OpenSearch (Elastic)

OpenSearch is a scalable, open-source search and analytics suite. It's used for various purposes, including full-text search, log analytics, and real-time application monitoring. As a fully managed service, Stacktape makes it easy to deploy, operate, and scale OpenSearch clusters in the AWS Cloud.

Under the hood, Stacktape uses AWS OpenSearch Service, which was previously known as Amazon Elasticsearch Service.

Basic configuration

To set up a basic OpenSearch domain, you only need to specify the resource type and the desired OpenSearch version.

This property determines the size, number, and type of instances used in your OpenSearch domain cluster. If you do not specify a clusterConfig, the cluster will consist of a single m4.large.search node.


resources:
  myOpenSearch:
    type: open-search-domain
    properties:
      version: "2.17"

Connecting to an OpenSearch domain

You can connect to your OpenSearch domain either from anywhere on the internet or exclusively from resources within your stack's VPC, depending on your accessibility configuration.

In either case, you need valid IAM credentials. You can grant these to your stack's resources using the connectTo property.


resources:
  myOpenSearch:
    type: open-search-domain
    properties:
      accessibility:
        accessibilityMode: vpc

  webService:
    type: web-service
    properties:
      # ...
      connectTo:
        - myOpenSearch

A web service connected to an OpenSearch domain.


import { Client, Connection } from "@opensearch-project/opensearch";
import { defaultProvider } from "@aws-sdk/credential-provider-node";
import aws4 from "aws4";

// The OpenSearch domain endpoint is automatically injected as an environment variable
const host = `https://${process.env.STP_MY_OPEN_SEARCH_DOMAIN_ENDPOINT}`;

const createAwsConnector = (credentials, region) => {
  class AmazonConnection extends Connection {
    buildRequestObject(params) {
      const request = super.buildRequestObject(params) as any;
      request.service = "es";
      request.region = region;
      request.headers = request.headers || {};
      request.headers["host"] = request.hostname;

      return aws4.sign(request, credentials);
    }
  }
  return {
    Connection: AmazonConnection
  };
};

const getClient = async () => {
  const credentials = await defaultProvider()();
  return new Client({
    ...createAwsConnector(credentials, "eu-west-1"),
    node: host
  });
};

async function search() {
  const client = await getClient();
  await client.indices.create({
    index: "test-index"
  });
}

Example code for connecting to an OpenSearch domain.

Data nodes

You can configure the instance type and number of data nodes in your cluster.

Data nodes handle data storage, indexing, and query processing. For production setups, it is recommended to pair data nodes with dedicated master nodes to improve cluster stability.

For a list of supported instance types, see the AWS documentation.


resources:
  myOpenSearch:
    type: open-search-domain
    properties:
      clusterConfig:
        instanceType: r6g.large.search
        instanceCount: 3

OpenSearch version

You can specify the version of OpenSearch you want to use.

It is recommended to explicitly specify the version to prevent potential issues when the default version changes. The current default is 2.17, but this may change in future Stacktape releases.


resources:
  myOpenSearch:
    type: open-search-domain
    properties:
      version: "2.17"

Dedicated master nodes

For production environments, it's recommended to use dedicated master nodes to improve cluster stability.

Dedicated master nodes manage the cluster state and coordinate node activities but do not store data or serve queries. They are recommended for clusters with three or more nodes to improve stability and prevent split-brain scenarios. The master instance type should be appropriately sized based on the number of nodes and shards in the cluster.

The number of master nodes should always be odd (3, 5, or 7) for quorum-based fault tolerance.

For more details, see the AWS documentation on dedicated master nodes.


resources:
  myOpenSearch:
    type: open-search-domain
    properties:
      version: "2.17"
      clusterConfig:
        instanceType: r6g.large.search
        instanceCount: 3
        dedicatedMasterType: r6g.large.search
        dedicatedMasterCount: 3

Warm nodes

Warm nodes provide a cost-effective way to store large amounts of read-only data.

Warm nodes use UltraWarm storage to store infrequently accessed or older data, optimizing costs for time-series or log data. Data on warm nodes remains searchable but with higher query latency compared to hot nodes. This is ideal for retaining historical data without impacting the performance of frequently accessed data.

For more details, see the AWS documentation on UltraWarm storage.


resources:
  myOpenSearch:
    type: open-search-domain
    properties:
      version: "2.17"
      clusterConfig:
        instanceType: r6g.large.search
        instanceCount: 3
        warmType: ultrawarm1.medium.search
        warmCount: 2

Multi-AZ with standby

You can enable a multi-AZ deployment with a standby Availability Zone for high availability.

When enabled, this option ensures high availability and consistent performance by distributing nodes and data copies across three AZs, with one serving as a standby. This allows the standby AZ to take over during a failure without causing re-balancing or availability issues.

This feature enforces several best practices, including:

OpenSearch version 1.3 or higher.
Auto-Tune enabled on the domain.
Three dedicated master nodes and data nodes.
Only GP3 or SSD-backed instances from a subset of supported instance types.

For more details, see the AWS documentation on Multi-AZ with Standby.


resources:
  myOpenSearch:
    type: open-search-domain
    properties:
      version: "2.17"
      clusterConfig:
        instanceType: r6g.large.search
        instanceCount: 3
        dedicatedMasterType: r6g.large.search
        dedicatedMasterCount: 3
        standbyEnabled: true

Restrict access

You can restrict access to your OpenSearch domain to a specific VPC.

By default, the domain is accessible from anywhere on the internet but is still protected by IAM. You can restrict access by making the domain available only to resources within your stack's VPC.

The following modes are supported:

internet: The least restrictive mode. The domain can be accessed from anywhere on the internet.
vpc: The domain can only be accessed from resources within your VPC. This includes any function (with joinDefaultVpc: true), batch job, or container workload in your stack, provided they have the required credentials.
scoping-workloads-in-vpc: Similar to vpc mode, but more restrictive. In addition to being in the same VPC, resources must have the necessary security group permissions to access the cluster. For functions, batch jobs, and container services, these permissions can be granted using the connectTo property in their respective configurations.

Note: If you launch a domain with vpc or scoping-workloads-in-vpc accessibility, you cannot later switch it to internet mode, and vice versa. You must create a new domain and migrate your data.

To learn more about VPCs, see the VPC documentation.


resources:
  myOpenSearch:
    type: open-search-domain
    properties:
      accessibility:
        accessibilityMode: vpc

Logging

You can enable and configure logging for your OpenSearch domain.

Stacktape will automatically create the required log groups and policies for you. You can set a custom retention period for individual log types or disable log collection entirely.

For more details on log collection, see the AWS documentation.

OpenSearchLogConfiguration API reference

Parent:OpenSearchDomain

errorLogs

searchSlowLogs

indexSlowLogs

OpenSearchLogRetentionSettings API reference

Parent:OpenSearchLogConfiguration

disabled

retentionDays

Default: 14


resources:
  myOpenSearch:
    type: open-search-domain
    properties:
      logging:
        errorLogs:
          retentionDays: 30
        searchSlowLogs:
          retentionDays: 14
        indexSlowLogs:
          disabled: true

Storage

You can configure the storage for your OpenSearch domain using EBS volumes.

This is only supported for instances that use EBS storage. Setting iops and throughput is only allowed for instances with the gp3 storage type.

OpenSearchStorage API reference

Parent:OpenSearchDomain

size

Required

iops

Default: 3000

throughput

Default: 125


resources:
  myOpenSearch:
    type: open-search-domain
    properties:
      clusterConfig:
        instanceType: r6g.large.search
        instanceCount: 3
      storage:
        size: 100
        iops: 3000
        throughput: 200

Disable Multi-AZ awareness

You can disable Multi-AZ awareness if you don't need the high availability features.

By default, Multi-AZ awareness is enabled for any cluster with more than one node. This means OpenSearch Service allocates nodes and replica index shards across multiple AZs to prevent data loss and minimize downtime.

Disabling zone awareness is not recommended.

For more details, see the AWS documentation on Multi-AZ clusters.


resources:
  myOpenSearch:
    type: open-search-domain
    properties:
      version: "2.17"
      clusterConfig:
        instanceType: r6g.large.search
        instanceCount: 3
        multiAzDisabled: true

API Reference

OpenSearchDomain API reference

type

Required

properties.version

properties.clusterConfig

properties.storage

properties.userPool

properties.logging

properties.accessibility

overrides

OpenSearchClusterConfig API reference

Parent:OpenSearchDomain

instanceType

Required

instanceCount

Required

dedicatedMasterType

dedicatedMasterCount

warmType

warmCount

multiAzDisabled

standbyEnabled

OpenSearchAccessibility API reference

Parent:OpenSearchDomain

accessibilityMode

Default: internetRequired