This is an Amazon OpenSearch Serverless project for CDK development with Python.
The cdk.json file tells the CDK Toolkit how to execute your app.
This project is set up like a standard Python project. The initialization
process also creates a virtualenv within this project, stored under the .venv
directory. To create the virtualenv it assumes that there is a python3
(or python for Windows) executable in your path with access to the venv
package. If for any reason the automatic creation of the virtualenv fails,
you can create the virtualenv manually.
To manually create a virtualenv on MacOS and Linux:
$ python3 -m venv .venv
After the init process completes and the virtualenv is created, you can use the following step to activate your virtualenv.
$ source .venv/bin/activate
If you are a Windows platform, you would activate the virtualenv like this:
% .venv\Scripts\activate.bat
Once the virtualenv is activated, you can install the required dependencies.
(.venv) $ pip install -r requirements.txt
Before synthesizing the CloudFormation, you should set approperly the cdk context configuration file, cdk.context.json.
For example:
{
"opensearch_iam_user": {
"user_name": "opss-user",
"initial_password": "PassW0rd!"
},
"collection_name": "search-movies"
}
At this point you can now synthesize the CloudFormation template for this code.
(.venv) $ export CDK_DEFAULT_ACCOUNT=$(aws sts get-caller-identity --query Account --output text) (.venv) $ export CDK_DEFAULT_REGION=$(curl -s 169.254.169.254/latest/dynamic/instance-identity/document | jq -r .region) (.venv) $ cdk synth --all
Use cdk deploy command to create the stack shown above.
(.venv) $ cdk deploy --all
To add additional dependencies, for example other CDK libraries, just add
them to your setup.py file and rerun the pip install -r requirements.txt
command.
Some cluster configurations (e.g VPC access) require the existence of the AWSServiceRoleForAmazonOpenSearchServerless Service-Linked Role.
When performing such operations via the AWS Console, this SLR is created automatically when needed. However, this is not the behavior when using CloudFormation. If an SLR(Service-Linked Role) is needed, but doesn’t exist, you will encounter a failure message simlar to:
Before you can proceed, you must enable a service-linked role to give Amazon OpenSearch Service...
To resolve this, you need to create the SLR. We recommend using the AWS CLI:
aws iam create-service-linked-role --aws-service-name observability.aoss.amazonaws.com
ℹ️ For more information, see here.
Delete the CloudFormation stack by running the below command.
(.venv) $ cdk destroy --force --all
cdk lslist all stacks in the appcdk synthemits the synthesized CloudFormation templatecdk deploydeploy this stack to your default AWS account/regioncdk diffcompare deployed stack with current statecdk docsopen CDK documentation
Enjoy!
To access Amazon OpenSearch Serverless data-plane APIs and OpenSearch Dashboards from the browser, you need to login to AWS Web console with the IAM User that is created.
You can find the IAM User name and initial password in the cdk.context.json file.
- Sign into the Amazon Web console at https://console.aws.amazon.com/
- Change the password.
- Check if successfuly logined.
For example:opss-userlogin into theN. Virgina (us-east-1)region.
If you would like to upload and search data, check out Module 2 - Search usecase in Getting started with Amazon OpenSearch Serverless
The followings are examples using Dev Tools with the OpenSearch Dashboards console.
-
Create a single index called
movies-indexPUT movies-index
-
Upload Data using Bulk API
POST /_bulk {"index": {"_index": "movies-index"}} {"directors": ["Joseph Gordon-Levitt"], "release_date": "2013-01-18T00:00:00Z", "rating": 7.4, "genres": ["Comedy", "Drama"], "image_url": "http://ia.media-imdb.com/images/M/MV5BMTQxNTc3NDM2MF5BMl5BanBnXkFtZTcwNzQ5NTQ3OQ@@._V1_SX400_.jpg", "plot": "A New Jersey guy dedicated to his family, friends, and church, develops unrealistic expectations from watching porn and works to find happiness and intimacy with his potential true love.", "title": "Don Jon", "rank": 1, "running_time_secs": 5400, "actors": ["Joseph Gordon-Levitt", "Scarlett Johansson", "Julianne Moore"], "year": 2013} {"index": {"_index": "movies-index"}} {"directors": ["Ron Howard"], "release_date": "2013-09-02T00:00:00Z", "rating": 8.3, "genres": ["Action", "Biography", "Drama", "Sport"], "image_url": "http://ia.media-imdb.com/images/M/MV5BMTQyMDE0MTY0OV5BMl5BanBnXkFtZTcwMjI2OTI0OQ@@._V1_SX400_.jpg", "plot": "A re-creation of the merciless 1970s rivalry between Formula One rivals James Hunt and Niki Lauda.", "title": "Rush", "rank": 2, "running_time_secs": 7380, "actors": ["Daniel Br\u00c3\u00bchl", "Chris Hemsworth", "Olivia Wilde"], "year": 2013} -
Look up the indices available in the collection.
GET _cat/indices?v
-
List all the documents in the index
GET movies-index/_search
-
Retrieve only certain Fields
GET movies-index/_search { "_source": { "includes": [ "title", "plot", "genre" ] } }
- (Hands-on) Getting started with Amazon OpenSearch Serverless
- Amazon OpenSearch Serverless
- Supported OpenSearch API operations and permissions in Amazon OpenSearch Serverless
- Supported plugins in Amazon OpenSearch Serverless
- check out Korean (Nori) Analysis
- Identity and Access Management for Amazon OpenSearch Serverless
- Configure SAML federation for Amazon OpenSearch Serverless with AWS IAM Identity Center (2023-04-18)
- OpenSearch Popular APIs
- Getting a 401 when trying to access OpenSearch serverless dashboard
If you are on public access, and your IAM has the right permission but you still cannot access dashboard, check if you have enabled "Access to Opensearch Dashboards", which is disabled by default. Here is how: 1. Go to OpenSearch -> Collections, click into your serverless collection. 2. Scroll down to Network part, click Manage network access -> click into network policy name, choose edit, scroll to the very bottom and click "Enable access to OpenSearch Dashboards", put your filters in.