opensearch-project · rishabh6788 · May 5, 2023 · May 3, 2023 · prudhvigodithi · May 5, 2023
@@ -58,7 +58,8 @@ In order to deploy both the stacks the user needs to provide a set of required a
 | account (Optional)                | string  | User provided aws account                                                                                                                                                                                                                                                                        |
 | dataNodeStorage (Optional)        | string  | User provided ebs block storage size, defaults to 100Gb                                                                                                                                                                                                                                          |
 | mlNodeStorage (Optional)          | string  | User provided ebs block storage size, defaults to 100Gb                                                                                                                                                                                                                                          |
-| use50PercentHeap (Optional)       | boolean | Boolean flag to use 50% of physical memory as heap. Default is 1GB.  e.g., `--context use50PercentHeap=true`                                                                                                                                                                                                     |
+| use50PercentHeap (Optional)       | boolean | Boolean flag to use 50% of physical memory as heap. Default is 1GB.  e.g., `--context use50PercentHeap=true`                                                                                                                                                                                     |
+| isInternal (Optional)             | boolean | Boolean flag to make network load balancer internal. Default is internet-facing  e.g., `--context isInternal=true`                                                                                                                                                                               |
 
 
 

@@ -56,6 +56,7 @@
     readonly jvmSysPropsString?: string,
     readonly additionalConfig?: string,
     readonly use50PercentHeap: boolean,
+    readonly isInternal: boolean,
 }
 
 export class InfraStack extends Stack {
@@ -86,33 +87,33 @@
     const ec2InstanceType = (props.cpuType === AmazonLinuxCpuType.X86_64)
       ? InstanceType.of(InstanceClass.C5, InstanceSize.XLARGE) : InstanceType.of(InstanceClass.C6G, InstanceSize.XLARGE);
 
-    const alb = new NetworkLoadBalancer(this, 'publicNlb', {
+    const nlb = new NetworkLoadBalancer(this, 'clusterNlb', {
       vpc: props.vpc,
-      internetFacing: true,
+      internetFacing: (!props.isInternal),
       crossZoneEnabled: true,
     });
 
     if (!props.securityDisabled && !props.minDistribution) {
-      opensearchListener = alb.addListener('opensearch', {
+      opensearchListener = nlb.addListener('opensearch', {
         port: 443,
         protocol: Protocol.TCP,
       });
     } else {
-      opensearchListener = alb.addListener('opensearch', {
+      opensearchListener = nlb.addListener('opensearch', {
         port: 80,
         protocol: Protocol.TCP,
       });
     }
 
     if (props.dashboardsUrl !== 'undefined') {
-      dashboardsListener = alb.addListener('dashboards', {
+      dashboardsListener = nlb.addListener('dashboards', {
         port: 8443,
         protocol: Protocol.TCP,
       });
    }

    if (props.singleNodeCluster) {
      console.log('Single node value is true, creating single node configurations');
      singleNodeInstance = new Instance(this, 'single-node-instance', {
        vpc: props.vpc,
        instanceType: ec2InstanceType,
@@ -325,7 +326,7 @@
     }
 
     new CfnOutput(this, 'loadbalancer-url', {
-      value: alb.loadBalancerDnsName,
+      value: nlb.loadBalancerDnsName,
     });
   }
 
@@ -408,7 +409,7 @@

      fileContent['cluster.name'] = `${scope.stackName}-${scope.account}-${scope.region}`;

      console.log(dump(fileContent).toString());
      opensearchConfig = dump(fileContent).toString();
      cfnInitConfig.push(InitCommand.shellCommand(`set -ex;cd opensearch; echo "${opensearchConfig}" > config/opensearch.yml`,
        {

@@ -151,6 +151,9 @@ export class OsClusterEntrypoint {
       const use50heap = `${scope.node.tryGetContext('use50PercentHeap')}`;
       const use50PercentHeap = use50heap === 'true';
 
+      const nlbScheme = `${scope.node.tryGetContext('isInternal')}`;
+      const isInternal = nlbScheme === 'true';
+
       const network = new NetworkStack(scope, 'opensearch-network-stack', {
         cidrBlock: cidrRange,
         maxAzs: 3,
@@ -196,6 +199,7 @@ export class OsClusterEntrypoint {
         jvmSysPropsString: jvmSysProps,
         additionalConfig: ymlConfig,
         use50PercentHeap,
+        isInternal,
         ...props,
       });
 

@@ -106,6 +106,9 @@ test('Test Resources with security enabled multi-node with existing Vpc', () =>
       },
     ],
   });
+  infraTemplate.hasResourceProperties('AWS::ElasticLoadBalancingV2::LoadBalancer', {
+    Scheme: 'internet-facing',
+  });
 });
 
 test('Test Resources with security enabled single-node cluster', () => {
@@ -121,6 +124,7 @@ test('Test Resources with security enabled single-node cluster', () => {
       serverAccessType: 'prefixList',
       restrictServerAccessTo: 'pl-12345',
       dataNodeStorage: 200,
+      isInternal: true,
     },
   });
 
@@ -153,4 +157,7 @@ test('Test Resources with security enabled single-node cluster', () => {
       },
     ],
   });
+  infraTemplate.hasResourceProperties('AWS::ElasticLoadBalancingV2::LoadBalancer', {
+    Scheme: 'internal',
+  });
 });