boto3_elasticsearch¶
Manage Elasticsearch Service domains using boto3.¶
Create and destroy Elasticsearch domains. Be aware that this interacts with Amazon’s services, and so may incur charges.
- depends:
boto3 >= 1.28.0
botocore >= 1.31.0
This module uses boto3, which can be installed via package, or pip.
This module accepts explicit Elasticsearch credentials but can also utilize IAM roles assigned to the instance through Instance Profiles. Dynamic credentials are then automatically obtained from AWS API and no further configuration is necessary. More Information available at:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html
If IAM roles are not used you need to specify them either in the minion’s config file or as a profile. For example, to specify them in the minion’s config file:
elasticsearch.keyid: GKTADJGHEIQSXMKKRBJ08H
elasticsearch.key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
It’s also possible to specify key, keyid and region via a profile, either as a passed in dict, or as a string to pull from pillars or minion config:
myprofile:
keyid: GKTADJGHEIQSXMKKRBJ08H
key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
region: us-east-1
Create new domain:
boto3_elasticsearch.present:
- name: my_domain
- elasticsearch_version: '5.1'
- elasticsearch_cluster_config:
InstanceType: t2.small.elasticsearch
InstanceCount: 1
DedicatedMasterEnabled: False
ZoneAwarenessEnabled: False
- ebs_options:
EBSEnabled: True
VolumeType: gp2
VolumeSize: 10
- snapshot_options:
AutomatedSnapshotStartHour: 3
- vpc_options:
SubnetIds:
- subnet-12345678
SecurityGroupIds:
- sg-12345678
- node_to_node_encryption_options:
Enabled: False
- region: eu-west-1
- tags:
foo: bar
baz: qux
- codeauthor:
Herbert Buurman <herbert.buurman@ogd.nl>
Added in version 1.0.0.
- saltext.boto3.states.boto3_elasticsearch.__virtual__()[source]¶
Only load if boto3 and the required module functions are available.
- saltext.boto3.states.boto3_elasticsearch.present(name, elasticsearch_version=None, elasticsearch_cluster_config=None, ebs_options=None, access_policies=None, snapshot_options=None, vpc_options=None, cognito_options=None, encryption_at_rest_options=None, node_to_node_encryption_options=None, advanced_options=None, log_publishing_options=None, blocking=True, tags=None, region=None, keyid=None, key=None, profile=None)[source]¶
Ensure an Elasticsearch Domain exists.
- Parameters:
name (str) – The name of the Elasticsearch domain that you are creating. Domain names are unique across the domains owned by an account within an AWS region. Domain names must start with a letter or number and can contain the following characters: a-z (lowercase), 0-9, and - (hyphen).
elasticsearch_version (str) – String of format X.Y to specify version for the Elasticsearch domain eg. “1.5” or “2.3”.
elasticsearch_cluster_config (dict) –
Dict specifying the configuration options for an Elasticsearch domain. Keys (case sensitive) in here are:
InstanceType (str): The instance type for an Elasticsearch cluster.
InstanceCount (int): The instance type for an Elasticsearch cluster.
DedicatedMasterEnabled (bool): Indicate whether a dedicated master node is enabled.
ZoneAwarenessEnabled (bool): Indicate whether zone awareness is enabled.
ZoneAwarenessConfig (dict): Specifies the zone awareness configuration for a domain when zone awareness is enabled. Keys (case sensitive) in here are:
AvailabilityZoneCount (int): An integer value to indicate the number of availability zones for a domain when zone awareness is enabled. This should be equal to number of subnets if VPC endpoints is enabled.
DedicatedMasterType (str): The instance type for a dedicated master node.
DedicatedMasterCount (int): Total number of dedicated master nodes, active and on standby, for the cluster.
ebs_options (dict) –
Dict specifying the options to enable or disable and specifying the type and size of EBS storage volumes. Keys (case sensitive) in here are:
EBSEnabled (bool): Specifies whether EBS-based storage is enabled.
VolumeType (str): Specifies the volume type for EBS-based storage.
VolumeSize (int): Integer to specify the size of an EBS volume.
Iops (int): Specifies the IOPD for a Provisioned IOPS EBS volume (SSD).
access_policies (str or dict) – Dict or JSON string with the IAM access policy.
snapshot_options (dict) –
Dict specifying the snapshot options. Keys (case senstive) in here are:
AutomatedSnapshotStartHour (int): Specifies the time, in UTC format, when the service takes a daily automated snapshot of the specified Elasticsearch domain. Default value is 0 hours.
vpc_options (dict) –
Dict with the options to specify the subnets and security groups for the VPC endpoint. Keys (case sensitive) in here are:
SubnetIds (list): The list of subnets for the VPC endpoint.
SecurityGroupIds (list): The list of security groups for the VPC endpoint.
cognito_options (dict) –
Dict with options to specify the cognito user and identity pools for Kibana authentication. Keys (case senstive) in here are:
Enabled (bool): Specifies the option to enable Cognito for Kibana authentication.
UserPoolId (str): Specifies the Cognito user pool ID for Kibana authentication.
IdentityPoolId (str): Specifies the Cognito identity pool ID for Kibana authentication.
RoleArn (str): Specifies the role ARN that provides Elasticsearch permissions for accessing Cognito resources.
encryption_at_rest_options (dict) –
Dict specifying the encryption at rest options. This option can only be used for the creation of a new Elasticsearch domain. Keys (case sensitive) in here are:
Enabled (bool): Specifies the option to enable Encryption At Rest.
KmsKeyId (str): Specifies the KMS Key ID for Encryption At Rest options.
node_to_node_encryption_options (dict) –
Dict specifying the node to node encryption options. This option can only be used for the creation of a new Elasticsearch domain. Keys (case sensitive) in here are:
Enabled (bool): Specify True to enable node-to-node encryption.
advanced_options (dict) – Dict with option to allow references to indices in an HTTP request body. Must be False when configuring access to individual sub-resources. By default, the value is True. See http://docs.aws.amazon.com/elasticsearch-service/latest/developerguide /es-createupdatedomains.html#es-createdomain-configure-advanced-options for more information.
log_publishing_options (dict) –
Dict with options for various type of logs. The keys denote the type of log file and can be one of the following:
INDEX_SLOW_LOGS
SEARCH_SLOW_LOGS
ES_APPLICATION_LOGS
The value assigned to each key is a dict with the following case sensitive keys:
CloudWatchLogsLogGroupArn (str): The ARN of the Cloudwatch log group to which the log needs to be published.
Enabled (bool): Specifies whether given log publishing option is enabled or not.
blocking (bool) – Whether or not the state should wait for all operations (create/update/upgrade) to be completed. Default:
Truetags (dict) – Dict of tags to ensure are present on the Elasticsearch domain.
Example:
This will create an elasticsearch domain consisting of a single t2.small instance in the eu-west-1 region (Ireland) and will wait until the instance is available before returning from the state.
Create new domain: boto3_elasticsearch.present: - name: my_domain - elasticsearch_version: '5.1' - elasticsearch_cluster_config: InstanceType: t2.small.elasticsearch InstanceCount: 1 DedicatedMasterEnabled: False ZoneAwarenessEnabled: False - ebs_options: EBSEnabled: True VolumeType: gp2 VolumeSize: 10 - snapshot_options: AutomatedSnapshotStartHour: 3 - vpc_options: SubnetIds: - subnet-12345678 SecurityGroupIds: - sg-12345678 - node_to_node_encryption_options: Enabled: False - region: eu-west-1 - tags: foo: bar baz: qux
- saltext.boto3.states.boto3_elasticsearch.absent(name, blocking=True, region=None, keyid=None, key=None, profile=None)[source]¶
Ensure the Elasticsearch Domain specified does not exist.
- Parameters:
Example:
Remove Elasticsearch Domain: boto3_elasticsearch.absent: - name: my_domain - region: eu-west-1
- saltext.boto3.states.boto3_elasticsearch.upgraded(name, elasticsearch_version, blocking=True, region=None, keyid=None, key=None, profile=None)[source]¶
Ensures the Elasticsearch domain specified runs on the specified version of elasticsearch. Only upgrades are possible as downgrades require a manual snapshot and an S3 bucket to store them in.
Note that this operation is blocking until the upgrade is complete.
- Parameters:
Example:
Upgrade Elasticsearch Domain: boto3_elasticsearch.upgraded: - name: my_domain - elasticsearch_version: '7.2' - region: eu-west-1
- saltext.boto3.states.boto3_elasticsearch.latest(name, minor_only=True, region=None, keyid=None, key=None, profile=None)[source]¶
Ensures the Elasticsearch domain specifies runs on the latest compatible version of elasticsearch, upgrading it if it is not.
Note that this operation is blocking until the upgrade is complete.
- Parameters:
Example:
The following example will ensure the elasticsearch domain
my_domainis upgraded to the latest minor version. So if it is currently 5.1 it will be upgraded to 5.6.Upgrade Elasticsearch Domain: boto3_elasticsearch.latest: - name: my_domain - minor_only: True - region: eu-west-1
- saltext.boto3.states.boto3_elasticsearch.tagged(name, tags=None, replace=False, region=None, keyid=None, key=None, profile=None)[source]¶
Ensures the Elasticsearch domain has the tags provided. Adds tags to the domain unless
replaceis set toTrue, in which case all existing tags will be replaced with the tags provided intags. (This will remove all tags ifreplaceisTrueandtagsis empty).- Parameters:
Example:
ensure-tagged: boto3_elasticsearch.tagged: - name: example