           | 28 ++++++++--------
 2 files changed, 30 insertions(+), 30 deletions(-)

diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/README.md b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/README.md
index d04c3b1f2..8fcc243ec 100755
--- a/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/README.md
+++ b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/README.md
@@ -23,7 +23,7 @@
 |![Java Logo](https://docs.aws.amazon.com/cdk/api/latest/img/java32.png) Java|`software.amazon.awsconstructs.services.lambdaelasticsearchkibana`|
 
 ## Overview
-This AWS Solutions Construct implements the AWS Lambda function and Amazon Elasticsearch Service with the least privileged permissions.
+This AWS Solutions Construct implements an AWS Lambda function and Amazon Elasticsearch Service with the least privileged permissions.
 
 **Some cluster configurations (e.g VPC access) require the existence of the `AWSServiceRoleForAmazonElasticsearchService` Service-Linked Role in your account.**
 
@@ -111,7 +111,7 @@ new LambdaToElasticSearchAndKibana(this, "sample",
 |esDomainProps?|[`elasticsearch.CfnDomainProps`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_elasticsearch.CfnDomainProps.html)|Optional user provided props to override the default props for the Elasticsearch Service|
 |domainName|`string`|Domain name for the Cognito and the Elasticsearch Service|
 |cognitoDomainName?|`string`|Optional Cognito Domain Name, if provided it will be used for Cognito Domain, and domainName will be used for the Elasticsearch Domain|
-|createCloudWatchAlarms|`boolean`|Whether to create recommended CloudWatch alarms|
+|createCloudWatchAlarms?|`boolean`|Whether to create recommended CloudWatch alarms|
 |domainEndpointEnvironmentVariableName?|`string`|Optional Name for the ElasticSearch domain endpoint environment variable set for the Lambda function.|
 |existingVpc?|[`ec2.IVpc`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ec2.IVpc.html)|An optional, existing VPC into which this pattern should be deployed. When deployed in a VPC, the Lambda function will use ENIs in the VPC to access network resources. If an existing VPC is provided, the `deployVpc` property cannot be `true`. This uses `ec2.IVpc` to allow clients to supply VPCs that exist outside the stack using the [`ec2.Vpc.fromLookup()`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ec2.Vpc.html#static-fromwbrlookupscope-id-options) method.|
 |vpcProps?|[`ec2.VpcProps`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ec2.VpcProps.html)|Optional user provided properties to override the default properties for the new VPC. `enableDnsHostnames`, `enableDnsSupport`, `natGateways` and `subnetConfiguration` are set by the pattern, so any values for those properties supplied here will be overrriden. If `deployVpc` is not `true` then this property will be ignored.|
@@ -121,13 +121,13 @@ new LambdaToElasticSearchAndKibana(this, "sample",
 
 | **Name**     | **Type**        | **Description** |
 |:-------------|:----------------|-----------------|
-|lambdaFunction|[`lambda.Function`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_lambda.Function.html)|Returns an instance of lambda.Function created by the construct|
-|userPool|[`cognito.UserPool`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_cognito.UserPool.html)|Returns an instance of cognito.UserPool created by the construct|
-|userPoolClient|[`cognito.UserPoolClient`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_cognito.UserPoolClient.html)|Returns an instance of cognito.UserPoolClient created by the construct|
-|identityPool|[`cognito.CfnIdentityPool`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_cognito.CfnIdentityPool.html)|Returns an instance of cognito.CfnIdentityPool created by the construct|
-|elasticsearchDomain|[`elasticsearch.CfnDomain`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_elasticsearch.CfnDomain.html)|Returns an instance of elasticsearch.CfnDomain created by the construct|
-|elasticsearchDomain|[`iam.Role`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_iam.Role.html)|Returns an instance of iam.Role created by the construct for elasticsearch.CfnDomain|
-|cloudwatchAlarms?|[`cloudwatch.Alarm[]`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_cloudwatch.Alarm.html)|Returns a list of cloudwatch.Alarm created by the construct|
+|lambdaFunction|[`lambda.Function`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_lambda.Function.html)|Returns an instance of `lambda.Function` created by the construct|
+|userPool|[`cognito.UserPool`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_cognito.UserPool.html)|Returns an instance of `cognito.UserPool` created by the construct|
+|userPoolClient|[`cognito.UserPoolClient`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_cognito.UserPoolClient.html)|Returns an instance of `cognito.UserPoolClient` created by the construct|
+|identityPool|[`cognito.CfnIdentityPool`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_cognito.CfnIdentityPool.html)|Returns an instance of `cognito.CfnIdentityPool` created by the construct|
+|elasticsearchDomain|[`elasticsearch.CfnDomain`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_elasticsearch.CfnDomain.html)|Returns an instance of `elasticsearch.CfnDomain` created by the construct|
+|elasticsearchRole|[`iam.Role`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_iam.Role.html)|Returns an instance of `iam.Role` created by the construct for `elasticsearch.CfnDomain`|
+|cloudwatchAlarms?|[`cloudwatch.Alarm[]`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_cloudwatch.Alarm.html)|Returns a list of `cloudwatch.Alarm` created by the construct|
 |vpc?|[`ec2.IVpc`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ec2.IVpc.html)|Returns an interface on the VPC used by the pattern (if any). This may be a VPC created by the pattern or the VPC supplied to the pattern constructor.|
 
 ## Lambda Function
@@ -136,26 +136,26 @@ This pattern requires a lambda function that can post data into the Elasticsearc
 
 ## Default settings
 
-Out of the box implementation of the Construct without any override will set the following defaults:
+Out of the box implementation of the Construct without any overrides will set the following defaults:
 
 ### AWS Lambda Function
 * Configure limited privilege access IAM role for Lambda function
-* Enable reusing connections with Keep-Alive for NodeJs Lambda function
+* Enable reusing connections with Keep-Alive for Node.js Lambda function
 * Enable X-Ray Tracing
 * Set Environment Variables
   * (default) DOMAIN_ENDPOINT
-  * AWS_NODEJS_CONNECTION_REUSE_ENABLED (for Node 10.x and higher functions)
+  * AWS_NODEJS_CONNECTION_REUSE_ENABLED
 
 ### Amazon Cognito
 * Set password policy for User Pools
 * Enforce the advanced security mode for User Pools
 
 ### Amazon Elasticsearch Service
-* Deploy best practices CloudWatch Alarms for the Elasticsearch Domain
+* Deploy best practices CloudWatch Alarms for the Elasticsearch Service domain
 * Secure the Kibana dashboard access with Cognito User Pools
-* Enable server-side encryption for Elasticsearch Domain using AWS managed KMS Key
-* Enable node-to-node encryption for Elasticsearch Domain
-* Configure the cluster for the Amazon ES domain
+* Enable server-side encryption for the Elasticsearch Service domain using AWS managed KMS Key
+* Enable node-to-node encryption for the Elasticsearch Service domain
+* Configure the cluster for the Elasticsearch Service domain
 
 ## Architecture
 ![Architecture Diagram](architecture.png)
diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/README.md b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/README.md
index 8370a5b3e..830fca8ff 100755
--- a/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/README.md
+++ b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/README.md
@@ -23,7 +23,7 @@
 |![Java Logo](https://docs.aws.amazon.com/cdk/api/latest/img/java32.png) Java|`software.amazon.awsconstructs.services.lambdaopensearch`|
 
 ## Overview
-This AWS Solutions Construct implements the AWS Lambda function and Amazon OpenSearch Service with the least privileged permissions.
+This AWS Solutions Construct implements an AWS Lambda function and Amazon OpenSearch Service with the least privileged permissions.
 
 **Some cluster configurations (e.g VPC access) require the existence of the `AWSServiceRoleForAmazonOpenSearchService` Service-Linked Role in your account.**
 
@@ -49,7 +49,7 @@ const lambdaProps: lambda.FunctionProps = {
 
 new LambdaToOpenSearch(this, 'sample', {
   lambdaFunctionProps: lambdaProps,
-  domainName: 'testdomain',
+  openSearchDomainName: 'testdomain',
   // TODO: Ensure the Cognito domain name is globally unique
   cognitoDomainName: 'globallyuniquedomain' + Aws.ACCOUNT_ID
 });
@@ -73,7 +73,7 @@ lambda_props = _lambda.FunctionProps(
 
 LambdaToOpenSearch(self, 'sample',
                             lambda_function_props=lambda_props,
-                            domain_name='testdomain',
+                            open_search_domain_name='testdomain',
                             # TODO: Ensure the Cognito domain name is globally unique
                             cognito_domain_name='globallyuniquedomain' + Aws.ACCOUNT_ID
                             )
@@ -97,7 +97,7 @@ new LambdaToOpenSearch(this, "sample",
                         .code(Code.fromAsset("lambda"))
                         .handler("index.handler")
                         .build())
-                .domainName("testdomain")
+                .openSearchDomainName("testdomain")
                 // TODO: Ensure the Cognito domain name is globally unique
                 .cognitoDomainName("globallyuniquedomain" + Aws.ACCOUNT_ID)
                 .build());
@@ -108,9 +108,9 @@ new LambdaToOpenSearch(this, "sample",
 |:-------------|:----------------|-----------------|
 |existingLambdaObj?|[`lambda.Function`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_lambda.Function.html)|Existing instance of Lambda Function object, providing both this and `lambdaFunctionProps` will cause an error.|
 |lambdaFunctionProps?|[`lambda.FunctionProps`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_lambda.FunctionProps.html)|User provided props to override the default props for the Lambda function.|
-|domainProps?|[`opensearchservice.CfnDomainProps`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_opensearchservice.CfnDomainProps.html)|Optional user provided props to override the default props for the OpenSearch Service.|
-|domainName|`string`|Domain name for the Cognito and the OpenSearch Service.|
-|cognitoDomainName?|`string`|Optional Cognito domain name, if provided it will be used for Cognito domain, and `domainName` will be used for the OpenSearch domain.|
+|openSearchDomainProps?|[`opensearchservice.CfnDomainProps`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_opensearchservice.CfnDomainProps.html)|Optional user provided props to override the default props for the OpenSearch Service.|
+|openSearchDomainName|`string`|Domain name for the Cognito and the OpenSearch Service.|
+|cognitoDomainName?|`string`|Optional Cognito domain name, if provided it will be used for Cognito domain, and `openSearchDomainName` will be used for the OpenSearch Service domain.|
 |createCloudWatchAlarms?|`boolean`|Whether to create the recommended CloudWatch alarms.|
 |domainEndpointEnvironmentVariableName?|`string`|Optional name for the OpenSearch domain endpoint environment variable set for the Lambda function.|
 |existingVpc?|[`ec2.IVpc`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ec2.IVpc.html)|An optional, existing VPC into which this pattern should be deployed. When deployed in a VPC, the Lambda function will use ENIs in the VPC to access network resources. If an existing VPC is provided, the `deployVpc` property cannot be `true`. This uses `ec2.IVpc` to allow clients to supply VPCs that exist outside the stack using the [`ec2.Vpc.fromLookup()`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ec2.Vpc.html#static-fromwbrlookupscope-id-options) method.|
@@ -126,7 +126,7 @@ new LambdaToOpenSearch(this, "sample",
 |userPoolClient|[`cognito.UserPoolClient`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_cognito.UserPoolClient.html)|Returns an instance of `cognito.UserPoolClient` created by the construct|
 |identityPool|[`cognito.CfnIdentityPool`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_cognito.CfnIdentityPool.html)|Returns an instance of `cognito.CfnIdentityPool` created by the construct|
 |opensearchDomain|[`opensearchservice.CfnDomain`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_opensearchservice.CfnDomain.html)|Returns an instance of `opensearch.CfnDomain` created by the construct|
-|opensearchRole|[`iam.Role`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_iam.Role.html)|Returns an instance of `iam.Role` created by the construct for opensearch.CfnDomain|
+|opensearchRole|[`iam.Role`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_iam.Role.html)|Returns an instance of `iam.Role` created by the construct for `opensearch.CfnDomain`|
 |cloudwatchAlarms?|[`cloudwatch.Alarm[]`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_cloudwatch.Alarm.html)|Returns a list of `cloudwatch.Alarm` created by the construct|
 |vpc?|[`ec2.IVpc`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ec2.IVpc.html)|Returns an interface on the VPC used by the pattern (if any). This may be a VPC created by the pattern or the VPC supplied to the pattern constructor.|
 
@@ -136,7 +136,7 @@ This pattern requires a lambda function that can post data into the OpenSearch.
 
 ## Default settings
 
-Out of the box implementation of the Construct without any override will set the following defaults:
+Out of the box implementation of the Construct without any overrides will set the following defaults:
 
 ### AWS Lambda Function
 * Configure limited privilege access IAM role for Lambda function
@@ -144,18 +144,18 @@ Out of the box implementation of the Construct without any override will set the
 * Enable X-Ray Tracing
 * Set Environment Variables
   * (default) DOMAIN_ENDPOINT
-  * AWS_NODEJS_CONNECTION_REUSE_ENABLED (for Node 10.x and higher functions)
+  * AWS_NODEJS_CONNECTION_REUSE_ENABLED
 
 ### Amazon Cognito
 * Set password policy for User Pools
 * Enforce the advanced security mode for User Pools
 
 ### Amazon OpenSearch Service
-* Deploy best practices CloudWatch Alarms for the OpenSearch Domain
+* Deploy best practices CloudWatch Alarms for the OpenSearch Service domain
 * Secure the Kibana dashboard access with Cognito User Pools
-* Enable server-side encryption for OpenSearch Domain using AWS managed KMS Key
-* Enable node-to-node encryption for OpenSearch Domain
-* Configure the cluster for the Amazon OpenSearch domain
+* Enable server-side encryption for OpenSearch Service domain using AWS managed KMS Key
+* Enable node-to-node encryption for the OpenSearch Service domain
+* Configure the cluster for the OpenSearch Service domain
 
 ## Architecture
 ![Architecture Diagram](architecture.png)

From 620a2ee2ec4a684e90c7c1fb56d102446eb2dc0c Mon Sep 17 00:00:00 2001
From: mickychetta <mickychetta@gmail.com>
Date: Thu, 29 Sep 2022 22:12:46 +0000
Subject: [PATCH 4/9] updated prop description

---
 .../@aws-solutions-constructs/aws-lambda-opensearch/README.md   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/README.md b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/README.md
index 830fca8ff..b61404c23 100755
--- a/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/README.md
+++ b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/README.md
@@ -109,7 +109,7 @@ new LambdaToOpenSearch(this, "sample",
 |existingLambdaObj?|[`lambda.Function`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_lambda.Function.html)|Existing instance of Lambda Function object, providing both this and `lambdaFunctionProps` will cause an error.|
 |lambdaFunctionProps?|[`lambda.FunctionProps`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_lambda.FunctionProps.html)|User provided props to override the default props for the Lambda function.|
 |openSearchDomainProps?|[`opensearchservice.CfnDomainProps`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_opensearchservice.CfnDomainProps.html)|Optional user provided props to override the default props for the OpenSearch Service.|
-|openSearchDomainName|`string`|Domain name for the Cognito and the OpenSearch Service.|
+|openSearchDomainName|`string`|Domain name for the OpenSearch Service.|
 |cognitoDomainName?|`string`|Optional Cognito domain name, if provided it will be used for Cognito domain, and `openSearchDomainName` will be used for the OpenSearch Service domain.|
 |createCloudWatchAlarms?|`boolean`|Whether to create the recommended CloudWatch alarms.|
 |domainEndpointEnvironmentVariableName?|`string`|Optional name for the OpenSearch domain endpoint environment variable set for the Lambda function.|

From fcbfc34cacaffef4eb672729c1ef6a76208b7037 Mon Sep 17 00:00:00 2001
From: mickychetta <mickychetta@gmail.com>
Date: Fri, 30 Sep 2022 17:01:02 +0000
Subject: [PATCH 5/9] removed legacy elasticsearch role description

---
 .../aws-lambda-opensearch/README.md                      | 9 +--------
 1 file changed, 1 insertion(+), 8 deletions(-)

diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/README.md b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/README.md
index b61404c23..c3d47f10d 100755
--- a/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/README.md
+++ b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/README.md
@@ -25,13 +25,6 @@
 ## Overview
 This AWS Solutions Construct implements an AWS Lambda function and Amazon OpenSearch Service with the least privileged permissions.
 
-**Some cluster configurations (e.g VPC access) require the existence of the `AWSServiceRoleForAmazonOpenSearchService` Service-Linked Role in your account.**
-
-**You will need to create the service-linked role using the AWS CLI once in any account using this construct (it may have already been executed to support other stacks):**
-```
-aws iam create-service-linked-role --aws-service-name es.amazonaws.com
-```
-
 Here is a minimal deployable pattern definition:
 
 Typescript
@@ -110,7 +103,7 @@ new LambdaToOpenSearch(this, "sample",
 |lambdaFunctionProps?|[`lambda.FunctionProps`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_lambda.FunctionProps.html)|User provided props to override the default props for the Lambda function.|
 |openSearchDomainProps?|[`opensearchservice.CfnDomainProps`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_opensearchservice.CfnDomainProps.html)|Optional user provided props to override the default props for the OpenSearch Service.|
 |openSearchDomainName|`string`|Domain name for the OpenSearch Service.|
-|cognitoDomainName?|`string`|Optional Cognito domain name, if provided it will be used for Cognito domain, and `openSearchDomainName` will be used for the OpenSearch Service domain.|
+|cognitoDomainName?|`string`|Optional Amazon Cognito domain name. If omitted the Amazon Cognito domain will default to the OpenSearch Service domain name.|
 |createCloudWatchAlarms?|`boolean`|Whether to create the recommended CloudWatch alarms.|
 |domainEndpointEnvironmentVariableName?|`string`|Optional name for the OpenSearch domain endpoint environment variable set for the Lambda function.|
 |existingVpc?|[`ec2.IVpc`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ec2.IVpc.html)|An optional, existing VPC into which this pattern should be deployed. When deployed in a VPC, the Lambda function will use ENIs in the VPC to access network resources. If an existing VPC is provided, the `deployVpc` property cannot be `true`. This uses `ec2.IVpc` to allow clients to supply VPCs that exist outside the stack using the [`ec2.Vpc.fromLookup()`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ec2.Vpc.html#static-fromwbrlookupscope-id-options) method.|

From 1d012938b91c2e43d37097717bf7c178e665c910 Mon Sep 17 00:00:00 2001
From: mickychetta <mickychetta@gmail.com>
Date: Tue, 4 Oct 2022 16:59:59 +0000
Subject: [PATCH 6/9] created new construct

---
 .../aws-lambda-opensearch/.eslintignore       |    5 +
 .../aws-lambda-opensearch/.gitignore          |   16 +
 .../aws-lambda-opensearch/.npmignore          |   21 +
 .../aws-lambda-opensearch/README.md           |    8 +-
 .../aws-lambda-opensearch/lib/index.ts        |  174 ++
 .../aws-lambda-opensearch/package.json        |  103 ++
 .../test/integ.cluster-config.expected.json   |  982 +++++++++++
 .../test/integ.cluster-config.ts              |   53 +
 ...nteg.disabled-zone-awareness.expected.json |  922 +++++++++++
 .../test/integ.disabled-zone-awareness.ts     |   50 +
 .../test/integ.domain-arguments.expected.json |  675 ++++++++
 .../test/integ.domain-arguments.ts            |   40 +
 .../test/integ.existing-vpc.expected.json     | 1431 +++++++++++++++++
 .../test/integ.existing-vpc.ts                |   44 +
 .../test/integ.no-arguments.expected.json     |  675 ++++++++
 .../test/integ.no-arguments.ts                |   38 +
 .../test/integ.vpc-props.expected.json        | 1037 ++++++++++++
 .../test/integ.vpc-props.ts                   |   44 +
 .../test/lambda-opensearch.test.ts            |  583 +++++++
 .../test/lambda/index.js                      |   60 +
 .../@aws-solutions-constructs/core/index.ts   |    4 +-
 .../core/lib/cognito-helper.ts                |   15 +
 .../core/lib/opensearch-defaults.ts           |   65 +
 .../core/lib/opensearch-helper.ts             |  306 ++++
 .../core/test/opensearch-helper.test.ts       |  432 +++++
 25 files changed, 7778 insertions(+), 5 deletions(-)
 create mode 100644 source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/.eslintignore
 create mode 100644 source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/.gitignore
 create mode 100644 source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/.npmignore
 mode change 100755 => 100644 source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/README.md
 create mode 100644 source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/lib/index.ts
 create mode 100644 source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/package.json
 create mode 100644 source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.cluster-config.expected.json
 create mode 100644 source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.cluster-config.ts
 create mode 100644 source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.disabled-zone-awareness.expected.json
 create mode 100644 source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.disabled-zone-awareness.ts
 create mode 100644 source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.domain-arguments.expected.json
 create mode 100644 source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.domain-arguments.ts
 create mode 100644 source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.existing-vpc.expected.json
 create mode 100644 source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.existing-vpc.ts
 create mode 100644 source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.no-arguments.expected.json
 create mode 100644 source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.no-arguments.ts
 create mode 100644 source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.vpc-props.expected.json
 create mode 100644 source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.vpc-props.ts
 create mode 100644 source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/lambda-opensearch.test.ts
 create mode 100644 source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/lambda/index.js
 create mode 100644 source/patterns/@aws-solutions-constructs/core/lib/opensearch-defaults.ts
 create mode 100644 source/patterns/@aws-solutions-constructs/core/lib/opensearch-helper.ts
 create mode 100644 source/patterns/@aws-solutions-constructs/core/test/opensearch-helper.test.ts

diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/.eslintignore b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/.eslintignore
new file mode 100644
index 000000000..0819e2e65
--- /dev/null
+++ b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/.eslintignore
@@ -0,0 +1,5 @@
+lib/*.js
+test/*.js
+*.d.ts
+coverage
+test/lambda/index.js
\ No newline at end of file
diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/.gitignore b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/.gitignore
new file mode 100644
index 000000000..8626f2274
--- /dev/null
+++ b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/.gitignore
@@ -0,0 +1,16 @@
+lib/*.js
+test/*.js
+!test/lambda/*
+*.js.map
+*.d.ts
+node_modules
+*.generated.ts
+dist
+.jsii
+
+.LAST_BUILD
+.nyc_output
+coverage
+.nycrc
+.LAST_PACKAGE
+*.snk
\ No newline at end of file
diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/.npmignore b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/.npmignore
new file mode 100644
index 000000000..f66791629
--- /dev/null
+++ b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/.npmignore
@@ -0,0 +1,21 @@
+# Exclude typescript source and config
+*.ts
+tsconfig.json
+coverage
+.nyc_output
+*.tgz
+*.snk
+*.tsbuildinfo
+
+# Include javascript files and typescript declarations
+!*.js
+!*.d.ts
+
+# Exclude jsii outdir
+dist
+
+# Include .jsii
+!.jsii
+
+# Include .jsii
+!.jsii
\ No newline at end of file
diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/README.md b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/README.md
old mode 100755
new mode 100644
index c3d47f10d..350bf3b32
--- a/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/README.md
+++ b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/README.md
@@ -118,9 +118,9 @@ new LambdaToOpenSearch(this, "sample",
 |userPool|[`cognito.UserPool`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_cognito.UserPool.html)|Returns an instance of `cognito.UserPool` created by the construct|
 |userPoolClient|[`cognito.UserPoolClient`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_cognito.UserPoolClient.html)|Returns an instance of `cognito.UserPoolClient` created by the construct|
 |identityPool|[`cognito.CfnIdentityPool`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_cognito.CfnIdentityPool.html)|Returns an instance of `cognito.CfnIdentityPool` created by the construct|
-|opensearchDomain|[`opensearchservice.CfnDomain`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_opensearchservice.CfnDomain.html)|Returns an instance of `opensearch.CfnDomain` created by the construct|
-|opensearchRole|[`iam.Role`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_iam.Role.html)|Returns an instance of `iam.Role` created by the construct for `opensearch.CfnDomain`|
-|cloudwatchAlarms?|[`cloudwatch.Alarm[]`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_cloudwatch.Alarm.html)|Returns a list of `cloudwatch.Alarm` created by the construct|
+|openSearchDomain|[`opensearchservice.CfnDomain`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_opensearchservice.CfnDomain.html)|Returns an instance of `opensearch.CfnDomain` created by the construct|
+|openSearchRole|[`iam.Role`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_iam.Role.html)|Returns an instance of `iam.Role` created by the construct for `opensearch.CfnDomain`|
+|cloudWatchAlarms?|[`cloudwatch.Alarm[]`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_cloudwatch.Alarm.html)|Returns a list of `cloudwatch.Alarm` created by the construct|
 |vpc?|[`ec2.IVpc`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ec2.IVpc.html)|Returns an interface on the VPC used by the pattern (if any). This may be a VPC created by the pattern or the VPC supplied to the pattern constructor.|
 
 ## Lambda Function
@@ -145,7 +145,7 @@ Out of the box implementation of the Construct without any overrides will set th
 
 ### Amazon OpenSearch Service
 * Deploy best practices CloudWatch Alarms for the OpenSearch Service domain
-* Secure the Kibana dashboard access with Cognito User Pools
+* Secure the OpenSearch Service dashboard access with Cognito User Pools
 * Enable server-side encryption for OpenSearch Service domain using AWS managed KMS Key
 * Enable node-to-node encryption for the OpenSearch Service domain
 * Configure the cluster for the OpenSearch Service domain
diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/lib/index.ts b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/lib/index.ts
new file mode 100644
index 000000000..de61df4a6
--- /dev/null
+++ b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/lib/index.ts
@@ -0,0 +1,174 @@
+/**
+ *  Copyright 2022 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance
+ *  with the License. A copy of the License is located at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES
+ *  OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions
+ *  and limitations under the License.
+ */
+
+import * as opensearch from 'aws-cdk-lib/aws-opensearchservice';
+import * as lambda from 'aws-cdk-lib/aws-lambda';
+import * as iam from 'aws-cdk-lib/aws-iam';
+import * as cognito from 'aws-cdk-lib/aws-cognito';
+import * as cloudwatch from 'aws-cdk-lib/aws-cloudwatch';
+import * as ec2 from 'aws-cdk-lib/aws-ec2';
+import * as defaults from '@aws-solutions-constructs/core';
+// Note: To ensure CDKv2 compatibility, keep the import statement for Construct separate
+import { Construct } from 'constructs';
+
+/**
+ * @summary The properties for the CognitoToApiGatewayToLambda Construct
+ */
+export interface LambdaToOpenSearchProps {
+  /**
+   * Existing instance of Lambda Function object, providing both this and `lambdaFunctionProps` will cause an error.
+   *
+   * @default - None
+   */
+  readonly existingLambdaObj?: lambda.Function;
+  /**
+   * User provided props to override the default props for the Lambda function.
+   *
+   * @default - Default props are used
+   */
+  readonly lambdaFunctionProps?: lambda.FunctionProps;
+  /**
+   * Optional user provided props to override the default props for the OpenSearch Service.
+   *
+   * @default - Default props are used
+   */
+  readonly openSearchDomainProps?: opensearch.CfnDomainProps;
+  /**
+   * Domain name for the OpenSearch Service.
+   *
+   * @default - None
+   */
+  readonly openSearchDomainName: string;
+  /**
+   * Optional Amazon Cognito domain name. If omitted the Amazon Cognito domain will default to the OpenSearch Service domain name.
+   *
+   * @default - None
+   */
+  readonly cognitoDomainName?: string;
+  /**
+   * Whether to create recommended CloudWatch alarms
+   *
+   * @default - Alarms are created
+   */
+  readonly createCloudWatchAlarms?: boolean;
+  /**
+   * Optional Name for the Lambda function environment variable set to the domain endpoint.
+   *
+   * @default - DOMAIN_ENDPOINT
+   */
+  readonly domainEndpointEnvironmentVariableName?: string;
+  /**
+   * An existing VPC for the construct to use (construct will NOT create a new VPC in this case)
+   *
+   * @default - None
+   */
+  readonly existingVpc?: ec2.IVpc;
+  /**
+   * Properties to override default properties if deployVpc is true
+   *
+   * @default - DefaultIsolatedVpcProps() in vpc-defaults.ts
+   */
+  readonly vpcProps?: ec2.VpcProps;
+  /**
+   * Whether to deploy a new VPC
+   *
+   * @default - false
+   */
+  readonly deployVpc?: boolean;
+}
+
+export class LambdaToOpenSearch extends Construct {
+  public readonly lambdaFunction: lambda.Function;
+  public readonly userPool: cognito.UserPool;
+  public readonly userPoolClient: cognito.UserPoolClient;
+  public readonly identityPool: cognito.CfnIdentityPool;
+  public readonly openSearchDomain: opensearch.CfnDomain;
+  public readonly openSearchRole: iam.Role;
+  public readonly cloudWatchAlarms?: cloudwatch.Alarm[];
+  public readonly vpc?: ec2.IVpc;
+
+  /**
+   * @summary Constructs a new instance of the LambdaToOpenSearch class.
+   * @param {cdk.App} scope - represents the scope for all the resources.
+   * @param {string} id - this is a a scope-unique id.
+   * @param {LambdaToOpenSearchProps} props - user provided props for the construct
+   * @since 0.8.0
+   * @access public
+   */
+  constructor(scope: Construct, id: string, props: LambdaToOpenSearchProps) {
+    super(scope, id);
+    defaults.CheckProps(props);
+
+    if (props.vpcProps && !props.deployVpc) {
+      throw new Error("Error - deployVpc must be true when defining vpcProps");
+    }
+
+    if (props.lambdaFunctionProps?.vpc || props.lambdaFunctionProps?.vpcSubnets) {
+      throw new Error("Error - Define VPC using construct parameters not Lambda function props");
+    }
+
+    if (props.openSearchDomainProps?.vpcOptions) {
+      throw new Error("Error - Define VPC using construct parameters not the OpenSearch Service props");
+    }
+
+    if (props.deployVpc || props.existingVpc) {
+      this.vpc = defaults.buildVpc(scope, {
+        defaultVpcProps: defaults.DefaultIsolatedVpcProps(),
+        existingVpc: props.existingVpc,
+        userVpcProps: props.vpcProps,
+        constructVpcProps: {
+          enableDnsHostnames: true,
+          enableDnsSupport: true,
+        },
+      });
+    }
+
+    this.lambdaFunction = defaults.buildLambdaFunction(this, {
+      existingLambdaObj: props.existingLambdaObj,
+      lambdaFunctionProps: props.lambdaFunctionProps,
+      vpc: this.vpc
+    });
+
+    // Find the lambda service Role ARN
+    const lambdaFunctionRoleARN = this.lambdaFunction.role?.roleArn;
+
+    let cognitoAuthorizedRole: iam.Role;
+
+    [this.userPool, this.userPoolClient, this.identityPool, cognitoAuthorizedRole] =
+      defaults.setupOpenSearchCognito(this, props.cognitoDomainName ?? props.openSearchDomainName);
+
+    const buildOpenSearchProps: any = {
+      userpool: this.userPool,
+      identitypool: this.identityPool,
+      cognitoAuthorizedRoleARN: cognitoAuthorizedRole.roleArn,
+      serviceRoleARN: lambdaFunctionRoleARN,
+      vpc: this.vpc,
+      openSearchDomainName: props.openSearchDomainName,
+      clientDomainProps: props.openSearchDomainProps
+    };
+
+    if (this.vpc) {
+      const securityGroupIds = defaults.getLambdaVpcSecurityGroupIds(this.lambdaFunction);
+      buildOpenSearchProps.securityGroupIds = securityGroupIds;
+    }
+
+    [this.openSearchDomain, this.openSearchRole] = defaults.buildOpenSearch(this, buildOpenSearchProps);
+
+    if (props.createCloudWatchAlarms === undefined || props.createCloudWatchAlarms) {
+      this.cloudWatchAlarms = defaults.buildOpenSearchCWAlarms(this);
+    }
+
+    const domainEndpointEnvironmentVariableName = props.domainEndpointEnvironmentVariableName || 'DOMAIN_ENDPOINT';
+    this.lambdaFunction.addEnvironment(domainEndpointEnvironmentVariableName, this.openSearchDomain.attrDomainEndpoint);
+  }
+}
\ No newline at end of file
diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/package.json b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/package.json
new file mode 100644
index 000000000..a2e9b909f
--- /dev/null
+++ b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/package.json
@@ -0,0 +1,103 @@
+{
+    "name": "@aws-solutions-constructs/aws-lambda-opensearch",
+    "version": "0.0.0",
+    "description": "CDK Constructs for AWS Lambda to Amazon OpenSearch Service",
+    "main": "lib/index.js",
+    "types": "lib/index.d.ts",
+    "repository": {
+      "type": "git",
+      "url": "https://github.com/awslabs/aws-solutions-constructs.git",
+      "directory": "source/patterns/@aws-solutions-constructs/aws-lambda-opensearch"
+    },
+    "author": {
+      "name": "Amazon Web Services",
+      "url": "https://aws.amazon.com",
+      "organization": true
+    },
+    "license": "Apache-2.0",
+    "scripts": {
+      "build": "tsc -b .",
+      "lint": "eslint -c ../eslintrc.yml --ext=.js,.ts . && tslint --project .",
+      "lint-fix": "eslint -c ../eslintrc.yml --ext=.js,.ts --fix .",
+      "test": "jest --coverage",
+      "clean": "tsc -b --clean",
+      "watch": "tsc -b -w",
+      "integ": "cdk-integ",
+      "integ-no-clean": "cdk-integ --no-clean",
+      "integ-assert": "cdk-integ-assert",
+      "jsii": "jsii",
+      "jsii-pacmak": "jsii-pacmak",
+      "build+lint+test": "npm run jsii && npm run lint && npm test && npm run integ-assert",
+      "snapshot-update": "npm run jsii && npm test -- -u && npm run integ-assert"
+    },
+    "jsii": {
+      "outdir": "dist",
+      "targets": {
+        "java": {
+          "package": "software.amazon.awsconstructs.services.lambdaopensearch",
+          "maven": {
+            "groupId": "software.amazon.awsconstructs",
+            "artifactId": "lambdaopensearch"
+          }
+        },
+        "dotnet": {
+          "namespace": "Amazon.SolutionsConstructs.AWS.LambdaOpenSearch",
+          "packageId": "Amazon.SolutionsConstructs.AWS.LambdaOpenSearch",
+          "signAssembly": true,
+          "iconUrl": "https://raw.githubusercontent.com/aws/aws-cdk/master/logo/default-256-dark.png"
+        },
+        "python": {
+          "distName": "aws-solutions-constructs.aws-lambda-opensearch",
+          "module": "aws_solutions_constructs.aws_lambda_opensearch"
+        }
+      }
+    },
+    "dependencies": {
+      "@aws-cdk/aws-lambda": "0.0.0",
+      "@aws-cdk/core": "0.0.0",
+      "@aws-cdk/aws-cognito": "0.0.0",
+      "@aws-cdk/aws-ec2": "0.0.0",
+      "@aws-cdk/aws-opensearchservice": "0.0.0",
+      "@aws-cdk/aws-iam": "0.0.0",
+      "@aws-cdk/aws-cloudwatch": "0.0.0",
+      "@aws-solutions-constructs/core": "0.0.0",
+      "constructs": "^3.2.0"
+    },
+    "devDependencies": {
+      "@aws-cdk/assert": "0.0.0",
+      "@types/jest": "^27.4.0",
+      "@types/node": "^10.3.0"
+    },
+    "jest": {
+      "moduleFileExtensions": [
+        "js"
+      ],
+      "coverageReporters": [
+        "text",
+        [
+          "lcov",
+          {
+            "projectRoot": "../../../../"
+          }
+        ]
+      ]
+    },
+    "peerDependencies": {
+      "@aws-cdk/aws-lambda": "0.0.0",
+      "@aws-cdk/core": "0.0.0",
+      "@aws-cdk/aws-cognito": "0.0.0",
+      "@aws-cdk/aws-opensearchservice": "0.0.0",
+      "@aws-solutions-constructs/core": "0.0.0",
+      "@aws-cdk/aws-iam": "0.0.0",
+      "@aws-cdk/aws-cloudwatch": "0.0.0",
+      "constructs": "^3.2.0"
+    },
+    "keywords": [
+      "aws",
+      "cdk",
+      "awscdk",
+      "AWS Solutions Constructs",
+      "Amazon OpenSearch Service",
+      "AWS Lambda"
+    ]
+  }
\ No newline at end of file
diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.cluster-config.expected.json b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.cluster-config.expected.json
new file mode 100644
index 000000000..a5105b28f
--- /dev/null
+++ b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.cluster-config.expected.json
@@ -0,0 +1,982 @@
+{
+  "Resources": {
+    "testlambdaopensearchLambdaFunctionServiceRole4722AB8A": {
+      "Type": "AWS::IAM::Role",
+      "Properties": {
+        "AssumeRolePolicyDocument": {
+          "Statement": [
+            {
+              "Action": "sts:AssumeRole",
+              "Effect": "Allow",
+              "Principal": {
+                "Service": "lambda.amazonaws.com"
+              }
+            }
+          ],
+          "Version": "2012-10-17"
+        },
+        "Policies": [
+          {
+            "PolicyDocument": {
+              "Statement": [
+                {
+                  "Action": [
+                    "logs:CreateLogGroup",
+                    "logs:CreateLogStream",
+                    "logs:PutLogEvents"
+                  ],
+                  "Effect": "Allow",
+                  "Resource": {
+                    "Fn::Join": [
+                      "",
+                      [
+                        "arn:",
+                        {
+                          "Ref": "AWS::Partition"
+                        },
+                        ":logs:",
+                        {
+                          "Ref": "AWS::Region"
+                        },
+                        ":",
+                        {
+                          "Ref": "AWS::AccountId"
+                        },
+                        ":log-group:/aws/lambda/*"
+                      ]
+                    ]
+                  }
+                }
+              ],
+              "Version": "2012-10-17"
+            },
+            "PolicyName": "LambdaFunctionServiceRolePolicy"
+          }
+        ]
+      }
+    },
+    "testlambdaopensearchLambdaFunctionServiceRoleDefaultPolicy78C56359": {
+      "Type": "AWS::IAM::Policy",
+      "Properties": {
+        "PolicyDocument": {
+          "Statement": [
+            {
+              "Action": [
+                "ec2:CreateNetworkInterface",
+                "ec2:DescribeNetworkInterfaces",
+                "ec2:DeleteNetworkInterface",
+                "ec2:AssignPrivateIpAddresses",
+                "ec2:UnassignPrivateIpAddresses"
+              ],
+              "Effect": "Allow",
+              "Resource": "*"
+            },
+            {
+              "Action": [
+                "xray:PutTraceSegments",
+                "xray:PutTelemetryRecords"
+              ],
+              "Effect": "Allow",
+              "Resource": "*"
+            }
+          ],
+          "Version": "2012-10-17"
+        },
+        "PolicyName": "testlambdaopensearchLambdaFunctionServiceRoleDefaultPolicy78C56359",
+        "Roles": [
+          {
+            "Ref": "testlambdaopensearchLambdaFunctionServiceRole4722AB8A"
+          }
+        ]
+      },
+      "Metadata": {
+        "cfn_nag": {
+          "rules_to_suppress": [
+            {
+              "id": "W12",
+              "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC."
+            }
+          ]
+        }
+      }
+    },
+    "testlambdaopensearchReplaceDefaultSecurityGroupsecuritygroupB44718EC": {
+      "Type": "AWS::EC2::SecurityGroup",
+      "Properties": {
+        "GroupDescription": "cluster-config/test-lambda-opensearch/ReplaceDefaultSecurityGroup-security-group",
+        "SecurityGroupEgress": [
+          {
+            "CidrIp": "0.0.0.0/0",
+            "Description": "Allow all outbound traffic by default",
+            "IpProtocol": "-1"
+          }
+        ],
+        "VpcId": {
+          "Ref": "Vpc8378EB38"
+        }
+      },
+      "Metadata": {
+        "cfn_nag": {
+          "rules_to_suppress": [
+            {
+              "id": "W5",
+              "reason": "Egress of 0.0.0.0/0 is default and generally considered OK"
+            },
+            {
+              "id": "W40",
+              "reason": "Egress IPProtocol of -1 is default and generally considered OK"
+            }
+          ]
+        }
+      }
+    },
+    "testlambdaopensearchLambdaFunction93FD38F7": {
+      "Type": "AWS::Lambda::Function",
+      "Properties": {
+        "Code": {
+          "S3Bucket": {
+            "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
+          },
+          "S3Key": "466cbfc6653782bd2707dec5bc5c58005c75a8bff3660a58eefa57d667120240.zip"
+        },
+        "Role": {
+          "Fn::GetAtt": [
+            "testlambdaopensearchLambdaFunctionServiceRole4722AB8A",
+            "Arn"
+          ]
+        },
+        "Environment": {
+          "Variables": {
+            "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1",
+            "DOMAIN_ENDPOINT": {
+              "Fn::GetAtt": [
+                "testlambdaopensearchOpenSearchDomainF9CCC3D3",
+                "DomainEndpoint"
+              ]
+            }
+          }
+        },
+        "Handler": "index.handler",
+        "Runtime": "nodejs14.x",
+        "TracingConfig": {
+          "Mode": "Active"
+        },
+        "VpcConfig": {
+          "SecurityGroupIds": [
+            {
+              "Fn::GetAtt": [
+                "testlambdaopensearchReplaceDefaultSecurityGroupsecuritygroupB44718EC",
+                "GroupId"
+              ]
+            }
+          ],
+          "SubnetIds": [
+            {
+              "Ref": "VpcisolatedSubnet1SubnetE62B1B9B"
+            },
+            {
+              "Ref": "VpcisolatedSubnet2Subnet39217055"
+            }
+          ]
+        }
+      },
+      "DependsOn": [
+        "testlambdaopensearchLambdaFunctionServiceRoleDefaultPolicy78C56359",
+        "testlambdaopensearchLambdaFunctionServiceRole4722AB8A",
+        "VpcisolatedSubnet1RouteTableAssociationD259E31A",
+        "VpcisolatedSubnet2RouteTableAssociation25A4716F"
+      ],
+      "Metadata": {
+        "cfn_nag": {
+          "rules_to_suppress": [
+            {
+              "id": "W58",
+              "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions."
+            },
+            {
+              "id": "W89",
+              "reason": "This is not a rule for the general case, just for specific use cases/industries"
+            },
+            {
+              "id": "W92",
+              "reason": "Impossible for us to define the correct concurrency for clients"
+            }
+          ]
+        }
+      }
+    },
+    "testlambdaopensearchCognitoUserPoolA09096F9": {
+      "Type": "AWS::Cognito::UserPool",
+      "Properties": {
+        "AccountRecoverySetting": {
+          "RecoveryMechanisms": [
+            {
+              "Name": "verified_phone_number",
+              "Priority": 1
+            },
+            {
+              "Name": "verified_email",
+              "Priority": 2
+            }
+          ]
+        },
+        "AdminCreateUserConfig": {
+          "AllowAdminCreateUserOnly": true
+        },
+        "EmailVerificationMessage": "The verification code to your new account is {####}",
+        "EmailVerificationSubject": "Verify your new account",
+        "SmsVerificationMessage": "The verification code to your new account is {####}",
+        "UserPoolAddOns": {
+          "AdvancedSecurityMode": "ENFORCED"
+        },
+        "VerificationMessageTemplate": {
+          "DefaultEmailOption": "CONFIRM_WITH_CODE",
+          "EmailMessage": "The verification code to your new account is {####}",
+          "EmailSubject": "Verify your new account",
+          "SmsMessage": "The verification code to your new account is {####}"
+        }
+      },
+      "UpdateReplacePolicy": "Retain",
+      "DeletionPolicy": "Retain"
+    },
+    "testlambdaopensearchCognitoUserPoolClient39C21D94": {
+      "Type": "AWS::Cognito::UserPoolClient",
+      "Properties": {
+        "UserPoolId": {
+          "Ref": "testlambdaopensearchCognitoUserPoolA09096F9"
+        },
+        "AllowedOAuthFlows": [
+          "implicit",
+          "code"
+        ],
+        "AllowedOAuthFlowsUserPoolClient": true,
+        "AllowedOAuthScopes": [
+          "profile",
+          "phone",
+          "email",
+          "openid",
+          "aws.cognito.signin.user.admin"
+        ],
+        "CallbackURLs": [
+          "https://example.com"
+        ],
+        "SupportedIdentityProviders": [
+          "COGNITO"
+        ]
+      }
+    },
+    "testlambdaopensearchCognitoIdentityPool0B1FB311": {
+      "Type": "AWS::Cognito::IdentityPool",
+      "Properties": {
+        "AllowUnauthenticatedIdentities": false,
+        "CognitoIdentityProviders": [
+          {
+            "ClientId": {
+              "Ref": "testlambdaopensearchCognitoUserPoolClient39C21D94"
+            },
+            "ProviderName": {
+              "Fn::GetAtt": [
+                "testlambdaopensearchCognitoUserPoolA09096F9",
+                "ProviderName"
+              ]
+            },
+            "ServerSideTokenCheck": true
+          }
+        ]
+      }
+    },
+    "testlambdaopensearchUserPoolDomain98864920": {
+      "Type": "AWS::Cognito::UserPoolDomain",
+      "Properties": {
+        "Domain": "deploytestwithclusterconfig",
+        "UserPoolId": {
+          "Ref": "testlambdaopensearchCognitoUserPoolA09096F9"
+        }
+      },
+      "DependsOn": [
+        "testlambdaopensearchCognitoUserPoolA09096F9"
+      ]
+    },
+    "testlambdaopensearchCognitoAuthorizedRole58A1ED44": {
+      "Type": "AWS::IAM::Role",
+      "Properties": {
+        "AssumeRolePolicyDocument": {
+          "Statement": [
+            {
+              "Action": "sts:AssumeRoleWithWebIdentity",
+              "Condition": {
+                "StringEquals": {
+                  "cognito-identity.amazonaws.com:aud": {
+                    "Ref": "testlambdaopensearchCognitoIdentityPool0B1FB311"
+                  }
+                },
+                "ForAnyValue:StringLike": {
+                  "cognito-identity.amazonaws.com:amr": "authenticated"
+                }
+              },
+              "Effect": "Allow",
+              "Principal": {
+                "Federated": "cognito-identity.amazonaws.com"
+              }
+            }
+          ],
+          "Version": "2012-10-17"
+        },
+        "Policies": [
+          {
+            "PolicyDocument": {
+              "Statement": [
+                {
+                  "Action": "es:ESHttp*",
+                  "Effect": "Allow",
+                  "Resource": {
+                    "Fn::Join": [
+                      "",
+                      [
+                        "arn:",
+                        {
+                          "Ref": "AWS::Partition"
+                        },
+                        ":es:",
+                        {
+                          "Ref": "AWS::Region"
+                        },
+                        ":",
+                        {
+                          "Ref": "AWS::AccountId"
+                        },
+                        ":domain/deploytestwithclusterconfig/*"
+                      ]
+                    ]
+                  }
+                }
+              ],
+              "Version": "2012-10-17"
+            },
+            "PolicyName": "CognitoAccessPolicy"
+          }
+        ]
+      }
+    },
+    "testlambdaopensearchIdentityPoolRoleMappingD8C765B1": {
+      "Type": "AWS::Cognito::IdentityPoolRoleAttachment",
+      "Properties": {
+        "IdentityPoolId": {
+          "Ref": "testlambdaopensearchCognitoIdentityPool0B1FB311"
+        },
+        "Roles": {
+          "authenticated": {
+            "Fn::GetAtt": [
+              "testlambdaopensearchCognitoAuthorizedRole58A1ED44",
+              "Arn"
+            ]
+          }
+        }
+      }
+    },
+    "testlambdaopensearchCognitoKibanaConfigureRole9623271F": {
+      "Type": "AWS::IAM::Role",
+      "Properties": {
+        "AssumeRolePolicyDocument": {
+          "Statement": [
+            {
+              "Action": "sts:AssumeRole",
+              "Effect": "Allow",
+              "Principal": {
+                "Service": "es.amazonaws.com"
+              }
+            }
+          ],
+          "Version": "2012-10-17"
+        }
+      }
+    },
+    "testlambdaopensearchCognitoKibanaConfigureRolePolicyE9D9C211": {
+      "Type": "AWS::IAM::Policy",
+      "Properties": {
+        "PolicyDocument": {
+          "Statement": [
+            {
+              "Action": [
+                "cognito-idp:DescribeUserPool",
+                "cognito-idp:CreateUserPoolClient",
+                "cognito-idp:DeleteUserPoolClient",
+                "cognito-idp:DescribeUserPoolClient",
+                "cognito-idp:AdminInitiateAuth",
+                "cognito-idp:AdminUserGlobalSignOut",
+                "cognito-idp:ListUserPoolClients",
+                "cognito-identity:DescribeIdentityPool",
+                "cognito-identity:UpdateIdentityPool",
+                "cognito-identity:SetIdentityPoolRoles",
+                "cognito-identity:GetIdentityPoolRoles",
+                "es:UpdateDomainConfig"
+              ],
+              "Effect": "Allow",
+              "Resource": [
+                {
+                  "Fn::GetAtt": [
+                    "testlambdaopensearchCognitoUserPoolA09096F9",
+                    "Arn"
+                  ]
+                },
+                {
+                  "Fn::Join": [
+                    "",
+                    [
+                      "arn:aws:cognito-identity:",
+                      {
+                        "Ref": "AWS::Region"
+                      },
+                      ":",
+                      {
+                        "Ref": "AWS::AccountId"
+                      },
+                      ":identitypool/",
+                      {
+                        "Ref": "testlambdaopensearchCognitoIdentityPool0B1FB311"
+                      }
+                    ]
+                  ]
+                },
+                {
+                  "Fn::Join": [
+                    "",
+                    [
+                      "arn:aws:es:",
+                      {
+                        "Ref": "AWS::Region"
+                      },
+                      ":",
+                      {
+                        "Ref": "AWS::AccountId"
+                      },
+                      ":domain/deploytestwithclusterconfig"
+                    ]
+                  ]
+                }
+              ]
+            },
+            {
+              "Action": "iam:PassRole",
+              "Condition": {
+                "StringLike": {
+                  "iam:PassedToService": "cognito-identity.amazonaws.com"
+                }
+              },
+              "Effect": "Allow",
+              "Resource": {
+                "Fn::GetAtt": [
+                  "testlambdaopensearchCognitoKibanaConfigureRole9623271F",
+                  "Arn"
+                ]
+              }
+            }
+          ],
+          "Version": "2012-10-17"
+        },
+        "PolicyName": "testlambdaopensearchCognitoKibanaConfigureRolePolicyE9D9C211",
+        "Roles": [
+          {
+            "Ref": "testlambdaopensearchCognitoKibanaConfigureRole9623271F"
+          }
+        ]
+      }
+    },
+    "testlambdaopensearchOpenSearchDomainF9CCC3D3": {
+      "Type": "AWS::OpenSearchService::Domain",
+      "Properties": {
+        "AccessPolicies": {
+          "Statement": [
+            {
+              "Action": "es:ESHttp*",
+              "Effect": "Allow",
+              "Principal": {
+                "AWS": [
+                  {
+                    "Fn::GetAtt": [
+                      "testlambdaopensearchCognitoAuthorizedRole58A1ED44",
+                      "Arn"
+                    ]
+                  },
+                  {
+                    "Fn::GetAtt": [
+                      "testlambdaopensearchLambdaFunctionServiceRole4722AB8A",
+                      "Arn"
+                    ]
+                  }
+                ]
+              },
+              "Resource": {
+                "Fn::Join": [
+                  "",
+                  [
+                    "arn:aws:es:",
+                    {
+                      "Ref": "AWS::Region"
+                    },
+                    ":",
+                    {
+                      "Ref": "AWS::AccountId"
+                    },
+                    ":domain/deploytestwithclusterconfig/*"
+                  ]
+                ]
+              }
+            }
+          ],
+          "Version": "2012-10-17"
+        },
+        "ClusterConfig": {
+          "DedicatedMasterCount": 3,
+          "DedicatedMasterEnabled": true,
+          "InstanceCount": 2,
+          "ZoneAwarenessConfig": {
+            "AvailabilityZoneCount": 2
+          },
+          "ZoneAwarenessEnabled": true
+        },
+        "CognitoOptions": {
+          "Enabled": true,
+          "IdentityPoolId": {
+            "Ref": "testlambdaopensearchCognitoIdentityPool0B1FB311"
+          },
+          "RoleArn": {
+            "Fn::GetAtt": [
+              "testlambdaopensearchCognitoKibanaConfigureRole9623271F",
+              "Arn"
+            ]
+          },
+          "UserPoolId": {
+            "Ref": "testlambdaopensearchCognitoUserPoolA09096F9"
+          }
+        },
+        "DomainName": "deploytestwithclusterconfig",
+        "EBSOptions": {
+          "EBSEnabled": true,
+          "VolumeSize": 10
+        },
+        "EncryptionAtRestOptions": {
+          "Enabled": true
+        },
+        "EngineVersion": "OpenSearch_1.3",
+        "NodeToNodeEncryptionOptions": {
+          "Enabled": true
+        },
+        "SnapshotOptions": {
+          "AutomatedSnapshotStartHour": 1
+        },
+        "VPCOptions": {
+          "SecurityGroupIds": [
+            {
+              "Fn::GetAtt": [
+                "testlambdaopensearchReplaceDefaultSecurityGroupsecuritygroupB44718EC",
+                "GroupId"
+              ]
+            }
+          ],
+          "SubnetIds": [
+            {
+              "Ref": "VpcisolatedSubnet1SubnetE62B1B9B"
+            },
+            {
+              "Ref": "VpcisolatedSubnet2Subnet39217055"
+            }
+          ]
+        }
+      },
+      "Metadata": {
+        "cfn_nag": {
+          "rules_to_suppress": [
+            {
+              "id": "W28",
+              "reason": "The OpenSearch Service domain is passed dynamically as as parameter and explicitly specified to ensure that IAM policies are configured to lockdown access to this specific OpenSearch Service instance only"
+            },
+            {
+              "id": "W90",
+              "reason": "This is not a rule for the general case, just for specific use cases/industries"
+            }
+          ]
+        }
+      }
+    },
+    "testlambdaopensearchStatusRedAlarm1627144D": {
+      "Type": "AWS::CloudWatch::Alarm",
+      "Properties": {
+        "ComparisonOperator": "GreaterThanOrEqualToThreshold",
+        "EvaluationPeriods": 1,
+        "AlarmDescription": "At least one primary shard and its replicas are not allocated to a node. ",
+        "MetricName": "ClusterStatus.red",
+        "Namespace": "AWS/ES",
+        "Period": 60,
+        "Statistic": "Maximum",
+        "Threshold": 1
+      }
+    },
+    "testlambdaopensearchStatusYellowAlarm57139CF0": {
+      "Type": "AWS::CloudWatch::Alarm",
+      "Properties": {
+        "ComparisonOperator": "GreaterThanOrEqualToThreshold",
+        "EvaluationPeriods": 1,
+        "AlarmDescription": "At least one replica shard is not allocated to a node.",
+        "MetricName": "ClusterStatus.yellow",
+        "Namespace": "AWS/ES",
+        "Period": 60,
+        "Statistic": "Maximum",
+        "Threshold": 1
+      }
+    },
+    "testlambdaopensearchFreeStorageSpaceTooLowAlarm6A5E1E96": {
+      "Type": "AWS::CloudWatch::Alarm",
+      "Properties": {
+        "ComparisonOperator": "LessThanOrEqualToThreshold",
+        "EvaluationPeriods": 1,
+        "AlarmDescription": "A node in your cluster is down to 20 GiB of free storage space.",
+        "MetricName": "FreeStorageSpace",
+        "Namespace": "AWS/ES",
+        "Period": 60,
+        "Statistic": "Minimum",
+        "Threshold": 20000
+      }
+    },
+    "testlambdaopensearchIndexWritesBlockedTooHighAlarmD2E041A3": {
+      "Type": "AWS::CloudWatch::Alarm",
+      "Properties": {
+        "ComparisonOperator": "GreaterThanOrEqualToThreshold",
+        "EvaluationPeriods": 1,
+        "AlarmDescription": "Your cluster is blocking write requests.",
+        "MetricName": "ClusterIndexWritesBlocked",
+        "Namespace": "AWS/ES",
+        "Period": 300,
+        "Statistic": "Maximum",
+        "Threshold": 1
+      }
+    },
+    "testlambdaopensearchAutomatedSnapshotFailureTooHighAlarm9A4D0B1F": {
+      "Type": "AWS::CloudWatch::Alarm",
+      "Properties": {
+        "ComparisonOperator": "GreaterThanOrEqualToThreshold",
+        "EvaluationPeriods": 1,
+        "AlarmDescription": "An automated snapshot failed. This failure is often the result of a red cluster health status.",
+        "MetricName": "AutomatedSnapshotFailure",
+        "Namespace": "AWS/ES",
+        "Period": 60,
+        "Statistic": "Maximum",
+        "Threshold": 1
+      }
+    },
+    "testlambdaopensearchCPUUtilizationTooHighAlarmC4850758": {
+      "Type": "AWS::CloudWatch::Alarm",
+      "Properties": {
+        "ComparisonOperator": "GreaterThanOrEqualToThreshold",
+        "EvaluationPeriods": 3,
+        "AlarmDescription": "100% CPU utilization is not uncommon, but sustained high usage is problematic. Consider using larger instance types or adding instances.",
+        "MetricName": "CPUUtilization",
+        "Namespace": "AWS/ES",
+        "Period": 900,
+        "Statistic": "Average",
+        "Threshold": 80
+      }
+    },
+    "testlambdaopensearchJVMMemoryPressureTooHighAlarmEFB09A7C": {
+      "Type": "AWS::CloudWatch::Alarm",
+      "Properties": {
+        "ComparisonOperator": "GreaterThanOrEqualToThreshold",
+        "EvaluationPeriods": 1,
+        "AlarmDescription": "Average JVM memory pressure over last 15 minutes too high. Consider scaling vertically.",
+        "MetricName": "JVMMemoryPressure",
+        "Namespace": "AWS/ES",
+        "Period": 900,
+        "Statistic": "Average",
+        "Threshold": 80
+      }
+    },
+    "testlambdaopensearchMasterCPUUtilizationTooHighAlarm124D5748": {
+      "Type": "AWS::CloudWatch::Alarm",
+      "Properties": {
+        "ComparisonOperator": "GreaterThanOrEqualToThreshold",
+        "EvaluationPeriods": 3,
+        "AlarmDescription": "Average CPU utilization over last 45 minutes too high. Consider using larger instance types for your dedicated master nodes.",
+        "MetricName": "MasterCPUUtilization",
+        "Namespace": "AWS/ES",
+        "Period": 900,
+        "Statistic": "Average",
+        "Threshold": 50
+      }
+    },
+    "testlambdaopensearchMasterJVMMemoryPressureTooHighAlarmBC9524D3": {
+      "Type": "AWS::CloudWatch::Alarm",
+      "Properties": {
+        "ComparisonOperator": "GreaterThanOrEqualToThreshold",
+        "EvaluationPeriods": 1,
+        "AlarmDescription": "Average JVM memory pressure over last 15 minutes too high. Consider scaling vertically.",
+        "MetricName": "MasterJVMMemoryPressure",
+        "Namespace": "AWS/ES",
+        "Period": 900,
+        "Statistic": "Average",
+        "Threshold": 50
+      }
+    },
+    "Vpc8378EB38": {
+      "Type": "AWS::EC2::VPC",
+      "Properties": {
+        "CidrBlock": "10.0.0.0/16",
+        "EnableDnsHostnames": true,
+        "EnableDnsSupport": true,
+        "InstanceTenancy": "default",
+        "Tags": [
+          {
+            "Key": "Name",
+            "Value": "cluster-config/Vpc"
+          }
+        ]
+      }
+    },
+    "VpcisolatedSubnet1SubnetE62B1B9B": {
+      "Type": "AWS::EC2::Subnet",
+      "Properties": {
+        "VpcId": {
+          "Ref": "Vpc8378EB38"
+        },
+        "AvailabilityZone": "test-region-1a",
+        "CidrBlock": "10.0.0.0/18",
+        "MapPublicIpOnLaunch": false,
+        "Tags": [
+          {
+            "Key": "aws-cdk:subnet-name",
+            "Value": "isolated"
+          },
+          {
+            "Key": "aws-cdk:subnet-type",
+            "Value": "Isolated"
+          },
+          {
+            "Key": "Name",
+            "Value": "cluster-config/Vpc/isolatedSubnet1"
+          }
+        ]
+      }
+    },
+    "VpcisolatedSubnet1RouteTableE442650B": {
+      "Type": "AWS::EC2::RouteTable",
+      "Properties": {
+        "VpcId": {
+          "Ref": "Vpc8378EB38"
+        },
+        "Tags": [
+          {
+            "Key": "Name",
+            "Value": "cluster-config/Vpc/isolatedSubnet1"
+          }
+        ]
+      }
+    },
+    "VpcisolatedSubnet1RouteTableAssociationD259E31A": {
+      "Type": "AWS::EC2::SubnetRouteTableAssociation",
+      "Properties": {
+        "RouteTableId": {
+          "Ref": "VpcisolatedSubnet1RouteTableE442650B"
+        },
+        "SubnetId": {
+          "Ref": "VpcisolatedSubnet1SubnetE62B1B9B"
+        }
+      }
+    },
+    "VpcisolatedSubnet2Subnet39217055": {
+      "Type": "AWS::EC2::Subnet",
+      "Properties": {
+        "VpcId": {
+          "Ref": "Vpc8378EB38"
+        },
+        "AvailabilityZone": "test-region-1b",
+        "CidrBlock": "10.0.64.0/18",
+        "MapPublicIpOnLaunch": false,
+        "Tags": [
+          {
+            "Key": "aws-cdk:subnet-name",
+            "Value": "isolated"
+          },
+          {
+            "Key": "aws-cdk:subnet-type",
+            "Value": "Isolated"
+          },
+          {
+            "Key": "Name",
+            "Value": "cluster-config/Vpc/isolatedSubnet2"
+          }
+        ]
+      }
+    },
+    "VpcisolatedSubnet2RouteTable334F9764": {
+      "Type": "AWS::EC2::RouteTable",
+      "Properties": {
+        "VpcId": {
+          "Ref": "Vpc8378EB38"
+        },
+        "Tags": [
+          {
+            "Key": "Name",
+            "Value": "cluster-config/Vpc/isolatedSubnet2"
+          }
+        ]
+      }
+    },
+    "VpcisolatedSubnet2RouteTableAssociation25A4716F": {
+      "Type": "AWS::EC2::SubnetRouteTableAssociation",
+      "Properties": {
+        "RouteTableId": {
+          "Ref": "VpcisolatedSubnet2RouteTable334F9764"
+        },
+        "SubnetId": {
+          "Ref": "VpcisolatedSubnet2Subnet39217055"
+        }
+      }
+    },
+    "VpcFlowLogIAMRole6A475D41": {
+      "Type": "AWS::IAM::Role",
+      "Properties": {
+        "AssumeRolePolicyDocument": {
+          "Statement": [
+            {
+              "Action": "sts:AssumeRole",
+              "Effect": "Allow",
+              "Principal": {
+                "Service": "vpc-flow-logs.amazonaws.com"
+              }
+            }
+          ],
+          "Version": "2012-10-17"
+        },
+        "Tags": [
+          {
+            "Key": "Name",
+            "Value": "cluster-config/Vpc"
+          }
+        ]
+      }
+    },
+    "VpcFlowLogIAMRoleDefaultPolicy406FB995": {
+      "Type": "AWS::IAM::Policy",
+      "Properties": {
+        "PolicyDocument": {
+          "Statement": [
+            {
+              "Action": [
+                "logs:CreateLogStream",
+                "logs:PutLogEvents",
+                "logs:DescribeLogStreams"
+              ],
+              "Effect": "Allow",
+              "Resource": {
+                "Fn::GetAtt": [
+                  "VpcFlowLogLogGroup7B5C56B9",
+                  "Arn"
+                ]
+              }
+            },
+            {
+              "Action": "iam:PassRole",
+              "Effect": "Allow",
+              "Resource": {
+                "Fn::GetAtt": [
+                  "VpcFlowLogIAMRole6A475D41",
+                  "Arn"
+                ]
+              }
+            }
+          ],
+          "Version": "2012-10-17"
+        },
+        "PolicyName": "VpcFlowLogIAMRoleDefaultPolicy406FB995",
+        "Roles": [
+          {
+            "Ref": "VpcFlowLogIAMRole6A475D41"
+          }
+        ]
+      }
+    },
+    "VpcFlowLogLogGroup7B5C56B9": {
+      "Type": "AWS::Logs::LogGroup",
+      "Properties": {
+        "RetentionInDays": 731,
+        "Tags": [
+          {
+            "Key": "Name",
+            "Value": "cluster-config/Vpc"
+          }
+        ]
+      },
+      "UpdateReplacePolicy": "Retain",
+      "DeletionPolicy": "Retain",
+      "Metadata": {
+        "cfn_nag": {
+          "rules_to_suppress": [
+            {
+              "id": "W84",
+              "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)"
+            }
+          ]
+        }
+      }
+    },
+    "VpcFlowLog8FF33A73": {
+      "Type": "AWS::EC2::FlowLog",
+      "Properties": {
+        "ResourceId": {
+          "Ref": "Vpc8378EB38"
+        },
+        "ResourceType": "VPC",
+        "TrafficType": "ALL",
+        "DeliverLogsPermissionArn": {
+          "Fn::GetAtt": [
+            "VpcFlowLogIAMRole6A475D41",
+            "Arn"
+          ]
+        },
+        "LogDestinationType": "cloud-watch-logs",
+        "LogGroupName": {
+          "Ref": "VpcFlowLogLogGroup7B5C56B9"
+        },
+        "Tags": [
+          {
+            "Key": "Name",
+            "Value": "cluster-config/Vpc"
+          }
+        ]
+      }
+    }
+  },
+  "Parameters": {
+    "BootstrapVersion": {
+      "Type": "AWS::SSM::Parameter::Value<String>",
+      "Default": "/cdk-bootstrap/hnb659fds/version",
+      "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
+    }
+  },
+  "Rules": {
+    "CheckBootstrapVersion": {
+      "Assertions": [
+        {
+          "Assert": {
+            "Fn::Not": [
+              {
+                "Fn::Contains": [
+                  [
+                    "1",
+                    "2",
+                    "3",
+                    "4",
+                    "5"
+                  ],
+                  {
+                    "Ref": "BootstrapVersion"
+                  }
+                ]
+              }
+            ]
+          },
+          "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
+        }
+      ]
+    }
+  }
+}
\ No newline at end of file
diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.cluster-config.ts b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.cluster-config.ts
new file mode 100644
index 000000000..bc271b4b7
--- /dev/null
+++ b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.cluster-config.ts
@@ -0,0 +1,53 @@
+/**
+ *  Copyright 2022 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance
+ *  with the License. A copy of the License is located at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES
+ *  OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions
+ *  and limitations under the License.
+ */
+
+/// !cdk-integ *
+import { App, Stack } from "aws-cdk-lib";
+import { LambdaToOpenSearch } from "../lib";
+import * as lambda from 'aws-cdk-lib/aws-lambda';
+import * as defaults from '@aws-solutions-constructs/core';
+
+// Setup
+const app = new App();
+const stack = new Stack(app, defaults.generateIntegStackName(__filename), {});
+
+const lambdaProps: lambda.FunctionProps = {
+  code: lambda.Code.fromAsset(`${__dirname}/lambda`),
+  runtime: lambda.Runtime.NODEJS_14_X,
+  handler: 'index.handler',
+};
+
+const openSearchDomainProps = {
+  clusterConfig: {
+    dedicatedMasterEnabled: true,
+    dedicatedMasterCount: 3,
+    instanceCount: 2,
+    zoneAwarenessEnabled: true,
+    zoneAwarenessConfig: {
+      availabilityZoneCount: 2
+    }
+  }
+};
+
+new LambdaToOpenSearch(stack, 'test-lambda-opensearch', {
+  lambdaFunctionProps: lambdaProps,
+  openSearchDomainName: "deploytestwithclusterconfig",
+  openSearchDomainProps,
+  deployVpc: true,
+  vpcProps: {
+    maxAzs: 2
+  }
+});
+
+// Synth
+app.synth();
\ No newline at end of file
diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.disabled-zone-awareness.expected.json b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.disabled-zone-awareness.expected.json
new file mode 100644
index 000000000..51d046c24
--- /dev/null
+++ b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.disabled-zone-awareness.expected.json
@@ -0,0 +1,922 @@
+{
+  "Resources": {
+    "testlambdaopensearchLambdaFunctionServiceRole4722AB8A": {
+      "Type": "AWS::IAM::Role",
+      "Properties": {
+        "AssumeRolePolicyDocument": {
+          "Statement": [
+            {
+              "Action": "sts:AssumeRole",
+              "Effect": "Allow",
+              "Principal": {
+                "Service": "lambda.amazonaws.com"
+              }
+            }
+          ],
+          "Version": "2012-10-17"
+        },
+        "Policies": [
+          {
+            "PolicyDocument": {
+              "Statement": [
+                {
+                  "Action": [
+                    "logs:CreateLogGroup",
+                    "logs:CreateLogStream",
+                    "logs:PutLogEvents"
+                  ],
+                  "Effect": "Allow",
+                  "Resource": {
+                    "Fn::Join": [
+                      "",
+                      [
+                        "arn:",
+                        {
+                          "Ref": "AWS::Partition"
+                        },
+                        ":logs:",
+                        {
+                          "Ref": "AWS::Region"
+                        },
+                        ":",
+                        {
+                          "Ref": "AWS::AccountId"
+                        },
+                        ":log-group:/aws/lambda/*"
+                      ]
+                    ]
+                  }
+                }
+              ],
+              "Version": "2012-10-17"
+            },
+            "PolicyName": "LambdaFunctionServiceRolePolicy"
+          }
+        ]
+      }
+    },
+    "testlambdaopensearchLambdaFunctionServiceRoleDefaultPolicy78C56359": {
+      "Type": "AWS::IAM::Policy",
+      "Properties": {
+        "PolicyDocument": {
+          "Statement": [
+            {
+              "Action": [
+                "ec2:CreateNetworkInterface",
+                "ec2:DescribeNetworkInterfaces",
+                "ec2:DeleteNetworkInterface",
+                "ec2:AssignPrivateIpAddresses",
+                "ec2:UnassignPrivateIpAddresses"
+              ],
+              "Effect": "Allow",
+              "Resource": "*"
+            },
+            {
+              "Action": [
+                "xray:PutTraceSegments",
+                "xray:PutTelemetryRecords"
+              ],
+              "Effect": "Allow",
+              "Resource": "*"
+            }
+          ],
+          "Version": "2012-10-17"
+        },
+        "PolicyName": "testlambdaopensearchLambdaFunctionServiceRoleDefaultPolicy78C56359",
+        "Roles": [
+          {
+            "Ref": "testlambdaopensearchLambdaFunctionServiceRole4722AB8A"
+          }
+        ]
+      },
+      "Metadata": {
+        "cfn_nag": {
+          "rules_to_suppress": [
+            {
+              "id": "W12",
+              "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC."
+            }
+          ]
+        }
+      }
+    },
+    "testlambdaopensearchReplaceDefaultSecurityGroupsecuritygroupB44718EC": {
+      "Type": "AWS::EC2::SecurityGroup",
+      "Properties": {
+        "GroupDescription": "disabled-zone-awareness/test-lambda-opensearch/ReplaceDefaultSecurityGroup-security-group",
+        "SecurityGroupEgress": [
+          {
+            "CidrIp": "0.0.0.0/0",
+            "Description": "Allow all outbound traffic by default",
+            "IpProtocol": "-1"
+          }
+        ],
+        "VpcId": {
+          "Ref": "Vpc8378EB38"
+        }
+      },
+      "Metadata": {
+        "cfn_nag": {
+          "rules_to_suppress": [
+            {
+              "id": "W5",
+              "reason": "Egress of 0.0.0.0/0 is default and generally considered OK"
+            },
+            {
+              "id": "W40",
+              "reason": "Egress IPProtocol of -1 is default and generally considered OK"
+            }
+          ]
+        }
+      }
+    },
+    "testlambdaopensearchLambdaFunction93FD38F7": {
+      "Type": "AWS::Lambda::Function",
+      "Properties": {
+        "Code": {
+          "S3Bucket": {
+            "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
+          },
+          "S3Key": "466cbfc6653782bd2707dec5bc5c58005c75a8bff3660a58eefa57d667120240.zip"
+        },
+        "Role": {
+          "Fn::GetAtt": [
+            "testlambdaopensearchLambdaFunctionServiceRole4722AB8A",
+            "Arn"
+          ]
+        },
+        "Environment": {
+          "Variables": {
+            "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1",
+            "DOMAIN_ENDPOINT": {
+              "Fn::GetAtt": [
+                "testlambdaopensearchOpenSearchDomainF9CCC3D3",
+                "DomainEndpoint"
+              ]
+            }
+          }
+        },
+        "Handler": "index.handler",
+        "Runtime": "nodejs14.x",
+        "TracingConfig": {
+          "Mode": "Active"
+        },
+        "VpcConfig": {
+          "SecurityGroupIds": [
+            {
+              "Fn::GetAtt": [
+                "testlambdaopensearchReplaceDefaultSecurityGroupsecuritygroupB44718EC",
+                "GroupId"
+              ]
+            }
+          ],
+          "SubnetIds": [
+            {
+              "Ref": "VpcisolatedSubnet1SubnetE62B1B9B"
+            }
+          ]
+        }
+      },
+      "DependsOn": [
+        "testlambdaopensearchLambdaFunctionServiceRoleDefaultPolicy78C56359",
+        "testlambdaopensearchLambdaFunctionServiceRole4722AB8A",
+        "VpcisolatedSubnet1RouteTableAssociationD259E31A"
+      ],
+      "Metadata": {
+        "cfn_nag": {
+          "rules_to_suppress": [
+            {
+              "id": "W58",
+              "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions."
+            },
+            {
+              "id": "W89",
+              "reason": "This is not a rule for the general case, just for specific use cases/industries"
+            },
+            {
+              "id": "W92",
+              "reason": "Impossible for us to define the correct concurrency for clients"
+            }
+          ]
+        }
+      }
+    },
+    "testlambdaopensearchCognitoUserPoolA09096F9": {
+      "Type": "AWS::Cognito::UserPool",
+      "Properties": {
+        "AccountRecoverySetting": {
+          "RecoveryMechanisms": [
+            {
+              "Name": "verified_phone_number",
+              "Priority": 1
+            },
+            {
+              "Name": "verified_email",
+              "Priority": 2
+            }
+          ]
+        },
+        "AdminCreateUserConfig": {
+          "AllowAdminCreateUserOnly": true
+        },
+        "EmailVerificationMessage": "The verification code to your new account is {####}",
+        "EmailVerificationSubject": "Verify your new account",
+        "SmsVerificationMessage": "The verification code to your new account is {####}",
+        "UserPoolAddOns": {
+          "AdvancedSecurityMode": "ENFORCED"
+        },
+        "VerificationMessageTemplate": {
+          "DefaultEmailOption": "CONFIRM_WITH_CODE",
+          "EmailMessage": "The verification code to your new account is {####}",
+          "EmailSubject": "Verify your new account",
+          "SmsMessage": "The verification code to your new account is {####}"
+        }
+      },
+      "UpdateReplacePolicy": "Retain",
+      "DeletionPolicy": "Retain"
+    },
+    "testlambdaopensearchCognitoUserPoolClient39C21D94": {
+      "Type": "AWS::Cognito::UserPoolClient",
+      "Properties": {
+        "UserPoolId": {
+          "Ref": "testlambdaopensearchCognitoUserPoolA09096F9"
+        },
+        "AllowedOAuthFlows": [
+          "implicit",
+          "code"
+        ],
+        "AllowedOAuthFlowsUserPoolClient": true,
+        "AllowedOAuthScopes": [
+          "profile",
+          "phone",
+          "email",
+          "openid",
+          "aws.cognito.signin.user.admin"
+        ],
+        "CallbackURLs": [
+          "https://example.com"
+        ],
+        "SupportedIdentityProviders": [
+          "COGNITO"
+        ]
+      }
+    },
+    "testlambdaopensearchCognitoIdentityPool0B1FB311": {
+      "Type": "AWS::Cognito::IdentityPool",
+      "Properties": {
+        "AllowUnauthenticatedIdentities": false,
+        "CognitoIdentityProviders": [
+          {
+            "ClientId": {
+              "Ref": "testlambdaopensearchCognitoUserPoolClient39C21D94"
+            },
+            "ProviderName": {
+              "Fn::GetAtt": [
+                "testlambdaopensearchCognitoUserPoolA09096F9",
+                "ProviderName"
+              ]
+            },
+            "ServerSideTokenCheck": true
+          }
+        ]
+      }
+    },
+    "testlambdaopensearchUserPoolDomain98864920": {
+      "Type": "AWS::Cognito::UserPoolDomain",
+      "Properties": {
+        "Domain": "disabledzoneawareness",
+        "UserPoolId": {
+          "Ref": "testlambdaopensearchCognitoUserPoolA09096F9"
+        }
+      },
+      "DependsOn": [
+        "testlambdaopensearchCognitoUserPoolA09096F9"
+      ]
+    },
+    "testlambdaopensearchCognitoAuthorizedRole58A1ED44": {
+      "Type": "AWS::IAM::Role",
+      "Properties": {
+        "AssumeRolePolicyDocument": {
+          "Statement": [
+            {
+              "Action": "sts:AssumeRoleWithWebIdentity",
+              "Condition": {
+                "StringEquals": {
+                  "cognito-identity.amazonaws.com:aud": {
+                    "Ref": "testlambdaopensearchCognitoIdentityPool0B1FB311"
+                  }
+                },
+                "ForAnyValue:StringLike": {
+                  "cognito-identity.amazonaws.com:amr": "authenticated"
+                }
+              },
+              "Effect": "Allow",
+              "Principal": {
+                "Federated": "cognito-identity.amazonaws.com"
+              }
+            }
+          ],
+          "Version": "2012-10-17"
+        },
+        "Policies": [
+          {
+            "PolicyDocument": {
+              "Statement": [
+                {
+                  "Action": "es:ESHttp*",
+                  "Effect": "Allow",
+                  "Resource": {
+                    "Fn::Join": [
+                      "",
+                      [
+                        "arn:",
+                        {
+                          "Ref": "AWS::Partition"
+                        },
+                        ":es:",
+                        {
+                          "Ref": "AWS::Region"
+                        },
+                        ":",
+                        {
+                          "Ref": "AWS::AccountId"
+                        },
+                        ":domain/disabledzoneawareness/*"
+                      ]
+                    ]
+                  }
+                }
+              ],
+              "Version": "2012-10-17"
+            },
+            "PolicyName": "CognitoAccessPolicy"
+          }
+        ]
+      }
+    },
+    "testlambdaopensearchIdentityPoolRoleMappingD8C765B1": {
+      "Type": "AWS::Cognito::IdentityPoolRoleAttachment",
+      "Properties": {
+        "IdentityPoolId": {
+          "Ref": "testlambdaopensearchCognitoIdentityPool0B1FB311"
+        },
+        "Roles": {
+          "authenticated": {
+            "Fn::GetAtt": [
+              "testlambdaopensearchCognitoAuthorizedRole58A1ED44",
+              "Arn"
+            ]
+          }
+        }
+      }
+    },
+    "testlambdaopensearchCognitoKibanaConfigureRole9623271F": {
+      "Type": "AWS::IAM::Role",
+      "Properties": {
+        "AssumeRolePolicyDocument": {
+          "Statement": [
+            {
+              "Action": "sts:AssumeRole",
+              "Effect": "Allow",
+              "Principal": {
+                "Service": "es.amazonaws.com"
+              }
+            }
+          ],
+          "Version": "2012-10-17"
+        }
+      }
+    },
+    "testlambdaopensearchCognitoKibanaConfigureRolePolicyE9D9C211": {
+      "Type": "AWS::IAM::Policy",
+      "Properties": {
+        "PolicyDocument": {
+          "Statement": [
+            {
+              "Action": [
+                "cognito-idp:DescribeUserPool",
+                "cognito-idp:CreateUserPoolClient",
+                "cognito-idp:DeleteUserPoolClient",
+                "cognito-idp:DescribeUserPoolClient",
+                "cognito-idp:AdminInitiateAuth",
+                "cognito-idp:AdminUserGlobalSignOut",
+                "cognito-idp:ListUserPoolClients",
+                "cognito-identity:DescribeIdentityPool",
+                "cognito-identity:UpdateIdentityPool",
+                "cognito-identity:SetIdentityPoolRoles",
+                "cognito-identity:GetIdentityPoolRoles",
+                "es:UpdateDomainConfig"
+              ],
+              "Effect": "Allow",
+              "Resource": [
+                {
+                  "Fn::GetAtt": [
+                    "testlambdaopensearchCognitoUserPoolA09096F9",
+                    "Arn"
+                  ]
+                },
+                {
+                  "Fn::Join": [
+                    "",
+                    [
+                      "arn:aws:cognito-identity:",
+                      {
+                        "Ref": "AWS::Region"
+                      },
+                      ":",
+                      {
+                        "Ref": "AWS::AccountId"
+                      },
+                      ":identitypool/",
+                      {
+                        "Ref": "testlambdaopensearchCognitoIdentityPool0B1FB311"
+                      }
+                    ]
+                  ]
+                },
+                {
+                  "Fn::Join": [
+                    "",
+                    [
+                      "arn:aws:es:",
+                      {
+                        "Ref": "AWS::Region"
+                      },
+                      ":",
+                      {
+                        "Ref": "AWS::AccountId"
+                      },
+                      ":domain/disabledzoneawareness"
+                    ]
+                  ]
+                }
+              ]
+            },
+            {
+              "Action": "iam:PassRole",
+              "Condition": {
+                "StringLike": {
+                  "iam:PassedToService": "cognito-identity.amazonaws.com"
+                }
+              },
+              "Effect": "Allow",
+              "Resource": {
+                "Fn::GetAtt": [
+                  "testlambdaopensearchCognitoKibanaConfigureRole9623271F",
+                  "Arn"
+                ]
+              }
+            }
+          ],
+          "Version": "2012-10-17"
+        },
+        "PolicyName": "testlambdaopensearchCognitoKibanaConfigureRolePolicyE9D9C211",
+        "Roles": [
+          {
+            "Ref": "testlambdaopensearchCognitoKibanaConfigureRole9623271F"
+          }
+        ]
+      }
+    },
+    "testlambdaopensearchOpenSearchDomainF9CCC3D3": {
+      "Type": "AWS::OpenSearchService::Domain",
+      "Properties": {
+        "AccessPolicies": {
+          "Statement": [
+            {
+              "Action": "es:ESHttp*",
+              "Effect": "Allow",
+              "Principal": {
+                "AWS": [
+                  {
+                    "Fn::GetAtt": [
+                      "testlambdaopensearchCognitoAuthorizedRole58A1ED44",
+                      "Arn"
+                    ]
+                  },
+                  {
+                    "Fn::GetAtt": [
+                      "testlambdaopensearchLambdaFunctionServiceRole4722AB8A",
+                      "Arn"
+                    ]
+                  }
+                ]
+              },
+              "Resource": {
+                "Fn::Join": [
+                  "",
+                  [
+                    "arn:aws:es:",
+                    {
+                      "Ref": "AWS::Region"
+                    },
+                    ":",
+                    {
+                      "Ref": "AWS::AccountId"
+                    },
+                    ":domain/disabledzoneawareness/*"
+                  ]
+                ]
+              }
+            }
+          ],
+          "Version": "2012-10-17"
+        },
+        "ClusterConfig": {
+          "DedicatedMasterCount": 3,
+          "DedicatedMasterEnabled": true,
+          "InstanceCount": 3,
+          "ZoneAwarenessEnabled": false
+        },
+        "CognitoOptions": {
+          "Enabled": true,
+          "IdentityPoolId": {
+            "Ref": "testlambdaopensearchCognitoIdentityPool0B1FB311"
+          },
+          "RoleArn": {
+            "Fn::GetAtt": [
+              "testlambdaopensearchCognitoKibanaConfigureRole9623271F",
+              "Arn"
+            ]
+          },
+          "UserPoolId": {
+            "Ref": "testlambdaopensearchCognitoUserPoolA09096F9"
+          }
+        },
+        "DomainName": "disabledzoneawareness",
+        "EBSOptions": {
+          "EBSEnabled": true,
+          "VolumeSize": 10
+        },
+        "EncryptionAtRestOptions": {
+          "Enabled": true
+        },
+        "EngineVersion": "OpenSearch_1.3",
+        "NodeToNodeEncryptionOptions": {
+          "Enabled": true
+        },
+        "SnapshotOptions": {
+          "AutomatedSnapshotStartHour": 1
+        },
+        "VPCOptions": {
+          "SecurityGroupIds": [
+            {
+              "Fn::GetAtt": [
+                "testlambdaopensearchReplaceDefaultSecurityGroupsecuritygroupB44718EC",
+                "GroupId"
+              ]
+            }
+          ],
+          "SubnetIds": [
+            {
+              "Ref": "VpcisolatedSubnet1SubnetE62B1B9B"
+            }
+          ]
+        }
+      },
+      "Metadata": {
+        "cfn_nag": {
+          "rules_to_suppress": [
+            {
+              "id": "W28",
+              "reason": "The OpenSearch Service domain is passed dynamically as as parameter and explicitly specified to ensure that IAM policies are configured to lockdown access to this specific OpenSearch Service instance only"
+            },
+            {
+              "id": "W90",
+              "reason": "This is not a rule for the general case, just for specific use cases/industries"
+            }
+          ]
+        }
+      }
+    },
+    "testlambdaopensearchStatusRedAlarm1627144D": {
+      "Type": "AWS::CloudWatch::Alarm",
+      "Properties": {
+        "ComparisonOperator": "GreaterThanOrEqualToThreshold",
+        "EvaluationPeriods": 1,
+        "AlarmDescription": "At least one primary shard and its replicas are not allocated to a node. ",
+        "MetricName": "ClusterStatus.red",
+        "Namespace": "AWS/ES",
+        "Period": 60,
+        "Statistic": "Maximum",
+        "Threshold": 1
+      }
+    },
+    "testlambdaopensearchStatusYellowAlarm57139CF0": {
+      "Type": "AWS::CloudWatch::Alarm",
+      "Properties": {
+        "ComparisonOperator": "GreaterThanOrEqualToThreshold",
+        "EvaluationPeriods": 1,
+        "AlarmDescription": "At least one replica shard is not allocated to a node.",
+        "MetricName": "ClusterStatus.yellow",
+        "Namespace": "AWS/ES",
+        "Period": 60,
+        "Statistic": "Maximum",
+        "Threshold": 1
+      }
+    },
+    "testlambdaopensearchFreeStorageSpaceTooLowAlarm6A5E1E96": {
+      "Type": "AWS::CloudWatch::Alarm",
+      "Properties": {
+        "ComparisonOperator": "LessThanOrEqualToThreshold",
+        "EvaluationPeriods": 1,
+        "AlarmDescription": "A node in your cluster is down to 20 GiB of free storage space.",
+        "MetricName": "FreeStorageSpace",
+        "Namespace": "AWS/ES",
+        "Period": 60,
+        "Statistic": "Minimum",
+        "Threshold": 20000
+      }
+    },
+    "testlambdaopensearchIndexWritesBlockedTooHighAlarmD2E041A3": {
+      "Type": "AWS::CloudWatch::Alarm",
+      "Properties": {
+        "ComparisonOperator": "GreaterThanOrEqualToThreshold",
+        "EvaluationPeriods": 1,
+        "AlarmDescription": "Your cluster is blocking write requests.",
+        "MetricName": "ClusterIndexWritesBlocked",
+        "Namespace": "AWS/ES",
+        "Period": 300,
+        "Statistic": "Maximum",
+        "Threshold": 1
+      }
+    },
+    "testlambdaopensearchAutomatedSnapshotFailureTooHighAlarm9A4D0B1F": {
+      "Type": "AWS::CloudWatch::Alarm",
+      "Properties": {
+        "ComparisonOperator": "GreaterThanOrEqualToThreshold",
+        "EvaluationPeriods": 1,
+        "AlarmDescription": "An automated snapshot failed. This failure is often the result of a red cluster health status.",
+        "MetricName": "AutomatedSnapshotFailure",
+        "Namespace": "AWS/ES",
+        "Period": 60,
+        "Statistic": "Maximum",
+        "Threshold": 1
+      }
+    },
+    "testlambdaopensearchCPUUtilizationTooHighAlarmC4850758": {
+      "Type": "AWS::CloudWatch::Alarm",
+      "Properties": {
+        "ComparisonOperator": "GreaterThanOrEqualToThreshold",
+        "EvaluationPeriods": 3,
+        "AlarmDescription": "100% CPU utilization is not uncommon, but sustained high usage is problematic. Consider using larger instance types or adding instances.",
+        "MetricName": "CPUUtilization",
+        "Namespace": "AWS/ES",
+        "Period": 900,
+        "Statistic": "Average",
+        "Threshold": 80
+      }
+    },
+    "testlambdaopensearchJVMMemoryPressureTooHighAlarmEFB09A7C": {
+      "Type": "AWS::CloudWatch::Alarm",
+      "Properties": {
+        "ComparisonOperator": "GreaterThanOrEqualToThreshold",
+        "EvaluationPeriods": 1,
+        "AlarmDescription": "Average JVM memory pressure over last 15 minutes too high. Consider scaling vertically.",
+        "MetricName": "JVMMemoryPressure",
+        "Namespace": "AWS/ES",
+        "Period": 900,
+        "Statistic": "Average",
+        "Threshold": 80
+      }
+    },
+    "testlambdaopensearchMasterCPUUtilizationTooHighAlarm124D5748": {
+      "Type": "AWS::CloudWatch::Alarm",
+      "Properties": {
+        "ComparisonOperator": "GreaterThanOrEqualToThreshold",
+        "EvaluationPeriods": 3,
+        "AlarmDescription": "Average CPU utilization over last 45 minutes too high. Consider using larger instance types for your dedicated master nodes.",
+        "MetricName": "MasterCPUUtilization",
+        "Namespace": "AWS/ES",
+        "Period": 900,
+        "Statistic": "Average",
+        "Threshold": 50
+      }
+    },
+    "testlambdaopensearchMasterJVMMemoryPressureTooHighAlarmBC9524D3": {
+      "Type": "AWS::CloudWatch::Alarm",
+      "Properties": {
+        "ComparisonOperator": "GreaterThanOrEqualToThreshold",
+        "EvaluationPeriods": 1,
+        "AlarmDescription": "Average JVM memory pressure over last 15 minutes too high. Consider scaling vertically.",
+        "MetricName": "MasterJVMMemoryPressure",
+        "Namespace": "AWS/ES",
+        "Period": 900,
+        "Statistic": "Average",
+        "Threshold": 50
+      }
+    },
+    "Vpc8378EB38": {
+      "Type": "AWS::EC2::VPC",
+      "Properties": {
+        "CidrBlock": "10.0.0.0/16",
+        "EnableDnsHostnames": true,
+        "EnableDnsSupport": true,
+        "InstanceTenancy": "default",
+        "Tags": [
+          {
+            "Key": "Name",
+            "Value": "disabled-zone-awareness/Vpc"
+          }
+        ]
+      }
+    },
+    "VpcisolatedSubnet1SubnetE62B1B9B": {
+      "Type": "AWS::EC2::Subnet",
+      "Properties": {
+        "VpcId": {
+          "Ref": "Vpc8378EB38"
+        },
+        "AvailabilityZone": "test-region-1a",
+        "CidrBlock": "10.0.0.0/18",
+        "MapPublicIpOnLaunch": false,
+        "Tags": [
+          {
+            "Key": "aws-cdk:subnet-name",
+            "Value": "isolated"
+          },
+          {
+            "Key": "aws-cdk:subnet-type",
+            "Value": "Isolated"
+          },
+          {
+            "Key": "Name",
+            "Value": "disabled-zone-awareness/Vpc/isolatedSubnet1"
+          }
+        ]
+      }
+    },
+    "VpcisolatedSubnet1RouteTableE442650B": {
+      "Type": "AWS::EC2::RouteTable",
+      "Properties": {
+        "VpcId": {
+          "Ref": "Vpc8378EB38"
+        },
+        "Tags": [
+          {
+            "Key": "Name",
+            "Value": "disabled-zone-awareness/Vpc/isolatedSubnet1"
+          }
+        ]
+      }
+    },
+    "VpcisolatedSubnet1RouteTableAssociationD259E31A": {
+      "Type": "AWS::EC2::SubnetRouteTableAssociation",
+      "Properties": {
+        "RouteTableId": {
+          "Ref": "VpcisolatedSubnet1RouteTableE442650B"
+        },
+        "SubnetId": {
+          "Ref": "VpcisolatedSubnet1SubnetE62B1B9B"
+        }
+      }
+    },
+    "VpcFlowLogIAMRole6A475D41": {
+      "Type": "AWS::IAM::Role",
+      "Properties": {
+        "AssumeRolePolicyDocument": {
+          "Statement": [
+            {
+              "Action": "sts:AssumeRole",
+              "Effect": "Allow",
+              "Principal": {
+                "Service": "vpc-flow-logs.amazonaws.com"
+              }
+            }
+          ],
+          "Version": "2012-10-17"
+        },
+        "Tags": [
+          {
+            "Key": "Name",
+            "Value": "disabled-zone-awareness/Vpc"
+          }
+        ]
+      }
+    },
+    "VpcFlowLogIAMRoleDefaultPolicy406FB995": {
+      "Type": "AWS::IAM::Policy",
+      "Properties": {
+        "PolicyDocument": {
+          "Statement": [
+            {
+              "Action": [
+                "logs:CreateLogStream",
+                "logs:PutLogEvents",
+                "logs:DescribeLogStreams"
+              ],
+              "Effect": "Allow",
+              "Resource": {
+                "Fn::GetAtt": [
+                  "VpcFlowLogLogGroup7B5C56B9",
+                  "Arn"
+                ]
+              }
+            },
+            {
+              "Action": "iam:PassRole",
+              "Effect": "Allow",
+              "Resource": {
+                "Fn::GetAtt": [
+                  "VpcFlowLogIAMRole6A475D41",
+                  "Arn"
+                ]
+              }
+            }
+          ],
+          "Version": "2012-10-17"
+        },
+        "PolicyName": "VpcFlowLogIAMRoleDefaultPolicy406FB995",
+        "Roles": [
+          {
+            "Ref": "VpcFlowLogIAMRole6A475D41"
+          }
+        ]
+      }
+    },
+    "VpcFlowLogLogGroup7B5C56B9": {
+      "Type": "AWS::Logs::LogGroup",
+      "Properties": {
+        "RetentionInDays": 731,
+        "Tags": [
+          {
+            "Key": "Name",
+            "Value": "disabled-zone-awareness/Vpc"
+          }
+        ]
+      },
+      "UpdateReplacePolicy": "Retain",
+      "DeletionPolicy": "Retain",
+      "Metadata": {
+        "cfn_nag": {
+          "rules_to_suppress": [
+            {
+              "id": "W84",
+              "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)"
+            }
+          ]
+        }
+      }
+    },
+    "VpcFlowLog8FF33A73": {
+      "Type": "AWS::EC2::FlowLog",
+      "Properties": {
+        "ResourceId": {
+          "Ref": "Vpc8378EB38"
+        },
+        "ResourceType": "VPC",
+        "TrafficType": "ALL",
+        "DeliverLogsPermissionArn": {
+          "Fn::GetAtt": [
+            "VpcFlowLogIAMRole6A475D41",
+            "Arn"
+          ]
+        },
+        "LogDestinationType": "cloud-watch-logs",
+        "LogGroupName": {
+          "Ref": "VpcFlowLogLogGroup7B5C56B9"
+        },
+        "Tags": [
+          {
+            "Key": "Name",
+            "Value": "disabled-zone-awareness/Vpc"
+          }
+        ]
+      }
+    }
+  },
+  "Parameters": {
+    "BootstrapVersion": {
+      "Type": "AWS::SSM::Parameter::Value<String>",
+      "Default": "/cdk-bootstrap/hnb659fds/version",
+      "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
+    }
+  },
+  "Rules": {
+    "CheckBootstrapVersion": {
+      "Assertions": [
+        {
+          "Assert": {
+            "Fn::Not": [
+              {
+                "Fn::Contains": [
+                  [
+                    "1",
+                    "2",
+                    "3",
+                    "4",
+                    "5"
+                  ],
+                  {
+                    "Ref": "BootstrapVersion"
+                  }
+                ]
+              }
+            ]
+          },
+          "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
+        }
+      ]
+    }
+  }
+}
\ No newline at end of file
diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.disabled-zone-awareness.ts b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.disabled-zone-awareness.ts
new file mode 100644
index 000000000..283874a75
--- /dev/null
+++ b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.disabled-zone-awareness.ts
@@ -0,0 +1,50 @@
+/**
+ *  Copyright 2022 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance
+ *  with the License. A copy of the License is located at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES
+ *  OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions
+ *  and limitations under the License.
+ */
+
+/// !cdk-integ *
+import { App, Stack } from "aws-cdk-lib";
+import { LambdaToOpenSearch } from "../lib";
+import * as lambda from 'aws-cdk-lib/aws-lambda';
+import * as defaults from '@aws-solutions-constructs/core';
+
+// Setup
+const app = new App();
+const stack = new Stack(app, defaults.generateIntegStackName(__filename), {});
+
+const lambdaProps: lambda.FunctionProps = {
+  code: lambda.Code.fromAsset(`${__dirname}/lambda`),
+  runtime: lambda.Runtime.NODEJS_14_X,
+  handler: 'index.handler',
+};
+
+const openSearchDomainProps = {
+  clusterConfig: {
+    dedicatedMasterCount: 3,
+    dedicatedMasterEnabled: true,
+    instanceCount: 3,
+    zoneAwarenessEnabled: false,
+  }
+};
+
+new LambdaToOpenSearch(stack, 'test-lambda-opensearch', {
+  lambdaFunctionProps: lambdaProps,
+  openSearchDomainName: "disabledzoneawareness",
+  openSearchDomainProps,
+  deployVpc: true,
+  vpcProps: {
+    maxAzs: 1
+  }
+});
+
+// Synth
+app.synth();
\ No newline at end of file
diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.domain-arguments.expected.json b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.domain-arguments.expected.json
new file mode 100644
index 000000000..3c73408ee
--- /dev/null
+++ b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.domain-arguments.expected.json
@@ -0,0 +1,675 @@
+{
+  "Resources": {
+    "testlambdaopensearchLambdaFunctionServiceRole4722AB8A": {
+      "Type": "AWS::IAM::Role",
+      "Properties": {
+        "AssumeRolePolicyDocument": {
+          "Statement": [
+            {
+              "Action": "sts:AssumeRole",
+              "Effect": "Allow",
+              "Principal": {
+                "Service": "lambda.amazonaws.com"
+              }
+            }
+          ],
+          "Version": "2012-10-17"
+        },
+        "Policies": [
+          {
+            "PolicyDocument": {
+              "Statement": [
+                {
+                  "Action": [
+                    "logs:CreateLogGroup",
+                    "logs:CreateLogStream",
+                    "logs:PutLogEvents"
+                  ],
+                  "Effect": "Allow",
+                  "Resource": {
+                    "Fn::Join": [
+                      "",
+                      [
+                        "arn:",
+                        {
+                          "Ref": "AWS::Partition"
+                        },
+                        ":logs:",
+                        {
+                          "Ref": "AWS::Region"
+                        },
+                        ":",
+                        {
+                          "Ref": "AWS::AccountId"
+                        },
+                        ":log-group:/aws/lambda/*"
+                      ]
+                    ]
+                  }
+                }
+              ],
+              "Version": "2012-10-17"
+            },
+            "PolicyName": "LambdaFunctionServiceRolePolicy"
+          }
+        ]
+      }
+    },
+    "testlambdaopensearchLambdaFunctionServiceRoleDefaultPolicy78C56359": {
+      "Type": "AWS::IAM::Policy",
+      "Properties": {
+        "PolicyDocument": {
+          "Statement": [
+            {
+              "Action": [
+                "xray:PutTraceSegments",
+                "xray:PutTelemetryRecords"
+              ],
+              "Effect": "Allow",
+              "Resource": "*"
+            }
+          ],
+          "Version": "2012-10-17"
+        },
+        "PolicyName": "testlambdaopensearchLambdaFunctionServiceRoleDefaultPolicy78C56359",
+        "Roles": [
+          {
+            "Ref": "testlambdaopensearchLambdaFunctionServiceRole4722AB8A"
+          }
+        ]
+      },
+      "Metadata": {
+        "cfn_nag": {
+          "rules_to_suppress": [
+            {
+              "id": "W12",
+              "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC."
+            }
+          ]
+        }
+      }
+    },
+    "testlambdaopensearchLambdaFunction93FD38F7": {
+      "Type": "AWS::Lambda::Function",
+      "Properties": {
+        "Code": {
+          "S3Bucket": {
+            "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
+          },
+          "S3Key": "466cbfc6653782bd2707dec5bc5c58005c75a8bff3660a58eefa57d667120240.zip"
+        },
+        "Role": {
+          "Fn::GetAtt": [
+            "testlambdaopensearchLambdaFunctionServiceRole4722AB8A",
+            "Arn"
+          ]
+        },
+        "Environment": {
+          "Variables": {
+            "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1",
+            "DOMAIN_ENDPOINT": {
+              "Fn::GetAtt": [
+                "testlambdaopensearchOpenSearchDomainF9CCC3D3",
+                "DomainEndpoint"
+              ]
+            }
+          }
+        },
+        "Handler": "index.handler",
+        "Runtime": "nodejs14.x",
+        "TracingConfig": {
+          "Mode": "Active"
+        }
+      },
+      "DependsOn": [
+        "testlambdaopensearchLambdaFunctionServiceRoleDefaultPolicy78C56359",
+        "testlambdaopensearchLambdaFunctionServiceRole4722AB8A"
+      ],
+      "Metadata": {
+        "cfn_nag": {
+          "rules_to_suppress": [
+            {
+              "id": "W58",
+              "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions."
+            },
+            {
+              "id": "W89",
+              "reason": "This is not a rule for the general case, just for specific use cases/industries"
+            },
+            {
+              "id": "W92",
+              "reason": "Impossible for us to define the correct concurrency for clients"
+            }
+          ]
+        }
+      }
+    },
+    "testlambdaopensearchCognitoUserPoolA09096F9": {
+      "Type": "AWS::Cognito::UserPool",
+      "Properties": {
+        "AccountRecoverySetting": {
+          "RecoveryMechanisms": [
+            {
+              "Name": "verified_phone_number",
+              "Priority": 1
+            },
+            {
+              "Name": "verified_email",
+              "Priority": 2
+            }
+          ]
+        },
+        "AdminCreateUserConfig": {
+          "AllowAdminCreateUserOnly": true
+        },
+        "EmailVerificationMessage": "The verification code to your new account is {####}",
+        "EmailVerificationSubject": "Verify your new account",
+        "SmsVerificationMessage": "The verification code to your new account is {####}",
+        "UserPoolAddOns": {
+          "AdvancedSecurityMode": "ENFORCED"
+        },
+        "VerificationMessageTemplate": {
+          "DefaultEmailOption": "CONFIRM_WITH_CODE",
+          "EmailMessage": "The verification code to your new account is {####}",
+          "EmailSubject": "Verify your new account",
+          "SmsMessage": "The verification code to your new account is {####}"
+        }
+      },
+      "UpdateReplacePolicy": "Retain",
+      "DeletionPolicy": "Retain"
+    },
+    "testlambdaopensearchCognitoUserPoolClient39C21D94": {
+      "Type": "AWS::Cognito::UserPoolClient",
+      "Properties": {
+        "UserPoolId": {
+          "Ref": "testlambdaopensearchCognitoUserPoolA09096F9"
+        },
+        "AllowedOAuthFlows": [
+          "implicit",
+          "code"
+        ],
+        "AllowedOAuthFlowsUserPoolClient": true,
+        "AllowedOAuthScopes": [
+          "profile",
+          "phone",
+          "email",
+          "openid",
+          "aws.cognito.signin.user.admin"
+        ],
+        "CallbackURLs": [
+          "https://example.com"
+        ],
+        "SupportedIdentityProviders": [
+          "COGNITO"
+        ]
+      }
+    },
+    "testlambdaopensearchCognitoIdentityPool0B1FB311": {
+      "Type": "AWS::Cognito::IdentityPool",
+      "Properties": {
+        "AllowUnauthenticatedIdentities": false,
+        "CognitoIdentityProviders": [
+          {
+            "ClientId": {
+              "Ref": "testlambdaopensearchCognitoUserPoolClient39C21D94"
+            },
+            "ProviderName": {
+              "Fn::GetAtt": [
+                "testlambdaopensearchCognitoUserPoolA09096F9",
+                "ProviderName"
+              ]
+            },
+            "ServerSideTokenCheck": true
+          }
+        ]
+      }
+    },
+    "testlambdaopensearchUserPoolDomain98864920": {
+      "Type": "AWS::Cognito::UserPoolDomain",
+      "Properties": {
+        "Domain": "cogn-solutions-constructs-domain",
+        "UserPoolId": {
+          "Ref": "testlambdaopensearchCognitoUserPoolA09096F9"
+        }
+      },
+      "DependsOn": [
+        "testlambdaopensearchCognitoUserPoolA09096F9"
+      ]
+    },
+    "testlambdaopensearchCognitoAuthorizedRole58A1ED44": {
+      "Type": "AWS::IAM::Role",
+      "Properties": {
+        "AssumeRolePolicyDocument": {
+          "Statement": [
+            {
+              "Action": "sts:AssumeRoleWithWebIdentity",
+              "Condition": {
+                "StringEquals": {
+                  "cognito-identity.amazonaws.com:aud": {
+                    "Ref": "testlambdaopensearchCognitoIdentityPool0B1FB311"
+                  }
+                },
+                "ForAnyValue:StringLike": {
+                  "cognito-identity.amazonaws.com:amr": "authenticated"
+                }
+              },
+              "Effect": "Allow",
+              "Principal": {
+                "Federated": "cognito-identity.amazonaws.com"
+              }
+            }
+          ],
+          "Version": "2012-10-17"
+        },
+        "Policies": [
+          {
+            "PolicyDocument": {
+              "Statement": [
+                {
+                  "Action": "es:ESHttp*",
+                  "Effect": "Allow",
+                  "Resource": {
+                    "Fn::Join": [
+                      "",
+                      [
+                        "arn:",
+                        {
+                          "Ref": "AWS::Partition"
+                        },
+                        ":es:",
+                        {
+                          "Ref": "AWS::Region"
+                        },
+                        ":",
+                        {
+                          "Ref": "AWS::AccountId"
+                        },
+                        ":domain/cogn-solutions-constructs-domain/*"
+                      ]
+                    ]
+                  }
+                }
+              ],
+              "Version": "2012-10-17"
+            },
+            "PolicyName": "CognitoAccessPolicy"
+          }
+        ]
+      }
+    },
+    "testlambdaopensearchIdentityPoolRoleMappingD8C765B1": {
+      "Type": "AWS::Cognito::IdentityPoolRoleAttachment",
+      "Properties": {
+        "IdentityPoolId": {
+          "Ref": "testlambdaopensearchCognitoIdentityPool0B1FB311"
+        },
+        "Roles": {
+          "authenticated": {
+            "Fn::GetAtt": [
+              "testlambdaopensearchCognitoAuthorizedRole58A1ED44",
+              "Arn"
+            ]
+          }
+        }
+      }
+    },
+    "testlambdaopensearchCognitoKibanaConfigureRole9623271F": {
+      "Type": "AWS::IAM::Role",
+      "Properties": {
+        "AssumeRolePolicyDocument": {
+          "Statement": [
+            {
+              "Action": "sts:AssumeRole",
+              "Effect": "Allow",
+              "Principal": {
+                "Service": "es.amazonaws.com"
+              }
+            }
+          ],
+          "Version": "2012-10-17"
+        }
+      }
+    },
+    "testlambdaopensearchCognitoKibanaConfigureRolePolicyE9D9C211": {
+      "Type": "AWS::IAM::Policy",
+      "Properties": {
+        "PolicyDocument": {
+          "Statement": [
+            {
+              "Action": [
+                "cognito-idp:DescribeUserPool",
+                "cognito-idp:CreateUserPoolClient",
+                "cognito-idp:DeleteUserPoolClient",
+                "cognito-idp:DescribeUserPoolClient",
+                "cognito-idp:AdminInitiateAuth",
+                "cognito-idp:AdminUserGlobalSignOut",
+                "cognito-idp:ListUserPoolClients",
+                "cognito-identity:DescribeIdentityPool",
+                "cognito-identity:UpdateIdentityPool",
+                "cognito-identity:SetIdentityPoolRoles",
+                "cognito-identity:GetIdentityPoolRoles",
+                "es:UpdateDomainConfig"
+              ],
+              "Effect": "Allow",
+              "Resource": [
+                {
+                  "Fn::GetAtt": [
+                    "testlambdaopensearchCognitoUserPoolA09096F9",
+                    "Arn"
+                  ]
+                },
+                {
+                  "Fn::Join": [
+                    "",
+                    [
+                      "arn:aws:cognito-identity:",
+                      {
+                        "Ref": "AWS::Region"
+                      },
+                      ":",
+                      {
+                        "Ref": "AWS::AccountId"
+                      },
+                      ":identitypool/",
+                      {
+                        "Ref": "testlambdaopensearchCognitoIdentityPool0B1FB311"
+                      }
+                    ]
+                  ]
+                },
+                {
+                  "Fn::Join": [
+                    "",
+                    [
+                      "arn:aws:es:",
+                      {
+                        "Ref": "AWS::Region"
+                      },
+                      ":",
+                      {
+                        "Ref": "AWS::AccountId"
+                      },
+                      ":domain/solutions-constructs-domain"
+                    ]
+                  ]
+                }
+              ]
+            },
+            {
+              "Action": "iam:PassRole",
+              "Condition": {
+                "StringLike": {
+                  "iam:PassedToService": "cognito-identity.amazonaws.com"
+                }
+              },
+              "Effect": "Allow",
+              "Resource": {
+                "Fn::GetAtt": [
+                  "testlambdaopensearchCognitoKibanaConfigureRole9623271F",
+                  "Arn"
+                ]
+              }
+            }
+          ],
+          "Version": "2012-10-17"
+        },
+        "PolicyName": "testlambdaopensearchCognitoKibanaConfigureRolePolicyE9D9C211",
+        "Roles": [
+          {
+            "Ref": "testlambdaopensearchCognitoKibanaConfigureRole9623271F"
+          }
+        ]
+      }
+    },
+    "testlambdaopensearchOpenSearchDomainF9CCC3D3": {
+      "Type": "AWS::OpenSearchService::Domain",
+      "Properties": {
+        "AccessPolicies": {
+          "Statement": [
+            {
+              "Action": "es:ESHttp*",
+              "Effect": "Allow",
+              "Principal": {
+                "AWS": [
+                  {
+                    "Fn::GetAtt": [
+                      "testlambdaopensearchCognitoAuthorizedRole58A1ED44",
+                      "Arn"
+                    ]
+                  },
+                  {
+                    "Fn::GetAtt": [
+                      "testlambdaopensearchLambdaFunctionServiceRole4722AB8A",
+                      "Arn"
+                    ]
+                  }
+                ]
+              },
+              "Resource": {
+                "Fn::Join": [
+                  "",
+                  [
+                    "arn:aws:es:",
+                    {
+                      "Ref": "AWS::Region"
+                    },
+                    ":",
+                    {
+                      "Ref": "AWS::AccountId"
+                    },
+                    ":domain/solutions-constructs-domain/*"
+                  ]
+                ]
+              }
+            }
+          ],
+          "Version": "2012-10-17"
+        },
+        "ClusterConfig": {
+          "DedicatedMasterCount": 3,
+          "DedicatedMasterEnabled": true,
+          "InstanceCount": 3,
+          "ZoneAwarenessConfig": {
+            "AvailabilityZoneCount": 3
+          },
+          "ZoneAwarenessEnabled": true
+        },
+        "CognitoOptions": {
+          "Enabled": true,
+          "IdentityPoolId": {
+            "Ref": "testlambdaopensearchCognitoIdentityPool0B1FB311"
+          },
+          "RoleArn": {
+            "Fn::GetAtt": [
+              "testlambdaopensearchCognitoKibanaConfigureRole9623271F",
+              "Arn"
+            ]
+          },
+          "UserPoolId": {
+            "Ref": "testlambdaopensearchCognitoUserPoolA09096F9"
+          }
+        },
+        "DomainName": "solutions-constructs-domain",
+        "EBSOptions": {
+          "EBSEnabled": true,
+          "VolumeSize": 10
+        },
+        "EncryptionAtRestOptions": {
+          "Enabled": true
+        },
+        "EngineVersion": "OpenSearch_1.3",
+        "NodeToNodeEncryptionOptions": {
+          "Enabled": true
+        },
+        "SnapshotOptions": {
+          "AutomatedSnapshotStartHour": 1
+        }
+      },
+      "Metadata": {
+        "cfn_nag": {
+          "rules_to_suppress": [
+            {
+              "id": "W28",
+              "reason": "The OpenSearch Service domain is passed dynamically as as parameter and explicitly specified to ensure that IAM policies are configured to lockdown access to this specific OpenSearch Service instance only"
+            },
+            {
+              "id": "W90",
+              "reason": "This is not a rule for the general case, just for specific use cases/industries"
+            }
+          ]
+        }
+      }
+    },
+    "testlambdaopensearchStatusRedAlarm1627144D": {
+      "Type": "AWS::CloudWatch::Alarm",
+      "Properties": {
+        "ComparisonOperator": "GreaterThanOrEqualToThreshold",
+        "EvaluationPeriods": 1,
+        "AlarmDescription": "At least one primary shard and its replicas are not allocated to a node. ",
+        "MetricName": "ClusterStatus.red",
+        "Namespace": "AWS/ES",
+        "Period": 60,
+        "Statistic": "Maximum",
+        "Threshold": 1
+      }
+    },
+    "testlambdaopensearchStatusYellowAlarm57139CF0": {
+      "Type": "AWS::CloudWatch::Alarm",
+      "Properties": {
+        "ComparisonOperator": "GreaterThanOrEqualToThreshold",
+        "EvaluationPeriods": 1,
+        "AlarmDescription": "At least one replica shard is not allocated to a node.",
+        "MetricName": "ClusterStatus.yellow",
+        "Namespace": "AWS/ES",
+        "Period": 60,
+        "Statistic": "Maximum",
+        "Threshold": 1
+      }
+    },
+    "testlambdaopensearchFreeStorageSpaceTooLowAlarm6A5E1E96": {
+      "Type": "AWS::CloudWatch::Alarm",
+      "Properties": {
+        "ComparisonOperator": "LessThanOrEqualToThreshold",
+        "EvaluationPeriods": 1,
+        "AlarmDescription": "A node in your cluster is down to 20 GiB of free storage space.",
+        "MetricName": "FreeStorageSpace",
+        "Namespace": "AWS/ES",
+        "Period": 60,
+        "Statistic": "Minimum",
+        "Threshold": 20000
+      }
+    },
+    "testlambdaopensearchIndexWritesBlockedTooHighAlarmD2E041A3": {
+      "Type": "AWS::CloudWatch::Alarm",
+      "Properties": {
+        "ComparisonOperator": "GreaterThanOrEqualToThreshold",
+        "EvaluationPeriods": 1,
+        "AlarmDescription": "Your cluster is blocking write requests.",
+        "MetricName": "ClusterIndexWritesBlocked",
+        "Namespace": "AWS/ES",
+        "Period": 300,
+        "Statistic": "Maximum",
+        "Threshold": 1
+      }
+    },
+    "testlambdaopensearchAutomatedSnapshotFailureTooHighAlarm9A4D0B1F": {
+      "Type": "AWS::CloudWatch::Alarm",
+      "Properties": {
+        "ComparisonOperator": "GreaterThanOrEqualToThreshold",
+        "EvaluationPeriods": 1,
+        "AlarmDescription": "An automated snapshot failed. This failure is often the result of a red cluster health status.",
+        "MetricName": "AutomatedSnapshotFailure",
+        "Namespace": "AWS/ES",
+        "Period": 60,
+        "Statistic": "Maximum",
+        "Threshold": 1
+      }
+    },
+    "testlambdaopensearchCPUUtilizationTooHighAlarmC4850758": {
+      "Type": "AWS::CloudWatch::Alarm",
+      "Properties": {
+        "ComparisonOperator": "GreaterThanOrEqualToThreshold",
+        "EvaluationPeriods": 3,
+        "AlarmDescription": "100% CPU utilization is not uncommon, but sustained high usage is problematic. Consider using larger instance types or adding instances.",
+        "MetricName": "CPUUtilization",
+        "Namespace": "AWS/ES",
+        "Period": 900,
+        "Statistic": "Average",
+        "Threshold": 80
+      }
+    },
+    "testlambdaopensearchJVMMemoryPressureTooHighAlarmEFB09A7C": {
+      "Type": "AWS::CloudWatch::Alarm",
+      "Properties": {
+        "ComparisonOperator": "GreaterThanOrEqualToThreshold",
+        "EvaluationPeriods": 1,
+        "AlarmDescription": "Average JVM memory pressure over last 15 minutes too high. Consider scaling vertically.",
+        "MetricName": "JVMMemoryPressure",
+        "Namespace": "AWS/ES",
+        "Period": 900,
+        "Statistic": "Average",
+        "Threshold": 80
+      }
+    },
+    "testlambdaopensearchMasterCPUUtilizationTooHighAlarm124D5748": {
+      "Type": "AWS::CloudWatch::Alarm",
+      "Properties": {
+        "ComparisonOperator": "GreaterThanOrEqualToThreshold",
+        "EvaluationPeriods": 3,
+        "AlarmDescription": "Average CPU utilization over last 45 minutes too high. Consider using larger instance types for your dedicated master nodes.",
+        "MetricName": "MasterCPUUtilization",
+        "Namespace": "AWS/ES",
+        "Period": 900,
+        "Statistic": "Average",
+        "Threshold": 50
+      }
+    },
+    "testlambdaopensearchMasterJVMMemoryPressureTooHighAlarmBC9524D3": {
+      "Type": "AWS::CloudWatch::Alarm",
+      "Properties": {
+        "ComparisonOperator": "GreaterThanOrEqualToThreshold",
+        "EvaluationPeriods": 1,
+        "AlarmDescription": "Average JVM memory pressure over last 15 minutes too high. Consider scaling vertically.",
+        "MetricName": "MasterJVMMemoryPressure",
+        "Namespace": "AWS/ES",
+        "Period": 900,
+        "Statistic": "Average",
+        "Threshold": 50
+      }
+    }
+  },
+  "Parameters": {
+    "BootstrapVersion": {
+      "Type": "AWS::SSM::Parameter::Value<String>",
+      "Default": "/cdk-bootstrap/hnb659fds/version",
+      "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
+    }
+  },
+  "Rules": {
+    "CheckBootstrapVersion": {
+      "Assertions": [
+        {
+          "Assert": {
+            "Fn::Not": [
+              {
+                "Fn::Contains": [
+                  [
+                    "1",
+                    "2",
+                    "3",
+                    "4",
+                    "5"
+                  ],
+                  {
+                    "Ref": "BootstrapVersion"
+                  }
+                ]
+              }
+            ]
+          },
+          "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
+        }
+      ]
+    }
+  }
+}
\ No newline at end of file
diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.domain-arguments.ts b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.domain-arguments.ts
new file mode 100644
index 000000000..7d503e934
--- /dev/null
+++ b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.domain-arguments.ts
@@ -0,0 +1,40 @@
+/**
+ *  Copyright 2022 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance
+ *  with the License. A copy of the License is located at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES
+ *  OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions
+ *  and limitations under the License.
+ */
+
+/// !cdk-integ *
+import { App, Stack } from "aws-cdk-lib";
+import { LambdaToOpenSearch } from "../lib";
+import * as lambda from 'aws-cdk-lib/aws-lambda';
+import { generateIntegStackName } from '@aws-solutions-constructs/core';
+
+// Setup
+const app = new App();
+const stack = new Stack(app, generateIntegStackName(__filename));
+
+const lambdaProps: lambda.FunctionProps = {
+  code: lambda.Code.fromAsset(`${__dirname}/lambda`),
+  runtime: lambda.Runtime.NODEJS_14_X,
+  handler: 'index.handler'
+};
+
+const openSearchDomain = 'solutions-constructs-domain';
+const cognitoDomain = 'cogn-solutions-constructs-domain';
+
+new LambdaToOpenSearch(stack, 'test-lambda-opensearch', {
+  lambdaFunctionProps: lambdaProps,
+  openSearchDomainName: openSearchDomain,
+  cognitoDomainName: cognitoDomain
+});
+
+// Synth
+app.synth();
diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.existing-vpc.expected.json b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.existing-vpc.expected.json
new file mode 100644
index 000000000..b21beaacc
--- /dev/null
+++ b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.existing-vpc.expected.json
@@ -0,0 +1,1431 @@
+{
+  "Resources": {
+    "Vpc8378EB38": {
+      "Type": "AWS::EC2::VPC",
+      "Properties": {
+        "CidrBlock": "172.168.0.0/16",
+        "EnableDnsHostnames": true,
+        "EnableDnsSupport": true,
+        "InstanceTenancy": "default",
+        "Tags": [
+          {
+            "Key": "Name",
+            "Value": "existing-vpc/Vpc"
+          }
+        ]
+      }
+    },
+    "VpcPublicSubnet1Subnet5C2D37C4": {
+      "Type": "AWS::EC2::Subnet",
+      "Properties": {
+        "VpcId": {
+          "Ref": "Vpc8378EB38"
+        },
+        "AvailabilityZone": "test-region-1a",
+        "CidrBlock": "172.168.0.0/19",
+        "MapPublicIpOnLaunch": true,
+        "Tags": [
+          {
+            "Key": "aws-cdk:subnet-name",
+            "Value": "Public"
+          },
+          {
+            "Key": "aws-cdk:subnet-type",
+            "Value": "Public"
+          },
+          {
+            "Key": "Name",
+            "Value": "existing-vpc/Vpc/PublicSubnet1"
+          }
+        ]
+      },
+      "Metadata": {
+        "cfn_nag": {
+          "rules_to_suppress": [
+            {
+              "id": "W33",
+              "reason": "Allow Public Subnets to have MapPublicIpOnLaunch set to true"
+            }
+          ]
+        }
+      }
+    },
+    "VpcPublicSubnet1RouteTable6C95E38E": {
+      "Type": "AWS::EC2::RouteTable",
+      "Properties": {
+        "VpcId": {
+          "Ref": "Vpc8378EB38"
+        },
+        "Tags": [
+          {
+            "Key": "Name",
+            "Value": "existing-vpc/Vpc/PublicSubnet1"
+          }
+        ]
+      }
+    },
+    "VpcPublicSubnet1RouteTableAssociation97140677": {
+      "Type": "AWS::EC2::SubnetRouteTableAssociation",
+      "Properties": {
+        "RouteTableId": {
+          "Ref": "VpcPublicSubnet1RouteTable6C95E38E"
+        },
+        "SubnetId": {
+          "Ref": "VpcPublicSubnet1Subnet5C2D37C4"
+        }
+      }
+    },
+    "VpcPublicSubnet1DefaultRoute3DA9E72A": {
+      "Type": "AWS::EC2::Route",
+      "Properties": {
+        "RouteTableId": {
+          "Ref": "VpcPublicSubnet1RouteTable6C95E38E"
+        },
+        "DestinationCidrBlock": "0.0.0.0/0",
+        "GatewayId": {
+          "Ref": "VpcIGWD7BA715C"
+        }
+      },
+      "DependsOn": [
+        "VpcVPCGWBF912B6E"
+      ]
+    },
+    "VpcPublicSubnet1EIPD7E02669": {
+      "Type": "AWS::EC2::EIP",
+      "Properties": {
+        "Domain": "vpc",
+        "Tags": [
+          {
+            "Key": "Name",
+            "Value": "existing-vpc/Vpc/PublicSubnet1"
+          }
+        ]
+      }
+    },
+    "VpcPublicSubnet1NATGateway4D7517AA": {
+      "Type": "AWS::EC2::NatGateway",
+      "Properties": {
+        "SubnetId": {
+          "Ref": "VpcPublicSubnet1Subnet5C2D37C4"
+        },
+        "AllocationId": {
+          "Fn::GetAtt": [
+            "VpcPublicSubnet1EIPD7E02669",
+            "AllocationId"
+          ]
+        },
+        "Tags": [
+          {
+            "Key": "Name",
+            "Value": "existing-vpc/Vpc/PublicSubnet1"
+          }
+        ]
+      },
+      "DependsOn": [
+        "VpcPublicSubnet1DefaultRoute3DA9E72A",
+        "VpcPublicSubnet1RouteTableAssociation97140677"
+      ]
+    },
+    "VpcPublicSubnet2Subnet691E08A3": {
+      "Type": "AWS::EC2::Subnet",
+      "Properties": {
+        "VpcId": {
+          "Ref": "Vpc8378EB38"
+        },
+        "AvailabilityZone": "test-region-1b",
+        "CidrBlock": "172.168.32.0/19",
+        "MapPublicIpOnLaunch": true,
+        "Tags": [
+          {
+            "Key": "aws-cdk:subnet-name",
+            "Value": "Public"
+          },
+          {
+            "Key": "aws-cdk:subnet-type",
+            "Value": "Public"
+          },
+          {
+            "Key": "Name",
+            "Value": "existing-vpc/Vpc/PublicSubnet2"
+          }
+        ]
+      },
+      "Metadata": {
+        "cfn_nag": {
+          "rules_to_suppress": [
+            {
+              "id": "W33",
+              "reason": "Allow Public Subnets to have MapPublicIpOnLaunch set to true"
+            }
+          ]
+        }
+      }
+    },
+    "VpcPublicSubnet2RouteTable94F7E489": {
+      "Type": "AWS::EC2::RouteTable",
+      "Properties": {
+        "VpcId": {
+          "Ref": "Vpc8378EB38"
+        },
+        "Tags": [
+          {
+            "Key": "Name",
+            "Value": "existing-vpc/Vpc/PublicSubnet2"
+          }
+        ]
+      }
+    },
+    "VpcPublicSubnet2RouteTableAssociationDD5762D8": {
+      "Type": "AWS::EC2::SubnetRouteTableAssociation",
+      "Properties": {
+        "RouteTableId": {
+          "Ref": "VpcPublicSubnet2RouteTable94F7E489"
+        },
+        "SubnetId": {
+          "Ref": "VpcPublicSubnet2Subnet691E08A3"
+        }
+      }
+    },
+    "VpcPublicSubnet2DefaultRoute97F91067": {
+      "Type": "AWS::EC2::Route",
+      "Properties": {
+        "RouteTableId": {
+          "Ref": "VpcPublicSubnet2RouteTable94F7E489"
+        },
+        "DestinationCidrBlock": "0.0.0.0/0",
+        "GatewayId": {
+          "Ref": "VpcIGWD7BA715C"
+        }
+      },
+      "DependsOn": [
+        "VpcVPCGWBF912B6E"
+      ]
+    },
+    "VpcPublicSubnet2EIP3C605A87": {
+      "Type": "AWS::EC2::EIP",
+      "Properties": {
+        "Domain": "vpc",
+        "Tags": [
+          {
+            "Key": "Name",
+            "Value": "existing-vpc/Vpc/PublicSubnet2"
+          }
+        ]
+      }
+    },
+    "VpcPublicSubnet2NATGateway9182C01D": {
+      "Type": "AWS::EC2::NatGateway",
+      "Properties": {
+        "SubnetId": {
+          "Ref": "VpcPublicSubnet2Subnet691E08A3"
+        },
+        "AllocationId": {
+          "Fn::GetAtt": [
+            "VpcPublicSubnet2EIP3C605A87",
+            "AllocationId"
+          ]
+        },
+        "Tags": [
+          {
+            "Key": "Name",
+            "Value": "existing-vpc/Vpc/PublicSubnet2"
+          }
+        ]
+      },
+      "DependsOn": [
+        "VpcPublicSubnet2DefaultRoute97F91067",
+        "VpcPublicSubnet2RouteTableAssociationDD5762D8"
+      ]
+    },
+    "VpcPublicSubnet3SubnetBE12F0B6": {
+      "Type": "AWS::EC2::Subnet",
+      "Properties": {
+        "VpcId": {
+          "Ref": "Vpc8378EB38"
+        },
+        "AvailabilityZone": "test-region-1c",
+        "CidrBlock": "172.168.64.0/19",
+        "MapPublicIpOnLaunch": true,
+        "Tags": [
+          {
+            "Key": "aws-cdk:subnet-name",
+            "Value": "Public"
+          },
+          {
+            "Key": "aws-cdk:subnet-type",
+            "Value": "Public"
+          },
+          {
+            "Key": "Name",
+            "Value": "existing-vpc/Vpc/PublicSubnet3"
+          }
+        ]
+      },
+      "Metadata": {
+        "cfn_nag": {
+          "rules_to_suppress": [
+            {
+              "id": "W33",
+              "reason": "Allow Public Subnets to have MapPublicIpOnLaunch set to true"
+            }
+          ]
+        }
+      }
+    },
+    "VpcPublicSubnet3RouteTable93458DBB": {
+      "Type": "AWS::EC2::RouteTable",
+      "Properties": {
+        "VpcId": {
+          "Ref": "Vpc8378EB38"
+        },
+        "Tags": [
+          {
+            "Key": "Name",
+            "Value": "existing-vpc/Vpc/PublicSubnet3"
+          }
+        ]
+      }
+    },
+    "VpcPublicSubnet3RouteTableAssociation1F1EDF02": {
+      "Type": "AWS::EC2::SubnetRouteTableAssociation",
+      "Properties": {
+        "RouteTableId": {
+          "Ref": "VpcPublicSubnet3RouteTable93458DBB"
+        },
+        "SubnetId": {
+          "Ref": "VpcPublicSubnet3SubnetBE12F0B6"
+        }
+      }
+    },
+    "VpcPublicSubnet3DefaultRoute4697774F": {
+      "Type": "AWS::EC2::Route",
+      "Properties": {
+        "RouteTableId": {
+          "Ref": "VpcPublicSubnet3RouteTable93458DBB"
+        },
+        "DestinationCidrBlock": "0.0.0.0/0",
+        "GatewayId": {
+          "Ref": "VpcIGWD7BA715C"
+        }
+      },
+      "DependsOn": [
+        "VpcVPCGWBF912B6E"
+      ]
+    },
+    "VpcPublicSubnet3EIP3A666A23": {
+      "Type": "AWS::EC2::EIP",
+      "Properties": {
+        "Domain": "vpc",
+        "Tags": [
+          {
+            "Key": "Name",
+            "Value": "existing-vpc/Vpc/PublicSubnet3"
+          }
+        ]
+      }
+    },
+    "VpcPublicSubnet3NATGateway7640CD1D": {
+      "Type": "AWS::EC2::NatGateway",
+      "Properties": {
+        "SubnetId": {
+          "Ref": "VpcPublicSubnet3SubnetBE12F0B6"
+        },
+        "AllocationId": {
+          "Fn::GetAtt": [
+            "VpcPublicSubnet3EIP3A666A23",
+            "AllocationId"
+          ]
+        },
+        "Tags": [
+          {
+            "Key": "Name",
+            "Value": "existing-vpc/Vpc/PublicSubnet3"
+          }
+        ]
+      },
+      "DependsOn": [
+        "VpcPublicSubnet3DefaultRoute4697774F",
+        "VpcPublicSubnet3RouteTableAssociation1F1EDF02"
+      ]
+    },
+    "VpcPrivateSubnet1Subnet536B997A": {
+      "Type": "AWS::EC2::Subnet",
+      "Properties": {
+        "VpcId": {
+          "Ref": "Vpc8378EB38"
+        },
+        "AvailabilityZone": "test-region-1a",
+        "CidrBlock": "172.168.96.0/19",
+        "MapPublicIpOnLaunch": false,
+        "Tags": [
+          {
+            "Key": "aws-cdk:subnet-name",
+            "Value": "Private"
+          },
+          {
+            "Key": "aws-cdk:subnet-type",
+            "Value": "Private"
+          },
+          {
+            "Key": "Name",
+            "Value": "existing-vpc/Vpc/PrivateSubnet1"
+          }
+        ]
+      }
+    },
+    "VpcPrivateSubnet1RouteTableB2C5B500": {
+      "Type": "AWS::EC2::RouteTable",
+      "Properties": {
+        "VpcId": {
+          "Ref": "Vpc8378EB38"
+        },
+        "Tags": [
+          {
+            "Key": "Name",
+            "Value": "existing-vpc/Vpc/PrivateSubnet1"
+          }
+        ]
+      }
+    },
+    "VpcPrivateSubnet1RouteTableAssociation70C59FA6": {
+      "Type": "AWS::EC2::SubnetRouteTableAssociation",
+      "Properties": {
+        "RouteTableId": {
+          "Ref": "VpcPrivateSubnet1RouteTableB2C5B500"
+        },
+        "SubnetId": {
+          "Ref": "VpcPrivateSubnet1Subnet536B997A"
+        }
+      }
+    },
+    "VpcPrivateSubnet1DefaultRouteBE02A9ED": {
+      "Type": "AWS::EC2::Route",
+      "Properties": {
+        "RouteTableId": {
+          "Ref": "VpcPrivateSubnet1RouteTableB2C5B500"
+        },
+        "DestinationCidrBlock": "0.0.0.0/0",
+        "NatGatewayId": {
+          "Ref": "VpcPublicSubnet1NATGateway4D7517AA"
+        }
+      }
+    },
+    "VpcPrivateSubnet2Subnet3788AAA1": {
+      "Type": "AWS::EC2::Subnet",
+      "Properties": {
+        "VpcId": {
+          "Ref": "Vpc8378EB38"
+        },
+        "AvailabilityZone": "test-region-1b",
+        "CidrBlock": "172.168.128.0/19",
+        "MapPublicIpOnLaunch": false,
+        "Tags": [
+          {
+            "Key": "aws-cdk:subnet-name",
+            "Value": "Private"
+          },
+          {
+            "Key": "aws-cdk:subnet-type",
+            "Value": "Private"
+          },
+          {
+            "Key": "Name",
+            "Value": "existing-vpc/Vpc/PrivateSubnet2"
+          }
+        ]
+      }
+    },
+    "VpcPrivateSubnet2RouteTableA678073B": {
+      "Type": "AWS::EC2::RouteTable",
+      "Properties": {
+        "VpcId": {
+          "Ref": "Vpc8378EB38"
+        },
+        "Tags": [
+          {
+            "Key": "Name",
+            "Value": "existing-vpc/Vpc/PrivateSubnet2"
+          }
+        ]
+      }
+    },
+    "VpcPrivateSubnet2RouteTableAssociationA89CAD56": {
+      "Type": "AWS::EC2::SubnetRouteTableAssociation",
+      "Properties": {
+        "RouteTableId": {
+          "Ref": "VpcPrivateSubnet2RouteTableA678073B"
+        },
+        "SubnetId": {
+          "Ref": "VpcPrivateSubnet2Subnet3788AAA1"
+        }
+      }
+    },
+    "VpcPrivateSubnet2DefaultRoute060D2087": {
+      "Type": "AWS::EC2::Route",
+      "Properties": {
+        "RouteTableId": {
+          "Ref": "VpcPrivateSubnet2RouteTableA678073B"
+        },
+        "DestinationCidrBlock": "0.0.0.0/0",
+        "NatGatewayId": {
+          "Ref": "VpcPublicSubnet2NATGateway9182C01D"
+        }
+      }
+    },
+    "VpcPrivateSubnet3SubnetF258B56E": {
+      "Type": "AWS::EC2::Subnet",
+      "Properties": {
+        "VpcId": {
+          "Ref": "Vpc8378EB38"
+        },
+        "AvailabilityZone": "test-region-1c",
+        "CidrBlock": "172.168.160.0/19",
+        "MapPublicIpOnLaunch": false,
+        "Tags": [
+          {
+            "Key": "aws-cdk:subnet-name",
+            "Value": "Private"
+          },
+          {
+            "Key": "aws-cdk:subnet-type",
+            "Value": "Private"
+          },
+          {
+            "Key": "Name",
+            "Value": "existing-vpc/Vpc/PrivateSubnet3"
+          }
+        ]
+      }
+    },
+    "VpcPrivateSubnet3RouteTableD98824C7": {
+      "Type": "AWS::EC2::RouteTable",
+      "Properties": {
+        "VpcId": {
+          "Ref": "Vpc8378EB38"
+        },
+        "Tags": [
+          {
+            "Key": "Name",
+            "Value": "existing-vpc/Vpc/PrivateSubnet3"
+          }
+        ]
+      }
+    },
+    "VpcPrivateSubnet3RouteTableAssociation16BDDC43": {
+      "Type": "AWS::EC2::SubnetRouteTableAssociation",
+      "Properties": {
+        "RouteTableId": {
+          "Ref": "VpcPrivateSubnet3RouteTableD98824C7"
+        },
+        "SubnetId": {
+          "Ref": "VpcPrivateSubnet3SubnetF258B56E"
+        }
+      }
+    },
+    "VpcPrivateSubnet3DefaultRoute94B74F0D": {
+      "Type": "AWS::EC2::Route",
+      "Properties": {
+        "RouteTableId": {
+          "Ref": "VpcPrivateSubnet3RouteTableD98824C7"
+        },
+        "DestinationCidrBlock": "0.0.0.0/0",
+        "NatGatewayId": {
+          "Ref": "VpcPublicSubnet3NATGateway7640CD1D"
+        }
+      }
+    },
+    "VpcIGWD7BA715C": {
+      "Type": "AWS::EC2::InternetGateway",
+      "Properties": {
+        "Tags": [
+          {
+            "Key": "Name",
+            "Value": "existing-vpc/Vpc"
+          }
+        ]
+      }
+    },
+    "VpcVPCGWBF912B6E": {
+      "Type": "AWS::EC2::VPCGatewayAttachment",
+      "Properties": {
+        "VpcId": {
+          "Ref": "Vpc8378EB38"
+        },
+        "InternetGatewayId": {
+          "Ref": "VpcIGWD7BA715C"
+        }
+      }
+    },
+    "VpcFlowLogIAMRole6A475D41": {
+      "Type": "AWS::IAM::Role",
+      "Properties": {
+        "AssumeRolePolicyDocument": {
+          "Statement": [
+            {
+              "Action": "sts:AssumeRole",
+              "Effect": "Allow",
+              "Principal": {
+                "Service": "vpc-flow-logs.amazonaws.com"
+              }
+            }
+          ],
+          "Version": "2012-10-17"
+        },
+        "Tags": [
+          {
+            "Key": "Name",
+            "Value": "existing-vpc/Vpc"
+          }
+        ]
+      }
+    },
+    "VpcFlowLogIAMRoleDefaultPolicy406FB995": {
+      "Type": "AWS::IAM::Policy",
+      "Properties": {
+        "PolicyDocument": {
+          "Statement": [
+            {
+              "Action": [
+                "logs:CreateLogStream",
+                "logs:PutLogEvents",
+                "logs:DescribeLogStreams"
+              ],
+              "Effect": "Allow",
+              "Resource": {
+                "Fn::GetAtt": [
+                  "VpcFlowLogLogGroup7B5C56B9",
+                  "Arn"
+                ]
+              }
+            },
+            {
+              "Action": "iam:PassRole",
+              "Effect": "Allow",
+              "Resource": {
+                "Fn::GetAtt": [
+                  "VpcFlowLogIAMRole6A475D41",
+                  "Arn"
+                ]
+              }
+            }
+          ],
+          "Version": "2012-10-17"
+        },
+        "PolicyName": "VpcFlowLogIAMRoleDefaultPolicy406FB995",
+        "Roles": [
+          {
+            "Ref": "VpcFlowLogIAMRole6A475D41"
+          }
+        ]
+      }
+    },
+    "VpcFlowLogLogGroup7B5C56B9": {
+      "Type": "AWS::Logs::LogGroup",
+      "Properties": {
+        "RetentionInDays": 731,
+        "Tags": [
+          {
+            "Key": "Name",
+            "Value": "existing-vpc/Vpc"
+          }
+        ]
+      },
+      "UpdateReplacePolicy": "Retain",
+      "DeletionPolicy": "Retain",
+      "Metadata": {
+        "cfn_nag": {
+          "rules_to_suppress": [
+            {
+              "id": "W84",
+              "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)"
+            }
+          ]
+        }
+      }
+    },
+    "VpcFlowLog8FF33A73": {
+      "Type": "AWS::EC2::FlowLog",
+      "Properties": {
+        "ResourceId": {
+          "Ref": "Vpc8378EB38"
+        },
+        "ResourceType": "VPC",
+        "TrafficType": "ALL",
+        "DeliverLogsPermissionArn": {
+          "Fn::GetAtt": [
+            "VpcFlowLogIAMRole6A475D41",
+            "Arn"
+          ]
+        },
+        "LogDestinationType": "cloud-watch-logs",
+        "LogGroupName": {
+          "Ref": "VpcFlowLogLogGroup7B5C56B9"
+        },
+        "Tags": [
+          {
+            "Key": "Name",
+            "Value": "existing-vpc/Vpc"
+          }
+        ]
+      }
+    },
+    "testlambdaelasticsearchkibana4LambdaFunctionServiceRoleA52BB7F9": {
+      "Type": "AWS::IAM::Role",
+      "Properties": {
+        "AssumeRolePolicyDocument": {
+          "Statement": [
+            {
+              "Action": "sts:AssumeRole",
+              "Effect": "Allow",
+              "Principal": {
+                "Service": "lambda.amazonaws.com"
+              }
+            }
+          ],
+          "Version": "2012-10-17"
+        },
+        "Policies": [
+          {
+            "PolicyDocument": {
+              "Statement": [
+                {
+                  "Action": [
+                    "logs:CreateLogGroup",
+                    "logs:CreateLogStream",
+                    "logs:PutLogEvents"
+                  ],
+                  "Effect": "Allow",
+                  "Resource": {
+                    "Fn::Join": [
+                      "",
+                      [
+                        "arn:",
+                        {
+                          "Ref": "AWS::Partition"
+                        },
+                        ":logs:",
+                        {
+                          "Ref": "AWS::Region"
+                        },
+                        ":",
+                        {
+                          "Ref": "AWS::AccountId"
+                        },
+                        ":log-group:/aws/lambda/*"
+                      ]
+                    ]
+                  }
+                }
+              ],
+              "Version": "2012-10-17"
+            },
+            "PolicyName": "LambdaFunctionServiceRolePolicy"
+          }
+        ]
+      }
+    },
+    "testlambdaelasticsearchkibana4LambdaFunctionServiceRoleDefaultPolicyA5AD88E5": {
+      "Type": "AWS::IAM::Policy",
+      "Properties": {
+        "PolicyDocument": {
+          "Statement": [
+            {
+              "Action": [
+                "ec2:CreateNetworkInterface",
+                "ec2:DescribeNetworkInterfaces",
+                "ec2:DeleteNetworkInterface",
+                "ec2:AssignPrivateIpAddresses",
+                "ec2:UnassignPrivateIpAddresses"
+              ],
+              "Effect": "Allow",
+              "Resource": "*"
+            },
+            {
+              "Action": [
+                "xray:PutTraceSegments",
+                "xray:PutTelemetryRecords"
+              ],
+              "Effect": "Allow",
+              "Resource": "*"
+            }
+          ],
+          "Version": "2012-10-17"
+        },
+        "PolicyName": "testlambdaelasticsearchkibana4LambdaFunctionServiceRoleDefaultPolicyA5AD88E5",
+        "Roles": [
+          {
+            "Ref": "testlambdaelasticsearchkibana4LambdaFunctionServiceRoleA52BB7F9"
+          }
+        ]
+      },
+      "Metadata": {
+        "cfn_nag": {
+          "rules_to_suppress": [
+            {
+              "id": "W12",
+              "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC."
+            }
+          ]
+        }
+      }
+    },
+    "testlambdaelasticsearchkibana4ReplaceDefaultSecurityGroupsecuritygroupA79E2B92": {
+      "Type": "AWS::EC2::SecurityGroup",
+      "Properties": {
+        "GroupDescription": "existing-vpc/test-lambda-elasticsearch-kibana4/ReplaceDefaultSecurityGroup-security-group",
+        "SecurityGroupEgress": [
+          {
+            "CidrIp": "0.0.0.0/0",
+            "Description": "Allow all outbound traffic by default",
+            "IpProtocol": "-1"
+          }
+        ],
+        "VpcId": {
+          "Ref": "Vpc8378EB38"
+        }
+      },
+      "Metadata": {
+        "cfn_nag": {
+          "rules_to_suppress": [
+            {
+              "id": "W5",
+              "reason": "Egress of 0.0.0.0/0 is default and generally considered OK"
+            },
+            {
+              "id": "W40",
+              "reason": "Egress IPProtocol of -1 is default and generally considered OK"
+            }
+          ]
+        }
+      }
+    },
+    "testlambdaelasticsearchkibana4LambdaFunction2C5856DF": {
+      "Type": "AWS::Lambda::Function",
+      "Properties": {
+        "Code": {
+          "S3Bucket": "cdk-hnb659fds-assets-12345678-test-region",
+          "S3Key": "466cbfc6653782bd2707dec5bc5c58005c75a8bff3660a58eefa57d667120240.zip"
+        },
+        "Role": {
+          "Fn::GetAtt": [
+            "testlambdaelasticsearchkibana4LambdaFunctionServiceRoleA52BB7F9",
+            "Arn"
+          ]
+        },
+        "Environment": {
+          "Variables": {
+            "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1",
+            "DOMAIN_ENDPOINT": {
+              "Fn::GetAtt": [
+                "testlambdaelasticsearchkibana4OpenSearchDomain94EAD3A3",
+                "DomainEndpoint"
+              ]
+            }
+          }
+        },
+        "Handler": "index.handler",
+        "Runtime": "nodejs14.x",
+        "TracingConfig": {
+          "Mode": "Active"
+        },
+        "VpcConfig": {
+          "SecurityGroupIds": [
+            {
+              "Fn::GetAtt": [
+                "testlambdaelasticsearchkibana4ReplaceDefaultSecurityGroupsecuritygroupA79E2B92",
+                "GroupId"
+              ]
+            }
+          ],
+          "SubnetIds": [
+            {
+              "Ref": "VpcPrivateSubnet1Subnet536B997A"
+            },
+            {
+              "Ref": "VpcPrivateSubnet2Subnet3788AAA1"
+            },
+            {
+              "Ref": "VpcPrivateSubnet3SubnetF258B56E"
+            }
+          ]
+        }
+      },
+      "DependsOn": [
+        "testlambdaelasticsearchkibana4LambdaFunctionServiceRoleDefaultPolicyA5AD88E5",
+        "testlambdaelasticsearchkibana4LambdaFunctionServiceRoleA52BB7F9",
+        "VpcPrivateSubnet1DefaultRouteBE02A9ED",
+        "VpcPrivateSubnet1RouteTableAssociation70C59FA6",
+        "VpcPrivateSubnet2DefaultRoute060D2087",
+        "VpcPrivateSubnet2RouteTableAssociationA89CAD56",
+        "VpcPrivateSubnet3DefaultRoute94B74F0D",
+        "VpcPrivateSubnet3RouteTableAssociation16BDDC43"
+      ],
+      "Metadata": {
+        "cfn_nag": {
+          "rules_to_suppress": [
+            {
+              "id": "W58",
+              "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions."
+            },
+            {
+              "id": "W89",
+              "reason": "This is not a rule for the general case, just for specific use cases/industries"
+            },
+            {
+              "id": "W92",
+              "reason": "Impossible for us to define the correct concurrency for clients"
+            }
+          ]
+        }
+      }
+    },
+    "testlambdaelasticsearchkibana4CognitoUserPool37A5CDE1": {
+      "Type": "AWS::Cognito::UserPool",
+      "Properties": {
+        "AccountRecoverySetting": {
+          "RecoveryMechanisms": [
+            {
+              "Name": "verified_phone_number",
+              "Priority": 1
+            },
+            {
+              "Name": "verified_email",
+              "Priority": 2
+            }
+          ]
+        },
+        "AdminCreateUserConfig": {
+          "AllowAdminCreateUserOnly": true
+        },
+        "EmailVerificationMessage": "The verification code to your new account is {####}",
+        "EmailVerificationSubject": "Verify your new account",
+        "SmsVerificationMessage": "The verification code to your new account is {####}",
+        "UserPoolAddOns": {
+          "AdvancedSecurityMode": "ENFORCED"
+        },
+        "VerificationMessageTemplate": {
+          "DefaultEmailOption": "CONFIRM_WITH_CODE",
+          "EmailMessage": "The verification code to your new account is {####}",
+          "EmailSubject": "Verify your new account",
+          "SmsMessage": "The verification code to your new account is {####}"
+        }
+      },
+      "UpdateReplacePolicy": "Retain",
+      "DeletionPolicy": "Retain"
+    },
+    "testlambdaelasticsearchkibana4CognitoUserPoolClientABBF34C4": {
+      "Type": "AWS::Cognito::UserPoolClient",
+      "Properties": {
+        "UserPoolId": {
+          "Ref": "testlambdaelasticsearchkibana4CognitoUserPool37A5CDE1"
+        },
+        "AllowedOAuthFlows": [
+          "implicit",
+          "code"
+        ],
+        "AllowedOAuthFlowsUserPoolClient": true,
+        "AllowedOAuthScopes": [
+          "profile",
+          "phone",
+          "email",
+          "openid",
+          "aws.cognito.signin.user.admin"
+        ],
+        "CallbackURLs": [
+          "https://example.com"
+        ],
+        "SupportedIdentityProviders": [
+          "COGNITO"
+        ]
+      }
+    },
+    "testlambdaelasticsearchkibana4CognitoIdentityPool76EE9793": {
+      "Type": "AWS::Cognito::IdentityPool",
+      "Properties": {
+        "AllowUnauthenticatedIdentities": false,
+        "CognitoIdentityProviders": [
+          {
+            "ClientId": {
+              "Ref": "testlambdaelasticsearchkibana4CognitoUserPoolClientABBF34C4"
+            },
+            "ProviderName": {
+              "Fn::GetAtt": [
+                "testlambdaelasticsearchkibana4CognitoUserPool37A5CDE1",
+                "ProviderName"
+              ]
+            },
+            "ServerSideTokenCheck": true
+          }
+        ]
+      }
+    },
+    "testlambdaelasticsearchkibana4UserPoolDomain4CAAF2F6": {
+      "Type": "AWS::Cognito::UserPoolDomain",
+      "Properties": {
+        "Domain": "deploytestwithexistingvpc",
+        "UserPoolId": {
+          "Ref": "testlambdaelasticsearchkibana4CognitoUserPool37A5CDE1"
+        }
+      },
+      "DependsOn": [
+        "testlambdaelasticsearchkibana4CognitoUserPool37A5CDE1"
+      ]
+    },
+    "testlambdaelasticsearchkibana4CognitoAuthorizedRoleA7D6B392": {
+      "Type": "AWS::IAM::Role",
+      "Properties": {
+        "AssumeRolePolicyDocument": {
+          "Statement": [
+            {
+              "Action": "sts:AssumeRoleWithWebIdentity",
+              "Condition": {
+                "StringEquals": {
+                  "cognito-identity.amazonaws.com:aud": {
+                    "Ref": "testlambdaelasticsearchkibana4CognitoIdentityPool76EE9793"
+                  }
+                },
+                "ForAnyValue:StringLike": {
+                  "cognito-identity.amazonaws.com:amr": "authenticated"
+                }
+              },
+              "Effect": "Allow",
+              "Principal": {
+                "Federated": "cognito-identity.amazonaws.com"
+              }
+            }
+          ],
+          "Version": "2012-10-17"
+        },
+        "Policies": [
+          {
+            "PolicyDocument": {
+              "Statement": [
+                {
+                  "Action": "es:ESHttp*",
+                  "Effect": "Allow",
+                  "Resource": {
+                    "Fn::Join": [
+                      "",
+                      [
+                        "arn:",
+                        {
+                          "Ref": "AWS::Partition"
+                        },
+                        ":es:",
+                        {
+                          "Ref": "AWS::Region"
+                        },
+                        ":",
+                        {
+                          "Ref": "AWS::AccountId"
+                        },
+                        ":domain/deploytestwithexistingvpc/*"
+                      ]
+                    ]
+                  }
+                }
+              ],
+              "Version": "2012-10-17"
+            },
+            "PolicyName": "CognitoAccessPolicy"
+          }
+        ]
+      }
+    },
+    "testlambdaelasticsearchkibana4IdentityPoolRoleMapping9378D177": {
+      "Type": "AWS::Cognito::IdentityPoolRoleAttachment",
+      "Properties": {
+        "IdentityPoolId": {
+          "Ref": "testlambdaelasticsearchkibana4CognitoIdentityPool76EE9793"
+        },
+        "Roles": {
+          "authenticated": {
+            "Fn::GetAtt": [
+              "testlambdaelasticsearchkibana4CognitoAuthorizedRoleA7D6B392",
+              "Arn"
+            ]
+          }
+        }
+      }
+    },
+    "testlambdaelasticsearchkibana4CognitoKibanaConfigureRole6A058B80": {
+      "Type": "AWS::IAM::Role",
+      "Properties": {
+        "AssumeRolePolicyDocument": {
+          "Statement": [
+            {
+              "Action": "sts:AssumeRole",
+              "Effect": "Allow",
+              "Principal": {
+                "Service": "es.amazonaws.com"
+              }
+            }
+          ],
+          "Version": "2012-10-17"
+        }
+      }
+    },
+    "testlambdaelasticsearchkibana4CognitoKibanaConfigureRolePolicy1615E937": {
+      "Type": "AWS::IAM::Policy",
+      "Properties": {
+        "PolicyDocument": {
+          "Statement": [
+            {
+              "Action": [
+                "cognito-idp:DescribeUserPool",
+                "cognito-idp:CreateUserPoolClient",
+                "cognito-idp:DeleteUserPoolClient",
+                "cognito-idp:DescribeUserPoolClient",
+                "cognito-idp:AdminInitiateAuth",
+                "cognito-idp:AdminUserGlobalSignOut",
+                "cognito-idp:ListUserPoolClients",
+                "cognito-identity:DescribeIdentityPool",
+                "cognito-identity:UpdateIdentityPool",
+                "cognito-identity:SetIdentityPoolRoles",
+                "cognito-identity:GetIdentityPoolRoles",
+                "es:UpdateDomainConfig"
+              ],
+              "Effect": "Allow",
+              "Resource": [
+                {
+                  "Fn::GetAtt": [
+                    "testlambdaelasticsearchkibana4CognitoUserPool37A5CDE1",
+                    "Arn"
+                  ]
+                },
+                {
+                  "Fn::Join": [
+                    "",
+                    [
+                      "arn:aws:cognito-identity:",
+                      {
+                        "Ref": "AWS::Region"
+                      },
+                      ":",
+                      {
+                        "Ref": "AWS::AccountId"
+                      },
+                      ":identitypool/",
+                      {
+                        "Ref": "testlambdaelasticsearchkibana4CognitoIdentityPool76EE9793"
+                      }
+                    ]
+                  ]
+                },
+                {
+                  "Fn::Join": [
+                    "",
+                    [
+                      "arn:aws:es:",
+                      {
+                        "Ref": "AWS::Region"
+                      },
+                      ":",
+                      {
+                        "Ref": "AWS::AccountId"
+                      },
+                      ":domain/deploytestwithexistingvpc"
+                    ]
+                  ]
+                }
+              ]
+            },
+            {
+              "Action": "iam:PassRole",
+              "Condition": {
+                "StringLike": {
+                  "iam:PassedToService": "cognito-identity.amazonaws.com"
+                }
+              },
+              "Effect": "Allow",
+              "Resource": {
+                "Fn::GetAtt": [
+                  "testlambdaelasticsearchkibana4CognitoKibanaConfigureRole6A058B80",
+                  "Arn"
+                ]
+              }
+            }
+          ],
+          "Version": "2012-10-17"
+        },
+        "PolicyName": "testlambdaelasticsearchkibana4CognitoKibanaConfigureRolePolicy1615E937",
+        "Roles": [
+          {
+            "Ref": "testlambdaelasticsearchkibana4CognitoKibanaConfigureRole6A058B80"
+          }
+        ]
+      }
+    },
+    "testlambdaelasticsearchkibana4OpenSearchDomain94EAD3A3": {
+      "Type": "AWS::OpenSearchService::Domain",
+      "Properties": {
+        "AccessPolicies": {
+          "Statement": [
+            {
+              "Action": "es:ESHttp*",
+              "Effect": "Allow",
+              "Principal": {
+                "AWS": [
+                  {
+                    "Fn::GetAtt": [
+                      "testlambdaelasticsearchkibana4CognitoAuthorizedRoleA7D6B392",
+                      "Arn"
+                    ]
+                  },
+                  {
+                    "Fn::GetAtt": [
+                      "testlambdaelasticsearchkibana4LambdaFunctionServiceRoleA52BB7F9",
+                      "Arn"
+                    ]
+                  }
+                ]
+              },
+              "Resource": {
+                "Fn::Join": [
+                  "",
+                  [
+                    "arn:aws:es:",
+                    {
+                      "Ref": "AWS::Region"
+                    },
+                    ":",
+                    {
+                      "Ref": "AWS::AccountId"
+                    },
+                    ":domain/deploytestwithexistingvpc/*"
+                  ]
+                ]
+              }
+            }
+          ],
+          "Version": "2012-10-17"
+        },
+        "ClusterConfig": {
+          "DedicatedMasterCount": 3,
+          "DedicatedMasterEnabled": true,
+          "InstanceCount": 3,
+          "ZoneAwarenessConfig": {
+            "AvailabilityZoneCount": 3
+          },
+          "ZoneAwarenessEnabled": true
+        },
+        "CognitoOptions": {
+          "Enabled": true,
+          "IdentityPoolId": {
+            "Ref": "testlambdaelasticsearchkibana4CognitoIdentityPool76EE9793"
+          },
+          "RoleArn": {
+            "Fn::GetAtt": [
+              "testlambdaelasticsearchkibana4CognitoKibanaConfigureRole6A058B80",
+              "Arn"
+            ]
+          },
+          "UserPoolId": {
+            "Ref": "testlambdaelasticsearchkibana4CognitoUserPool37A5CDE1"
+          }
+        },
+        "DomainName": "deploytestwithexistingvpc",
+        "EBSOptions": {
+          "EBSEnabled": true,
+          "VolumeSize": 10
+        },
+        "EncryptionAtRestOptions": {
+          "Enabled": true
+        },
+        "EngineVersion": "OpenSearch_1.3",
+        "NodeToNodeEncryptionOptions": {
+          "Enabled": true
+        },
+        "SnapshotOptions": {
+          "AutomatedSnapshotStartHour": 1
+        },
+        "VPCOptions": {
+          "SecurityGroupIds": [
+            {
+              "Fn::GetAtt": [
+                "testlambdaelasticsearchkibana4ReplaceDefaultSecurityGroupsecuritygroupA79E2B92",
+                "GroupId"
+              ]
+            }
+          ],
+          "SubnetIds": [
+            {
+              "Ref": "VpcPrivateSubnet1Subnet536B997A"
+            },
+            {
+              "Ref": "VpcPrivateSubnet2Subnet3788AAA1"
+            },
+            {
+              "Ref": "VpcPrivateSubnet3SubnetF258B56E"
+            }
+          ]
+        }
+      },
+      "Metadata": {
+        "cfn_nag": {
+          "rules_to_suppress": [
+            {
+              "id": "W28",
+              "reason": "The OpenSearch Service domain is passed dynamically as as parameter and explicitly specified to ensure that IAM policies are configured to lockdown access to this specific OpenSearch Service instance only"
+            },
+            {
+              "id": "W90",
+              "reason": "This is not a rule for the general case, just for specific use cases/industries"
+            }
+          ]
+        }
+      }
+    },
+    "testlambdaelasticsearchkibana4StatusRedAlarm56DEE5C7": {
+      "Type": "AWS::CloudWatch::Alarm",
+      "Properties": {
+        "ComparisonOperator": "GreaterThanOrEqualToThreshold",
+        "EvaluationPeriods": 1,
+        "AlarmDescription": "At least one primary shard and its replicas are not allocated to a node. ",
+        "MetricName": "ClusterStatus.red",
+        "Namespace": "AWS/ES",
+        "Period": 60,
+        "Statistic": "Maximum",
+        "Threshold": 1
+      }
+    },
+    "testlambdaelasticsearchkibana4StatusYellowAlarm810B4F9E": {
+      "Type": "AWS::CloudWatch::Alarm",
+      "Properties": {
+        "ComparisonOperator": "GreaterThanOrEqualToThreshold",
+        "EvaluationPeriods": 1,
+        "AlarmDescription": "At least one replica shard is not allocated to a node.",
+        "MetricName": "ClusterStatus.yellow",
+        "Namespace": "AWS/ES",
+        "Period": 60,
+        "Statistic": "Maximum",
+        "Threshold": 1
+      }
+    },
+    "testlambdaelasticsearchkibana4FreeStorageSpaceTooLowAlarmF3FB31EA": {
+      "Type": "AWS::CloudWatch::Alarm",
+      "Properties": {
+        "ComparisonOperator": "LessThanOrEqualToThreshold",
+        "EvaluationPeriods": 1,
+        "AlarmDescription": "A node in your cluster is down to 20 GiB of free storage space.",
+        "MetricName": "FreeStorageSpace",
+        "Namespace": "AWS/ES",
+        "Period": 60,
+        "Statistic": "Minimum",
+        "Threshold": 20000
+      }
+    },
+    "testlambdaelasticsearchkibana4IndexWritesBlockedTooHighAlarmF2968C92": {
+      "Type": "AWS::CloudWatch::Alarm",
+      "Properties": {
+        "ComparisonOperator": "GreaterThanOrEqualToThreshold",
+        "EvaluationPeriods": 1,
+        "AlarmDescription": "Your cluster is blocking write requests.",
+        "MetricName": "ClusterIndexWritesBlocked",
+        "Namespace": "AWS/ES",
+        "Period": 300,
+        "Statistic": "Maximum",
+        "Threshold": 1
+      }
+    },
+    "testlambdaelasticsearchkibana4AutomatedSnapshotFailureTooHighAlarm53EB1ABB": {
+      "Type": "AWS::CloudWatch::Alarm",
+      "Properties": {
+        "ComparisonOperator": "GreaterThanOrEqualToThreshold",
+        "EvaluationPeriods": 1,
+        "AlarmDescription": "An automated snapshot failed. This failure is often the result of a red cluster health status.",
+        "MetricName": "AutomatedSnapshotFailure",
+        "Namespace": "AWS/ES",
+        "Period": 60,
+        "Statistic": "Maximum",
+        "Threshold": 1
+      }
+    },
+    "testlambdaelasticsearchkibana4CPUUtilizationTooHighAlarm29B67D10": {
+      "Type": "AWS::CloudWatch::Alarm",
+      "Properties": {
+        "ComparisonOperator": "GreaterThanOrEqualToThreshold",
+        "EvaluationPeriods": 3,
+        "AlarmDescription": "100% CPU utilization is not uncommon, but sustained high usage is problematic. Consider using larger instance types or adding instances.",
+        "MetricName": "CPUUtilization",
+        "Namespace": "AWS/ES",
+        "Period": 900,
+        "Statistic": "Average",
+        "Threshold": 80
+      }
+    },
+    "testlambdaelasticsearchkibana4JVMMemoryPressureTooHighAlarm9DDED711": {
+      "Type": "AWS::CloudWatch::Alarm",
+      "Properties": {
+        "ComparisonOperator": "GreaterThanOrEqualToThreshold",
+        "EvaluationPeriods": 1,
+        "AlarmDescription": "Average JVM memory pressure over last 15 minutes too high. Consider scaling vertically.",
+        "MetricName": "JVMMemoryPressure",
+        "Namespace": "AWS/ES",
+        "Period": 900,
+        "Statistic": "Average",
+        "Threshold": 80
+      }
+    },
+    "testlambdaelasticsearchkibana4MasterCPUUtilizationTooHighAlarmE66867F2": {
+      "Type": "AWS::CloudWatch::Alarm",
+      "Properties": {
+        "ComparisonOperator": "GreaterThanOrEqualToThreshold",
+        "EvaluationPeriods": 3,
+        "AlarmDescription": "Average CPU utilization over last 45 minutes too high. Consider using larger instance types for your dedicated master nodes.",
+        "MetricName": "MasterCPUUtilization",
+        "Namespace": "AWS/ES",
+        "Period": 900,
+        "Statistic": "Average",
+        "Threshold": 50
+      }
+    },
+    "testlambdaelasticsearchkibana4MasterJVMMemoryPressureTooHighAlarm83E1822E": {
+      "Type": "AWS::CloudWatch::Alarm",
+      "Properties": {
+        "ComparisonOperator": "GreaterThanOrEqualToThreshold",
+        "EvaluationPeriods": 1,
+        "AlarmDescription": "Average JVM memory pressure over last 15 minutes too high. Consider scaling vertically.",
+        "MetricName": "MasterJVMMemoryPressure",
+        "Namespace": "AWS/ES",
+        "Period": 900,
+        "Statistic": "Average",
+        "Threshold": 50
+      }
+    }
+  },
+  "Parameters": {
+    "BootstrapVersion": {
+      "Type": "AWS::SSM::Parameter::Value<String>",
+      "Default": "/cdk-bootstrap/hnb659fds/version",
+      "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
+    }
+  },
+  "Rules": {
+    "CheckBootstrapVersion": {
+      "Assertions": [
+        {
+          "Assert": {
+            "Fn::Not": [
+              {
+                "Fn::Contains": [
+                  [
+                    "1",
+                    "2",
+                    "3",
+                    "4",
+                    "5"
+                  ],
+                  {
+                    "Ref": "BootstrapVersion"
+                  }
+                ]
+              }
+            ]
+          },
+          "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
+        }
+      ]
+    }
+  }
+}
\ No newline at end of file
diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.existing-vpc.ts b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.existing-vpc.ts
new file mode 100644
index 000000000..7a40cced4
--- /dev/null
+++ b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.existing-vpc.ts
@@ -0,0 +1,44 @@
+/**
+ *  Copyright 2022 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance
+ *  with the License. A copy of the License is located at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES
+ *  OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions
+ *  and limitations under the License.
+ */
+
+/// !cdk-integ *
+import { App, Stack } from "aws-cdk-lib";
+import { LambdaToOpenSearch } from "../lib";
+import * as lambda from 'aws-cdk-lib/aws-lambda';
+import * as defaults from '@aws-solutions-constructs/core';
+
+const app = new App();
+const stack = new Stack(app, defaults.generateIntegStackName(__filename), {
+  env: {
+    region: process.env.CDK_DEFAULT_REGION,
+    account: process.env.CDK_DEFAULT_ACCOUNT,
+  }
+});
+
+// Create VPC
+const vpc = defaults.getTestVpc(stack);
+
+const lambdaProps: lambda.FunctionProps = {
+  code: lambda.Code.fromAsset(`lambda`),
+  runtime: lambda.Runtime.NODEJS_14_X,
+  handler: 'index.handler',
+};
+
+new LambdaToOpenSearch(stack, 'test-lambda-elasticsearch-kibana4', {
+  lambdaFunctionProps: lambdaProps,
+  openSearchDomainName: "deploytestwithexistingvpc",
+  existingVpc: vpc
+});
+
+// Synth
+app.synth();
\ No newline at end of file
diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.no-arguments.expected.json b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.no-arguments.expected.json
new file mode 100644
index 000000000..b65887f99
--- /dev/null
+++ b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.no-arguments.expected.json
@@ -0,0 +1,675 @@
+{
+  "Resources": {
+    "testlambdaopensearchLambdaFunctionServiceRole4722AB8A": {
+      "Type": "AWS::IAM::Role",
+      "Properties": {
+        "AssumeRolePolicyDocument": {
+          "Statement": [
+            {
+              "Action": "sts:AssumeRole",
+              "Effect": "Allow",
+              "Principal": {
+                "Service": "lambda.amazonaws.com"
+              }
+            }
+          ],
+          "Version": "2012-10-17"
+        },
+        "Policies": [
+          {
+            "PolicyDocument": {
+              "Statement": [
+                {
+                  "Action": [
+                    "logs:CreateLogGroup",
+                    "logs:CreateLogStream",
+                    "logs:PutLogEvents"
+                  ],
+                  "Effect": "Allow",
+                  "Resource": {
+                    "Fn::Join": [
+                      "",
+                      [
+                        "arn:",
+                        {
+                          "Ref": "AWS::Partition"
+                        },
+                        ":logs:",
+                        {
+                          "Ref": "AWS::Region"
+                        },
+                        ":",
+                        {
+                          "Ref": "AWS::AccountId"
+                        },
+                        ":log-group:/aws/lambda/*"
+                      ]
+                    ]
+                  }
+                }
+              ],
+              "Version": "2012-10-17"
+            },
+            "PolicyName": "LambdaFunctionServiceRolePolicy"
+          }
+        ]
+      }
+    },
+    "testlambdaopensearchLambdaFunctionServiceRoleDefaultPolicy78C56359": {
+      "Type": "AWS::IAM::Policy",
+      "Properties": {
+        "PolicyDocument": {
+          "Statement": [
+            {
+              "Action": [
+                "xray:PutTraceSegments",
+                "xray:PutTelemetryRecords"
+              ],
+              "Effect": "Allow",
+              "Resource": "*"
+            }
+          ],
+          "Version": "2012-10-17"
+        },
+        "PolicyName": "testlambdaopensearchLambdaFunctionServiceRoleDefaultPolicy78C56359",
+        "Roles": [
+          {
+            "Ref": "testlambdaopensearchLambdaFunctionServiceRole4722AB8A"
+          }
+        ]
+      },
+      "Metadata": {
+        "cfn_nag": {
+          "rules_to_suppress": [
+            {
+              "id": "W12",
+              "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC."
+            }
+          ]
+        }
+      }
+    },
+    "testlambdaopensearchLambdaFunction93FD38F7": {
+      "Type": "AWS::Lambda::Function",
+      "Properties": {
+        "Code": {
+          "S3Bucket": {
+            "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
+          },
+          "S3Key": "466cbfc6653782bd2707dec5bc5c58005c75a8bff3660a58eefa57d667120240.zip"
+        },
+        "Role": {
+          "Fn::GetAtt": [
+            "testlambdaopensearchLambdaFunctionServiceRole4722AB8A",
+            "Arn"
+          ]
+        },
+        "Environment": {
+          "Variables": {
+            "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1",
+            "DOMAIN_ENDPOINT": {
+              "Fn::GetAtt": [
+                "testlambdaopensearchOpenSearchDomainF9CCC3D3",
+                "DomainEndpoint"
+              ]
+            }
+          }
+        },
+        "Handler": "index.handler",
+        "Runtime": "nodejs14.x",
+        "TracingConfig": {
+          "Mode": "Active"
+        }
+      },
+      "DependsOn": [
+        "testlambdaopensearchLambdaFunctionServiceRoleDefaultPolicy78C56359",
+        "testlambdaopensearchLambdaFunctionServiceRole4722AB8A"
+      ],
+      "Metadata": {
+        "cfn_nag": {
+          "rules_to_suppress": [
+            {
+              "id": "W58",
+              "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions."
+            },
+            {
+              "id": "W89",
+              "reason": "This is not a rule for the general case, just for specific use cases/industries"
+            },
+            {
+              "id": "W92",
+              "reason": "Impossible for us to define the correct concurrency for clients"
+            }
+          ]
+        }
+      }
+    },
+    "testlambdaopensearchCognitoUserPoolA09096F9": {
+      "Type": "AWS::Cognito::UserPool",
+      "Properties": {
+        "AccountRecoverySetting": {
+          "RecoveryMechanisms": [
+            {
+              "Name": "verified_phone_number",
+              "Priority": 1
+            },
+            {
+              "Name": "verified_email",
+              "Priority": 2
+            }
+          ]
+        },
+        "AdminCreateUserConfig": {
+          "AllowAdminCreateUserOnly": true
+        },
+        "EmailVerificationMessage": "The verification code to your new account is {####}",
+        "EmailVerificationSubject": "Verify your new account",
+        "SmsVerificationMessage": "The verification code to your new account is {####}",
+        "UserPoolAddOns": {
+          "AdvancedSecurityMode": "ENFORCED"
+        },
+        "VerificationMessageTemplate": {
+          "DefaultEmailOption": "CONFIRM_WITH_CODE",
+          "EmailMessage": "The verification code to your new account is {####}",
+          "EmailSubject": "Verify your new account",
+          "SmsMessage": "The verification code to your new account is {####}"
+        }
+      },
+      "UpdateReplacePolicy": "Retain",
+      "DeletionPolicy": "Retain"
+    },
+    "testlambdaopensearchCognitoUserPoolClient39C21D94": {
+      "Type": "AWS::Cognito::UserPoolClient",
+      "Properties": {
+        "UserPoolId": {
+          "Ref": "testlambdaopensearchCognitoUserPoolA09096F9"
+        },
+        "AllowedOAuthFlows": [
+          "implicit",
+          "code"
+        ],
+        "AllowedOAuthFlowsUserPoolClient": true,
+        "AllowedOAuthScopes": [
+          "profile",
+          "phone",
+          "email",
+          "openid",
+          "aws.cognito.signin.user.admin"
+        ],
+        "CallbackURLs": [
+          "https://example.com"
+        ],
+        "SupportedIdentityProviders": [
+          "COGNITO"
+        ]
+      }
+    },
+    "testlambdaopensearchCognitoIdentityPool0B1FB311": {
+      "Type": "AWS::Cognito::IdentityPool",
+      "Properties": {
+        "AllowUnauthenticatedIdentities": false,
+        "CognitoIdentityProviders": [
+          {
+            "ClientId": {
+              "Ref": "testlambdaopensearchCognitoUserPoolClient39C21D94"
+            },
+            "ProviderName": {
+              "Fn::GetAtt": [
+                "testlambdaopensearchCognitoUserPoolA09096F9",
+                "ProviderName"
+              ]
+            },
+            "ServerSideTokenCheck": true
+          }
+        ]
+      }
+    },
+    "testlambdaopensearchUserPoolDomain98864920": {
+      "Type": "AWS::Cognito::UserPoolDomain",
+      "Properties": {
+        "Domain": "solutions-constructs-domain",
+        "UserPoolId": {
+          "Ref": "testlambdaopensearchCognitoUserPoolA09096F9"
+        }
+      },
+      "DependsOn": [
+        "testlambdaopensearchCognitoUserPoolA09096F9"
+      ]
+    },
+    "testlambdaopensearchCognitoAuthorizedRole58A1ED44": {
+      "Type": "AWS::IAM::Role",
+      "Properties": {
+        "AssumeRolePolicyDocument": {
+          "Statement": [
+            {
+              "Action": "sts:AssumeRoleWithWebIdentity",
+              "Condition": {
+                "StringEquals": {
+                  "cognito-identity.amazonaws.com:aud": {
+                    "Ref": "testlambdaopensearchCognitoIdentityPool0B1FB311"
+                  }
+                },
+                "ForAnyValue:StringLike": {
+                  "cognito-identity.amazonaws.com:amr": "authenticated"
+                }
+              },
+              "Effect": "Allow",
+              "Principal": {
+                "Federated": "cognito-identity.amazonaws.com"
+              }
+            }
+          ],
+          "Version": "2012-10-17"
+        },
+        "Policies": [
+          {
+            "PolicyDocument": {
+              "Statement": [
+                {
+                  "Action": "es:ESHttp*",
+                  "Effect": "Allow",
+                  "Resource": {
+                    "Fn::Join": [
+                      "",
+                      [
+                        "arn:",
+                        {
+                          "Ref": "AWS::Partition"
+                        },
+                        ":es:",
+                        {
+                          "Ref": "AWS::Region"
+                        },
+                        ":",
+                        {
+                          "Ref": "AWS::AccountId"
+                        },
+                        ":domain/solutions-constructs-domain/*"
+                      ]
+                    ]
+                  }
+                }
+              ],
+              "Version": "2012-10-17"
+            },
+            "PolicyName": "CognitoAccessPolicy"
+          }
+        ]
+      }
+    },
+    "testlambdaopensearchIdentityPoolRoleMappingD8C765B1": {
+      "Type": "AWS::Cognito::IdentityPoolRoleAttachment",
+      "Properties": {
+        "IdentityPoolId": {
+          "Ref": "testlambdaopensearchCognitoIdentityPool0B1FB311"
+        },
+        "Roles": {
+          "authenticated": {
+            "Fn::GetAtt": [
+              "testlambdaopensearchCognitoAuthorizedRole58A1ED44",
+              "Arn"
+            ]
+          }
+        }
+      }
+    },
+    "testlambdaopensearchCognitoKibanaConfigureRole9623271F": {
+      "Type": "AWS::IAM::Role",
+      "Properties": {
+        "AssumeRolePolicyDocument": {
+          "Statement": [
+            {
+              "Action": "sts:AssumeRole",
+              "Effect": "Allow",
+              "Principal": {
+                "Service": "es.amazonaws.com"
+              }
+            }
+          ],
+          "Version": "2012-10-17"
+        }
+      }
+    },
+    "testlambdaopensearchCognitoKibanaConfigureRolePolicyE9D9C211": {
+      "Type": "AWS::IAM::Policy",
+      "Properties": {
+        "PolicyDocument": {
+          "Statement": [
+            {
+              "Action": [
+                "cognito-idp:DescribeUserPool",
+                "cognito-idp:CreateUserPoolClient",
+                "cognito-idp:DeleteUserPoolClient",
+                "cognito-idp:DescribeUserPoolClient",
+                "cognito-idp:AdminInitiateAuth",
+                "cognito-idp:AdminUserGlobalSignOut",
+                "cognito-idp:ListUserPoolClients",
+                "cognito-identity:DescribeIdentityPool",
+                "cognito-identity:UpdateIdentityPool",
+                "cognito-identity:SetIdentityPoolRoles",
+                "cognito-identity:GetIdentityPoolRoles",
+                "es:UpdateDomainConfig"
+              ],
+              "Effect": "Allow",
+              "Resource": [
+                {
+                  "Fn::GetAtt": [
+                    "testlambdaopensearchCognitoUserPoolA09096F9",
+                    "Arn"
+                  ]
+                },
+                {
+                  "Fn::Join": [
+                    "",
+                    [
+                      "arn:aws:cognito-identity:",
+                      {
+                        "Ref": "AWS::Region"
+                      },
+                      ":",
+                      {
+                        "Ref": "AWS::AccountId"
+                      },
+                      ":identitypool/",
+                      {
+                        "Ref": "testlambdaopensearchCognitoIdentityPool0B1FB311"
+                      }
+                    ]
+                  ]
+                },
+                {
+                  "Fn::Join": [
+                    "",
+                    [
+                      "arn:aws:es:",
+                      {
+                        "Ref": "AWS::Region"
+                      },
+                      ":",
+                      {
+                        "Ref": "AWS::AccountId"
+                      },
+                      ":domain/solutions-constructs-domain"
+                    ]
+                  ]
+                }
+              ]
+            },
+            {
+              "Action": "iam:PassRole",
+              "Condition": {
+                "StringLike": {
+                  "iam:PassedToService": "cognito-identity.amazonaws.com"
+                }
+              },
+              "Effect": "Allow",
+              "Resource": {
+                "Fn::GetAtt": [
+                  "testlambdaopensearchCognitoKibanaConfigureRole9623271F",
+                  "Arn"
+                ]
+              }
+            }
+          ],
+          "Version": "2012-10-17"
+        },
+        "PolicyName": "testlambdaopensearchCognitoKibanaConfigureRolePolicyE9D9C211",
+        "Roles": [
+          {
+            "Ref": "testlambdaopensearchCognitoKibanaConfigureRole9623271F"
+          }
+        ]
+      }
+    },
+    "testlambdaopensearchOpenSearchDomainF9CCC3D3": {
+      "Type": "AWS::OpenSearchService::Domain",
+      "Properties": {
+        "AccessPolicies": {
+          "Statement": [
+            {
+              "Action": "es:ESHttp*",
+              "Effect": "Allow",
+              "Principal": {
+                "AWS": [
+                  {
+                    "Fn::GetAtt": [
+                      "testlambdaopensearchCognitoAuthorizedRole58A1ED44",
+                      "Arn"
+                    ]
+                  },
+                  {
+                    "Fn::GetAtt": [
+                      "testlambdaopensearchLambdaFunctionServiceRole4722AB8A",
+                      "Arn"
+                    ]
+                  }
+                ]
+              },
+              "Resource": {
+                "Fn::Join": [
+                  "",
+                  [
+                    "arn:aws:es:",
+                    {
+                      "Ref": "AWS::Region"
+                    },
+                    ":",
+                    {
+                      "Ref": "AWS::AccountId"
+                    },
+                    ":domain/solutions-constructs-domain/*"
+                  ]
+                ]
+              }
+            }
+          ],
+          "Version": "2012-10-17"
+        },
+        "ClusterConfig": {
+          "DedicatedMasterCount": 3,
+          "DedicatedMasterEnabled": true,
+          "InstanceCount": 3,
+          "ZoneAwarenessConfig": {
+            "AvailabilityZoneCount": 3
+          },
+          "ZoneAwarenessEnabled": true
+        },
+        "CognitoOptions": {
+          "Enabled": true,
+          "IdentityPoolId": {
+            "Ref": "testlambdaopensearchCognitoIdentityPool0B1FB311"
+          },
+          "RoleArn": {
+            "Fn::GetAtt": [
+              "testlambdaopensearchCognitoKibanaConfigureRole9623271F",
+              "Arn"
+            ]
+          },
+          "UserPoolId": {
+            "Ref": "testlambdaopensearchCognitoUserPoolA09096F9"
+          }
+        },
+        "DomainName": "solutions-constructs-domain",
+        "EBSOptions": {
+          "EBSEnabled": true,
+          "VolumeSize": 10
+        },
+        "EncryptionAtRestOptions": {
+          "Enabled": true
+        },
+        "EngineVersion": "OpenSearch_1.3",
+        "NodeToNodeEncryptionOptions": {
+          "Enabled": true
+        },
+        "SnapshotOptions": {
+          "AutomatedSnapshotStartHour": 1
+        }
+      },
+      "Metadata": {
+        "cfn_nag": {
+          "rules_to_suppress": [
+            {
+              "id": "W28",
+              "reason": "The OpenSearch Service domain is passed dynamically as as parameter and explicitly specified to ensure that IAM policies are configured to lockdown access to this specific OpenSearch Service instance only"
+            },
+            {
+              "id": "W90",
+              "reason": "This is not a rule for the general case, just for specific use cases/industries"
+            }
+          ]
+        }
+      }
+    },
+    "testlambdaopensearchStatusRedAlarm1627144D": {
+      "Type": "AWS::CloudWatch::Alarm",
+      "Properties": {
+        "ComparisonOperator": "GreaterThanOrEqualToThreshold",
+        "EvaluationPeriods": 1,
+        "AlarmDescription": "At least one primary shard and its replicas are not allocated to a node. ",
+        "MetricName": "ClusterStatus.red",
+        "Namespace": "AWS/ES",
+        "Period": 60,
+        "Statistic": "Maximum",
+        "Threshold": 1
+      }
+    },
+    "testlambdaopensearchStatusYellowAlarm57139CF0": {
+      "Type": "AWS::CloudWatch::Alarm",
+      "Properties": {
+        "ComparisonOperator": "GreaterThanOrEqualToThreshold",
+        "EvaluationPeriods": 1,
+        "AlarmDescription": "At least one replica shard is not allocated to a node.",
+        "MetricName": "ClusterStatus.yellow",
+        "Namespace": "AWS/ES",
+        "Period": 60,
+        "Statistic": "Maximum",
+        "Threshold": 1
+      }
+    },
+    "testlambdaopensearchFreeStorageSpaceTooLowAlarm6A5E1E96": {
+      "Type": "AWS::CloudWatch::Alarm",
+      "Properties": {
+        "ComparisonOperator": "LessThanOrEqualToThreshold",
+        "EvaluationPeriods": 1,
+        "AlarmDescription": "A node in your cluster is down to 20 GiB of free storage space.",
+        "MetricName": "FreeStorageSpace",
+        "Namespace": "AWS/ES",
+        "Period": 60,
+        "Statistic": "Minimum",
+        "Threshold": 20000
+      }
+    },
+    "testlambdaopensearchIndexWritesBlockedTooHighAlarmD2E041A3": {
+      "Type": "AWS::CloudWatch::Alarm",
+      "Properties": {
+        "ComparisonOperator": "GreaterThanOrEqualToThreshold",
+        "EvaluationPeriods": 1,
+        "AlarmDescription": "Your cluster is blocking write requests.",
+        "MetricName": "ClusterIndexWritesBlocked",
+        "Namespace": "AWS/ES",
+        "Period": 300,
+        "Statistic": "Maximum",
+        "Threshold": 1
+      }
+    },
+    "testlambdaopensearchAutomatedSnapshotFailureTooHighAlarm9A4D0B1F": {
+      "Type": "AWS::CloudWatch::Alarm",
+      "Properties": {
+        "ComparisonOperator": "GreaterThanOrEqualToThreshold",
+        "EvaluationPeriods": 1,
+        "AlarmDescription": "An automated snapshot failed. This failure is often the result of a red cluster health status.",
+        "MetricName": "AutomatedSnapshotFailure",
+        "Namespace": "AWS/ES",
+        "Period": 60,
+        "Statistic": "Maximum",
+        "Threshold": 1
+      }
+    },
+    "testlambdaopensearchCPUUtilizationTooHighAlarmC4850758": {
+      "Type": "AWS::CloudWatch::Alarm",
+      "Properties": {
+        "ComparisonOperator": "GreaterThanOrEqualToThreshold",
+        "EvaluationPeriods": 3,
+        "AlarmDescription": "100% CPU utilization is not uncommon, but sustained high usage is problematic. Consider using larger instance types or adding instances.",
+        "MetricName": "CPUUtilization",
+        "Namespace": "AWS/ES",
+        "Period": 900,
+        "Statistic": "Average",
+        "Threshold": 80
+      }
+    },
+    "testlambdaopensearchJVMMemoryPressureTooHighAlarmEFB09A7C": {
+      "Type": "AWS::CloudWatch::Alarm",
+      "Properties": {
+        "ComparisonOperator": "GreaterThanOrEqualToThreshold",
+        "EvaluationPeriods": 1,
+        "AlarmDescription": "Average JVM memory pressure over last 15 minutes too high. Consider scaling vertically.",
+        "MetricName": "JVMMemoryPressure",
+        "Namespace": "AWS/ES",
+        "Period": 900,
+        "Statistic": "Average",
+        "Threshold": 80
+      }
+    },
+    "testlambdaopensearchMasterCPUUtilizationTooHighAlarm124D5748": {
+      "Type": "AWS::CloudWatch::Alarm",
+      "Properties": {
+        "ComparisonOperator": "GreaterThanOrEqualToThreshold",
+        "EvaluationPeriods": 3,
+        "AlarmDescription": "Average CPU utilization over last 45 minutes too high. Consider using larger instance types for your dedicated master nodes.",
+        "MetricName": "MasterCPUUtilization",
+        "Namespace": "AWS/ES",
+        "Period": 900,
+        "Statistic": "Average",
+        "Threshold": 50
+      }
+    },
+    "testlambdaopensearchMasterJVMMemoryPressureTooHighAlarmBC9524D3": {
+      "Type": "AWS::CloudWatch::Alarm",
+      "Properties": {
+        "ComparisonOperator": "GreaterThanOrEqualToThreshold",
+        "EvaluationPeriods": 1,
+        "AlarmDescription": "Average JVM memory pressure over last 15 minutes too high. Consider scaling vertically.",
+        "MetricName": "MasterJVMMemoryPressure",
+        "Namespace": "AWS/ES",
+        "Period": 900,
+        "Statistic": "Average",
+        "Threshold": 50
+      }
+    }
+  },
+  "Parameters": {
+    "BootstrapVersion": {
+      "Type": "AWS::SSM::Parameter::Value<String>",
+      "Default": "/cdk-bootstrap/hnb659fds/version",
+      "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
+    }
+  },
+  "Rules": {
+    "CheckBootstrapVersion": {
+      "Assertions": [
+        {
+          "Assert": {
+            "Fn::Not": [
+              {
+                "Fn::Contains": [
+                  [
+                    "1",
+                    "2",
+                    "3",
+                    "4",
+                    "5"
+                  ],
+                  {
+                    "Ref": "BootstrapVersion"
+                  }
+                ]
+              }
+            ]
+          },
+          "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
+        }
+      ]
+    }
+  }
+}
\ No newline at end of file
diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.no-arguments.ts b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.no-arguments.ts
new file mode 100644
index 000000000..65080777a
--- /dev/null
+++ b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.no-arguments.ts
@@ -0,0 +1,38 @@
+/**
+ *  Copyright 2022 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance
+ *  with the License. A copy of the License is located at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES
+ *  OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions
+ *  and limitations under the License.
+ */
+
+/// !cdk-integ *
+import { App, Stack } from "aws-cdk-lib";
+import { LambdaToOpenSearch } from "../lib";
+import * as lambda from 'aws-cdk-lib/aws-lambda';
+import { generateIntegStackName } from '@aws-solutions-constructs/core';
+
+// Setup
+const app = new App();
+const stack = new Stack(app, generateIntegStackName(__filename));
+
+const lambdaProps: lambda.FunctionProps = {
+  code: lambda.Code.fromAsset(`${__dirname}/lambda`),
+  runtime: lambda.Runtime.NODEJS_14_X,
+  handler: 'index.handler'
+};
+
+const openSearchDomain = 'solutions-constructs-domain';
+
+new LambdaToOpenSearch(stack, 'test-lambda-opensearch', {
+  lambdaFunctionProps: lambdaProps,
+  openSearchDomainName: openSearchDomain,
+});
+
+// Synth
+app.synth();
diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.vpc-props.expected.json b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.vpc-props.expected.json
new file mode 100644
index 000000000..c459a8eee
--- /dev/null
+++ b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.vpc-props.expected.json
@@ -0,0 +1,1037 @@
+{
+  "Resources": {
+    "testlambdaopensearchLambdaFunctionServiceRole4722AB8A": {
+      "Type": "AWS::IAM::Role",
+      "Properties": {
+        "AssumeRolePolicyDocument": {
+          "Statement": [
+            {
+              "Action": "sts:AssumeRole",
+              "Effect": "Allow",
+              "Principal": {
+                "Service": "lambda.amazonaws.com"
+              }
+            }
+          ],
+          "Version": "2012-10-17"
+        },
+        "Policies": [
+          {
+            "PolicyDocument": {
+              "Statement": [
+                {
+                  "Action": [
+                    "logs:CreateLogGroup",
+                    "logs:CreateLogStream",
+                    "logs:PutLogEvents"
+                  ],
+                  "Effect": "Allow",
+                  "Resource": {
+                    "Fn::Join": [
+                      "",
+                      [
+                        "arn:",
+                        {
+                          "Ref": "AWS::Partition"
+                        },
+                        ":logs:",
+                        {
+                          "Ref": "AWS::Region"
+                        },
+                        ":",
+                        {
+                          "Ref": "AWS::AccountId"
+                        },
+                        ":log-group:/aws/lambda/*"
+                      ]
+                    ]
+                  }
+                }
+              ],
+              "Version": "2012-10-17"
+            },
+            "PolicyName": "LambdaFunctionServiceRolePolicy"
+          }
+        ]
+      }
+    },
+    "testlambdaopensearchLambdaFunctionServiceRoleDefaultPolicy78C56359": {
+      "Type": "AWS::IAM::Policy",
+      "Properties": {
+        "PolicyDocument": {
+          "Statement": [
+            {
+              "Action": [
+                "ec2:CreateNetworkInterface",
+                "ec2:DescribeNetworkInterfaces",
+                "ec2:DeleteNetworkInterface",
+                "ec2:AssignPrivateIpAddresses",
+                "ec2:UnassignPrivateIpAddresses"
+              ],
+              "Effect": "Allow",
+              "Resource": "*"
+            },
+            {
+              "Action": [
+                "xray:PutTraceSegments",
+                "xray:PutTelemetryRecords"
+              ],
+              "Effect": "Allow",
+              "Resource": "*"
+            }
+          ],
+          "Version": "2012-10-17"
+        },
+        "PolicyName": "testlambdaopensearchLambdaFunctionServiceRoleDefaultPolicy78C56359",
+        "Roles": [
+          {
+            "Ref": "testlambdaopensearchLambdaFunctionServiceRole4722AB8A"
+          }
+        ]
+      },
+      "Metadata": {
+        "cfn_nag": {
+          "rules_to_suppress": [
+            {
+              "id": "W12",
+              "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC."
+            }
+          ]
+        }
+      }
+    },
+    "testlambdaopensearchReplaceDefaultSecurityGroupsecuritygroupB44718EC": {
+      "Type": "AWS::EC2::SecurityGroup",
+      "Properties": {
+        "GroupDescription": "vpc-props/test-lambda-opensearch/ReplaceDefaultSecurityGroup-security-group",
+        "SecurityGroupEgress": [
+          {
+            "CidrIp": "0.0.0.0/0",
+            "Description": "Allow all outbound traffic by default",
+            "IpProtocol": "-1"
+          }
+        ],
+        "VpcId": {
+          "Ref": "Vpc8378EB38"
+        }
+      },
+      "Metadata": {
+        "cfn_nag": {
+          "rules_to_suppress": [
+            {
+              "id": "W5",
+              "reason": "Egress of 0.0.0.0/0 is default and generally considered OK"
+            },
+            {
+              "id": "W40",
+              "reason": "Egress IPProtocol of -1 is default and generally considered OK"
+            }
+          ]
+        }
+      }
+    },
+    "testlambdaopensearchLambdaFunction93FD38F7": {
+      "Type": "AWS::Lambda::Function",
+      "Properties": {
+        "Code": {
+          "S3Bucket": "cdk-hnb659fds-assets-12345678-test-region",
+          "S3Key": "466cbfc6653782bd2707dec5bc5c58005c75a8bff3660a58eefa57d667120240.zip"
+        },
+        "Role": {
+          "Fn::GetAtt": [
+            "testlambdaopensearchLambdaFunctionServiceRole4722AB8A",
+            "Arn"
+          ]
+        },
+        "Environment": {
+          "Variables": {
+            "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1",
+            "DOMAIN_ENDPOINT": {
+              "Fn::GetAtt": [
+                "testlambdaopensearchOpenSearchDomainF9CCC3D3",
+                "DomainEndpoint"
+              ]
+            }
+          }
+        },
+        "Handler": "index.handler",
+        "Runtime": "nodejs14.x",
+        "TracingConfig": {
+          "Mode": "Active"
+        },
+        "VpcConfig": {
+          "SecurityGroupIds": [
+            {
+              "Fn::GetAtt": [
+                "testlambdaopensearchReplaceDefaultSecurityGroupsecuritygroupB44718EC",
+                "GroupId"
+              ]
+            }
+          ],
+          "SubnetIds": [
+            {
+              "Ref": "VpcisolatedSubnet1SubnetE62B1B9B"
+            },
+            {
+              "Ref": "VpcisolatedSubnet2Subnet39217055"
+            },
+            {
+              "Ref": "VpcisolatedSubnet3Subnet44F2537D"
+            }
+          ]
+        }
+      },
+      "DependsOn": [
+        "testlambdaopensearchLambdaFunctionServiceRoleDefaultPolicy78C56359",
+        "testlambdaopensearchLambdaFunctionServiceRole4722AB8A",
+        "VpcisolatedSubnet1RouteTableAssociationD259E31A",
+        "VpcisolatedSubnet2RouteTableAssociation25A4716F",
+        "VpcisolatedSubnet3RouteTableAssociationDC010BEB"
+      ],
+      "Metadata": {
+        "cfn_nag": {
+          "rules_to_suppress": [
+            {
+              "id": "W58",
+              "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions."
+            },
+            {
+              "id": "W89",
+              "reason": "This is not a rule for the general case, just for specific use cases/industries"
+            },
+            {
+              "id": "W92",
+              "reason": "Impossible for us to define the correct concurrency for clients"
+            }
+          ]
+        }
+      }
+    },
+    "testlambdaopensearchCognitoUserPoolA09096F9": {
+      "Type": "AWS::Cognito::UserPool",
+      "Properties": {
+        "AccountRecoverySetting": {
+          "RecoveryMechanisms": [
+            {
+              "Name": "verified_phone_number",
+              "Priority": 1
+            },
+            {
+              "Name": "verified_email",
+              "Priority": 2
+            }
+          ]
+        },
+        "AdminCreateUserConfig": {
+          "AllowAdminCreateUserOnly": true
+        },
+        "EmailVerificationMessage": "The verification code to your new account is {####}",
+        "EmailVerificationSubject": "Verify your new account",
+        "SmsVerificationMessage": "The verification code to your new account is {####}",
+        "UserPoolAddOns": {
+          "AdvancedSecurityMode": "ENFORCED"
+        },
+        "VerificationMessageTemplate": {
+          "DefaultEmailOption": "CONFIRM_WITH_CODE",
+          "EmailMessage": "The verification code to your new account is {####}",
+          "EmailSubject": "Verify your new account",
+          "SmsMessage": "The verification code to your new account is {####}"
+        }
+      },
+      "UpdateReplacePolicy": "Retain",
+      "DeletionPolicy": "Retain"
+    },
+    "testlambdaopensearchCognitoUserPoolClient39C21D94": {
+      "Type": "AWS::Cognito::UserPoolClient",
+      "Properties": {
+        "UserPoolId": {
+          "Ref": "testlambdaopensearchCognitoUserPoolA09096F9"
+        },
+        "AllowedOAuthFlows": [
+          "implicit",
+          "code"
+        ],
+        "AllowedOAuthFlowsUserPoolClient": true,
+        "AllowedOAuthScopes": [
+          "profile",
+          "phone",
+          "email",
+          "openid",
+          "aws.cognito.signin.user.admin"
+        ],
+        "CallbackURLs": [
+          "https://example.com"
+        ],
+        "SupportedIdentityProviders": [
+          "COGNITO"
+        ]
+      }
+    },
+    "testlambdaopensearchCognitoIdentityPool0B1FB311": {
+      "Type": "AWS::Cognito::IdentityPool",
+      "Properties": {
+        "AllowUnauthenticatedIdentities": false,
+        "CognitoIdentityProviders": [
+          {
+            "ClientId": {
+              "Ref": "testlambdaopensearchCognitoUserPoolClient39C21D94"
+            },
+            "ProviderName": {
+              "Fn::GetAtt": [
+                "testlambdaopensearchCognitoUserPoolA09096F9",
+                "ProviderName"
+              ]
+            },
+            "ServerSideTokenCheck": true
+          }
+        ]
+      }
+    },
+    "testlambdaopensearchUserPoolDomain98864920": {
+      "Type": "AWS::Cognito::UserPoolDomain",
+      "Properties": {
+        "Domain": "deploytestwithvpcprops",
+        "UserPoolId": {
+          "Ref": "testlambdaopensearchCognitoUserPoolA09096F9"
+        }
+      },
+      "DependsOn": [
+        "testlambdaopensearchCognitoUserPoolA09096F9"
+      ]
+    },
+    "testlambdaopensearchCognitoAuthorizedRole58A1ED44": {
+      "Type": "AWS::IAM::Role",
+      "Properties": {
+        "AssumeRolePolicyDocument": {
+          "Statement": [
+            {
+              "Action": "sts:AssumeRoleWithWebIdentity",
+              "Condition": {
+                "StringEquals": {
+                  "cognito-identity.amazonaws.com:aud": {
+                    "Ref": "testlambdaopensearchCognitoIdentityPool0B1FB311"
+                  }
+                },
+                "ForAnyValue:StringLike": {
+                  "cognito-identity.amazonaws.com:amr": "authenticated"
+                }
+              },
+              "Effect": "Allow",
+              "Principal": {
+                "Federated": "cognito-identity.amazonaws.com"
+              }
+            }
+          ],
+          "Version": "2012-10-17"
+        },
+        "Policies": [
+          {
+            "PolicyDocument": {
+              "Statement": [
+                {
+                  "Action": "es:ESHttp*",
+                  "Effect": "Allow",
+                  "Resource": {
+                    "Fn::Join": [
+                      "",
+                      [
+                        "arn:",
+                        {
+                          "Ref": "AWS::Partition"
+                        },
+                        ":es:",
+                        {
+                          "Ref": "AWS::Region"
+                        },
+                        ":",
+                        {
+                          "Ref": "AWS::AccountId"
+                        },
+                        ":domain/deploytestwithvpcprops/*"
+                      ]
+                    ]
+                  }
+                }
+              ],
+              "Version": "2012-10-17"
+            },
+            "PolicyName": "CognitoAccessPolicy"
+          }
+        ]
+      }
+    },
+    "testlambdaopensearchIdentityPoolRoleMappingD8C765B1": {
+      "Type": "AWS::Cognito::IdentityPoolRoleAttachment",
+      "Properties": {
+        "IdentityPoolId": {
+          "Ref": "testlambdaopensearchCognitoIdentityPool0B1FB311"
+        },
+        "Roles": {
+          "authenticated": {
+            "Fn::GetAtt": [
+              "testlambdaopensearchCognitoAuthorizedRole58A1ED44",
+              "Arn"
+            ]
+          }
+        }
+      }
+    },
+    "testlambdaopensearchCognitoKibanaConfigureRole9623271F": {
+      "Type": "AWS::IAM::Role",
+      "Properties": {
+        "AssumeRolePolicyDocument": {
+          "Statement": [
+            {
+              "Action": "sts:AssumeRole",
+              "Effect": "Allow",
+              "Principal": {
+                "Service": "es.amazonaws.com"
+              }
+            }
+          ],
+          "Version": "2012-10-17"
+        }
+      }
+    },
+    "testlambdaopensearchCognitoKibanaConfigureRolePolicyE9D9C211": {
+      "Type": "AWS::IAM::Policy",
+      "Properties": {
+        "PolicyDocument": {
+          "Statement": [
+            {
+              "Action": [
+                "cognito-idp:DescribeUserPool",
+                "cognito-idp:CreateUserPoolClient",
+                "cognito-idp:DeleteUserPoolClient",
+                "cognito-idp:DescribeUserPoolClient",
+                "cognito-idp:AdminInitiateAuth",
+                "cognito-idp:AdminUserGlobalSignOut",
+                "cognito-idp:ListUserPoolClients",
+                "cognito-identity:DescribeIdentityPool",
+                "cognito-identity:UpdateIdentityPool",
+                "cognito-identity:SetIdentityPoolRoles",
+                "cognito-identity:GetIdentityPoolRoles",
+                "es:UpdateDomainConfig"
+              ],
+              "Effect": "Allow",
+              "Resource": [
+                {
+                  "Fn::GetAtt": [
+                    "testlambdaopensearchCognitoUserPoolA09096F9",
+                    "Arn"
+                  ]
+                },
+                {
+                  "Fn::Join": [
+                    "",
+                    [
+                      "arn:aws:cognito-identity:",
+                      {
+                        "Ref": "AWS::Region"
+                      },
+                      ":",
+                      {
+                        "Ref": "AWS::AccountId"
+                      },
+                      ":identitypool/",
+                      {
+                        "Ref": "testlambdaopensearchCognitoIdentityPool0B1FB311"
+                      }
+                    ]
+                  ]
+                },
+                {
+                  "Fn::Join": [
+                    "",
+                    [
+                      "arn:aws:es:",
+                      {
+                        "Ref": "AWS::Region"
+                      },
+                      ":",
+                      {
+                        "Ref": "AWS::AccountId"
+                      },
+                      ":domain/deploytestwithvpcprops"
+                    ]
+                  ]
+                }
+              ]
+            },
+            {
+              "Action": "iam:PassRole",
+              "Condition": {
+                "StringLike": {
+                  "iam:PassedToService": "cognito-identity.amazonaws.com"
+                }
+              },
+              "Effect": "Allow",
+              "Resource": {
+                "Fn::GetAtt": [
+                  "testlambdaopensearchCognitoKibanaConfigureRole9623271F",
+                  "Arn"
+                ]
+              }
+            }
+          ],
+          "Version": "2012-10-17"
+        },
+        "PolicyName": "testlambdaopensearchCognitoKibanaConfigureRolePolicyE9D9C211",
+        "Roles": [
+          {
+            "Ref": "testlambdaopensearchCognitoKibanaConfigureRole9623271F"
+          }
+        ]
+      }
+    },
+    "testlambdaopensearchOpenSearchDomainF9CCC3D3": {
+      "Type": "AWS::OpenSearchService::Domain",
+      "Properties": {
+        "AccessPolicies": {
+          "Statement": [
+            {
+              "Action": "es:ESHttp*",
+              "Effect": "Allow",
+              "Principal": {
+                "AWS": [
+                  {
+                    "Fn::GetAtt": [
+                      "testlambdaopensearchCognitoAuthorizedRole58A1ED44",
+                      "Arn"
+                    ]
+                  },
+                  {
+                    "Fn::GetAtt": [
+                      "testlambdaopensearchLambdaFunctionServiceRole4722AB8A",
+                      "Arn"
+                    ]
+                  }
+                ]
+              },
+              "Resource": {
+                "Fn::Join": [
+                  "",
+                  [
+                    "arn:aws:es:",
+                    {
+                      "Ref": "AWS::Region"
+                    },
+                    ":",
+                    {
+                      "Ref": "AWS::AccountId"
+                    },
+                    ":domain/deploytestwithvpcprops/*"
+                  ]
+                ]
+              }
+            }
+          ],
+          "Version": "2012-10-17"
+        },
+        "ClusterConfig": {
+          "DedicatedMasterCount": 3,
+          "DedicatedMasterEnabled": true,
+          "InstanceCount": 3,
+          "ZoneAwarenessConfig": {
+            "AvailabilityZoneCount": 3
+          },
+          "ZoneAwarenessEnabled": true
+        },
+        "CognitoOptions": {
+          "Enabled": true,
+          "IdentityPoolId": {
+            "Ref": "testlambdaopensearchCognitoIdentityPool0B1FB311"
+          },
+          "RoleArn": {
+            "Fn::GetAtt": [
+              "testlambdaopensearchCognitoKibanaConfigureRole9623271F",
+              "Arn"
+            ]
+          },
+          "UserPoolId": {
+            "Ref": "testlambdaopensearchCognitoUserPoolA09096F9"
+          }
+        },
+        "DomainName": "deploytestwithvpcprops",
+        "EBSOptions": {
+          "EBSEnabled": true,
+          "VolumeSize": 10
+        },
+        "EncryptionAtRestOptions": {
+          "Enabled": true
+        },
+        "EngineVersion": "OpenSearch_1.3",
+        "NodeToNodeEncryptionOptions": {
+          "Enabled": true
+        },
+        "SnapshotOptions": {
+          "AutomatedSnapshotStartHour": 1
+        },
+        "VPCOptions": {
+          "SecurityGroupIds": [
+            {
+              "Fn::GetAtt": [
+                "testlambdaopensearchReplaceDefaultSecurityGroupsecuritygroupB44718EC",
+                "GroupId"
+              ]
+            }
+          ],
+          "SubnetIds": [
+            {
+              "Ref": "VpcisolatedSubnet1SubnetE62B1B9B"
+            },
+            {
+              "Ref": "VpcisolatedSubnet2Subnet39217055"
+            },
+            {
+              "Ref": "VpcisolatedSubnet3Subnet44F2537D"
+            }
+          ]
+        }
+      },
+      "Metadata": {
+        "cfn_nag": {
+          "rules_to_suppress": [
+            {
+              "id": "W28",
+              "reason": "The OpenSearch Service domain is passed dynamically as as parameter and explicitly specified to ensure that IAM policies are configured to lockdown access to this specific OpenSearch Service instance only"
+            },
+            {
+              "id": "W90",
+              "reason": "This is not a rule for the general case, just for specific use cases/industries"
+            }
+          ]
+        }
+      }
+    },
+    "testlambdaopensearchStatusRedAlarm1627144D": {
+      "Type": "AWS::CloudWatch::Alarm",
+      "Properties": {
+        "ComparisonOperator": "GreaterThanOrEqualToThreshold",
+        "EvaluationPeriods": 1,
+        "AlarmDescription": "At least one primary shard and its replicas are not allocated to a node. ",
+        "MetricName": "ClusterStatus.red",
+        "Namespace": "AWS/ES",
+        "Period": 60,
+        "Statistic": "Maximum",
+        "Threshold": 1
+      }
+    },
+    "testlambdaopensearchStatusYellowAlarm57139CF0": {
+      "Type": "AWS::CloudWatch::Alarm",
+      "Properties": {
+        "ComparisonOperator": "GreaterThanOrEqualToThreshold",
+        "EvaluationPeriods": 1,
+        "AlarmDescription": "At least one replica shard is not allocated to a node.",
+        "MetricName": "ClusterStatus.yellow",
+        "Namespace": "AWS/ES",
+        "Period": 60,
+        "Statistic": "Maximum",
+        "Threshold": 1
+      }
+    },
+    "testlambdaopensearchFreeStorageSpaceTooLowAlarm6A5E1E96": {
+      "Type": "AWS::CloudWatch::Alarm",
+      "Properties": {
+        "ComparisonOperator": "LessThanOrEqualToThreshold",
+        "EvaluationPeriods": 1,
+        "AlarmDescription": "A node in your cluster is down to 20 GiB of free storage space.",
+        "MetricName": "FreeStorageSpace",
+        "Namespace": "AWS/ES",
+        "Period": 60,
+        "Statistic": "Minimum",
+        "Threshold": 20000
+      }
+    },
+    "testlambdaopensearchIndexWritesBlockedTooHighAlarmD2E041A3": {
+      "Type": "AWS::CloudWatch::Alarm",
+      "Properties": {
+        "ComparisonOperator": "GreaterThanOrEqualToThreshold",
+        "EvaluationPeriods": 1,
+        "AlarmDescription": "Your cluster is blocking write requests.",
+        "MetricName": "ClusterIndexWritesBlocked",
+        "Namespace": "AWS/ES",
+        "Period": 300,
+        "Statistic": "Maximum",
+        "Threshold": 1
+      }
+    },
+    "testlambdaopensearchAutomatedSnapshotFailureTooHighAlarm9A4D0B1F": {
+      "Type": "AWS::CloudWatch::Alarm",
+      "Properties": {
+        "ComparisonOperator": "GreaterThanOrEqualToThreshold",
+        "EvaluationPeriods": 1,
+        "AlarmDescription": "An automated snapshot failed. This failure is often the result of a red cluster health status.",
+        "MetricName": "AutomatedSnapshotFailure",
+        "Namespace": "AWS/ES",
+        "Period": 60,
+        "Statistic": "Maximum",
+        "Threshold": 1
+      }
+    },
+    "testlambdaopensearchCPUUtilizationTooHighAlarmC4850758": {
+      "Type": "AWS::CloudWatch::Alarm",
+      "Properties": {
+        "ComparisonOperator": "GreaterThanOrEqualToThreshold",
+        "EvaluationPeriods": 3,
+        "AlarmDescription": "100% CPU utilization is not uncommon, but sustained high usage is problematic. Consider using larger instance types or adding instances.",
+        "MetricName": "CPUUtilization",
+        "Namespace": "AWS/ES",
+        "Period": 900,
+        "Statistic": "Average",
+        "Threshold": 80
+      }
+    },
+    "testlambdaopensearchJVMMemoryPressureTooHighAlarmEFB09A7C": {
+      "Type": "AWS::CloudWatch::Alarm",
+      "Properties": {
+        "ComparisonOperator": "GreaterThanOrEqualToThreshold",
+        "EvaluationPeriods": 1,
+        "AlarmDescription": "Average JVM memory pressure over last 15 minutes too high. Consider scaling vertically.",
+        "MetricName": "JVMMemoryPressure",
+        "Namespace": "AWS/ES",
+        "Period": 900,
+        "Statistic": "Average",
+        "Threshold": 80
+      }
+    },
+    "testlambdaopensearchMasterCPUUtilizationTooHighAlarm124D5748": {
+      "Type": "AWS::CloudWatch::Alarm",
+      "Properties": {
+        "ComparisonOperator": "GreaterThanOrEqualToThreshold",
+        "EvaluationPeriods": 3,
+        "AlarmDescription": "Average CPU utilization over last 45 minutes too high. Consider using larger instance types for your dedicated master nodes.",
+        "MetricName": "MasterCPUUtilization",
+        "Namespace": "AWS/ES",
+        "Period": 900,
+        "Statistic": "Average",
+        "Threshold": 50
+      }
+    },
+    "testlambdaopensearchMasterJVMMemoryPressureTooHighAlarmBC9524D3": {
+      "Type": "AWS::CloudWatch::Alarm",
+      "Properties": {
+        "ComparisonOperator": "GreaterThanOrEqualToThreshold",
+        "EvaluationPeriods": 1,
+        "AlarmDescription": "Average JVM memory pressure over last 15 minutes too high. Consider scaling vertically.",
+        "MetricName": "MasterJVMMemoryPressure",
+        "Namespace": "AWS/ES",
+        "Period": 900,
+        "Statistic": "Average",
+        "Threshold": 50
+      }
+    },
+    "Vpc8378EB38": {
+      "Type": "AWS::EC2::VPC",
+      "Properties": {
+        "CidrBlock": "172.168.0.0/16",
+        "EnableDnsHostnames": true,
+        "EnableDnsSupport": true,
+        "InstanceTenancy": "default",
+        "Tags": [
+          {
+            "Key": "Name",
+            "Value": "vpc-props/Vpc"
+          }
+        ]
+      }
+    },
+    "VpcisolatedSubnet1SubnetE62B1B9B": {
+      "Type": "AWS::EC2::Subnet",
+      "Properties": {
+        "VpcId": {
+          "Ref": "Vpc8378EB38"
+        },
+        "AvailabilityZone": "test-region-1a",
+        "CidrBlock": "172.168.0.0/18",
+        "MapPublicIpOnLaunch": false,
+        "Tags": [
+          {
+            "Key": "aws-cdk:subnet-name",
+            "Value": "isolated"
+          },
+          {
+            "Key": "aws-cdk:subnet-type",
+            "Value": "Isolated"
+          },
+          {
+            "Key": "Name",
+            "Value": "vpc-props/Vpc/isolatedSubnet1"
+          }
+        ]
+      }
+    },
+    "VpcisolatedSubnet1RouteTableE442650B": {
+      "Type": "AWS::EC2::RouteTable",
+      "Properties": {
+        "VpcId": {
+          "Ref": "Vpc8378EB38"
+        },
+        "Tags": [
+          {
+            "Key": "Name",
+            "Value": "vpc-props/Vpc/isolatedSubnet1"
+          }
+        ]
+      }
+    },
+    "VpcisolatedSubnet1RouteTableAssociationD259E31A": {
+      "Type": "AWS::EC2::SubnetRouteTableAssociation",
+      "Properties": {
+        "RouteTableId": {
+          "Ref": "VpcisolatedSubnet1RouteTableE442650B"
+        },
+        "SubnetId": {
+          "Ref": "VpcisolatedSubnet1SubnetE62B1B9B"
+        }
+      }
+    },
+    "VpcisolatedSubnet2Subnet39217055": {
+      "Type": "AWS::EC2::Subnet",
+      "Properties": {
+        "VpcId": {
+          "Ref": "Vpc8378EB38"
+        },
+        "AvailabilityZone": "test-region-1b",
+        "CidrBlock": "172.168.64.0/18",
+        "MapPublicIpOnLaunch": false,
+        "Tags": [
+          {
+            "Key": "aws-cdk:subnet-name",
+            "Value": "isolated"
+          },
+          {
+            "Key": "aws-cdk:subnet-type",
+            "Value": "Isolated"
+          },
+          {
+            "Key": "Name",
+            "Value": "vpc-props/Vpc/isolatedSubnet2"
+          }
+        ]
+      }
+    },
+    "VpcisolatedSubnet2RouteTable334F9764": {
+      "Type": "AWS::EC2::RouteTable",
+      "Properties": {
+        "VpcId": {
+          "Ref": "Vpc8378EB38"
+        },
+        "Tags": [
+          {
+            "Key": "Name",
+            "Value": "vpc-props/Vpc/isolatedSubnet2"
+          }
+        ]
+      }
+    },
+    "VpcisolatedSubnet2RouteTableAssociation25A4716F": {
+      "Type": "AWS::EC2::SubnetRouteTableAssociation",
+      "Properties": {
+        "RouteTableId": {
+          "Ref": "VpcisolatedSubnet2RouteTable334F9764"
+        },
+        "SubnetId": {
+          "Ref": "VpcisolatedSubnet2Subnet39217055"
+        }
+      }
+    },
+    "VpcisolatedSubnet3Subnet44F2537D": {
+      "Type": "AWS::EC2::Subnet",
+      "Properties": {
+        "VpcId": {
+          "Ref": "Vpc8378EB38"
+        },
+        "AvailabilityZone": "test-region-1c",
+        "CidrBlock": "172.168.128.0/18",
+        "MapPublicIpOnLaunch": false,
+        "Tags": [
+          {
+            "Key": "aws-cdk:subnet-name",
+            "Value": "isolated"
+          },
+          {
+            "Key": "aws-cdk:subnet-type",
+            "Value": "Isolated"
+          },
+          {
+            "Key": "Name",
+            "Value": "vpc-props/Vpc/isolatedSubnet3"
+          }
+        ]
+      }
+    },
+    "VpcisolatedSubnet3RouteTableA2F6BBC0": {
+      "Type": "AWS::EC2::RouteTable",
+      "Properties": {
+        "VpcId": {
+          "Ref": "Vpc8378EB38"
+        },
+        "Tags": [
+          {
+            "Key": "Name",
+            "Value": "vpc-props/Vpc/isolatedSubnet3"
+          }
+        ]
+      }
+    },
+    "VpcisolatedSubnet3RouteTableAssociationDC010BEB": {
+      "Type": "AWS::EC2::SubnetRouteTableAssociation",
+      "Properties": {
+        "RouteTableId": {
+          "Ref": "VpcisolatedSubnet3RouteTableA2F6BBC0"
+        },
+        "SubnetId": {
+          "Ref": "VpcisolatedSubnet3Subnet44F2537D"
+        }
+      }
+    },
+    "VpcFlowLogIAMRole6A475D41": {
+      "Type": "AWS::IAM::Role",
+      "Properties": {
+        "AssumeRolePolicyDocument": {
+          "Statement": [
+            {
+              "Action": "sts:AssumeRole",
+              "Effect": "Allow",
+              "Principal": {
+                "Service": "vpc-flow-logs.amazonaws.com"
+              }
+            }
+          ],
+          "Version": "2012-10-17"
+        },
+        "Tags": [
+          {
+            "Key": "Name",
+            "Value": "vpc-props/Vpc"
+          }
+        ]
+      }
+    },
+    "VpcFlowLogIAMRoleDefaultPolicy406FB995": {
+      "Type": "AWS::IAM::Policy",
+      "Properties": {
+        "PolicyDocument": {
+          "Statement": [
+            {
+              "Action": [
+                "logs:CreateLogStream",
+                "logs:PutLogEvents",
+                "logs:DescribeLogStreams"
+              ],
+              "Effect": "Allow",
+              "Resource": {
+                "Fn::GetAtt": [
+                  "VpcFlowLogLogGroup7B5C56B9",
+                  "Arn"
+                ]
+              }
+            },
+            {
+              "Action": "iam:PassRole",
+              "Effect": "Allow",
+              "Resource": {
+                "Fn::GetAtt": [
+                  "VpcFlowLogIAMRole6A475D41",
+                  "Arn"
+                ]
+              }
+            }
+          ],
+          "Version": "2012-10-17"
+        },
+        "PolicyName": "VpcFlowLogIAMRoleDefaultPolicy406FB995",
+        "Roles": [
+          {
+            "Ref": "VpcFlowLogIAMRole6A475D41"
+          }
+        ]
+      }
+    },
+    "VpcFlowLogLogGroup7B5C56B9": {
+      "Type": "AWS::Logs::LogGroup",
+      "Properties": {
+        "RetentionInDays": 731,
+        "Tags": [
+          {
+            "Key": "Name",
+            "Value": "vpc-props/Vpc"
+          }
+        ]
+      },
+      "UpdateReplacePolicy": "Retain",
+      "DeletionPolicy": "Retain",
+      "Metadata": {
+        "cfn_nag": {
+          "rules_to_suppress": [
+            {
+              "id": "W84",
+              "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)"
+            }
+          ]
+        }
+      }
+    },
+    "VpcFlowLog8FF33A73": {
+      "Type": "AWS::EC2::FlowLog",
+      "Properties": {
+        "ResourceId": {
+          "Ref": "Vpc8378EB38"
+        },
+        "ResourceType": "VPC",
+        "TrafficType": "ALL",
+        "DeliverLogsPermissionArn": {
+          "Fn::GetAtt": [
+            "VpcFlowLogIAMRole6A475D41",
+            "Arn"
+          ]
+        },
+        "LogDestinationType": "cloud-watch-logs",
+        "LogGroupName": {
+          "Ref": "VpcFlowLogLogGroup7B5C56B9"
+        },
+        "Tags": [
+          {
+            "Key": "Name",
+            "Value": "vpc-props/Vpc"
+          }
+        ]
+      }
+    }
+  },
+  "Parameters": {
+    "BootstrapVersion": {
+      "Type": "AWS::SSM::Parameter::Value<String>",
+      "Default": "/cdk-bootstrap/hnb659fds/version",
+      "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
+    }
+  },
+  "Rules": {
+    "CheckBootstrapVersion": {
+      "Assertions": [
+        {
+          "Assert": {
+            "Fn::Not": [
+              {
+                "Fn::Contains": [
+                  [
+                    "1",
+                    "2",
+                    "3",
+                    "4",
+                    "5"
+                  ],
+                  {
+                    "Ref": "BootstrapVersion"
+                  }
+                ]
+              }
+            ]
+          },
+          "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
+        }
+      ]
+    }
+  }
+}
\ No newline at end of file
diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.vpc-props.ts b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.vpc-props.ts
new file mode 100644
index 000000000..f7ebd70c7
--- /dev/null
+++ b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.vpc-props.ts
@@ -0,0 +1,44 @@
+/**
+ *  Copyright 2022 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance
+ *  with the License. A copy of the License is located at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES
+ *  OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions
+ *  and limitations under the License.
+ */
+
+import { App, Stack } from "aws-cdk-lib";
+import { LambdaToOpenSearch } from "../lib";
+import * as lambda from 'aws-cdk-lib/aws-lambda';
+import * as defaults from '@aws-solutions-constructs/core';
+
+// Setup
+const app = new App();
+const stack = new Stack(app, defaults.generateIntegStackName(__filename), {
+  env: {
+    region: process.env.CDK_DEFAULT_REGION,
+    account: process.env.CDK_DEFAULT_ACCOUNT,
+  }
+});
+
+const lambdaProps: lambda.FunctionProps = {
+  code: lambda.Code.fromAsset(`${__dirname}/lambda`),
+  runtime: lambda.Runtime.NODEJS_14_X,
+  handler: 'index.handler',
+};
+
+new LambdaToOpenSearch(stack, 'test-lambda-opensearch', {
+  lambdaFunctionProps: lambdaProps,
+  openSearchDomainName: "deploytestwithvpcprops",
+  deployVpc: true,
+  vpcProps: {
+    cidr: '172.168.0.0/16',
+  }
+});
+
+// Synth
+app.synth();
\ No newline at end of file
diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/lambda-opensearch.test.ts b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/lambda-opensearch.test.ts
new file mode 100644
index 000000000..09c6b995f
--- /dev/null
+++ b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/lambda-opensearch.test.ts
@@ -0,0 +1,583 @@
+/**
+ *  Copyright 2022 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance
+ *  with the License. A copy of the License is located at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES
+ *  OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions
+ *  and limitations under the License.
+ */
+
+import { LambdaToOpenSearch, LambdaToOpenSearchProps } from "../lib";
+import * as lambda from 'aws-cdk-lib/aws-lambda';
+import * as ec2 from 'aws-cdk-lib/aws-ec2';
+import * as cdk from "aws-cdk-lib";
+import '@aws-cdk/assert/jest';
+import * as defaults from '@aws-solutions-constructs/core';
+
+function deployLambdaToOpenSearch(stack: cdk.Stack) {
+  const props: LambdaToOpenSearchProps = {
+    lambdaFunctionProps: getDefaultTestLambdaProps(),
+    openSearchDomainName: 'test-domain'
+  };
+
+  return new LambdaToOpenSearch(stack, 'test-lambda-opensearch-stack', props);
+}
+
+function getDefaultTestLambdaProps(): lambda.FunctionProps {
+  return {
+    code: lambda.Code.fromAsset(`${__dirname}/lambda`),
+    runtime: lambda.Runtime.NODEJS_14_X,
+    handler: 'index.handler',
+  };
+}
+
+test('Check pattern properties', () => {
+  const stack = new cdk.Stack();
+
+  const construct: LambdaToOpenSearch = deployLambdaToOpenSearch(stack);
+
+  expect(construct.lambdaFunction).toBeDefined();
+  expect(construct.openSearchDomain).toBeDefined();
+  expect(construct.identityPool).toBeDefined();
+  expect(construct.userPool).toBeDefined();
+  expect(construct.userPoolClient).toBeDefined();
+  expect(construct.cloudWatchAlarms).toBeDefined();
+  expect(construct.openSearchRole).toBeDefined();
+});
+
+test('Check properties with no CloudWatch alarms ', () => {
+  const stack = new cdk.Stack();
+
+  const props: LambdaToOpenSearchProps = {
+    lambdaFunctionProps: getDefaultTestLambdaProps(),
+    openSearchDomainName: 'test-domain',
+    createCloudWatchAlarms: false
+  };
+
+  const construct = new LambdaToOpenSearch(stack, 'test-lambda-opensearch-stack', props);
+
+  expect(construct.lambdaFunction).toBeDefined();
+  expect(construct.openSearchDomain).toBeDefined();
+  expect(construct.identityPool).toBeDefined();
+  expect(construct.userPool).toBeDefined();
+  expect(construct.userPoolClient).toBeDefined();
+  expect(construct.cloudWatchAlarms).toBeUndefined();
+  expect(construct.openSearchRole).toBeDefined();
+});
+
+test('Check for an existing Lambda object', () => {
+  const stack = new cdk.Stack();
+
+  const existingLambdaObj = defaults.buildLambdaFunction(stack, {
+    lambdaFunctionProps: {
+      code: lambda.Code.fromAsset(`${__dirname}/lambda`),
+      runtime: lambda.Runtime.NODEJS_14_X,
+      handler: 'index.handler',
+      functionName: 'test-function'
+    }
+  });
+
+  const props: LambdaToOpenSearchProps = {
+    openSearchDomainName: 'test-domain',
+    existingLambdaObj
+  };
+
+  new LambdaToOpenSearch(stack, 'test-lambda-opensearch-stack', props);
+
+  expect(stack).toHaveResource('AWS::Lambda::Function', {
+    FunctionName: 'test-function'
+  });
+
+});
+
+test('Check Lambda function custom environment variable', () => {
+  const stack = new cdk.Stack();
+  const props: LambdaToOpenSearchProps = {
+    lambdaFunctionProps: getDefaultTestLambdaProps(),
+    openSearchDomainName: 'test-domain',
+    domainEndpointEnvironmentVariableName: 'CUSTOM_DOMAIN_ENDPOINT'
+  };
+
+  new LambdaToOpenSearch(stack, 'test-lambda-opensearch-stack', props);
+
+  expect(stack).toHaveResource('AWS::Lambda::Function', {
+    Handler: 'index.handler',
+    Runtime: 'nodejs14.x',
+    Environment: {
+      Variables: {
+        AWS_NODEJS_CONNECTION_REUSE_ENABLED: '1',
+        CUSTOM_DOMAIN_ENDPOINT: {
+          'Fn::GetAtt': [
+            'testlambdaopensearchstackOpenSearchDomain46D6A86E',
+            'DomainEndpoint'
+          ]
+        }
+      }
+    }
+  });
+});
+
+test('Check domain name', () => {
+  const stack = new cdk.Stack();
+
+  deployLambdaToOpenSearch(stack);
+
+  expect(stack).toHaveResource('AWS::Cognito::UserPoolDomain', {
+    Domain: "test-domain",
+    UserPoolId: {
+      Ref: "testlambdaopensearchstackCognitoUserPoolF5169460"
+    }
+  });
+
+  expect(stack).toHaveResource('AWS::OpenSearchService::Domain', {
+    DomainName: "test-domain",
+  });
+});
+
+test('Check cognito domain name override', () => {
+  const stack = new cdk.Stack();
+  const props: LambdaToOpenSearchProps = {
+    lambdaFunctionProps: getDefaultTestLambdaProps(),
+    openSearchDomainName: 'test-domain',
+    cognitoDomainName: 'test-cogn-domain'
+  };
+
+  new LambdaToOpenSearch(stack, 'test-lambda-opensearch-stack', props);
+
+  expect(stack).toHaveResource('AWS::Cognito::UserPoolDomain', {
+    Domain: 'test-cogn-domain'
+  });
+});
+
+test('Check engine version override', () => {
+  const stack = new cdk.Stack();
+  const props: LambdaToOpenSearchProps = {
+    lambdaFunctionProps: getDefaultTestLambdaProps(),
+    openSearchDomainName: 'test-domain',
+    openSearchDomainProps: {
+      engineVersion: 'OpenSearch_1.0',
+    }
+  };
+
+  new LambdaToOpenSearch(stack, 'test-lambda-opensearch-stack', props);
+
+  expect(stack).toHaveResource('AWS::OpenSearchService::Domain', {
+    EngineVersion: 'OpenSearch_1.0'
+  });
+});
+
+test("Test minimal deployment that deploys a VPC in 2 AZ without vpcProps", () => {
+  const stack = new cdk.Stack(undefined, undefined, {});
+
+  new LambdaToOpenSearch(stack, "lambda-opensearch-stack", {
+    lambdaFunctionProps: getDefaultTestLambdaProps(),
+    openSearchDomainName: 'test-domain',
+    deployVpc: true,
+  });
+
+  expect(stack).toHaveResource("AWS::Lambda::Function", {
+    VpcConfig: {
+      SecurityGroupIds: [
+        {
+          "Fn::GetAtt": [
+            "lambdaopensearchstackReplaceDefaultSecurityGroupsecuritygroup293B90D7",
+            "GroupId",
+          ],
+        },
+      ],
+      SubnetIds: [
+        {
+          Ref: "VpcisolatedSubnet1SubnetE62B1B9B",
+        },
+        {
+          Ref: "VpcisolatedSubnet2Subnet39217055",
+        }
+      ],
+    },
+  });
+
+  expect(stack).toHaveResourceLike("AWS::OpenSearchService::Domain", {
+    VPCOptions: {
+      SubnetIds: [
+        {
+          Ref: "VpcisolatedSubnet1SubnetE62B1B9B"
+        },
+        {
+          Ref: "VpcisolatedSubnet2Subnet39217055"
+        }
+      ]
+    }
+  });
+
+  expect(stack).toHaveResource("AWS::EC2::VPC", {
+    EnableDnsHostnames: true,
+    EnableDnsSupport: true,
+  });
+});
+
+test("Test minimal deployment that deploys a VPC in 3 AZ without vpcProps", () => {
+  const stack = new cdk.Stack(undefined, undefined, {
+    env: { account: "123456789012", region: 'us-east-1' },
+  });
+
+  new LambdaToOpenSearch(stack, "lambda-opensearch-stack", {
+    lambdaFunctionProps: getDefaultTestLambdaProps(),
+    openSearchDomainName: 'test-domain',
+    deployVpc: true,
+  });
+
+  expect(stack).toHaveResource("AWS::Lambda::Function", {
+    VpcConfig: {
+      SecurityGroupIds: [
+        {
+          "Fn::GetAtt": [
+            "lambdaopensearchstackReplaceDefaultSecurityGroupsecuritygroup293B90D7",
+            "GroupId",
+          ],
+        },
+      ],
+      SubnetIds: [
+        {
+          Ref: "VpcisolatedSubnet1SubnetE62B1B9B",
+        },
+        {
+          Ref: "VpcisolatedSubnet2Subnet39217055",
+        },
+        {
+          Ref: "VpcisolatedSubnet3Subnet44F2537D",
+        },
+      ],
+    },
+  });
+
+  expect(stack).toHaveResourceLike("AWS::OpenSearchService::Domain", {
+    VPCOptions: {
+      SubnetIds: [
+        {
+          Ref: "VpcisolatedSubnet1SubnetE62B1B9B"
+        },
+        {
+          Ref: "VpcisolatedSubnet2Subnet39217055"
+        },
+        {
+          Ref: "VpcisolatedSubnet3Subnet44F2537D"
+        }
+      ]
+    }
+  });
+
+  expect(stack).toHaveResource("AWS::EC2::VPC", {
+    EnableDnsHostnames: true,
+    EnableDnsSupport: true,
+  });
+});
+
+test("Test cluster deploy to 1 AZ when user set zoneAwarenessEnabled to false", () => {
+  const stack = new cdk.Stack(undefined, undefined, {
+    env: { account: "123456789012", region: 'us-east-1' },
+  });
+
+  const openSearchDomainProps = {
+    clusterConfig: {
+      dedicatedMasterCount: 3,
+      dedicatedMasterEnabled: true,
+      zoneAwarenessEnabled: false,
+      instanceCount: 3
+    }
+  };
+
+  new LambdaToOpenSearch(stack, "lambda-opensearch-stack", {
+    lambdaFunctionProps: getDefaultTestLambdaProps(),
+    openSearchDomainName: 'test-domain',
+    openSearchDomainProps,
+    deployVpc: true,
+    vpcProps: {
+      maxAzs: 1
+    }
+  });
+
+  expect(stack).toHaveResource("AWS::OpenSearchService::Domain", {
+    ClusterConfig: {
+      DedicatedMasterCount: 3,
+      DedicatedMasterEnabled: true,
+      InstanceCount: 3,
+      ZoneAwarenessEnabled: false,
+    }
+  });
+
+  expect(stack).toHaveResourceLike("AWS::OpenSearchService::Domain", {
+    VPCOptions: {
+      SubnetIds: [
+        {
+          Ref: "VpcisolatedSubnet1SubnetE62B1B9B"
+        }
+      ]
+    }
+  });
+});
+
+test("Test cluster deploy to 2 AZ when user set availabilityZoneCount to 2", () => {
+  const stack = new cdk.Stack(undefined, undefined, {
+    env: { account: "123456789012", region: 'us-east-1' },
+  });
+
+  const openSearchDomainProps = {
+    clusterConfig: {
+      dedicatedMasterCount: 3,
+      dedicatedMasterEnabled: true,
+      instanceCount: 2,
+      zoneAwarenessEnabled: true,
+      zoneAwarenessConfig: {
+        availabilityZoneCount: 2
+      }
+    }
+  };
+
+  new LambdaToOpenSearch(stack, "lambda-opensearch-stack", {
+    lambdaFunctionProps: getDefaultTestLambdaProps(),
+    openSearchDomainName: 'test-domain',
+    openSearchDomainProps,
+    deployVpc: true,
+    vpcProps: {
+      maxAzs: 2
+    }
+  });
+
+  expect(stack).toHaveResource("AWS::OpenSearchService::Domain", {
+    ClusterConfig: {
+      DedicatedMasterCount: 3,
+      DedicatedMasterEnabled: true,
+      InstanceCount: 2,
+      ZoneAwarenessConfig: {
+        AvailabilityZoneCount: 2,
+      },
+      ZoneAwarenessEnabled: true,
+    }
+  });
+
+  expect(stack).toHaveResourceLike("AWS::OpenSearchService::Domain", {
+    VPCOptions: {
+      SubnetIds: [
+        {
+          Ref: "VpcisolatedSubnet1SubnetE62B1B9B"
+        },
+        {
+          Ref: "VpcisolatedSubnet2Subnet39217055"
+        }
+      ]
+    }
+  });
+});
+
+test('Test minimal deployment with an existing isolated VPC', () => {
+  const stack = new cdk.Stack(undefined, undefined, {
+    env: { account: "123456789012", region: 'us-east-1' },
+  });
+
+  const vpc = defaults.getTestVpc(stack, false, {
+    vpcName: "existing-isolated-vpc-test"
+  });
+
+  const construct = new LambdaToOpenSearch(stack, 'test-lambda-opensearch', {
+    lambdaFunctionProps: getDefaultTestLambdaProps(),
+    openSearchDomainName: "test",
+    existingVpc: vpc
+  });
+
+  expect(stack).toHaveResourceLike("AWS::EC2::VPC", {
+    Tags: [
+      {
+        Key: "Name",
+        Value: "existing-isolated-vpc-test"
+      }
+    ]
+  });
+
+  expect(stack).toHaveResourceLike("AWS::OpenSearchService::Domain", {
+    VPCOptions: {
+      SubnetIds: [
+        {
+          Ref: "VpcisolatedSubnet1SubnetE62B1B9B"
+        },
+        {
+          Ref: "VpcisolatedSubnet2Subnet39217055"
+        },
+        {
+          Ref: "VpcisolatedSubnet3Subnet44F2537D"
+        }
+      ]
+    }
+  });
+
+  expect(stack).toCountResources("AWS::EC2::VPC", 1);
+  expect(construct.vpc).toBeDefined();
+});
+
+test('Test minimal deployment with an existing private VPC', () => {
+  const stack = new cdk.Stack(undefined, undefined, {
+    env: { account: "123456789012", region: 'us-east-1' },
+  });
+
+  const vpc = new ec2.Vpc(stack, 'existing-private-vpc-test', {
+    natGateways: 1,
+    subnetConfiguration: [
+      {
+        cidrMask: 24,
+        name: 'application',
+        subnetType: ec2.SubnetType.PRIVATE_WITH_EGRESS,
+      },
+      {
+        cidrMask: 24,
+        name: "public",
+        subnetType: ec2.SubnetType.PUBLIC,
+      }
+    ]
+  });
+
+  const construct = new LambdaToOpenSearch(stack, 'test-lambda-opensearch', {
+    lambdaFunctionProps: getDefaultTestLambdaProps(),
+    openSearchDomainName: "test",
+    existingVpc: vpc
+  });
+
+  expect(stack).toHaveResourceLike("AWS::EC2::VPC", {
+    Tags: [
+      {
+        Key: "Name",
+        Value: "Default/existing-private-vpc-test"
+      }
+    ]
+  });
+
+  expect(stack).toHaveResourceLike("AWS::OpenSearchService::Domain", {
+    VPCOptions: {
+      SubnetIds: [
+        {
+          Ref: "existingprivatevpctestapplicationSubnet1Subnet1F7744F0"
+        },
+        {
+          Ref: "existingprivatevpctestapplicationSubnet2SubnetF7B713AD"
+        },
+        {
+          Ref: "existingprivatevpctestapplicationSubnet3SubnetA519E038"
+        }
+      ]
+    }
+  });
+
+  expect(stack).toCountResources("AWS::EC2::VPC", 1);
+  expect(construct.vpc).toBeDefined();
+});
+
+test('Test minimal deployment with VPC construct props', () => {
+  const stack = new cdk.Stack(undefined, undefined, {
+    env: { account: "123456789012", region: 'us-east-1' },
+  });
+
+  const construct = new LambdaToOpenSearch(stack, 'test-lambda-opensearch', {
+    lambdaFunctionProps: getDefaultTestLambdaProps(),
+    openSearchDomainName: "test",
+    deployVpc: true,
+    vpcProps: {
+      vpcName: "vpc-props-test"
+    }
+  });
+
+  expect(stack).toHaveResourceLike("AWS::EC2::VPC", {
+    Tags: [
+      {
+        Key: "Name",
+        Value: "vpc-props-test"
+      }
+    ]
+  });
+
+  expect(stack).toHaveResourceLike("AWS::OpenSearchService::Domain", {
+    VPCOptions: {
+      SubnetIds: [
+        {
+          Ref: "VpcisolatedSubnet1SubnetE62B1B9B"
+        },
+        {
+          Ref: "VpcisolatedSubnet2Subnet39217055"
+        },
+        {
+          Ref: "VpcisolatedSubnet3Subnet44F2537D"
+        }
+      ]
+    }
+  });
+
+  expect(stack).toCountResources("AWS::EC2::VPC", 1);
+  expect(construct.vpc).toBeDefined();
+});
+
+test('Test error for vpcProps and undefined deployVpc prop', () => {
+  const stack = new cdk.Stack();
+
+  const app = () => {
+    new LambdaToOpenSearch(stack, 'test-lambda-opensearch', {
+      lambdaFunctionProps: getDefaultTestLambdaProps(),
+      openSearchDomainName: "test",
+      vpcProps: {
+        vpcName: "existing-vpc-test"
+      }
+    });
+  };
+
+  expect(app).toThrowError("Error - deployVpc must be true when defining vpcProps");
+});
+
+test('Test error for Lambda function VPC props', () => {
+  const stack = new cdk.Stack();
+
+  const vpc = defaults.getTestVpc(stack);
+
+  const app = () => {
+    new LambdaToOpenSearch(stack, 'test-lambda-opensearch', {
+      lambdaFunctionProps: defaults.consolidateProps(getDefaultTestLambdaProps(), { vpc }),
+      openSearchDomainName: "test",
+      deployVpc: true,
+    });
+  };
+
+  expect(app).toThrowError("Error - Define VPC using construct parameters not Lambda function props");
+});
+
+test('Test error for the OpenSearch domain VPC props', () => {
+  const stack = new cdk.Stack();
+
+  const app = () => {
+    new LambdaToOpenSearch(stack, 'test-lambda-opensearch', {
+      lambdaFunctionProps: getDefaultTestLambdaProps(),
+      openSearchDomainProps: {
+        vpcOptions: {
+          subnetIds: ['fake-ids'],
+          securityGroupIds: ['fake-sgs']
+        }
+      },
+      openSearchDomainName: "test",
+      deployVpc: true,
+    });
+  };
+
+  expect(app).toThrowError("Error - Define VPC using construct parameters not the OpenSearch Service props");
+});
+
+test('Test error for missing existingLambdaObj or lambdaFunctionProps', () => {
+  const stack = new cdk.Stack();
+
+  const props: LambdaToOpenSearchProps = {
+    openSearchDomainName: 'test-domain'
+  };
+
+  try {
+    new LambdaToOpenSearch(stack, 'test-lambda-opensearch-stack', props);
+  } catch (e) {
+    expect(e).toBeInstanceOf(Error);
+  }
+});
diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/lambda/index.js b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/lambda/index.js
new file mode 100644
index 000000000..b94797307
--- /dev/null
+++ b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/lambda/index.js
@@ -0,0 +1,60 @@
+var AWS = require('aws-sdk');
+var path = require('path');
+
+console.log('Loading function');
+
+var openSearchDomain = {
+    endpoint: process.env.DOMAIN_ENDPOINT,
+    region: process.env.AWS_REGION,
+    index: 'records',
+    doctype: 'movie'
+};
+
+var creds = new AWS.EnvironmentCredentials('AWS');
+var endpoint = new AWS.Endpoint(openSearchDomain.endpoint);
+
+function postDocumentToOpenSearch(doc, context) {
+    var req = new AWS.HttpRequest(endpoint);
+
+    req.method = 'POST';
+    req.path = path.join('/', openSearchDomain.index, openSearchDomain.doctype);
+    req.region = openSearchDomain.region;
+    req.body = doc;
+    req.headers['presigned-expires'] = false;
+    req.headers['Host'] = openSearchDomain.endpoint;
+    req.headers['Content-Type'] = 'application/json';
+
+    // Sign the request (Sigv4)
+    var signer = new AWS.Signers.V4(req, 'es');
+    signer.addAuthorization(creds, new Date());
+
+    // Post document to the OpenSearch Service
+    var send = new AWS.NodeHttpClient();
+
+    send.handleRequest(req, null, (httpResp) => {
+        var body = '';
+        httpResp.on('data', (chunk) => {
+            body += chunk;
+        });
+        httpResp.on('end', (chunk) => {
+            console.log('All movie records added to the OpenSearch Service.');
+            context.succeed();
+        });
+    }, (err) => {
+        console.log('Error: ' + err);
+        context.fail();
+    });
+}
+
+exports.handler = (event, context) => {
+    console.log('Received event:', JSON.stringify(event, null, 2));
+    postDocumentToOpenSearch("{ \"title\": \"Spirited Away\" }", context);
+    postDocumentToOpenSearch("{ \"title\": \"Fast and Furious\" }", context);
+    postDocumentToOpenSearch("{ \"title\": \"Jurassic Park\" }", context);
+
+    return {
+        statusCode: 200,
+        headers: { 'Content-Type': 'text/plain' },
+        body: `Hello from AWS Solutions Constructs You've hit ${event.path}\n`
+    };
+};
\ No newline at end of file
diff --git a/source/patterns/@aws-solutions-constructs/core/index.ts b/source/patterns/@aws-solutions-constructs/core/index.ts
index 5e1aee4e8..97a4b41b1 100644
--- a/source/patterns/@aws-solutions-constructs/core/index.ts
+++ b/source/patterns/@aws-solutions-constructs/core/index.ts
@@ -69,4 +69,6 @@ export * from './test/test-helper';
 export * from './lib/ssm-string-parameter-helper';
 export * from './lib/eventbridge-helper';
 export * from './lib/waf-defaults';
-export * from './lib/waf-helper';
\ No newline at end of file
+export * from './lib/waf-helper';
+export * from './lib/opensearch-defaults';
+export * from './lib/opensearch-helper';
\ No newline at end of file
diff --git a/source/patterns/@aws-solutions-constructs/core/lib/cognito-helper.ts b/source/patterns/@aws-solutions-constructs/core/lib/cognito-helper.ts
index ee3a775c3..1c7a9b62d 100644
--- a/source/patterns/@aws-solutions-constructs/core/lib/cognito-helper.ts
+++ b/source/patterns/@aws-solutions-constructs/core/lib/cognito-helper.ts
@@ -120,3 +120,18 @@ export function setupCognitoForElasticSearch(scope: Construct, domainName: strin
 
   return cognitoAuthorizedRole;
 }
+
+export function setupOpenSearchCognito(scope: Construct, domainName: string):
+  [cognito.UserPool, cognito.UserPoolClient, cognito.CfnIdentityPool, iam.Role] {
+  const userPool = buildUserPool(scope);
+  const userPoolClient = buildUserPoolClient(scope, userPool);
+  const identityPool = buildIdentityPool(scope, userPool, userPoolClient);
+
+  const cognitoAuthorizedRole: iam.Role = setupCognitoForElasticSearch(scope, domainName, {
+    userpool: userPool,
+    identitypool: identityPool,
+    userpoolclient: userPoolClient
+  });
+
+  return [userPool, userPoolClient, identityPool, cognitoAuthorizedRole];
+}
\ No newline at end of file
diff --git a/source/patterns/@aws-solutions-constructs/core/lib/opensearch-defaults.ts b/source/patterns/@aws-solutions-constructs/core/lib/opensearch-defaults.ts
new file mode 100644
index 000000000..b27cc79df
--- /dev/null
+++ b/source/patterns/@aws-solutions-constructs/core/lib/opensearch-defaults.ts
@@ -0,0 +1,65 @@
+/**
+ *  Copyright 2022 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance
+ *  with the License. A copy of the License is located at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES
+ *  OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions
+ *  and limitations under the License.
+ */
+
+import * as opensearch from 'aws-cdk-lib/aws-opensearchservice';
+import * as iam from 'aws-cdk-lib/aws-iam';
+import * as cdk from 'aws-cdk-lib';
+import { BuildOpenSearchProps } from './opensearch-helper';
+
+export function DefaultOpenSearchCfnDomainProps(domainName: string, cognitoConfigureRole: iam.Role, props: BuildOpenSearchProps):
+  opensearch.CfnDomainProps {
+  const roleARNs: iam.IPrincipal[] = [];
+
+  roleARNs.push(new iam.ArnPrincipal(props.cognitoAuthorizedRoleARN));
+
+  if (props.serviceRoleARN) {
+    roleARNs.push(new iam.ArnPrincipal(props.serviceRoleARN));
+  }
+
+  return {
+    domainName,
+    engineVersion: 'OpenSearch_1.3',
+    encryptionAtRestOptions: {
+      enabled: true
+    },
+    nodeToNodeEncryptionOptions: {
+      enabled: true
+    },
+    snapshotOptions: {
+      automatedSnapshotStartHour: 1
+    },
+    ebsOptions: {
+      ebsEnabled: true,
+      volumeSize: 10
+    },
+    cognitoOptions: {
+      enabled: true,
+      identityPoolId: props.identitypool.ref,
+      userPoolId: props.userpool.userPoolId,
+      roleArn: cognitoConfigureRole.roleArn
+    },
+    accessPolicies: new iam.PolicyDocument({
+      statements: [
+        new iam.PolicyStatement({
+          principals: roleARNs,
+          actions: [
+            'es:ESHttp*'
+          ],
+          resources: [
+            `arn:aws:es:${cdk.Aws.REGION}:${cdk.Aws.ACCOUNT_ID}:domain/${domainName}/*`
+          ]
+        })
+      ]
+    })
+  } as opensearch.CfnDomainProps;
+}
\ No newline at end of file
diff --git a/source/patterns/@aws-solutions-constructs/core/lib/opensearch-helper.ts b/source/patterns/@aws-solutions-constructs/core/lib/opensearch-helper.ts
new file mode 100644
index 000000000..64c5ee8d7
--- /dev/null
+++ b/source/patterns/@aws-solutions-constructs/core/lib/opensearch-helper.ts
@@ -0,0 +1,306 @@
+/**
+ *  Copyright 2022 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance
+ *  with the License. A copy of the License is located at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES
+ *  OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions
+ *  and limitations under the License.
+ */
+
+import * as opensearch from 'aws-cdk-lib/aws-opensearchservice';
+import { DefaultOpenSearchCfnDomainProps } from './opensearch-defaults';
+import { consolidateProps, addCfnSuppressRules } from './utils';
+import * as iam from 'aws-cdk-lib/aws-iam';
+import * as cdk from 'aws-cdk-lib';
+import * as cloudwatch from 'aws-cdk-lib/aws-cloudwatch';
+import * as cognito from 'aws-cdk-lib/aws-cognito';
+import * as ec2 from 'aws-cdk-lib/aws-ec2';
+// Note: To ensure CDKv2 compatibility, keep the import statement for Construct separate
+import { Construct } from 'constructs';
+
+const MAXIMUM_AZS_IN_OPENSEARCH_DOMAIN = 3;
+
+export interface BuildOpenSearchProps {
+  readonly identitypool: cognito.CfnIdentityPool;
+  readonly userpool: cognito.UserPool;
+  readonly cognitoAuthorizedRoleARN: string;
+  readonly serviceRoleARN?: string;
+  readonly vpc?: ec2.IVpc;
+  readonly openSearchDomainName: string;
+  readonly clientDomainProps?: opensearch.CfnDomainProps,
+  readonly securityGroupIds?: string[]
+}
+
+export function buildOpenSearch(scope: Construct, props: BuildOpenSearchProps): [opensearch.CfnDomain, iam.Role] {
+  let subnetIds: string[] = [];
+  const constructDrivenProps: any = {};
+
+  // Setup the IAM Role & policy for the OpenSearch Service to configure Cognito User pool and Identity pool
+  const cognitoKibanaConfigureRole = createKibanaCognitoRole(scope, props.userpool, props.identitypool, props.openSearchDomainName);
+
+  if (props.vpc) {
+    subnetIds = retrievePrivateSubnetIds(props.vpc);
+
+    if (subnetIds.length > MAXIMUM_AZS_IN_OPENSEARCH_DOMAIN) {
+      subnetIds = subnetIds.slice(0, MAXIMUM_AZS_IN_OPENSEARCH_DOMAIN);
+    }
+
+    constructDrivenProps.vpcOptions = {
+      subnetIds,
+      securityGroupIds: props.securityGroupIds
+    };
+
+    // If the client did not submit a ClusterConfig, then we will create one
+    if (!props.clientDomainProps?.clusterConfig) {
+      constructDrivenProps.clusterConfig = createClusterConfiguration(subnetIds.length);
+    }
+  } else { // No VPC
+    // If the client did not submit a ClusterConfig, then we will create one based on the Region
+    if (!props.clientDomainProps?.clusterConfig) {
+      constructDrivenProps.clusterConfig = createClusterConfiguration(cdk.Stack.of(scope).availabilityZones.length);
+    }
+  }
+
+  const defaultCfnDomainProps = DefaultOpenSearchCfnDomainProps(props.openSearchDomainName, cognitoKibanaConfigureRole, props);
+  const finalCfnDomainProps = consolidateProps(defaultCfnDomainProps, props.clientDomainProps, constructDrivenProps);
+
+  const opensearchDomain = new opensearch.CfnDomain(scope, `OpenSearchDomain`, finalCfnDomainProps);
+
+  addCfnSuppressRules(opensearchDomain, [
+    {
+      id: "W28",
+      reason: `The OpenSearch Service domain is passed dynamically as as parameter and explicitly specified to ensure that IAM policies are configured to lockdown access to this specific OpenSearch Service instance only`,
+    },
+    {
+      id: "W90",
+      reason: `This is not a rule for the general case, just for specific use cases/industries`,
+    },
+  ]);
+
+  return [opensearchDomain, cognitoKibanaConfigureRole];
+}
+
+export function buildOpenSearchCWAlarms(scope: Construct): cloudwatch.Alarm[] {
+  const alarms: cloudwatch.Alarm[] = new Array();
+
+  // ClusterStatus.red maximum is >= 1 for 1 minute, 1 consecutive time
+  alarms.push(new cloudwatch.Alarm(scope, 'StatusRedAlarm', {
+    metric: new cloudwatch.Metric({
+      namespace: 'AWS/ES',
+      metricName: 'ClusterStatus.red',
+      statistic: 'Maximum',
+      period: cdk.Duration.seconds(60),
+    }),
+    threshold: 1,
+    evaluationPeriods: 1,
+    comparisonOperator: cloudwatch.ComparisonOperator.GREATER_THAN_OR_EQUAL_TO_THRESHOLD,
+    alarmDescription: 'At least one primary shard and its replicas are not allocated to a node. '
+  }));
+
+  // ClusterStatus.yellow maximum is >= 1 for 1 minute, 1 consecutive time
+  alarms.push(new cloudwatch.Alarm(scope, 'StatusYellowAlarm', {
+    metric: new cloudwatch.Metric({
+      namespace: 'AWS/ES',
+      metricName: 'ClusterStatus.yellow',
+      statistic: 'Maximum',
+      period: cdk.Duration.seconds(60),
+    }),
+    threshold: 1,
+    evaluationPeriods: 1,
+    comparisonOperator: cloudwatch.ComparisonOperator.GREATER_THAN_OR_EQUAL_TO_THRESHOLD,
+    alarmDescription: 'At least one replica shard is not allocated to a node.'
+  }));
+
+  // FreeStorageSpace minimum is <= 20480 for 1 minute, 1 consecutive time
+  alarms.push(new cloudwatch.Alarm(scope, 'FreeStorageSpaceTooLowAlarm', {
+    metric: new cloudwatch.Metric({
+      namespace: 'AWS/ES',
+      metricName: 'FreeStorageSpace',
+      statistic: 'Minimum',
+      period: cdk.Duration.seconds(60),
+    }),
+    threshold: 20000,
+    evaluationPeriods: 1,
+    comparisonOperator: cloudwatch.ComparisonOperator.LESS_THAN_OR_EQUAL_TO_THRESHOLD,
+    alarmDescription: 'A node in your cluster is down to 20 GiB of free storage space.'
+  }));
+
+  // ClusterIndexWritesBlocked is >= 1 for 5 minutes, 1 consecutive time
+  alarms.push(new cloudwatch.Alarm(scope, 'IndexWritesBlockedTooHighAlarm', {
+    metric: new cloudwatch.Metric({
+      namespace: 'AWS/ES',
+      metricName: 'ClusterIndexWritesBlocked',
+      statistic: 'Maximum',
+      period: cdk.Duration.seconds(300),
+    }),
+    threshold: 1,
+    evaluationPeriods: 1,
+    comparisonOperator: cloudwatch.ComparisonOperator.GREATER_THAN_OR_EQUAL_TO_THRESHOLD,
+    alarmDescription: 'Your cluster is blocking write requests.'
+  }));
+
+  // AutomatedSnapshotFailure maximum is >= 1 for 1 minute, 1 consecutive time
+  alarms.push(new cloudwatch.Alarm(scope, 'AutomatedSnapshotFailureTooHighAlarm', {
+    metric: new cloudwatch.Metric({
+      namespace: 'AWS/ES',
+      metricName: 'AutomatedSnapshotFailure',
+      statistic: 'Maximum',
+      period: cdk.Duration.seconds(60),
+    }),
+    threshold: 1,
+    evaluationPeriods: 1,
+    comparisonOperator: cloudwatch.ComparisonOperator.GREATER_THAN_OR_EQUAL_TO_THRESHOLD,
+    alarmDescription: 'An automated snapshot failed. This failure is often the result of a red cluster health status.'
+  }));
+
+  // CPUUtilization maximum is >= 80% for 15 minutes, 3 consecutive times
+  alarms.push(new cloudwatch.Alarm(scope, 'CPUUtilizationTooHighAlarm', {
+    metric: new cloudwatch.Metric({
+      namespace: 'AWS/ES',
+      metricName: 'CPUUtilization',
+      statistic: 'Average',
+      period: cdk.Duration.seconds(900),
+    }),
+    threshold: 80,
+    evaluationPeriods: 3,
+    comparisonOperator: cloudwatch.ComparisonOperator.GREATER_THAN_OR_EQUAL_TO_THRESHOLD,
+    alarmDescription: '100% CPU utilization is not uncommon, but sustained high usage is problematic. Consider using larger instance types or adding instances.'
+  }));
+
+  // JVMMemoryPressure maximum is >= 80% for 5 minutes, 3 consecutive times
+  alarms.push(new cloudwatch.Alarm(scope, 'JVMMemoryPressureTooHighAlarm', {
+    metric: new cloudwatch.Metric({
+      namespace: 'AWS/ES',
+      metricName: 'JVMMemoryPressure',
+      statistic: 'Average',
+      period: cdk.Duration.seconds(900),
+    }),
+    threshold: 80,
+    evaluationPeriods: 1,
+    comparisonOperator: cloudwatch.ComparisonOperator.GREATER_THAN_OR_EQUAL_TO_THRESHOLD,
+    alarmDescription: 'Average JVM memory pressure over last 15 minutes too high. Consider scaling vertically.'
+  }));
+
+  // MasterCPUUtilization maximum is >= 50% for 15 minutes, 3 consecutive times
+  alarms.push(new cloudwatch.Alarm(scope, 'MasterCPUUtilizationTooHighAlarm', {
+    metric: new cloudwatch.Metric({
+      namespace: 'AWS/ES',
+      metricName: 'MasterCPUUtilization',
+      statistic: 'Average',
+      period: cdk.Duration.seconds(900),
+    }),
+    threshold: 50,
+    evaluationPeriods: 3,
+    comparisonOperator: cloudwatch.ComparisonOperator.GREATER_THAN_OR_EQUAL_TO_THRESHOLD,
+    alarmDescription: 'Average CPU utilization over last 45 minutes too high. Consider using larger instance types for your dedicated master nodes.'
+  }));
+
+  // MasterJVMMemoryPressure maximum is >= 80% for 15 minutes, 1 consecutive time
+  alarms.push(new cloudwatch.Alarm(scope, 'MasterJVMMemoryPressureTooHighAlarm', {
+    metric: new cloudwatch.Metric({
+      namespace: 'AWS/ES',
+      metricName: 'MasterJVMMemoryPressure',
+      statistic: 'Average',
+      period: cdk.Duration.seconds(900),
+    }),
+    threshold: 50,
+    evaluationPeriods: 1,
+    comparisonOperator: cloudwatch.ComparisonOperator.GREATER_THAN_OR_EQUAL_TO_THRESHOLD,
+    alarmDescription: 'Average JVM memory pressure over last 15 minutes too high. Consider scaling vertically.'
+  }));
+
+  return alarms;
+}
+
+function retrievePrivateSubnetIds(vpc: ec2.IVpc) {
+  let targetSubnetType;
+
+  if (vpc.isolatedSubnets.length) {
+    targetSubnetType = ec2.SubnetType.PRIVATE_ISOLATED;
+  } else if (vpc.privateSubnets.length) {
+    targetSubnetType = ec2.SubnetType.PRIVATE_WITH_EGRESS;
+  } else {
+    throw new Error('Error - the OpenSearch Service domain can only be deployed in Isolated or Private subnets');
+  }
+
+  const subnetSelector = {
+    onePerAz: true,
+    subnetType: targetSubnetType
+  };
+
+  return vpc.selectSubnets(subnetSelector).subnetIds;
+}
+
+function createClusterConfiguration(numberOfAzs?: number): opensearch.CfnDomain.ClusterConfigProperty {
+  return {
+    dedicatedMasterEnabled: true,
+    dedicatedMasterCount: 3,
+    zoneAwarenessEnabled: true,
+    zoneAwarenessConfig: {
+      availabilityZoneCount: numberOfAzs
+    },
+    instanceCount: numberOfAzs,
+  };
+}
+
+function createKibanaCognitoRole(
+  scope: Construct,
+  userPool: cognito.UserPool,
+  identitypool: cognito.CfnIdentityPool,
+  domainName: string
+): iam.Role {
+  // Setup the IAM Role & policy for the OpenSearch Service to configure Cognito User pool and Identity pool
+  const cognitoKibanaConfigureRole = new iam.Role(
+    scope,
+    "CognitoKibanaConfigureRole",
+    {
+      assumedBy: new iam.ServicePrincipal("es.amazonaws.com"),
+    }
+  );
+
+  const cognitoKibanaConfigureRolePolicy = new iam.Policy(
+    scope,
+    "CognitoKibanaConfigureRolePolicy",
+    {
+      statements: [
+        new iam.PolicyStatement({
+          actions: [
+            "cognito-idp:DescribeUserPool",
+            "cognito-idp:CreateUserPoolClient",
+            "cognito-idp:DeleteUserPoolClient",
+            "cognito-idp:DescribeUserPoolClient",
+            "cognito-idp:AdminInitiateAuth",
+            "cognito-idp:AdminUserGlobalSignOut",
+            "cognito-idp:ListUserPoolClients",
+            "cognito-identity:DescribeIdentityPool",
+            "cognito-identity:UpdateIdentityPool",
+            "cognito-identity:SetIdentityPoolRoles",
+            "cognito-identity:GetIdentityPoolRoles",
+            "es:UpdateDomainConfig",
+          ],
+          resources: [
+            userPool.userPoolArn,
+            `arn:aws:cognito-identity:${cdk.Aws.REGION}:${cdk.Aws.ACCOUNT_ID}:identitypool/${identitypool.ref}`,
+            `arn:aws:es:${cdk.Aws.REGION}:${cdk.Aws.ACCOUNT_ID}:domain/${domainName}`,
+          ],
+        }),
+        new iam.PolicyStatement({
+          actions: ["iam:PassRole"],
+          conditions: {
+            StringLike: {
+              "iam:PassedToService": "cognito-identity.amazonaws.com",
+            },
+          },
+          resources: [cognitoKibanaConfigureRole.roleArn],
+        }),
+      ],
+    }
+  );
+
+  cognitoKibanaConfigureRolePolicy.attachToRole(cognitoKibanaConfigureRole);
+  return cognitoKibanaConfigureRole;
+}
diff --git a/source/patterns/@aws-solutions-constructs/core/test/opensearch-helper.test.ts b/source/patterns/@aws-solutions-constructs/core/test/opensearch-helper.test.ts
new file mode 100644
index 000000000..08354bc00
--- /dev/null
+++ b/source/patterns/@aws-solutions-constructs/core/test/opensearch-helper.test.ts
@@ -0,0 +1,432 @@
+/**
+ *  Copyright 2022 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance
+ *  with the License. A copy of the License is located at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES
+ *  OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions
+ *  and limitations under the License.
+ */
+
+import { Stack } from 'aws-cdk-lib';
+import * as opensearch from 'aws-cdk-lib/aws-opensearchservice';
+import * as defaults from '../index';
+import '@aws-cdk/assert/jest';
+import * as iam from 'aws-cdk-lib/aws-iam';
+import * as ec2 from 'aws-cdk-lib/aws-ec2';
+
+function deployOpenSearch(stack: Stack, openSearchDomainName: string, clientDomainProps?: opensearch.CfnDomainProps,
+  lambdaRoleARN?: string, vpc?: ec2.IVpc): [opensearch.CfnDomain, iam.Role] {
+  const userpool = defaults.buildUserPool(stack);
+  const userpoolclient = defaults.buildUserPoolClient(stack, userpool, {
+    userPoolClientName: 'test',
+    userPool: userpool
+  });
+
+  const identitypool = defaults.buildIdentityPool(stack, userpool, userpoolclient);
+  const cognitoAuthorizedRole = defaults.setupCognitoForElasticSearch(stack, 'test-domain', {
+    userpool,
+    userpoolclient,
+    identitypool
+  });
+
+  return defaults.buildOpenSearch(stack, {
+    userpool,
+    identitypool,
+    cognitoAuthorizedRoleARN: cognitoAuthorizedRole.roleArn,
+    serviceRoleARN: lambdaRoleARN ? lambdaRoleARN : undefined,
+    vpc,
+    openSearchDomainName,
+    clientDomainProps
+  });
+}
+
+function deployStack() {
+  return new Stack(undefined, undefined, {
+    env: { account: "123456789012", region: 'us-east-1' },
+  });
+}
+
+test('Test override SnapshotOptions for buildOpenSearch', () => {
+  const stack = deployStack();
+
+  deployOpenSearch(stack, 'test-domain', {
+    snapshotOptions: {
+      automatedSnapshotStartHour: 5
+    }
+  });
+
+  expect(stack).toHaveResource('AWS::OpenSearchService::Domain', {
+    AccessPolicies: {
+      Statement: [
+        {
+          Action: "es:ESHttp*",
+          Effect: "Allow",
+          Principal: {
+            AWS: {
+              "Fn::GetAtt": [
+                "CognitoAuthorizedRole14E74FE0",
+                "Arn"
+              ]
+            }
+          },
+          Resource: {
+            "Fn::Join": [
+              "",
+              [
+                "arn:aws:es:",
+                {
+                  Ref: "AWS::Region"
+                },
+                ":",
+                {
+                  Ref: "AWS::AccountId"
+                },
+                ":domain/test-domain/*"
+              ]
+            ]
+          }
+        }
+      ],
+      Version: "2012-10-17"
+    },
+    CognitoOptions: {
+      Enabled: true,
+      IdentityPoolId: {
+        Ref: "CognitoIdentityPool"
+      },
+      RoleArn: {
+        "Fn::GetAtt": [
+          "CognitoKibanaConfigureRole62CCE76A",
+          "Arn"
+        ]
+      },
+      UserPoolId: {
+        Ref: "CognitoUserPool53E37E69"
+      }
+    },
+    DomainName: "test-domain",
+    EBSOptions: {
+      EBSEnabled: true,
+      VolumeSize: 10
+    },
+    ClusterConfig: {
+      DedicatedMasterCount: 3,
+      DedicatedMasterEnabled: true,
+      InstanceCount: 3,
+      ZoneAwarenessConfig: {
+        AvailabilityZoneCount: 3
+      },
+      ZoneAwarenessEnabled: true
+    },
+    EngineVersion: "OpenSearch_1.3",
+    EncryptionAtRestOptions: {
+      Enabled: true
+    },
+    NodeToNodeEncryptionOptions: {
+      Enabled: true
+    },
+    SnapshotOptions: {
+      AutomatedSnapshotStartHour: 5
+    }
+  });
+});
+
+test('Test VPC with 1 AZ, Zone Awareness Disabled', () => {
+  const stack = deployStack();
+
+  const vpc = defaults.getTestVpc(stack, false);
+
+  deployOpenSearch(stack, 'test-domain', {
+    clusterConfig: {
+      dedicatedMasterEnabled: true,
+      dedicatedMasterCount: 3,
+      instanceCount: 3,
+      zoneAwarenessEnabled: false
+    }
+  }, undefined, vpc);
+
+  expect(stack).toHaveResourceLike('AWS::OpenSearchService::Domain', {
+    DomainName: "test-domain",
+    ClusterConfig: {
+      DedicatedMasterCount: 3,
+      DedicatedMasterEnabled: true,
+      InstanceCount: 3,
+      ZoneAwarenessEnabled: false
+    }
+  });
+});
+
+test('Test VPC with 2 AZ, Zone Awareness Enabled', () => {
+  // If no environment is specified, a VPC will use 2 AZs by default.
+  // If an environment is specified, a VPC will use 3 AZs by default.
+  const stack = new Stack(undefined, undefined, {});
+
+  const vpc: ec2.IVpc = defaults.getTestVpc(stack, false);
+
+  deployOpenSearch(stack, 'test-domain', {}, undefined, vpc);
+
+  expect(stack).toHaveResourceLike('AWS::OpenSearchService::Domain', {
+    DomainName: "test-domain",
+    ClusterConfig: {
+      DedicatedMasterCount: 3,
+      DedicatedMasterEnabled: true,
+      InstanceCount: 2,
+      ZoneAwarenessEnabled: true
+    }
+  });
+});
+
+test('Test VPC with 3 AZ, Zone Awareness Enabled', () => {
+  // If no environment is specified, a VPC will use 2 AZs by default.
+  // If an environment is specified, a VPC will use 3 AZs by default.
+  const stack = deployStack();
+
+  const vpc: ec2.IVpc = defaults.getTestVpc(stack);
+
+  deployOpenSearch(stack, 'test-domain', {}, undefined, vpc);
+
+  expect(stack).toHaveResourceLike('AWS::OpenSearchService::Domain', {
+    DomainName: "test-domain",
+    ClusterConfig: {
+      DedicatedMasterCount: 3,
+      DedicatedMasterEnabled: true,
+      InstanceCount: 3,
+      ZoneAwarenessEnabled: true
+    }
+  });
+});
+
+test('Test deployment with an existing private VPC', () => {
+  const stack = deployStack();
+
+  const vpc = new ec2.Vpc(stack, 'existing-private-vpc-test', {
+    natGateways: 1,
+    subnetConfiguration: [
+      {
+        cidrMask: 24,
+        name: 'application',
+        subnetType: ec2.SubnetType.PRIVATE_WITH_EGRESS,
+      },
+      {
+        cidrMask: 24,
+        name: "public",
+        subnetType: ec2.SubnetType.PUBLIC,
+      }
+    ]
+  });
+
+  deployOpenSearch(stack, 'test-domain', {}, undefined, vpc);
+
+  expect(stack).toHaveResourceLike('AWS::OpenSearchService::Domain', {
+    DomainName: "test-domain",
+    ClusterConfig: {
+      DedicatedMasterCount: 3,
+      DedicatedMasterEnabled: true,
+      InstanceCount: 3,
+      ZoneAwarenessEnabled: true
+    }
+  });
+});
+
+test('Test error thrown with no private subnet configurations', () => {
+  const stack = deployStack();
+
+  const vpc = defaults.buildVpc(stack, {
+    defaultVpcProps: {
+      subnetConfiguration: [
+        {
+          cidrMask: 18,
+          name: "public",
+          subnetType: ec2.SubnetType.PUBLIC,
+        }
+      ]
+    }
+  });
+
+  const app = () => {
+    deployOpenSearch(stack, 'test-domain', {}, undefined, vpc);
+  };
+
+  expect(app).toThrowError('Error - the OpenSearch Service domain can only be deployed in Isolated or Private subnets');
+});
+
+test('Test engine version override for buildOpenSearch', () => {
+  const stack = deployStack();
+
+  deployOpenSearch(stack, 'test-domain', {
+    engineVersion: 'OpenSearch_1.0'
+  });
+
+  expect(stack).toHaveResource('AWS::OpenSearchService::Domain', {
+    AccessPolicies: {
+      Statement: [
+        {
+          Action: "es:ESHttp*",
+          Effect: "Allow",
+          Principal: {
+            AWS: {
+              "Fn::GetAtt": [
+                "CognitoAuthorizedRole14E74FE0",
+                "Arn"
+              ]
+            }
+          },
+          Resource: {
+            "Fn::Join": [
+              "",
+              [
+                "arn:aws:es:",
+                {
+                  Ref: "AWS::Region"
+                },
+                ":",
+                {
+                  Ref: "AWS::AccountId"
+                },
+                ":domain/test-domain/*"
+              ]
+            ]
+          }
+        }
+      ],
+      Version: "2012-10-17"
+    },
+    CognitoOptions: {
+      Enabled: true,
+      IdentityPoolId: {
+        Ref: "CognitoIdentityPool"
+      },
+      RoleArn: {
+        "Fn::GetAtt": [
+          "CognitoKibanaConfigureRole62CCE76A",
+          "Arn"
+        ]
+      },
+      UserPoolId: {
+        Ref: "CognitoUserPool53E37E69"
+      }
+    },
+    DomainName: "test-domain",
+    EBSOptions: {
+      EBSEnabled: true,
+      VolumeSize: 10
+    },
+    ClusterConfig: {
+      DedicatedMasterCount: 3,
+      DedicatedMasterEnabled: true,
+      InstanceCount: 3,
+      ZoneAwarenessConfig: {
+        AvailabilityZoneCount: 3
+      },
+      ZoneAwarenessEnabled: true
+    },
+    EngineVersion: "OpenSearch_1.0",
+    EncryptionAtRestOptions: {
+      Enabled: true
+    },
+    NodeToNodeEncryptionOptions: {
+      Enabled: true
+    },
+    SnapshotOptions: {
+      AutomatedSnapshotStartHour: 1
+    }
+  });
+
+});
+
+test('Test deployment with lambdaRoleARN', () => {
+  const stack = deployStack();
+
+  deployOpenSearch(stack, 'test-domain', {}, 'arn:aws:us-east-1:mylambdaRoleARN');
+
+  expect(stack).toHaveResource('AWS::OpenSearchService::Domain', {
+    AccessPolicies: {
+      Statement: [
+        {
+          Action: "es:ESHttp*",
+          Effect: "Allow",
+          Principal: {
+            AWS: [
+              {
+                "Fn::GetAtt": [
+                  "CognitoAuthorizedRole14E74FE0",
+                  "Arn"
+                ]
+              },
+              "arn:aws:us-east-1:mylambdaRoleARN"
+            ]
+          },
+          Resource: {
+            "Fn::Join": [
+              "",
+              [
+                "arn:aws:es:",
+                {
+                  Ref: "AWS::Region"
+                },
+                ":",
+                {
+                  Ref: "AWS::AccountId"
+                },
+                ":domain/test-domain/*"
+              ]
+            ]
+          }
+        }
+      ],
+      Version: "2012-10-17"
+    },
+    CognitoOptions: {
+      Enabled: true,
+      IdentityPoolId: {
+        Ref: "CognitoIdentityPool"
+      },
+      RoleArn: {
+        "Fn::GetAtt": [
+          "CognitoKibanaConfigureRole62CCE76A",
+          "Arn"
+        ]
+      },
+      UserPoolId: {
+        Ref: "CognitoUserPool53E37E69"
+      }
+    },
+    DomainName: "test-domain",
+    EBSOptions: {
+      EBSEnabled: true,
+      VolumeSize: 10
+    },
+    ClusterConfig: {
+      DedicatedMasterCount: 3,
+      DedicatedMasterEnabled: true,
+      InstanceCount: 3,
+      ZoneAwarenessConfig: {
+        AvailabilityZoneCount: 3
+      },
+      ZoneAwarenessEnabled: true
+    },
+    EngineVersion: "OpenSearch_1.3",
+    EncryptionAtRestOptions: {
+      Enabled: true
+    },
+    NodeToNodeEncryptionOptions: {
+      Enabled: true
+    },
+    SnapshotOptions: {
+      AutomatedSnapshotStartHour: 1
+    }
+  });
+
+});
+
+test('Count OpenSearch CloudWatch alarms', () => {
+  const stack = new Stack();
+  deployOpenSearch(stack, 'test-domain');
+  const cwList = defaults.buildOpenSearchCWAlarms(stack);
+
+  expect(cwList.length).toEqual(9);
+});

From d926fd2e7fba33369f5c08bef5f9149428fc24e9 Mon Sep 17 00:00:00 2001
From: mickychetta <mickychetta@gmail.com>
Date: Tue, 4 Oct 2022 17:52:10 +0000
Subject: [PATCH 7/9] fixed prop description

---
 .../aws-lambda-opensearch/lib/index.ts                        | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/lib/index.ts b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/lib/index.ts
index de61df4a6..fd4ca461f 100644
--- a/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/lib/index.ts
+++ b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/lib/index.ts
@@ -22,7 +22,7 @@ import * as defaults from '@aws-solutions-constructs/core';
 import { Construct } from 'constructs';
 
 /**
- * @summary The properties for the CognitoToApiGatewayToLambda Construct
+ * @summary The properties for the LambdaToOpenSearch Construct
  */
 export interface LambdaToOpenSearchProps {
   /**
@@ -52,7 +52,7 @@ export interface LambdaToOpenSearchProps {
   /**
    * Optional Amazon Cognito domain name. If omitted the Amazon Cognito domain will default to the OpenSearch Service domain name.
    *
-   * @default - None
+   * @default - the OpenSearch Service domain name
    */
   readonly cognitoDomainName?: string;
   /**

From cdfc28957c3d639e5bdc87dd8c0b222bed47bb96 Mon Sep 17 00:00:00 2001
From: mickychetta <mickychetta@gmail.com>
Date: Wed, 5 Oct 2022 00:12:48 +0000
Subject: [PATCH 8/9] removed kibana text in opensearch construct

---
 .../lib/index.ts                              | 27 +++---------
 ...loyFunctionWithClusterConfig.expected.json |  2 +-
 ...eployFunctionWithExistingVpc.expected.json |  2 +-
 ...g.deployFunctionWithVpcProps.expected.json |  2 +-
 .../integ.deployToFiveZones.expected.json     |  2 +-
 .../integ.disabledZoneAwareness.expected.json |  2 +-
 .../test/integ.domain-arguments.expected.json |  2 +-
 .../test/integ.no-arguments.expected.json     |  2 +-
 .../test/lambda/index.js                      | 17 ++++----
 .../aws-lambda-opensearch/.eslintignore       |  2 +-
 .../aws-lambda-opensearch/.gitignore          |  2 +-
 .../aws-lambda-opensearch/.npmignore          |  2 +-
 .../aws-lambda-opensearch/lib/index.ts        |  4 +-
 .../test/integ.cluster-config.expected.json   | 14 +++----
 ...nteg.disabled-zone-awareness.expected.json | 14 +++----
 .../test/integ.domain-arguments.expected.json | 14 +++----
 .../test/integ.existing-vpc.expected.json     | 14 +++----
 .../test/integ.no-arguments.expected.json     | 14 +++----
 .../test/integ.vpc-props.expected.json        | 14 +++----
 .../test/lambda/index.js                      |  8 ++--
 .../core/lib/cognito-helper.ts                |  6 +--
 .../core/lib/elasticsearch-helper.ts          | 20 +--------
 .../core/lib/opensearch-defaults.ts           |  3 ++
 .../core/lib/opensearch-helper.ts             | 42 ++++++-------------
 .../core/lib/vpc-helper.ts                    | 19 +++++++++
 .../core/test/congnito-helper.test.ts         |  4 +-
 .../core/test/elasticsearch-helper.test.ts    |  4 +-
 .../core/test/opensearch-helper.test.ts       | 10 ++---
 28 files changed, 121 insertions(+), 147 deletions(-)

diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/lib/index.ts b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/lib/index.ts
index 928e213d0..367d67aa6 100644
--- a/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/lib/index.ts
+++ b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/lib/index.ts
@@ -18,12 +18,11 @@ import * as cognito from 'aws-cdk-lib/aws-cognito';
 import * as defaults from '@aws-solutions-constructs/core';
 // Note: To ensure CDKv2 compatibility, keep the import statement for Construct separate
 import { Construct } from 'constructs';
-import { Role } from 'aws-cdk-lib/aws-iam';
 import * as cloudwatch from 'aws-cdk-lib/aws-cloudwatch';
 import * as ec2 from 'aws-cdk-lib/aws-ec2';
 
 /**
- * @summary The properties for the CognitoToApiGatewayToLambda Construct
+ * @summary The properties for the LambdaToElasticSearchAndKibana Construct
  */
 export interface LambdaToElasticSearchAndKibanaProps {
   /**
@@ -99,10 +98,10 @@ export class LambdaToElasticSearchAndKibana extends Construct {
   public readonly vpc?: ec2.IVpc;
 
   /**
-   * @summary Constructs a new instance of the CognitoToApiGatewayToLambda class.
-   * @param {cdk.App} scope - represents the scope for all the resources.
+   * @summary Constructs a new instance of the LambdaToElasticSearchAndKibana class.
+   * @param {Constructs} scope - represents the scope for all the resources.
    * @param {string} id - this is a a scope-unique id.
-   * @param {CognitoToApiGatewayToLambdaProps} props - user provided props for the construct
+   * @param {LambdaToElasticSearchAndKibanaProps} props - user provided props for the construct
    * @since 0.8.0
    * @access public
    */
@@ -146,7 +145,7 @@ export class LambdaToElasticSearchAndKibana extends Construct {
     let cognitoAuthorizedRole: iam.Role;
 
     [this.userPool, this.userPoolClient, this.identityPool, cognitoAuthorizedRole] =
-      this.setupCognito(this, props.cognitoDomainName ?? props.domainName);
+      defaults.buildCognitoForSearchService(this, props.cognitoDomainName ?? props.domainName);
 
     const buildElasticSearchProps: any = {
       userpool: this.userPool,
@@ -174,18 +173,4 @@ export class LambdaToElasticSearchAndKibana extends Construct {
       this.cloudwatchAlarms = defaults.buildElasticSearchCWAlarms(this);
     }
   }
-
-  setupCognito(scope: Construct, domainName: string): [cognito.UserPool, cognito.UserPoolClient, cognito.CfnIdentityPool, iam.Role] {
-    const userPool = defaults.buildUserPool(scope);
-    const userPoolClient = defaults.buildUserPoolClient(scope, userPool);
-    const identityPool = defaults.buildIdentityPool(scope, userPool, userPoolClient);
-
-    const cognitoAuthorizedRole: Role = defaults.setupCognitoForElasticSearch(scope, domainName, {
-      userpool: userPool,
-      identitypool: identityPool,
-      userpoolclient: userPoolClient
-    });
-
-    return [userPool, userPoolClient, identityPool, cognitoAuthorizedRole];
-  }
-}
\ No newline at end of file
+}
diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/integ.deployFunctionWithClusterConfig.expected.json b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/integ.deployFunctionWithClusterConfig.expected.json
index 645ed472b..9b687d5be 100644
--- a/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/integ.deployFunctionWithClusterConfig.expected.json
+++ b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/integ.deployFunctionWithClusterConfig.expected.json
@@ -137,7 +137,7 @@
           "S3Bucket": {
             "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
           },
-          "S3Key": "67a9971e29baab2bde3043bb70ce5b53318b95429a1ce9b189cf65223e8682db.zip"
+          "S3Key": "35bbbc7b04b21f225891f139adf234188f348ebad5f4bbc2c06edf8aa3784c97.zip"
         },
         "Role": {
           "Fn::GetAtt": [
diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/integ.deployFunctionWithExistingVpc.expected.json b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/integ.deployFunctionWithExistingVpc.expected.json
index 7392d531e..a3b86b904 100644
--- a/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/integ.deployFunctionWithExistingVpc.expected.json
+++ b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/integ.deployFunctionWithExistingVpc.expected.json
@@ -804,7 +804,7 @@
       "Properties": {
         "Code": {
           "S3Bucket": "cdk-hnb659fds-assets-12345678-test-region",
-          "S3Key": "67a9971e29baab2bde3043bb70ce5b53318b95429a1ce9b189cf65223e8682db.zip"
+          "S3Key": "35bbbc7b04b21f225891f139adf234188f348ebad5f4bbc2c06edf8aa3784c97.zip"
         },
         "Role": {
           "Fn::GetAtt": [
diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/integ.deployFunctionWithVpcProps.expected.json b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/integ.deployFunctionWithVpcProps.expected.json
index c53c597ab..3a3b0ea81 100644
--- a/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/integ.deployFunctionWithVpcProps.expected.json
+++ b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/integ.deployFunctionWithVpcProps.expected.json
@@ -135,7 +135,7 @@
       "Properties": {
         "Code": {
           "S3Bucket": "cdk-hnb659fds-assets-12345678-test-region",
-          "S3Key": "67a9971e29baab2bde3043bb70ce5b53318b95429a1ce9b189cf65223e8682db.zip"
+          "S3Key": "35bbbc7b04b21f225891f139adf234188f348ebad5f4bbc2c06edf8aa3784c97.zip"
         },
         "Role": {
           "Fn::GetAtt": [
diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/integ.deployToFiveZones.expected.json b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/integ.deployToFiveZones.expected.json
index c5b66132e..430146924 100644
--- a/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/integ.deployToFiveZones.expected.json
+++ b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/integ.deployToFiveZones.expected.json
@@ -137,7 +137,7 @@
           "S3Bucket": {
             "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
           },
-          "S3Key": "67a9971e29baab2bde3043bb70ce5b53318b95429a1ce9b189cf65223e8682db.zip"
+          "S3Key": "35bbbc7b04b21f225891f139adf234188f348ebad5f4bbc2c06edf8aa3784c97.zip"
         },
         "Role": {
           "Fn::GetAtt": [
diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/integ.disabledZoneAwareness.expected.json b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/integ.disabledZoneAwareness.expected.json
index 3040a00f1..952399fd2 100644
--- a/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/integ.disabledZoneAwareness.expected.json
+++ b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/integ.disabledZoneAwareness.expected.json
@@ -137,7 +137,7 @@
           "S3Bucket": {
             "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
           },
-          "S3Key": "67a9971e29baab2bde3043bb70ce5b53318b95429a1ce9b189cf65223e8682db.zip"
+          "S3Key": "35bbbc7b04b21f225891f139adf234188f348ebad5f4bbc2c06edf8aa3784c97.zip"
         },
         "Role": {
           "Fn::GetAtt": [
diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/integ.domain-arguments.expected.json b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/integ.domain-arguments.expected.json
index 2d971b722..207e58345 100644
--- a/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/integ.domain-arguments.expected.json
+++ b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/integ.domain-arguments.expected.json
@@ -96,7 +96,7 @@
           "S3Bucket": {
             "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
           },
-          "S3Key": "67a9971e29baab2bde3043bb70ce5b53318b95429a1ce9b189cf65223e8682db.zip"
+          "S3Key": "35bbbc7b04b21f225891f139adf234188f348ebad5f4bbc2c06edf8aa3784c97.zip"
         },
         "Role": {
           "Fn::GetAtt": [
diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/integ.no-arguments.expected.json b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/integ.no-arguments.expected.json
index f2efe469d..37e2c00cd 100644
--- a/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/integ.no-arguments.expected.json
+++ b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/integ.no-arguments.expected.json
@@ -96,7 +96,7 @@
           "S3Bucket": {
             "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
           },
-          "S3Key": "67a9971e29baab2bde3043bb70ce5b53318b95429a1ce9b189cf65223e8682db.zip"
+          "S3Key": "35bbbc7b04b21f225891f139adf234188f348ebad5f4bbc2c06edf8aa3784c97.zip"
         },
         "Role": {
           "Fn::GetAtt": [
diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/lambda/index.js b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/lambda/index.js
index 7a660ab80..5362a2cd1 100644
--- a/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/lambda/index.js
+++ b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/lambda/index.js
@@ -34,7 +34,7 @@ function postDocumentToES(doc, context) {
         var body = '';
         httpResp.on('data', function (chunk) {
             body += chunk;
-        });        
+        });
         httpResp.on('end', function (chunk) {
             console.log('All movie records added to ES.');
             context.succeed();
@@ -47,10 +47,13 @@ function postDocumentToES(doc, context) {
 
 exports.handler = (event, context) => {
     console.log('Received event:', JSON.stringify(event, null, 2));
-    postDocumentToES("{ \"title\": \"Spirited Away\" }", context);
-    return {
-      statusCode: 200,
-      headers: { 'Content-Type': 'text/plain' },
-      body: `Hello from Project Vesper! You've hit ${event.path}\n`
-    };
+    postDocumentToOpenSearch("{ \"title\": \"Moby Dick\" }", context);
+    postDocumentToOpenSearch("{ \"title\": \"A Tale of Two Cities\" }", context);
+    postDocumentToOpenSearch("{ \"title\": \"The Phantom of the Opera\" }", context);
+
+    return {
+        statusCode: 200,
+        headers: { 'Content-Type': 'text/plain' },
+        body: `Hello from AWS Solutions Constructs!\n`
+    };
 };
\ No newline at end of file
diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/.eslintignore b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/.eslintignore
index 0819e2e65..340869a08 100644
--- a/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/.eslintignore
+++ b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/.eslintignore
@@ -2,4 +2,4 @@ lib/*.js
 test/*.js
 *.d.ts
 coverage
-test/lambda/index.js
\ No newline at end of file
+test/lambda/index.js
diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/.gitignore b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/.gitignore
index 8626f2274..bd415aef8 100644
--- a/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/.gitignore
+++ b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/.gitignore
@@ -13,4 +13,4 @@ dist
 coverage
 .nycrc
 .LAST_PACKAGE
-*.snk
\ No newline at end of file
+*.snk
diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/.npmignore b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/.npmignore
index f66791629..1ce9af351 100644
--- a/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/.npmignore
+++ b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/.npmignore
@@ -18,4 +18,4 @@ dist
 !.jsii
 
 # Include .jsii
-!.jsii
\ No newline at end of file
+!.jsii
diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/lib/index.ts b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/lib/index.ts
index fd4ca461f..40b12df4a 100644
--- a/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/lib/index.ts
+++ b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/lib/index.ts
@@ -99,7 +99,7 @@ export class LambdaToOpenSearch extends Construct {
 
   /**
    * @summary Constructs a new instance of the LambdaToOpenSearch class.
-   * @param {cdk.App} scope - represents the scope for all the resources.
+   * @param {Construct} scope - represents the scope for all the resources.
    * @param {string} id - this is a a scope-unique id.
    * @param {LambdaToOpenSearchProps} props - user provided props for the construct
    * @since 0.8.0
@@ -145,7 +145,7 @@ export class LambdaToOpenSearch extends Construct {
     let cognitoAuthorizedRole: iam.Role;
 
     [this.userPool, this.userPoolClient, this.identityPool, cognitoAuthorizedRole] =
-      defaults.setupOpenSearchCognito(this, props.cognitoDomainName ?? props.openSearchDomainName);
+      defaults.buildCognitoForSearchService(this, props.cognitoDomainName ?? props.openSearchDomainName);
 
     const buildOpenSearchProps: any = {
       userpool: this.userPool,
diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.cluster-config.expected.json b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.cluster-config.expected.json
index a5105b28f..8624352f7 100644
--- a/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.cluster-config.expected.json
+++ b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.cluster-config.expected.json
@@ -137,7 +137,7 @@
           "S3Bucket": {
             "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
           },
-          "S3Key": "466cbfc6653782bd2707dec5bc5c58005c75a8bff3660a58eefa57d667120240.zip"
+          "S3Key": "abbc4eca9e7ddabc31da3ce83159e6eee8e72e2c358ab8af0711044514c41290.zip"
         },
         "Role": {
           "Fn::GetAtt": [
@@ -374,7 +374,7 @@
         }
       }
     },
-    "testlambdaopensearchCognitoKibanaConfigureRole9623271F": {
+    "testlambdaopensearchCognitoDashboardConfigureRole1F2B7B7A": {
       "Type": "AWS::IAM::Role",
       "Properties": {
         "AssumeRolePolicyDocument": {
@@ -391,7 +391,7 @@
         }
       }
     },
-    "testlambdaopensearchCognitoKibanaConfigureRolePolicyE9D9C211": {
+    "testlambdaopensearchCognitoDashboardConfigureRolePolicyC9C6A6A2": {
       "Type": "AWS::IAM::Policy",
       "Properties": {
         "PolicyDocument": {
@@ -466,7 +466,7 @@
               "Effect": "Allow",
               "Resource": {
                 "Fn::GetAtt": [
-                  "testlambdaopensearchCognitoKibanaConfigureRole9623271F",
+                  "testlambdaopensearchCognitoDashboardConfigureRole1F2B7B7A",
                   "Arn"
                 ]
               }
@@ -474,10 +474,10 @@
           ],
           "Version": "2012-10-17"
         },
-        "PolicyName": "testlambdaopensearchCognitoKibanaConfigureRolePolicyE9D9C211",
+        "PolicyName": "testlambdaopensearchCognitoDashboardConfigureRolePolicyC9C6A6A2",
         "Roles": [
           {
-            "Ref": "testlambdaopensearchCognitoKibanaConfigureRole9623271F"
+            "Ref": "testlambdaopensearchCognitoDashboardConfigureRole1F2B7B7A"
           }
         ]
       }
@@ -542,7 +542,7 @@
           },
           "RoleArn": {
             "Fn::GetAtt": [
-              "testlambdaopensearchCognitoKibanaConfigureRole9623271F",
+              "testlambdaopensearchCognitoDashboardConfigureRole1F2B7B7A",
               "Arn"
             ]
           },
diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.disabled-zone-awareness.expected.json b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.disabled-zone-awareness.expected.json
index 51d046c24..e936bc551 100644
--- a/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.disabled-zone-awareness.expected.json
+++ b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.disabled-zone-awareness.expected.json
@@ -137,7 +137,7 @@
           "S3Bucket": {
             "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
           },
-          "S3Key": "466cbfc6653782bd2707dec5bc5c58005c75a8bff3660a58eefa57d667120240.zip"
+          "S3Key": "abbc4eca9e7ddabc31da3ce83159e6eee8e72e2c358ab8af0711044514c41290.zip"
         },
         "Role": {
           "Fn::GetAtt": [
@@ -370,7 +370,7 @@
         }
       }
     },
-    "testlambdaopensearchCognitoKibanaConfigureRole9623271F": {
+    "testlambdaopensearchCognitoDashboardConfigureRole1F2B7B7A": {
       "Type": "AWS::IAM::Role",
       "Properties": {
         "AssumeRolePolicyDocument": {
@@ -387,7 +387,7 @@
         }
       }
     },
-    "testlambdaopensearchCognitoKibanaConfigureRolePolicyE9D9C211": {
+    "testlambdaopensearchCognitoDashboardConfigureRolePolicyC9C6A6A2": {
       "Type": "AWS::IAM::Policy",
       "Properties": {
         "PolicyDocument": {
@@ -462,7 +462,7 @@
               "Effect": "Allow",
               "Resource": {
                 "Fn::GetAtt": [
-                  "testlambdaopensearchCognitoKibanaConfigureRole9623271F",
+                  "testlambdaopensearchCognitoDashboardConfigureRole1F2B7B7A",
                   "Arn"
                 ]
               }
@@ -470,10 +470,10 @@
           ],
           "Version": "2012-10-17"
         },
-        "PolicyName": "testlambdaopensearchCognitoKibanaConfigureRolePolicyE9D9C211",
+        "PolicyName": "testlambdaopensearchCognitoDashboardConfigureRolePolicyC9C6A6A2",
         "Roles": [
           {
-            "Ref": "testlambdaopensearchCognitoKibanaConfigureRole9623271F"
+            "Ref": "testlambdaopensearchCognitoDashboardConfigureRole1F2B7B7A"
           }
         ]
       }
@@ -535,7 +535,7 @@
           },
           "RoleArn": {
             "Fn::GetAtt": [
-              "testlambdaopensearchCognitoKibanaConfigureRole9623271F",
+              "testlambdaopensearchCognitoDashboardConfigureRole1F2B7B7A",
               "Arn"
             ]
           },
diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.domain-arguments.expected.json b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.domain-arguments.expected.json
index 3c73408ee..3bb455180 100644
--- a/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.domain-arguments.expected.json
+++ b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.domain-arguments.expected.json
@@ -96,7 +96,7 @@
           "S3Bucket": {
             "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
           },
-          "S3Key": "466cbfc6653782bd2707dec5bc5c58005c75a8bff3660a58eefa57d667120240.zip"
+          "S3Key": "abbc4eca9e7ddabc31da3ce83159e6eee8e72e2c358ab8af0711044514c41290.zip"
         },
         "Role": {
           "Fn::GetAtt": [
@@ -313,7 +313,7 @@
         }
       }
     },
-    "testlambdaopensearchCognitoKibanaConfigureRole9623271F": {
+    "testlambdaopensearchCognitoDashboardConfigureRole1F2B7B7A": {
       "Type": "AWS::IAM::Role",
       "Properties": {
         "AssumeRolePolicyDocument": {
@@ -330,7 +330,7 @@
         }
       }
     },
-    "testlambdaopensearchCognitoKibanaConfigureRolePolicyE9D9C211": {
+    "testlambdaopensearchCognitoDashboardConfigureRolePolicyC9C6A6A2": {
       "Type": "AWS::IAM::Policy",
       "Properties": {
         "PolicyDocument": {
@@ -405,7 +405,7 @@
               "Effect": "Allow",
               "Resource": {
                 "Fn::GetAtt": [
-                  "testlambdaopensearchCognitoKibanaConfigureRole9623271F",
+                  "testlambdaopensearchCognitoDashboardConfigureRole1F2B7B7A",
                   "Arn"
                 ]
               }
@@ -413,10 +413,10 @@
           ],
           "Version": "2012-10-17"
         },
-        "PolicyName": "testlambdaopensearchCognitoKibanaConfigureRolePolicyE9D9C211",
+        "PolicyName": "testlambdaopensearchCognitoDashboardConfigureRolePolicyC9C6A6A2",
         "Roles": [
           {
-            "Ref": "testlambdaopensearchCognitoKibanaConfigureRole9623271F"
+            "Ref": "testlambdaopensearchCognitoDashboardConfigureRole1F2B7B7A"
           }
         ]
       }
@@ -481,7 +481,7 @@
           },
           "RoleArn": {
             "Fn::GetAtt": [
-              "testlambdaopensearchCognitoKibanaConfigureRole9623271F",
+              "testlambdaopensearchCognitoDashboardConfigureRole1F2B7B7A",
               "Arn"
             ]
           },
diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.existing-vpc.expected.json b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.existing-vpc.expected.json
index b21beaacc..d9eb71c21 100644
--- a/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.existing-vpc.expected.json
+++ b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.existing-vpc.expected.json
@@ -804,7 +804,7 @@
       "Properties": {
         "Code": {
           "S3Bucket": "cdk-hnb659fds-assets-12345678-test-region",
-          "S3Key": "466cbfc6653782bd2707dec5bc5c58005c75a8bff3660a58eefa57d667120240.zip"
+          "S3Key": "abbc4eca9e7ddabc31da3ce83159e6eee8e72e2c358ab8af0711044514c41290.zip"
         },
         "Role": {
           "Fn::GetAtt": [
@@ -1048,7 +1048,7 @@
         }
       }
     },
-    "testlambdaelasticsearchkibana4CognitoKibanaConfigureRole6A058B80": {
+    "testlambdaelasticsearchkibana4CognitoDashboardConfigureRoleB36C775C": {
       "Type": "AWS::IAM::Role",
       "Properties": {
         "AssumeRolePolicyDocument": {
@@ -1065,7 +1065,7 @@
         }
       }
     },
-    "testlambdaelasticsearchkibana4CognitoKibanaConfigureRolePolicy1615E937": {
+    "testlambdaelasticsearchkibana4CognitoDashboardConfigureRolePolicy1D82A101": {
       "Type": "AWS::IAM::Policy",
       "Properties": {
         "PolicyDocument": {
@@ -1140,7 +1140,7 @@
               "Effect": "Allow",
               "Resource": {
                 "Fn::GetAtt": [
-                  "testlambdaelasticsearchkibana4CognitoKibanaConfigureRole6A058B80",
+                  "testlambdaelasticsearchkibana4CognitoDashboardConfigureRoleB36C775C",
                   "Arn"
                 ]
               }
@@ -1148,10 +1148,10 @@
           ],
           "Version": "2012-10-17"
         },
-        "PolicyName": "testlambdaelasticsearchkibana4CognitoKibanaConfigureRolePolicy1615E937",
+        "PolicyName": "testlambdaelasticsearchkibana4CognitoDashboardConfigureRolePolicy1D82A101",
         "Roles": [
           {
-            "Ref": "testlambdaelasticsearchkibana4CognitoKibanaConfigureRole6A058B80"
+            "Ref": "testlambdaelasticsearchkibana4CognitoDashboardConfigureRoleB36C775C"
           }
         ]
       }
@@ -1216,7 +1216,7 @@
           },
           "RoleArn": {
             "Fn::GetAtt": [
-              "testlambdaelasticsearchkibana4CognitoKibanaConfigureRole6A058B80",
+              "testlambdaelasticsearchkibana4CognitoDashboardConfigureRoleB36C775C",
               "Arn"
             ]
           },
diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.no-arguments.expected.json b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.no-arguments.expected.json
index b65887f99..52cb2b7e0 100644
--- a/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.no-arguments.expected.json
+++ b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.no-arguments.expected.json
@@ -96,7 +96,7 @@
           "S3Bucket": {
             "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
           },
-          "S3Key": "466cbfc6653782bd2707dec5bc5c58005c75a8bff3660a58eefa57d667120240.zip"
+          "S3Key": "abbc4eca9e7ddabc31da3ce83159e6eee8e72e2c358ab8af0711044514c41290.zip"
         },
         "Role": {
           "Fn::GetAtt": [
@@ -313,7 +313,7 @@
         }
       }
     },
-    "testlambdaopensearchCognitoKibanaConfigureRole9623271F": {
+    "testlambdaopensearchCognitoDashboardConfigureRole1F2B7B7A": {
       "Type": "AWS::IAM::Role",
       "Properties": {
         "AssumeRolePolicyDocument": {
@@ -330,7 +330,7 @@
         }
       }
     },
-    "testlambdaopensearchCognitoKibanaConfigureRolePolicyE9D9C211": {
+    "testlambdaopensearchCognitoDashboardConfigureRolePolicyC9C6A6A2": {
       "Type": "AWS::IAM::Policy",
       "Properties": {
         "PolicyDocument": {
@@ -405,7 +405,7 @@
               "Effect": "Allow",
               "Resource": {
                 "Fn::GetAtt": [
-                  "testlambdaopensearchCognitoKibanaConfigureRole9623271F",
+                  "testlambdaopensearchCognitoDashboardConfigureRole1F2B7B7A",
                   "Arn"
                 ]
               }
@@ -413,10 +413,10 @@
           ],
           "Version": "2012-10-17"
         },
-        "PolicyName": "testlambdaopensearchCognitoKibanaConfigureRolePolicyE9D9C211",
+        "PolicyName": "testlambdaopensearchCognitoDashboardConfigureRolePolicyC9C6A6A2",
         "Roles": [
           {
-            "Ref": "testlambdaopensearchCognitoKibanaConfigureRole9623271F"
+            "Ref": "testlambdaopensearchCognitoDashboardConfigureRole1F2B7B7A"
           }
         ]
       }
@@ -481,7 +481,7 @@
           },
           "RoleArn": {
             "Fn::GetAtt": [
-              "testlambdaopensearchCognitoKibanaConfigureRole9623271F",
+              "testlambdaopensearchCognitoDashboardConfigureRole1F2B7B7A",
               "Arn"
             ]
           },
diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.vpc-props.expected.json b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.vpc-props.expected.json
index c459a8eee..d84589b6f 100644
--- a/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.vpc-props.expected.json
+++ b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.vpc-props.expected.json
@@ -135,7 +135,7 @@
       "Properties": {
         "Code": {
           "S3Bucket": "cdk-hnb659fds-assets-12345678-test-region",
-          "S3Key": "466cbfc6653782bd2707dec5bc5c58005c75a8bff3660a58eefa57d667120240.zip"
+          "S3Key": "abbc4eca9e7ddabc31da3ce83159e6eee8e72e2c358ab8af0711044514c41290.zip"
         },
         "Role": {
           "Fn::GetAtt": [
@@ -376,7 +376,7 @@
         }
       }
     },
-    "testlambdaopensearchCognitoKibanaConfigureRole9623271F": {
+    "testlambdaopensearchCognitoDashboardConfigureRole1F2B7B7A": {
       "Type": "AWS::IAM::Role",
       "Properties": {
         "AssumeRolePolicyDocument": {
@@ -393,7 +393,7 @@
         }
       }
     },
-    "testlambdaopensearchCognitoKibanaConfigureRolePolicyE9D9C211": {
+    "testlambdaopensearchCognitoDashboardConfigureRolePolicyC9C6A6A2": {
       "Type": "AWS::IAM::Policy",
       "Properties": {
         "PolicyDocument": {
@@ -468,7 +468,7 @@
               "Effect": "Allow",
               "Resource": {
                 "Fn::GetAtt": [
-                  "testlambdaopensearchCognitoKibanaConfigureRole9623271F",
+                  "testlambdaopensearchCognitoDashboardConfigureRole1F2B7B7A",
                   "Arn"
                 ]
               }
@@ -476,10 +476,10 @@
           ],
           "Version": "2012-10-17"
         },
-        "PolicyName": "testlambdaopensearchCognitoKibanaConfigureRolePolicyE9D9C211",
+        "PolicyName": "testlambdaopensearchCognitoDashboardConfigureRolePolicyC9C6A6A2",
         "Roles": [
           {
-            "Ref": "testlambdaopensearchCognitoKibanaConfigureRole9623271F"
+            "Ref": "testlambdaopensearchCognitoDashboardConfigureRole1F2B7B7A"
           }
         ]
       }
@@ -544,7 +544,7 @@
           },
           "RoleArn": {
             "Fn::GetAtt": [
-              "testlambdaopensearchCognitoKibanaConfigureRole9623271F",
+              "testlambdaopensearchCognitoDashboardConfigureRole1F2B7B7A",
               "Arn"
             ]
           },
diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/lambda/index.js b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/lambda/index.js
index b94797307..77e37ea45 100644
--- a/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/lambda/index.js
+++ b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/lambda/index.js
@@ -48,13 +48,13 @@ function postDocumentToOpenSearch(doc, context) {
 
 exports.handler = (event, context) => {
     console.log('Received event:', JSON.stringify(event, null, 2));
-    postDocumentToOpenSearch("{ \"title\": \"Spirited Away\" }", context);
-    postDocumentToOpenSearch("{ \"title\": \"Fast and Furious\" }", context);
-    postDocumentToOpenSearch("{ \"title\": \"Jurassic Park\" }", context);
+    postDocumentToOpenSearch("{ \"title\": \"Moby Dick\" }", context);
+    postDocumentToOpenSearch("{ \"title\": \"A Tale of Two Cities\" }", context);
+    postDocumentToOpenSearch("{ \"title\": \"The Phantom of the Opera\" }", context);
 
     return {
         statusCode: 200,
         headers: { 'Content-Type': 'text/plain' },
-        body: `Hello from AWS Solutions Constructs You've hit ${event.path}\n`
+        body: `Hello from AWS Solutions Constructs!\n`
     };
 };
\ No newline at end of file
diff --git a/source/patterns/@aws-solutions-constructs/core/lib/cognito-helper.ts b/source/patterns/@aws-solutions-constructs/core/lib/cognito-helper.ts
index 1c7a9b62d..125023040 100644
--- a/source/patterns/@aws-solutions-constructs/core/lib/cognito-helper.ts
+++ b/source/patterns/@aws-solutions-constructs/core/lib/cognito-helper.ts
@@ -77,7 +77,7 @@ export function buildIdentityPool(scope: Construct, userpool: cognito.UserPool,
   return idPool;
 }
 
-export function setupCognitoForElasticSearch(scope: Construct, domainName: string, options: CognitoOptions): iam.Role {
+export function setupCognitoForSearchService(scope: Construct, domainName: string, options: CognitoOptions): iam.Role {
 
   // Create the domain for Cognito UserPool
   const userpooldomain = new cognito.CfnUserPoolDomain(scope, 'UserPoolDomain', {
@@ -121,13 +121,13 @@ export function setupCognitoForElasticSearch(scope: Construct, domainName: strin
   return cognitoAuthorizedRole;
 }
 
-export function setupOpenSearchCognito(scope: Construct, domainName: string):
+export function buildCognitoForSearchService(scope: Construct, domainName: string):
   [cognito.UserPool, cognito.UserPoolClient, cognito.CfnIdentityPool, iam.Role] {
   const userPool = buildUserPool(scope);
   const userPoolClient = buildUserPoolClient(scope, userPool);
   const identityPool = buildIdentityPool(scope, userPool, userPoolClient);
 
-  const cognitoAuthorizedRole: iam.Role = setupCognitoForElasticSearch(scope, domainName, {
+  const cognitoAuthorizedRole: iam.Role = setupCognitoForSearchService(scope, domainName, {
     userpool: userPool,
     identitypool: identityPool,
     userpoolclient: userPoolClient
diff --git a/source/patterns/@aws-solutions-constructs/core/lib/elasticsearch-helper.ts b/source/patterns/@aws-solutions-constructs/core/lib/elasticsearch-helper.ts
index 111413559..4adb770fe 100644
--- a/source/patterns/@aws-solutions-constructs/core/lib/elasticsearch-helper.ts
+++ b/source/patterns/@aws-solutions-constructs/core/lib/elasticsearch-helper.ts
@@ -13,6 +13,7 @@
 
 import * as elasticsearch from 'aws-cdk-lib/aws-elasticsearch';
 import { DefaultCfnDomainProps } from './elasticsearch-defaults';
+import { retrievePrivateSubnetIds } from './vpc-helper';
 import { consolidateProps, addCfnSuppressRules } from './utils';
 import * as iam from 'aws-cdk-lib/aws-iam';
 import * as cdk from 'aws-cdk-lib';
@@ -218,25 +219,6 @@ export function buildElasticSearchCWAlarms(scope: Construct): cloudwatch.Alarm[]
   return alarms;
 }
 
-function retrievePrivateSubnetIds(vpc: ec2.IVpc) {
-  let targetSubnetType;
-
-  if (vpc.isolatedSubnets.length) {
-    targetSubnetType = ec2.SubnetType.PRIVATE_ISOLATED;
-  } else if (vpc.privateSubnets.length) {
-    targetSubnetType = ec2.SubnetType.PRIVATE_WITH_NAT;
-  } else {
-    throw new Error('Error - ElasticSearch Domains can only be deployed in Isolated or Private subnets');
-  }
-
-  const subnetSelector = {
-    onePerAz: true,
-    subnetType: targetSubnetType
-  };
-
-  return vpc.selectSubnets(subnetSelector).subnetIds;
-}
-
 function createClusterConfiguration(numberOfAzs?: number): elasticsearch.CfnDomain.ElasticsearchClusterConfigProperty {
   return {
     dedicatedMasterEnabled: true,
diff --git a/source/patterns/@aws-solutions-constructs/core/lib/opensearch-defaults.ts b/source/patterns/@aws-solutions-constructs/core/lib/opensearch-defaults.ts
index b27cc79df..906d89a9d 100644
--- a/source/patterns/@aws-solutions-constructs/core/lib/opensearch-defaults.ts
+++ b/source/patterns/@aws-solutions-constructs/core/lib/opensearch-defaults.ts
@@ -26,6 +26,9 @@ export function DefaultOpenSearchCfnDomainProps(domainName: string, cognitoConfi
     roleARNs.push(new iam.ArnPrincipal(props.serviceRoleARN));
   }
 
+  // Features supported by engine version:
+  // https://docs.aws.amazon.com/opensearch-service/latest/developerguide/features-by-version.html
+  // https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_opensearchservice.CfnDomainProps.html
   return {
     domainName,
     engineVersion: 'OpenSearch_1.3',
diff --git a/source/patterns/@aws-solutions-constructs/core/lib/opensearch-helper.ts b/source/patterns/@aws-solutions-constructs/core/lib/opensearch-helper.ts
index 64c5ee8d7..22abdc1f6 100644
--- a/source/patterns/@aws-solutions-constructs/core/lib/opensearch-helper.ts
+++ b/source/patterns/@aws-solutions-constructs/core/lib/opensearch-helper.ts
@@ -13,6 +13,7 @@
 
 import * as opensearch from 'aws-cdk-lib/aws-opensearchservice';
 import { DefaultOpenSearchCfnDomainProps } from './opensearch-defaults';
+import { retrievePrivateSubnetIds } from './vpc-helper';
 import { consolidateProps, addCfnSuppressRules } from './utils';
 import * as iam from 'aws-cdk-lib/aws-iam';
 import * as cdk from 'aws-cdk-lib';
@@ -40,7 +41,7 @@ export function buildOpenSearch(scope: Construct, props: BuildOpenSearchProps):
   const constructDrivenProps: any = {};
 
   // Setup the IAM Role & policy for the OpenSearch Service to configure Cognito User pool and Identity pool
-  const cognitoKibanaConfigureRole = createKibanaCognitoRole(scope, props.userpool, props.identitypool, props.openSearchDomainName);
+  const cognitoDashboardConfigureRole = createDashboardCognitoRole(scope, props.userpool, props.identitypool, props.openSearchDomainName);
 
   if (props.vpc) {
     subnetIds = retrievePrivateSubnetIds(props.vpc);
@@ -65,7 +66,7 @@ export function buildOpenSearch(scope: Construct, props: BuildOpenSearchProps):
     }
   }
 
-  const defaultCfnDomainProps = DefaultOpenSearchCfnDomainProps(props.openSearchDomainName, cognitoKibanaConfigureRole, props);
+  const defaultCfnDomainProps = DefaultOpenSearchCfnDomainProps(props.openSearchDomainName, cognitoDashboardConfigureRole, props);
   const finalCfnDomainProps = consolidateProps(defaultCfnDomainProps, props.clientDomainProps, constructDrivenProps);
 
   const opensearchDomain = new opensearch.CfnDomain(scope, `OpenSearchDomain`, finalCfnDomainProps);
@@ -81,7 +82,7 @@ export function buildOpenSearch(scope: Construct, props: BuildOpenSearchProps):
     },
   ]);
 
-  return [opensearchDomain, cognitoKibanaConfigureRole];
+  return [opensearchDomain, cognitoDashboardConfigureRole];
 }
 
 export function buildOpenSearchCWAlarms(scope: Construct): cloudwatch.Alarm[] {
@@ -216,25 +217,6 @@ export function buildOpenSearchCWAlarms(scope: Construct): cloudwatch.Alarm[] {
   return alarms;
 }
 
-function retrievePrivateSubnetIds(vpc: ec2.IVpc) {
-  let targetSubnetType;
-
-  if (vpc.isolatedSubnets.length) {
-    targetSubnetType = ec2.SubnetType.PRIVATE_ISOLATED;
-  } else if (vpc.privateSubnets.length) {
-    targetSubnetType = ec2.SubnetType.PRIVATE_WITH_EGRESS;
-  } else {
-    throw new Error('Error - the OpenSearch Service domain can only be deployed in Isolated or Private subnets');
-  }
-
-  const subnetSelector = {
-    onePerAz: true,
-    subnetType: targetSubnetType
-  };
-
-  return vpc.selectSubnets(subnetSelector).subnetIds;
-}
-
 function createClusterConfiguration(numberOfAzs?: number): opensearch.CfnDomain.ClusterConfigProperty {
   return {
     dedicatedMasterEnabled: true,
@@ -247,24 +229,24 @@ function createClusterConfiguration(numberOfAzs?: number): opensearch.CfnDomain.
   };
 }
 
-function createKibanaCognitoRole(
+function createDashboardCognitoRole(
   scope: Construct,
   userPool: cognito.UserPool,
   identitypool: cognito.CfnIdentityPool,
   domainName: string
 ): iam.Role {
   // Setup the IAM Role & policy for the OpenSearch Service to configure Cognito User pool and Identity pool
-  const cognitoKibanaConfigureRole = new iam.Role(
+  const cognitoDashboardConfigureRole = new iam.Role(
     scope,
-    "CognitoKibanaConfigureRole",
+    "CognitoDashboardConfigureRole",
     {
       assumedBy: new iam.ServicePrincipal("es.amazonaws.com"),
     }
   );
 
-  const cognitoKibanaConfigureRolePolicy = new iam.Policy(
+  const cognitoDashboardConfigureRolePolicy = new iam.Policy(
     scope,
-    "CognitoKibanaConfigureRolePolicy",
+    "CognitoDashboardConfigureRolePolicy",
     {
       statements: [
         new iam.PolicyStatement({
@@ -295,12 +277,12 @@ function createKibanaCognitoRole(
               "iam:PassedToService": "cognito-identity.amazonaws.com",
             },
           },
-          resources: [cognitoKibanaConfigureRole.roleArn],
+          resources: [cognitoDashboardConfigureRole.roleArn],
         }),
       ],
     }
   );
 
-  cognitoKibanaConfigureRolePolicy.attachToRole(cognitoKibanaConfigureRole);
-  return cognitoKibanaConfigureRole;
+  cognitoDashboardConfigureRolePolicy.attachToRole(cognitoDashboardConfigureRole);
+  return cognitoDashboardConfigureRole;
 }
diff --git a/source/patterns/@aws-solutions-constructs/core/lib/vpc-helper.ts b/source/patterns/@aws-solutions-constructs/core/lib/vpc-helper.ts
index 30c71612c..c8e1ff7c3 100644
--- a/source/patterns/@aws-solutions-constructs/core/lib/vpc-helper.ts
+++ b/source/patterns/@aws-solutions-constructs/core/lib/vpc-helper.ts
@@ -218,4 +218,23 @@ function AddGatewayEndpoint(vpc: ec2.IVpc, service: EndpointDefinition, interfac
   vpc.addGatewayEndpoint(interfaceTag, {
     service: service.endpointGatewayService as ec2.GatewayVpcEndpointAwsService,
   });
+}
+
+export function retrievePrivateSubnetIds(vpc: ec2.IVpc) {
+  let targetSubnetType;
+
+  if (vpc.isolatedSubnets.length) {
+    targetSubnetType = ec2.SubnetType.PRIVATE_ISOLATED;
+  } else if (vpc.privateSubnets.length) {
+    targetSubnetType = ec2.SubnetType.PRIVATE_WITH_EGRESS;
+  } else {
+    throw new Error('Error - Subnet IDs must be Isolated or Private subnets');
+  }
+
+  const subnetSelector = {
+    onePerAz: true,
+    subnetType: targetSubnetType
+  };
+
+  return vpc.selectSubnets(subnetSelector).subnetIds;
 }
\ No newline at end of file
diff --git a/source/patterns/@aws-solutions-constructs/core/test/congnito-helper.test.ts b/source/patterns/@aws-solutions-constructs/core/test/congnito-helper.test.ts
index c2e556404..bf7291273 100644
--- a/source/patterns/@aws-solutions-constructs/core/test/congnito-helper.test.ts
+++ b/source/patterns/@aws-solutions-constructs/core/test/congnito-helper.test.ts
@@ -89,7 +89,7 @@ test('Test override for buildIdentityPool', () => {
   });
 });
 
-test('Test setupCognitoForElasticSearch', () => {
+test('Test setupCognitoForSearchService', () => {
   const stack = new Stack();
 
   const userpool = defaults.buildUserPool(stack);
@@ -99,7 +99,7 @@ test('Test setupCognitoForElasticSearch', () => {
   });
   const identitypool = defaults.buildIdentityPool(stack, userpool, userpoolclient);
 
-  defaults.setupCognitoForElasticSearch(stack, 'test-domain', {
+  defaults.setupCognitoForSearchService(stack, 'test-domain', {
     userpool,
     userpoolclient,
     identitypool
diff --git a/source/patterns/@aws-solutions-constructs/core/test/elasticsearch-helper.test.ts b/source/patterns/@aws-solutions-constructs/core/test/elasticsearch-helper.test.ts
index 3b5d09513..4dfb094a3 100644
--- a/source/patterns/@aws-solutions-constructs/core/test/elasticsearch-helper.test.ts
+++ b/source/patterns/@aws-solutions-constructs/core/test/elasticsearch-helper.test.ts
@@ -27,7 +27,7 @@ function deployES(stack: Stack, domainName: string, clientDomainProps?: elastics
   });
   const identitypool = defaults.buildIdentityPool(stack, userpool, userpoolclient);
 
-  const cognitoAuthorizedRole = defaults.setupCognitoForElasticSearch(stack, 'test-domain', {
+  const cognitoAuthorizedRole = defaults.setupCognitoForSearchService(stack, 'test-domain', {
     userpool,
     userpoolclient,
     identitypool
@@ -266,7 +266,7 @@ test('Test error thrown with no private subnet configurations', () => {
     deployES(stack, 'test-domain', {}, undefined, vpc);
   };
 
-  expect(app).toThrowError('Error - ElasticSearch Domains can only be deployed in Isolated or Private subnets');
+  expect(app).toThrowError('Error - Subnet IDs must be Isolated or Private subnets');
 });
 
 test('Test override ES version for buildElasticSearch', () => {
diff --git a/source/patterns/@aws-solutions-constructs/core/test/opensearch-helper.test.ts b/source/patterns/@aws-solutions-constructs/core/test/opensearch-helper.test.ts
index 08354bc00..411e8fd0b 100644
--- a/source/patterns/@aws-solutions-constructs/core/test/opensearch-helper.test.ts
+++ b/source/patterns/@aws-solutions-constructs/core/test/opensearch-helper.test.ts
@@ -27,7 +27,7 @@ function deployOpenSearch(stack: Stack, openSearchDomainName: string, clientDoma
   });
 
   const identitypool = defaults.buildIdentityPool(stack, userpool, userpoolclient);
-  const cognitoAuthorizedRole = defaults.setupCognitoForElasticSearch(stack, 'test-domain', {
+  const cognitoAuthorizedRole = defaults.setupCognitoForSearchService(stack, 'test-domain', {
     userpool,
     userpoolclient,
     identitypool
@@ -100,7 +100,7 @@ test('Test override SnapshotOptions for buildOpenSearch', () => {
       },
       RoleArn: {
         "Fn::GetAtt": [
-          "CognitoKibanaConfigureRole62CCE76A",
+          "CognitoDashboardConfigureRoleEC5F4809",
           "Arn"
         ]
       },
@@ -251,7 +251,7 @@ test('Test error thrown with no private subnet configurations', () => {
     deployOpenSearch(stack, 'test-domain', {}, undefined, vpc);
   };
 
-  expect(app).toThrowError('Error - the OpenSearch Service domain can only be deployed in Isolated or Private subnets');
+  expect(app).toThrowError('Error - Subnet IDs must be Isolated or Private subnets');
 });
 
 test('Test engine version override for buildOpenSearch', () => {
@@ -302,7 +302,7 @@ test('Test engine version override for buildOpenSearch', () => {
       },
       RoleArn: {
         "Fn::GetAtt": [
-          "CognitoKibanaConfigureRole62CCE76A",
+          "CognitoDashboardConfigureRoleEC5F4809",
           "Arn"
         ]
       },
@@ -387,7 +387,7 @@ test('Test deployment with lambdaRoleARN', () => {
       },
       RoleArn: {
         "Fn::GetAtt": [
-          "CognitoKibanaConfigureRole62CCE76A",
+          "CognitoDashboardConfigureRoleEC5F4809",
           "Arn"
         ]
       },

From 64df18274ee05408f3cebe9c9f844b05f28fa68f Mon Sep 17 00:00:00 2001
From: mickychetta <mickychetta@gmail.com>
Date: Tue, 11 Oct 2022 17:37:39 +0000
Subject: [PATCH 9/9] added type safety to opensearch prop

---
 .../aws-lambda-opensearch/lib/index.ts        | 16 +++++++-----
 .../test/lambda-opensearch.test.ts            | 26 +++++--------------
 .../core/lib/vpc-helper.ts                    |  2 +-
 .../core/test/elasticsearch-helper.test.ts    |  2 +-
 .../core/test/opensearch-helper.test.ts       |  2 +-
 5 files changed, 19 insertions(+), 29 deletions(-)

diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/lib/index.ts b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/lib/index.ts
index 40b12df4a..dd152dfbc 100644
--- a/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/lib/index.ts
+++ b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/lib/index.ts
@@ -147,21 +147,23 @@ export class LambdaToOpenSearch extends Construct {
     [this.userPool, this.userPoolClient, this.identityPool, cognitoAuthorizedRole] =
       defaults.buildCognitoForSearchService(this, props.cognitoDomainName ?? props.openSearchDomainName);
 
-    const buildOpenSearchProps: any = {
+    let securityGroupIds;
+
+    if (this.vpc) {
+      securityGroupIds = defaults.getLambdaVpcSecurityGroupIds(this.lambdaFunction);
+    }
+
+    const buildOpenSearchProps: defaults.BuildOpenSearchProps = {
       userpool: this.userPool,
       identitypool: this.identityPool,
       cognitoAuthorizedRoleARN: cognitoAuthorizedRole.roleArn,
       serviceRoleARN: lambdaFunctionRoleARN,
       vpc: this.vpc,
       openSearchDomainName: props.openSearchDomainName,
-      clientDomainProps: props.openSearchDomainProps
+      clientDomainProps: props.openSearchDomainProps,
+      securityGroupIds
     };
 
-    if (this.vpc) {
-      const securityGroupIds = defaults.getLambdaVpcSecurityGroupIds(this.lambdaFunction);
-      buildOpenSearchProps.securityGroupIds = securityGroupIds;
-    }
-
     [this.openSearchDomain, this.openSearchRole] = defaults.buildOpenSearch(this, buildOpenSearchProps);
 
     if (props.createCloudWatchAlarms === undefined || props.createCloudWatchAlarms) {
diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/lambda-opensearch.test.ts b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/lambda-opensearch.test.ts
index 09c6b995f..299bcc265 100644
--- a/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/lambda-opensearch.test.ts
+++ b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/lambda-opensearch.test.ts
@@ -13,10 +13,10 @@
 
 import { LambdaToOpenSearch, LambdaToOpenSearchProps } from "../lib";
 import * as lambda from 'aws-cdk-lib/aws-lambda';
-import * as ec2 from 'aws-cdk-lib/aws-ec2';
 import * as cdk from "aws-cdk-lib";
 import '@aws-cdk/assert/jest';
 import * as defaults from '@aws-solutions-constructs/core';
+import { getTestVpc } from "@aws-solutions-constructs/core";
 
 function deployLambdaToOpenSearch(stack: cdk.Stack) {
   const props: LambdaToOpenSearchProps = {
@@ -422,20 +422,8 @@ test('Test minimal deployment with an existing private VPC', () => {
     env: { account: "123456789012", region: 'us-east-1' },
   });
 
-  const vpc = new ec2.Vpc(stack, 'existing-private-vpc-test', {
-    natGateways: 1,
-    subnetConfiguration: [
-      {
-        cidrMask: 24,
-        name: 'application',
-        subnetType: ec2.SubnetType.PRIVATE_WITH_EGRESS,
-      },
-      {
-        cidrMask: 24,
-        name: "public",
-        subnetType: ec2.SubnetType.PUBLIC,
-      }
-    ]
+  const vpc = getTestVpc(stack, true, {
+    vpcName: "existing-private-vpc-test"
   });
 
   const construct = new LambdaToOpenSearch(stack, 'test-lambda-opensearch', {
@@ -448,7 +436,7 @@ test('Test minimal deployment with an existing private VPC', () => {
     Tags: [
       {
         Key: "Name",
-        Value: "Default/existing-private-vpc-test"
+        Value: "existing-private-vpc-test"
       }
     ]
   });
@@ -457,13 +445,13 @@ test('Test minimal deployment with an existing private VPC', () => {
     VPCOptions: {
       SubnetIds: [
         {
-          Ref: "existingprivatevpctestapplicationSubnet1Subnet1F7744F0"
+          Ref: "VpcPrivateSubnet1Subnet536B997A"
         },
         {
-          Ref: "existingprivatevpctestapplicationSubnet2SubnetF7B713AD"
+          Ref: "VpcPrivateSubnet2Subnet3788AAA1"
         },
         {
-          Ref: "existingprivatevpctestapplicationSubnet3SubnetA519E038"
+          Ref: "VpcPrivateSubnet3SubnetF258B56E"
         }
       ]
     }
diff --git a/source/patterns/@aws-solutions-constructs/core/lib/vpc-helper.ts b/source/patterns/@aws-solutions-constructs/core/lib/vpc-helper.ts
index c8e1ff7c3..6dd0fa463 100644
--- a/source/patterns/@aws-solutions-constructs/core/lib/vpc-helper.ts
+++ b/source/patterns/@aws-solutions-constructs/core/lib/vpc-helper.ts
@@ -228,7 +228,7 @@ export function retrievePrivateSubnetIds(vpc: ec2.IVpc) {
   } else if (vpc.privateSubnets.length) {
     targetSubnetType = ec2.SubnetType.PRIVATE_WITH_EGRESS;
   } else {
-    throw new Error('Error - Subnet IDs must be Isolated or Private subnets');
+    throw new Error('Error - No isolated or private subnets available in VPC');
   }
 
   const subnetSelector = {
diff --git a/source/patterns/@aws-solutions-constructs/core/test/elasticsearch-helper.test.ts b/source/patterns/@aws-solutions-constructs/core/test/elasticsearch-helper.test.ts
index 4dfb094a3..1966736a6 100644
--- a/source/patterns/@aws-solutions-constructs/core/test/elasticsearch-helper.test.ts
+++ b/source/patterns/@aws-solutions-constructs/core/test/elasticsearch-helper.test.ts
@@ -266,7 +266,7 @@ test('Test error thrown with no private subnet configurations', () => {
     deployES(stack, 'test-domain', {}, undefined, vpc);
   };
 
-  expect(app).toThrowError('Error - Subnet IDs must be Isolated or Private subnets');
+  expect(app).toThrowError('Error - No isolated or private subnets available in VPC');
 });
 
 test('Test override ES version for buildElasticSearch', () => {
diff --git a/source/patterns/@aws-solutions-constructs/core/test/opensearch-helper.test.ts b/source/patterns/@aws-solutions-constructs/core/test/opensearch-helper.test.ts
index 411e8fd0b..1d3dcee3b 100644
--- a/source/patterns/@aws-solutions-constructs/core/test/opensearch-helper.test.ts
+++ b/source/patterns/@aws-solutions-constructs/core/test/opensearch-helper.test.ts
@@ -251,7 +251,7 @@ test('Test error thrown with no private subnet configurations', () => {
     deployOpenSearch(stack, 'test-domain', {}, undefined, vpc);
   };
 
-  expect(app).toThrowError('Error - Subnet IDs must be Isolated or Private subnets');
+  expect(app).toThrowError('Error - No isolated or private subnets available in VPC');
 });
 
 test('Test engine version override for buildOpenSearch', () => {