salt.states.boto3_elasticsearch

Manage Elasticsearch Service

configuration

This module accepts explicit AWS credentials but can also utilize IAM roles assigned to the instance trough Instance Profiles. Dynamic credentials are then automatically obtained from AWS API and no further configuration is necessary. More Information available at:

http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html

If IAM roles are not used you need to specify them either in a pillar or in the minion's config file:

es.keyid: GKTADJGHEIQSXMKKRBJ08H
es.key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs

A region may also be specified in the configuration:

es.region: us-east-1

If a region is not specified, the default is us-east-1.

It's also possible to specify key, keyid and region via a profile, either as a passed in dict, or as a string to pull from pillars or minion config:

myprofile:
    keyid: GKTADJGHEIQSXMKKRBJ08H
    key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
    region: us-east-1

codeauthor

Herbert Buurman <herbert.buurman@ogd.nl>

depends

boto3

salt.states.boto3_elasticsearch.absent(name, blocking=True, region=None, keyid=None, key=None, profile=None)

Ensure the Elasticsearch Domain specified does not exist.

Parameters

• name (str) -- The name of the Elasticsearch domain to be made absent.

• blocking (bool) -- Whether or not the state should wait for the deletion to be completed. Default: True

New in version 3001.

Example:

Remove Elasticsearch Domain:
  boto3_elasticsearch.absent:
  - name: my_domain
  - region: eu-west-1

salt.states.boto3_elasticsearch.latest(name, minor_only=True, region=None, keyid=None, key=None, profile=None)

Ensures the Elasticsearch domain specifies runs on the latest compatible version of elasticsearch, upgrading it if it is not.

Note that this operation is blocking until the upgrade is complete.

Parameters

• name (str) -- The name of the Elasticsearch domain to upgrade.

• minor_only (bool) -- Only upgrade to the latest minor version.

New in version 3001.

Example:

The following example will ensure the elasticsearch domain my_domain is upgraded to the latest minor version. So if it is currently 5.1 it will be upgraded to 5.6.

Upgrade Elasticsearch Domain:
  boto3_elasticsearch.latest:
  - name: my_domain
  - minor_only: True
  - region: eu-west-1

salt.states.boto3_elasticsearch.present(name, elasticsearch_version=None, elasticsearch_cluster_config=None, ebs_options=None, access_policies=None, snapshot_options=None, vpc_options=None, cognito_options=None, encryption_at_rest_options=None, node_to_node_encryption_options=None, advanced_options=None, log_publishing_options=None, blocking=True, tags=None, region=None, keyid=None, key=None, profile=None)

Ensure an Elasticsearch Domain exists.

Parameters

• name (str) -- The name of the Elasticsearch domain that you are creating. Domain names are unique across the domains owned by an account within an AWS region. Domain names must start with a letter or number and can contain the following characters: a-z (lowercase), 0-9, and - (hyphen).

• elasticsearch_version (str) -- String of format X.Y to specify version for the Elasticsearch domain eg. "1.5" or "2.3".

• elasticsearch_cluster_config (dict) --

  Dict specifying the configuration options for an Elasticsearch domain. Keys (case sensitive) in here are:

  • InstanceType (str): The instance type for an Elasticsearch cluster.

  • InstanceCount (int): The instance type for an Elasticsearch cluster.

  • DedicatedMasterEnabled (bool): Indicate whether a dedicated master node is enabled.

  • ZoneAwarenessEnabled (bool): Indicate whether zone awareness is enabled.

  • ZoneAwarenessConfig (dict): Specifies the zone awareness configuration for a domain when zone awareness is enabled. Keys (case sensitive) in here are:

    • AvailabilityZoneCount (int): An integer value to indicate the number of availability zones for a domain when zone awareness is enabled. This should be equal to number of subnets if VPC endpoints is enabled.

  • DedicatedMasterType (str): The instance type for a dedicated master node.

  • DedicatedMasterCount (int): Total number of dedicated master nodes, active and on standby, for the cluster.

• ebs_options (dict) --

  Dict specifying the options to enable or disable and specifying the type and size of EBS storage volumes. Keys (case sensitive) in here are:

  • EBSEnabled (bool): Specifies whether EBS-based storage is enabled.

  • VolumeType (str): Specifies the volume type for EBS-based storage.

  • VolumeSize (int): Integer to specify the size of an EBS volume.

  • Iops (int): Specifies the IOPD for a Provisioned IOPS EBS volume (SSD).

• access_policies (str or dict) -- Dict or JSON string with the IAM access policy.

• snapshot_options (dict) --

  Dict specifying the snapshot options. Keys (case senstive) in here are:

  • AutomatedSnapshotStartHour (int): Specifies the time, in UTC format, when the service takes a daily automated snapshot of the specified Elasticsearch domain. Default value is 0 hours.

• vpc_options (dict) --

  Dict with the options to specify the subnets and security groups for the VPC endpoint. Keys (case sensitive) in here are:

  • SubnetIds (list): The list of subnets for the VPC endpoint.

  • SecurityGroupIds (list): The list of security groups for the VPC endpoint.

• cognito_options (dict) --

  Dict with options to specify the cognito user and identity pools for Kibana authentication. Keys (case senstive) in here are:

  • Enabled (bool): Specifies the option to enable Cognito for Kibana authentication.

  • UserPoolId (str): Specifies the Cognito user pool ID for Kibana authentication.

  • IdentityPoolId (str): Specifies the Cognito identity pool ID for Kibana authentication.

  • RoleArn (str): Specifies the role ARN that provides Elasticsearch permissions for accessing Cognito resources.

• encryption_at_rest_options (dict) --

  Dict specifying the encryption at rest options. This option can only be used for the creation of a new Elasticsearch domain. Keys (case sensitive) in here are:

  • Enabled (bool): Specifies the option to enable Encryption At Rest.

  • KmsKeyId (str): Specifies the KMS Key ID for Encryption At Rest options.

• node_to_node_encryption_options (dict) --

  Dict specifying the node to node encryption options. This option can only be used for the creation of a new Elasticsearch domain. Keys (case sensitive) in here are:

  • Enabled (bool): Specify True to enable node-to-node encryption.

• advanced_options (dict) -- Dict with option to allow references to indices in an HTTP request body. Must be False when configuring access to individual sub-resources. By default, the value is True. See http://docs.aws.amazon.com/elasticsearch-service/latest/developerguide /es-createupdatedomains.html#es-createdomain-configure-advanced-options for more information.

• log_publishing_options (dict) --

  Dict with options for various type of logs. The keys denote the type of log file and can be one of the following:

  • INDEX_SLOW_LOGS

  • SEARCH_SLOW_LOGS

  • ES_APPLICATION_LOGS

  The value assigned to each key is a dict with the following case sensitive keys:

  • CloudWatchLogsLogGroupArn (str): The ARN of the Cloudwatch log group to which the log needs to be published.

  • Enabled (bool): Specifies whether given log publishing option is enabled or not.

• blocking (bool) -- Whether or not the state should wait for all operations (create/update/upgrade) to be completed. Default: True

• tags (dict) -- Dict of tags to ensure are present on the Elasticsearch domain.

New in version 3001.

Example:

This will create an elasticsearch domain consisting of a single t2.small instance in the eu-west-1 region (Ireland) and will wait until the instance is available before returning from the state.

Create new domain:
  boto3_elasticsearch.present:
  - name: my_domain
  - elasticsearch_version: '5.1'
  - elasticsearch_cluster_config:
      InstanceType: t2.small.elasticsearch
      InstanceCount: 1
      DedicatedMasterEnabled: False
      ZoneAwarenessEnabled: False
  - ebs_options:
      EBSEnabled: True
      VolumeType: gp2
      VolumeSize: 10
  - snapshot_options:
      AutomatedSnapshotStartHour: 3
  - vpc_options:
      SubnetIds:
      - subnet-12345678
      SecurityGroupIds:
      - sg-12345678
  - node_to_node_encryption_options:
      Enabled: False
  - region: eu-west-1
  - tags:
      foo: bar
      baz: qux

salt.states.boto3_elasticsearch.tagged(name, tags=None, replace=False, region=None, keyid=None, key=None, profile=None)

Ensures the Elasticsearch domain has the tags provided. Adds tags to the domain unless replace is set to True, in which case all existing tags will be replaced with the tags provided in tags. (This will remove all tags if replace is True and tags is empty).

Parameters

• name (str) -- The Elasticsearch domain to work with.

• tags (dict) -- The tags to add to/replace on the Elasticsearch domain.

• replace (bool) -- Whether or not to replace (True) all existing tags on the Elasticsearch domain, or add (False) tags to the ES domain.

New in version 3001.

salt.states.boto3_elasticsearch.upgraded(name, elasticsearch_version, blocking=True, region=None, keyid=None, key=None, profile=None)

Ensures the Elasticsearch domain specified runs on the specified version of elasticsearch. Only upgrades are possible as downgrades require a manual snapshot and an S3 bucket to store them in.

Note that this operation is blocking until the upgrade is complete.

Parameters

• name (str) -- The name of the Elasticsearch domain to upgrade.

• elasticsearch_version (str) -- String of format X.Y to specify version for the Elasticsearch domain eg. "1.5" or "2.3".

New in version 3001.

Example:

Upgrade Elasticsearch Domain:
  boto3_elasticsearch.upgraded:
  - name: my_domain
  - elasticsearch_version: '7.2'
  - region: eu-west-1