Deploy AWS Cognito Secured Elastic Search Domain with Cloud Formation templates.
Recently AWS started to support the capability of securing AWS Elastic Search Domains with AWS Cognito. I was going to use that feature and found it hard to find a cloud formation template to deploy this at once. So I developed the cloud formation template [1]. Thought of sharing it so next time every body can launch the template without any fuss.
Here I am editing the same code sample that I used in my previous blogs. So I have several lambda functions that
- Push logs from cloud watch logs to elastic search
- Rollover log indices
- Delete old indices
Here for each lambda I was creating a role for each lambda via cloud formation. But I changed it to have single lambda execution role for the lambdas that connects to a elastic search domain. So now I create the lambda execution role with the elastic search cloud formation template [1] and the ARN of the role used as an input for other cloud formation templates that creates lambda functions for above use cases[2] [3] [4]. Its implemented in this manner for the ease of implementation and automation of access policy of the elastic search domain we create[5].
And also obviously I had to change the lambda code and all changes are there in the same GitHub repository. Here I used AWS SDK and the AWS HTTP client to use session token for authenticate to the elastic search APIs. I simply followed the AWS tutorial in [6] to change my lambda functions to the secured elastic search endpoints.
Hope this helps someone to solve a problem.