AWSTemplateFormatVersion: "2010-09-09" Description: This template creates a single-node Amazon OpenSearch cluster with basic authentication enabled. Parameters: DomainName: Type: String EngineVersion: Type: String Default: "OpenSearch_1.0" InstanceType: Type: String Default: "t3.medium.search" VpcId: Type: String SubnetId: Type: String MasterUserName: Type: String MasterUserPassword: Type: String Resources: OpenSearchServiceDomain: Type: 'AWS::OpenSearchService::Domain' DependsOn: - OpenSearchIngressSecurityGroup - AWSServiceRoleForAmazonOpenSearchService Properties: DomainName: Ref: DomainName EngineVersion: Ref: EngineVersion ClusterConfig: InstanceCount: '1' InstanceType: Ref: InstanceType DomainEndpointOptions: EnforceHTTPS: true NodeToNodeEncryptionOptions: Enabled: true EncryptionAtRestOptions: Enabled: true EBSOptions: EBSEnabled: true Iops: '0' VolumeSize: '35' VolumeType: 'gp2' AccessPolicies: Version: '2012-10-17' Statement: - Effect: Allow Principal: AWS: '*' Action: 'es:*' Resource: '*' AdvancedOptions: rest.action.multi.allow_explicit_index: true AdvancedSecurityOptions: Enabled: true InternalUserDatabaseEnabled: true MasterUserOptions: MasterUserName: !Ref MasterUserName MasterUserPassword: !Ref MasterUserPassword VPCOptions: SubnetIds: - !Ref SubnetId SecurityGroupIds: - !Ref OpenSearchIngressSecurityGroup UpdatePolicy: EnableVersionUpgrade: true AWSServiceRoleForAmazonOpenSearchService: Type: 'AWS::IAM::ServiceLinkedRole' Properties: AWSServiceName: es.amazonaws.com OpenSearchIngressSecurityGroup: Type: AWS::EC2::SecurityGroup Properties: GroupName: "opensearch-ingress-sg" GroupDescription: "Security group for opensearch ingress rule" VpcId: !Ref VpcId SecurityGroupIngress: - FromPort: '443' IpProtocol: tcp ToPort: '443' CidrIp: 0.0.0.0/0 Outputs: DomainArn: Value: 'Fn::GetAtt': - OpenSearchServiceDomain - Arn