1. Using aws docdb with opensearch

    TypeScript

    To integrate AWS DocumentDB with OpenSearch using Pulumi, you'll need to set up both the DocumentDB cluster and the OpenSearch domain. DocumentDB will serve as our managed database compatible with MongoDB, while OpenSearch (previously known as Elasticsearch) will enable powerful search and analytics capabilities.

    Here's a high-level summary of the steps you'll be taking in this Pulumi program:

    1. Create a VPC and necessary networking resources to host both DocumentDB and OpenSearch securely.
    2. Deploy an AWS DocumentDB cluster, configuring it with the necessary parameters.
    3. Deploy an AWS OpenSearch domain, with necessary access policies and configurations for integration.
    4. (Optional) Create an OpenSearch index and demonstrate data ingestion from DocumentDB.

    This example focuses on steps 1 to 3. Step 4 is more complex and often tailored to specific application needs and thus is not included here.

    Below is a program in TypeScript that accomplishes the first three steps:

    import * as aws from '@pulumi/aws'; // Create a VPC to host our services that enables DNS and DHCP const vpc = new aws.ec2.Vpc('example-vpc', { cidrBlock: '10.0.0.0/16', enableDnsHostnames: true, enableDnsSupport: true, }); // Create a subnet for each of our services to sit in const docdbSubnet = new aws.ec2.Subnet('example-docdb-subnet', { vpcId: vpc.id, cidrBlock: '10.0.1.0/24', availabilityZone: 'us-west-2a', }); const opensearchSubnet = new aws.ec2.Subnet('example-opensearch-subnet', { vpcId: vpc.id, cidrBlock: '10.0.2.0/24', availabilityZone: 'us-west-2b', }); // Create a DocumentDB subnet group const docdbSubnetGroup = new aws.docdb.SubnetGroup('example-docdb-subnet-group', { subnetIds: [docdbSubnet.id], }); // Create a DocumentDB cluster const docdbCluster = new aws.docdb.Cluster('example-docdb-cluster', { clusterIdentifier: 'example-docdb-cluster', engine: 'docdb', masterUsername: 'exampleMasterUsername', masterPassword: 'exampleMasterUserPassword', dbSubnetGroupName: docdbSubnetGroup.id, skipFinalSnapshot: true, }); // Create a DocumentDB instance const docdbInstance = new aws.docdb.ClusterInstance('example-docdb-instance', { clusterIdentifier: docdbCluster.clusterIdentifier, instanceClass: 'db.r5.large', engine: 'docdb', }); // Create an OpenSearch domain const opensearchDomain = new aws.opensearch.Domain('example-opensearch-domain', { domainName: 'example-domain', engineVersion: 'OpenSearch_1.0', // Specify the desired OpenSearch version clusterConfig: { instanceType: 'r6g.large.search', }, ebsOptions: { ebsEnabled: true, volumeSize: 20, }, vpcOptions: { subnetIds: [opensearchSubnet.id], }, // Access policies for OpenSearch can be configured here. // It will define who can access the OpenSearch cluster. // In production, you should restrict this to only allow necessary traffic accessPolicies: JSON.stringify({ Version: '2012-10-17', Statement: [ { Effect: 'Allow', Principal: { AWS: '*' // Open to all: change this in production environments }, Action: 'es:*', Resource: `arn:aws:es:${aws.config.region}:${aws.config.accountId}:domain/${opensearchDomain.domainName}/*` }, ] }), }, { dependsOn: [docdbInstance] }); // Ensure the DocumentDB is running before creating the OpenSearch domain export const docdbClusterEndpoint = docdbCluster.endpoint; export const opensearchDomainEndpoint = opensearchDomain.endpoint;

    In this program:

    • We create a VPC with subnets where both DocumentDB and OpenSearch services will live, ensuring isolated networking environments for them.
    • Subnet groups for DocumentDB are created that allow it to reside within our VPC in the specified subnets.
    • The DocumentDB cluster and a single instance within it are then provisioned. Credentials and other sensitive parameters should be managed via Pulumi secrets or a secrets manager in a real-world scenario.
    • Subsequently, we create the OpenSearch domain in a similar subnet within our VPC. For the domain's access policies, it's generally best to limit access to necessary personnel or services. However, this example uses a lenient policy that permits access from anywhere, marked with a comment as a placeholder for you to replace with proper restrictions appropriate for your use case.
    • At the end, we export the endpoints for the DocumentDB cluster and OpenSearch domain, which would be the entry points for your applications to connect to these services.

    For more information on using Pulumi with AWS services, you can refer to the following documentation links: