Connection module for Amazon Elasticsearch Service
New in version 3001.
This module accepts explicit IAM credentials but can also utilize IAM roles assigned to the instance trough Instance Profiles. Dynamic credentials are then automatically obtained from AWS API and no further configuration is necessary. More Information available at:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html
If IAM roles are not used you need to specify them either in a pillar or in the minion's config file:
es.keyid: GKTADJGHEIQSXMKKRBJ08H
es.key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
A region may also be specified in the configuration:
es.region: us-east-1
If a region is not specified, the default is us-east-1.
It's also possible to specify key, keyid and region via a profile, either as a passed in dict, or as a string to pull from pillars or minion config:
myprofile:
keyid: GKTADJGHEIQSXMKKRBJ08H
key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
region: us-east-1
'result' key containing a boolean indicating success or failure, 'error' key containing the errormessage returned by boto on error, 'response' key containing the data of the response returned by boto on success.
Herbert Buurman <herbert.buurman@ogd.nl>
boto3
Attaches tags to an existing Elasticsearch domain. Tags are a set of case-sensitive key value pairs. An Elasticsearch domain may have up to 10 tags.
Dictionary with key 'result' and as value a boolean denoting success or failure. Upon failure, also contains a key 'error' with the error message as value.
New in version 3001.
CLI Example:
salt myminion boto3_elasticsearch.add_tags domain_name=mydomain tags='{"foo": "bar", "baz": "qux"}'
Cancels a scheduled service software update for an Amazon ES domain. You can only perform this operation before the AutomatedUpdateDate and when the UpdateStatus is in the PENDING_UPDATE state.
domain_name (str) -- The name of the domain that you want to stop the latest service software update on.
Dictionary with key 'result' and as value a boolean denoting success or failure. Upon success, also contains a key 'reponse' with the current service software options. Upon failure, also contains a key 'error' with the error message as value.
New in version 3001.
Helper function to determine in one call if an Elasticsearch domain can be upgraded to the specified Elasticsearch version.
This assumes that the Elasticsearch domain is at rest at the moment this function is called. I.e. The domain is not in the process of :
being created.
being updated.
another upgrade running, or a check thereof.
being deleted.
Behind the scenes, this does 3 things:
Check if elasticsearch_version
is among the compatible elasticsearch versions.
Perform a check if the Elasticsearch domain is eligible for the upgrade.
Check the result of the check and return the result as a boolean.
Dictionary with key 'result' and as value a boolean denoting success or failure. Upon success, also contains a key 'reponse' with boolean result of the check. Upon failure, also contains a key 'error' with the error message as value.
New in version 3001.
CLI Example:
salt myminion boto3_elasticsearch.check_upgrade_eligibility mydomain '6.7'
Given a valid config, create a domain.
domain_name (str) -- The name of the Elasticsearch domain that you are creating. Domain names are unique across the domains owned by an account within an AWS region. Domain names must start with a letter or number and can contain the following characters: a-z (lowercase), 0-9, and - (hyphen).
elasticsearch_version (str) -- String of format X.Y to specify version for the Elasticsearch domain eg. "1.5" or "2.3".
elasticsearch_cluster_config (dict) --
Dictionary specifying the configuration options for an Elasticsearch domain. Keys (case sensitive) in here are:
InstanceType (str): The instance type for an Elasticsearch cluster.
InstanceCount (int): The instance type for an Elasticsearch cluster.
DedicatedMasterEnabled (bool): Indicate whether a dedicated master node is enabled.
ZoneAwarenessEnabled (bool): Indicate whether zone awareness is enabled. If this is not enabled, the Elasticsearch domain will only be in one availability zone.
ZoneAwarenessConfig (dict): Specifies the zone awareness configuration for a domain when zone awareness is enabled. Keys (case sensitive) in here are:
AvailabilityZoneCount (int): An integer value to indicate the number of availability zones for a domain when zone awareness is enabled. This should be equal to number of subnets if VPC endpoints is enabled. Allowed values: 2, 3
DedicatedMasterType (str): The instance type for a dedicated master node.
DedicatedMasterCount (int): Total number of dedicated master nodes, active and on standby, for the cluster.
ebs_options (dict) --
Dict specifying the options to enable or disable and specifying the type and size of EBS storage volumes. Keys (case sensitive) in here are:
EBSEnabled (bool): Specifies whether EBS-based storage is enabled.
VolumeType (str): Specifies the volume type for EBS-based storage.
VolumeSize (int): Integer to specify the size of an EBS volume.
Iops (int): Specifies the IOPD for a Provisioned IOPS EBS volume (SSD).
access_policies (str or dict) -- Dict or JSON string with the IAM access policy.
snapshot_options (dict) --
Dict specifying the snapshot options. Keys (case sensitive) in here are:
AutomatedSnapshotStartHour (int): Specifies the time, in UTC format, when the service takes a daily automated snapshot of the specified Elasticsearch domain. Default value is 0 hours.
vpc_options (dict) --
Dict with the options to specify the subnets and security groups for the VPC endpoint. Keys (case sensitive) in here are:
SubnetIds (list): The list of subnets for the VPC endpoint.
SecurityGroupIds (list): The list of security groups for the VPC endpoint.
cognito_options (dict) --
Dict with options to specify the cognito user and identity pools for Kibana authentication. Keys (case sensitive) in here are:
Enabled (bool): Specifies the option to enable Cognito for Kibana authentication.
UserPoolId (str): Specifies the Cognito user pool ID for Kibana authentication.
IdentityPoolId (str): Specifies the Cognito identity pool ID for Kibana authentication.
RoleArn (str): Specifies the role ARN that provides Elasticsearch permissions for accessing Cognito resources.
encryption_at_rest_options (dict) --
Dict specifying the encryption at rest options. Keys (case sensitive) in here are:
Enabled (bool): Specifies the option to enable Encryption At Rest.
KmsKeyId (str): Specifies the KMS Key ID for Encryption At Rest options.
node_to_node_encryption_options (dict) --
Dict specifying the node to node encryption options. Keys (case sensitive) in here are:
Enabled (bool): Specify True to enable node-to-node encryption.
advanced_options (dict) -- Dict with option to allow references to indices in an HTTP request body. Must be False when configuring access to individual sub-resources. By default, the value is True. See http://docs.aws.amazon.com/elasticsearch-service/latest/developerguide /es-createupdatedomains.html#es-createdomain-configure-advanced-options for more information.
log_publishing_options (dict) --
Dict with options for various type of logs. The keys denote the type of log file and can be one of the following:
INDEX_SLOW_LOGS
SEARCH_SLOW_LOGS
ES_APPLICATION_LOGS
The value assigned to each key is a dict with the following case sensitive keys:
CloudWatchLogsLogGroupArn (str): The ARN of the Cloudwatch log group to which the log needs to be published.
Enabled (bool): Specifies whether given log publishing option is enabled or not.
blocking (bool) -- Whether or not to wait (block) until the Elasticsearch domain has been created.
Note: Not all instance types allow enabling encryption at rest. See https://docs.aws.amazon.com /elasticsearch-service/latest/developerguide/aes-supported-instance-types.html
Dictionary with key 'result' and as value a boolean denoting success or failure. Upon success, also contains a key 'reponse' with the domain status configuration. Upon failure, also contains a key 'error' with the error message as value.
New in version 3001.
CLI Example:
salt myminion boto3_elasticsearch.create_elasticsearch_domain mydomain \
elasticsearch_cluster_config='{ \
"InstanceType": "t2.micro.elasticsearch", \
"InstanceCount": 1, \
"DedicatedMasterEnabled": False, \
"ZoneAwarenessEnabled": False}' \
ebs_options='{ \
"EBSEnabled": True, \
"VolumeType": "gp2", \
"VolumeSize": 10, \
"Iops": 0}' \
access_policies='{ \
"Version": "2012-10-17", \
"Statement": [ \
{"Effect": "Allow", \
"Principal": {"AWS": "*"}, \
"Action": "es:*", \
"Resource": "arn:aws:es:us-east-1:111111111111:domain/mydomain/*", \
"Condition": {"IpAddress": {"aws:SourceIp": ["127.0.0.1"]}}}]}' \
snapshot_options='{"AutomatedSnapshotStartHour": 0}' \
advanced_options='{"rest.action.multi.allow_explicit_index": "true"}'
Permanently deletes the specified Elasticsearch domain and all of its data. Once a domain is deleted, it cannot be recovered.
Dictionary with key 'result' and as value a boolean denoting success or failure. Upon failure, also contains a key 'error' with the error message as value.
New in version 3001.
Deletes the service-linked role that Elasticsearch Service uses to manage and maintain VPC domains. Role deletion will fail if any existing VPC domains use the role. You must delete any such Elasticsearch domains before deleting the role.
Dictionary with key 'result' and as value a boolean denoting success or failure. Upon failure, also contains a key 'error' with the error message as value.
New in version 3001.
Given a domain name gets its status description.
domain_name (str) -- The name of the domain to get the status of.
Dictionary ith key 'result' and as value a boolean denoting success or failure. Upon success, also contains a key 'reponse' with the domain status information. Upon failure, also contains a key 'error' with the error message as value.
New in version 3001.
Provides cluster configuration information about the specified Elasticsearch domain, such as the state, creation date, update version, and update date for cluster options.
domain_name (str) -- The name of the domain to describe.
Dictionary with key 'result' and as value a boolean denoting success or failure. Upon success, also contains a key 'reponse' with the current configuration information. Upon failure, also contains a key 'error' with the error message as value.
New in version 3001.
Returns domain configuration information about the specified Elasticsearch domains, including the domain ID, domain endpoint, and domain ARN.
domain_names (list) -- List of domain names to get information for.
Dictionary with key 'result' and as value a boolean denoting success or failure. Upon success, also contains a key 'reponse' with the list of domain status information. Upon failure, also contains a key 'error' with the error message as value.
New in version 3001.
CLI Example:
salt myminion boto3_elasticsearch.describe_elasticsearch_domains '["domain_a", "domain_b"]'
Describe Elasticsearch Limits for a given InstanceType and ElasticsearchVersion. When modifying existing Domain, specify the `` DomainName `` to know what Limits are supported for modifying.
instance_type (str) -- The instance type for an Elasticsearch cluster for
which Elasticsearch Limits
are needed.
elasticsearch_version (str) -- Version of Elasticsearch for which Limits
are needed.
domain_name (str) -- Represents the name of the Domain that we are trying
to modify. This should be present only if we are querying for Elasticsearch
Limits
for existing domain.
Dictionary with key 'result' and as value a boolean denoting success or failure. Upon success, also contains a key 'reponse' with the limits information. Upon failure, also contains a key 'error' with the error message as value.
New in version 3001.
CLI Example:
salt myminion boto3_elasticsearch.describe_elasticsearch_instance_type_limits \
instance_type=r3.8xlarge.elasticsearch \
elasticsearch_version='6.2'
Lists available reserved Elasticsearch instance offerings.
reserved_elasticsearch_instance_offering_id (str) -- The offering identifier filter value. Use this parameter to show only the available offering that matches the specified reservation identifier.
Dictionary with key 'result' and as value a boolean denoting success or failure. Upon success, also contains a key 'reponse' with the list of offerings information. Upon failure, also contains a key 'error' with the error message as value.
New in version 3001.
Returns information about reserved Elasticsearch instances for this account.
reserved_elasticsearch_instance_id (str) -- The reserved instance identifier filter value. Use this parameter to show only the reservation that matches the specified reserved Elasticsearch instance ID.
Dictionary with key 'result' and as value a boolean denoting success or failure. Upon success, also contains a key 'reponse' with a list of information on reserved instances. Upon failure, also contains a key 'error' with the error message as value.
Version 1.9.174 of boto3 has a bug in that reserved_elasticsearch_instance_id is considered a required argument, even though the documentation says otherwise.
New in version 3001.
Given a domain name, check to see if the given domain exists.
domain_name (str) -- The name of the domain to check.
Dictionary with key 'result' and as value a boolean denoting success or failure. Upon failure, also contains a key 'error' with the error message as value.
New in version 3001.
Returns a list of upgrade compatible Elastisearch versions. You can optionally
pass a domain_name
to get all upgrade compatible Elasticsearch versions
for that specific domain.
domain_name (str) -- The name of an Elasticsearch domain.
Dictionary with key 'result' and as value a boolean denoting success or failure. Upon success, also contains a key 'reponse' with a list of compatible versions. Upon failure, also contains a key 'error' with the error message as value.
New in version 3001.
Retrieves the complete history of the last 10 upgrades that were performed on the domain.
domain_name (str) -- The name of an Elasticsearch domain. Domain names are unique across the domains owned by an account within an AWS region. Domain names start with a letter or number and can contain the following characters: a-z (lowercase), 0-9, and - (hyphen).
Dictionary with key 'result' and as value a boolean denoting success or failure. Upon success, also contains a key 'reponse' with a list of upgrade histories. Upon failure, also contains a key 'error' with the error message as value.
New in version 3001.
Retrieves the latest status of the last upgrade or upgrade eligibility check that was performed on the domain.
domain_name (str) -- The name of an Elasticsearch domain. Domain names are unique across the domains owned by an account within an AWS region. Domain names start with a letter or number and can contain the following characters: a-z (lowercase), 0-9, and - (hyphen).
Dictionary with key 'result' and as value a boolean denoting success or failure. Upon success, also contains a key 'reponse' with upgrade status information. Upon failure, also contains a key 'error' with the error message as value.
New in version 3001.
Returns the name of all Elasticsearch domains owned by the current user's account.
Dictionary with key 'result' and as value a boolean denoting success or failure. Upon success, also contains a key 'reponse' with a list of domain names. Upon failure, also contains a key 'error' with the error message as value.
New in version 3001.
List all Elasticsearch instance types that are supported for given ElasticsearchVersion.
elasticsearch_version (str) -- Version of Elasticsearch for which list of supported elasticsearch instance types are needed.
domain_name (str) -- DomainName represents the name of the Domain that we are trying to modify. This should be present only if we are querying for list of available Elasticsearch instance types when modifying existing domain.
Dictionary with key 'result' and as value a boolean denoting success or failure. Upon success, also contains a key 'reponse' with a list of Elasticsearch instance types. Upon failure, also contains a key 'error' with the error message as value.
New in version 3001.
List all supported Elasticsearch versions.
Dictionary with key 'result' and as value a boolean denoting success or failure. Upon success, also contains a key 'reponse' with a list of Elasticsearch versions. Upon failure, also contains a key 'error' with the error message as value.
New in version 3001.
Returns all tags for the given Elasticsearch domain.
Dictionary with key 'result' and as value a boolean denoting success or failure. Upon success, also contains a key 'reponse' with a dict of tags. Upon failure, also contains a key 'error' with the error message as value.
New in version 3001.
Allows you to purchase reserved Elasticsearch instances.
Dictionary with key 'result' and as value a boolean denoting success or failure. Upon success, also contains a key 'reponse' with purchase information. Upon failure, also contains a key 'error' with the error message as value.
New in version 3001.
Removes the specified set of tags from the specified Elasticsearch domain.
Dictionary with key 'result' and as value a boolean denoting success or failure. Upon failure, also contains a key 'error' with the error message as value.
New in version 3001.
CLI Example:
salt myminion boto3_elasticsearch.remove_tags '["foo", "bar"]' domain_name=my_domain
Schedules a service software update for an Amazon ES domain.
domain_name (str) -- The name of the domain that you want to update to the latest service software.
Dictionary with key 'result' and as value a boolean denoting success or failure. Upon success, also contains a key 'reponse' with service software information. Upon failure, also contains a key 'error' with the error message as value.
New in version 3001.
Modifies the cluster configuration of the specified Elasticsearch domain, for example setting the instance type and the number of instances.
domain_name (str) -- The name of the Elasticsearch domain that you are creating. Domain names are unique across the domains owned by an account within an AWS region. Domain names must start with a letter or number and can contain the following characters: a-z (lowercase), 0-9, and - (hyphen).
elasticsearch_cluster_config (dict) --
Dictionary specifying the configuration options for an Elasticsearch domain. Keys (case sensitive) in here are:
InstanceType (str): The instance type for an Elasticsearch cluster.
InstanceCount (int): The instance type for an Elasticsearch cluster.
DedicatedMasterEnabled (bool): Indicate whether a dedicated master node is enabled.
ZoneAwarenessEnabled (bool): Indicate whether zone awareness is enabled.
ZoneAwarenessConfig (dict): Specifies the zone awareness configuration for a domain when zone awareness is enabled. Keys (case sensitive) in here are:
AvailabilityZoneCount (int): An integer value to indicate the number of availability zones for a domain when zone awareness is enabled. This should be equal to number of subnets if VPC endpoints is enabled.
DedicatedMasterType (str): The instance type for a dedicated master node.
DedicatedMasterCount (int): Total number of dedicated master nodes, active and on standby, for the cluster.
ebs_options (dict) --
Dict specifying the options to enable or disable and specifying the type and size of EBS storage volumes. Keys (case sensitive) in here are:
EBSEnabled (bool): Specifies whether EBS-based storage is enabled.
VolumeType (str): Specifies the volume type for EBS-based storage.
VolumeSize (int): Integer to specify the size of an EBS volume.
Iops (int): Specifies the IOPD for a Provisioned IOPS EBS volume (SSD).
snapshot_options (dict) --
Dict specifying the snapshot options. Keys (case sensitive) in here are:
AutomatedSnapshotStartHour (int): Specifies the time, in UTC format, when the service takes a daily automated snapshot of the specified Elasticsearch domain. Default value is 0 hours.
vpc_options (dict) --
Dict with the options to specify the subnets and security groups for the VPC endpoint. Keys (case sensitive) in here are:
SubnetIds (list): The list of subnets for the VPC endpoint.
SecurityGroupIds (list): The list of security groups for the VPC endpoint.
cognito_options (dict) --
Dict with options to specify the cognito user and identity pools for Kibana authentication. Keys (case sensitive) in here are:
Enabled (bool): Specifies the option to enable Cognito for Kibana authentication.
UserPoolId (str): Specifies the Cognito user pool ID for Kibana authentication.
IdentityPoolId (str): Specifies the Cognito identity pool ID for Kibana authentication.
RoleArn (str): Specifies the role ARN that provides Elasticsearch permissions for accessing Cognito resources.
advanced_options (dict) -- Dict with option to allow references to indices in an HTTP request body. Must be False when configuring access to individual sub-resources. By default, the value is True. See http://docs.aws.amazon.com/elasticsearch-service/latest/developerguide /es-createupdatedomains.html#es-createdomain-configure-advanced-options for more information.
access_policies (str/dict) -- Dict or JSON string with the IAM access policy.
log_publishing_options (dict) --
Dict with options for various type of logs. The keys denote the type of log file and can be one of the following:
INDEX_SLOW_LOGS, SEARCH_SLOW_LOGS, ES_APPLICATION_LOGS.
The value assigned to each key is a dict with the following case sensitive keys:
CloudWatchLogsLogGroupArn (str): The ARN of the Cloudwatch log group to which the log needs to be published.
Enabled (bool): Specifies whether given log publishing option is enabled or not.
blocking (bool) -- Whether or not to wait (block) until the Elasticsearch domain has been updated.
Dictionary with key 'result' and as value a boolean denoting success or failure. Upon success, also contains a key 'reponse' with the domain configuration. Upon failure, also contains a key 'error' with the error message as value.
New in version 3001.
CLI Example:
salt myminion boto3_elasticsearch.update_elasticsearch_domain_config mydomain \
elasticsearch_cluster_config='{\
"InstanceType": "t2.micro.elasticsearch", \
"InstanceCount": 1, \
"DedicatedMasterEnabled": false,
"ZoneAwarenessEnabled": false}' \
ebs_options='{\
"EBSEnabled": true, \
"VolumeType": "gp2", \
"VolumeSize": 10, \
"Iops": 0}' \
access_policies='{"Version": "2012-10-17", "Statement": [{\
"Effect": "Allow", "Principal": {"AWS": "*"}, "Action": "es:*", \
"Resource": "arn:aws:es:us-east-1:111111111111:domain/mydomain/*", \
"Condition": {"IpAddress": {"aws:SourceIp": ["127.0.0.1"]}}}]}' \
snapshot_options='{"AutomatedSnapshotStartHour": 0}' \
advanced_options='{"rest.action.multi.allow_explicit_index": "true"}'
Allows you to either upgrade your domain or perform an Upgrade eligibility check to a compatible Elasticsearch version.
domain_name (str) -- The name of an Elasticsearch domain. Domain names are unique across the domains owned by an account within an AWS region. Domain names start with a letter or number and can contain the following characters: a-z (lowercase), 0-9, and - (hyphen).
target_version (str) -- The version of Elasticsearch that you intend to upgrade the domain to.
perform_check_only (bool) -- This flag, when set to True, indicates that an Upgrade Eligibility Check needs to be performed. This will not actually perform the Upgrade.
blocking (bool) -- Whether or not to wait (block) until the Elasticsearch domain has been upgraded.
Dictionary with key 'result' and as value a boolean denoting success or failure. Upon success, also contains a key 'reponse' with the domain configuration. Upon failure, also contains a key 'error' with the error message as value.
New in version 3001.
CLI Example:
salt myminion boto3_elasticsearch.upgrade_elasticsearch_domain mydomain \
target_version='6.7' \
perform_check_only=True
Block until an upgrade-in-progress for domain name
is finished.
name (str) -- The name of the domain to wait for.
Dictionary with key 'result' and as value a boolean denoting success or failure. Upon failure, also contains a key 'error' with the error message as value.
New in version 3001.