AWSTemplateFormatVersion: "2010-09-09" Description: "Template to install Data Prepper on a single EC2 instance" Parameters: OpenSearchEndpoint: Description: Endpoint of the AWS OpenSearch Service domain (including https://) Type: String AllowedPattern: https:\/\/[a-z0-9-\.]+(es.amazonaws.com) ConstraintDescription: must be a valid Amazon OpenSearch Service domain endpoint starting with https:// OpenSearchRegion: Description: Region of the AWS OpenSearch Service domain Type: String AllowedPattern: "[a-z]+-[a-z]+-[0-9]+" ConstraintDescription: must be a valid AWS region (e.g. us-west-2) OpenSearchVpcId: Description: The VPC ID of the AWS OpenSearch Service domain (Leave blank if the domain is not in a VPC) Type: String OpenSearchSubnetId: Description: The subnet ID of the AWS OpenSearch Service domain (Leave blank if the domain is not in a VPC) Type: String OpenSearchUsername: Description: The username of the AWS OpenSearch Service domain (Leave blank if the domain is configured with IAM role) Type: String OpenSearchPassword: Description: The password of the AWS OpenSearch Service domain (Leave blank if the domain is configured with IAM role) Type: String DataPrepperVersion: Description: Version of Data Prepper to download and run Type: String AllowedPattern: "[0-9]+\\.[0-9]+\\.[0-9]+[a-z-]*" Default: "1.0.0" ConstraintDescription: must be a valid release number InstanceType: Description: EC2 instance type Type: String AllowedPattern: "[a-z0-9]+\\.[a-z0-9]+" Default: t2.medium ConstraintDescription: cannot be empty KeyName: Description: Name of an existing EC2 KeyPair to enable SSH access to the instance Type: AWS::EC2::KeyPair::KeyName ConstraintDescription: cannot be empty LatestAmi: Description: AMI to deploy to EC2, defaults to Amazon Linux 2 Type: "AWS::SSM::Parameter::Value" Default: "/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-ebs" Metadata: AWS::CloudFormation::Interface: ParameterGroups: - Label: default: Amazon OpenSearch Service Domain Parameters: - OpenSearchEndpoint - OpenSearchRegion - OpenSearchSubnetId - OpenSearchUsername - OpenSearchPassword - Label: default: Data-Prepper Configuration Parameters: - DataPrepperVersion - InstanceType - KeyName - LatestAmi Conditions: NoMasterUser: !And - !Equals - !Ref OpenSearchUsername - "" - !Equals - !Ref OpenSearchPassword - "" Resources: EC2Instance: Type: AWS::EC2::Instance Metadata: AWS::CloudFormation::Init: configSets: default: - 01_config-data-prepper 01_config-data-prepper: files: "/etc/data-prepper/data-prepper-config.yaml": content: !Sub | ssl: false mode: "000400" owner: root group: root "/etc/data-prepper/pipelines.yaml": content: !Sub - | entry-pipeline: delay: "100" source: otel_trace_source: ssl: false health_check_service: true sink: - pipeline: name: "raw-pipeline" - pipeline: name: "service-map-pipeline" raw-pipeline: source: pipeline: name: "entry-pipeline" prepper: - otel_trace_raw_prepper: sink: - elasticsearch: ${rawSpanConfig} service-map-pipeline: delay: "100" source: pipeline: name: "entry-pipeline" prepper: - service_map_stateful: sink: - elasticsearch: ${serviceMapConfig} - rawSpanConfig: !If - NoMasterUser - !Sub "\n \ hosts: [ \"${OpenSearchEndpoint}\" ]\n \ aws_sigv4: true\n \ aws_region: \"${OpenSearchRegion}\"\n \ trace_analytics_raw: true" - !Sub "\n \ hosts: [ \"${OpenSearchEndpoint}\" ]\n \ aws_sigv4: false\n \ username: \"${OpenSearchUsername}\"\n \ password: \"${OpenSearchPassword}\"\n \ trace_analytics_raw: true" serviceMapConfig: !If - NoMasterUser - !Sub "\n \ hosts: [ \"${OpenSearchEndpoint}\" ]\n \ aws_sigv4: true\n \ aws_region: \"${OpenSearchRegion}\"\n \ trace_analytics_service_map: true" - !Sub "\n \ hosts: [ \"${OpenSearchEndpoint}\" ]\n \ aws_sigv4: false\n \ username: \"${OpenSearchUsername}\"\n \ password: \"${OpenSearchPassword}\"\n \ trace_analytics_service_map: true" mode: "000400" owner: root group: root Properties: SubnetId: Ref: OpenSearchSubnetId InstanceType: Ref: InstanceType KeyName: Ref: KeyName ImageId: Ref: LatestAmi SecurityGroupIds: - Ref: DataPrepperSecurityGroup UserData: # Script to download and run Data Prepper Fn::Base64: !Sub | #!/bin/bash export RELEASE=opendistroforelasticsearch-data-prepper-${DataPrepperVersion}-linux-x64 yum install java-11-amazon-corretto-headless -y wget https://github.com/opendistro-for-elasticsearch/data-prepper/releases/download/v${DataPrepperVersion}/$RELEASE.tar.gz -O /tmp/$RELEASE.tar.gz wget_exit_code = $? if [ $wget_exit_code -ne 0 ] then /opt/aws/bin/cfn-signal -e $wget_exit_code --stack ${AWS::StackId} --resource EC2Instance --region ${AWS::Region} else tar -xzf /tmp/$RELEASE.tar.gz --directory /usr/local/bin /opt/aws/bin/cfn-init -v --stack ${AWS::StackId} --resource EC2Instance --region ${AWS::Region} --configsets default nohup /usr/local/bin/$RELEASE/data-prepper-tar-install.sh /etc/data-prepper/pipelines.yaml /etc/data-prepper/data-prepper-config.yaml > /var/log/data-prepper.out & data_prepper_pid=$! sleep 5s ps -p $data_prepper_pid /opt/aws/bin/cfn-signal -e $? --stack ${AWS::StackId} --resource EC2Instance --region ${AWS::Region} fi CreationPolicy: ResourceSignal: Count: 1 Timeout: "PT15M" DataPrepperSecurityGroup: Type: AWS::EC2::SecurityGroup Properties: GroupName: "dataprepper-sg" VpcId: !Ref OpenSearchVpcId GroupDescription: Enable SSH access via port 22 SecurityGroupIngress: - IpProtocol: tcp FromPort: "22" ToPort: "22" CidrIp: 0.0.0.0/0 - IpProtocol: tcp FromPort: "21890" ToPort: "21890" CidrIp: 0.0.0.0/0