[elasticsearch] Domain should accept a vpc and vpc_subnets properties to align with other CDK constructs
#10965
Assignees
Labels
@aws-cdk/aws-elasticsearch
Related to Amazon Elasticsearch Service
effort/medium
Medium work item – several days of effort
feature-request
A feature should be added or improved.
p1
Comments
Jon-AtAWS
added
feature-request
|
By the way, sending a single subnet Gives (Expected Array type) |
SomayaB
changed the title
github-actions
bot
added
the
@aws-cdk/aws-elasticsearch
|
@Jon-AtAWS The problem is that the If you want to select only private subnets, you can do: vpc_options=es.VpcOptions(
security_groups=[es_sec_grp],
# take only private subnets
subnets=vpc.private_subnets
),The reason its different from the You mention you also used: selection = vpc.select_subnets(
subnet_type=ec2.SubnetType.PRIVATE
)
subnets = [s for s in selection.subnets]This should actually work, are you sure you eventually passed Thanks |
iliapolo
changed the title
vpc and vpc_subnets properties to align with other CDK constructs
iliapolo
added
effort/small
|
Thanks @iliapolo for the response! Your suggestion above does not work... If I use the below, I get the same error (I am passing the list without adding an additional list wrapper) |
|
I also played with passing in a dict - I got that from this sample: https://github.com/aws-samples/aws-cdk-managed-elkk. I didn't get very far with that, different errors. It was complaining about getting a string IIRC. printing vpc.get_vpc_private_subnet_ids gave me some [${TOKEN:foobar}]. |
|
@Jon-AtAWS Notice you are now passing a security group id, instead of a security group. Your original code had: security_groups=[es_sec_grp]But now you have: security_groups=[es_sec_grp.security_group_id]Sharing the code I used which synthesizes correctly: vpc = ec2.Vpc(self, 'cdkvpc')
es_sec_grp = ec2.SecurityGroup(self, 'DomainSG', vpc=vpc)
es.Domain(self, 'cdkd1',
version=es.ElasticsearchVersion.V7_7,
domain_name='cdkd1',
capacity=es.CapacityConfig(
data_node_instance_type='t3.small.elasticsearch',
data_nodes=2),
ebs=es.EbsOptions(enabled=True,
volume_size=10,
volume_type=ec2.EbsDeviceVolumeType.GP2),
vpc_options=es.VpcOptions(security_groups=[es_sec_grp],
subnets=vpc.private_subnets),
enforce_https=True,
node_to_node_encryption=True,
encryption_at_rest={
"enabled": True
},
use_unsigned_basic_auth=True,
fine_grained_access_control=es.AdvancedSecurityOptions(master_user_name='admin'),
)Notice I also used |
|
Thank you @ilapolo, that works! As a side feature request, the error messages are pretty impenetrable. CDK should add specific error messages, with line and character of the problem. For instance, in this case I was focused on the wrong keyword arg, since (after digging through the Python error output) I get this one reference to my code And that only points to the beginning of the call, which spans many lines. I'm a beginner with CDK (though experienced with CFN). At the moment, everything looks like a magic incantation, and there's really no guidebook, especially for how to put the pieces together. How can I know that I need a subnet selection and not a subnet? Lots of these decisions are automated, and lots of them you just have to know or get lucky with an example (even that didn't help me this time). Without specific and detailed error messaging, I'm pretty much at sea. |
|
I'm not sure we're on exactly the same topic, but the deploy fails with: For reference, I am using this in the stack.py: And here's the full output for diff and deploy This is pretty much what started me down the path of trying to get a single subnet. |
Appreciate this feedback. I think some of the issue you mentioned are mitigated by compiler assistance, which of course does not exist in python. We are aware of this issue and are working to both improve the documentation and incorporate more runtime checks and contextual error messages. You can look at this issue to see what we have planned to improve the python experience. aws/jsii#1919 Ideas on specific examples that are missing are always welcome, we keep them in a separate repository: https://github.com/aws-samples/aws-cdk-examples As far as this issue goes, we will revamp the VPC configuration API to make it more approachable and clear. Thanks! |
iliapolo
added
effort/medium
mergify bot
pushed a commit
that referenced
this issue
Apr 1, 2021
This PR includes a last minute API change that standardizes the way VPC configuration is passed to the domain. It also provides sane defaults, enabling users to simply pass `vpc` in order to connect a domain to a VPC. In addition, I added a missing integration test for VPC enabled domains. Resolves #10965 BREAKING CHANGE: `vpcOptions` was removed. Use `vpc`, `vpcSubnets` and `securityGroups` instead. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
|
hollanddd
pushed a commit
to hollanddd/aws-cdk
that referenced
this issue
Aug 26, 2021
This PR includes a last minute API change that standardizes the way VPC configuration is passed to the domain. It also provides sane defaults, enabling users to simply pass `vpc` in order to connect a domain to a VPC. In addition, I added a missing integration test for VPC enabled domains. Resolves aws#10965 BREAKING CHANGE: `vpcOptions` was removed. Use `vpc`, `vpcSubnets` and `securityGroups` instead. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This is somewhere between bug report and feature request
Other
I know that aws_elasticsearch is experimental. I'm struggling to get it to work.
When I cdk deploy, I get:
First, the above method works deploying an EC2 instance:
It should work that way for Amazon ES.
If I use
The error message says that you must specify a single subnet. In that case, the keyword parameter should be subnet=, instead of subnets=, and should take a single object not a list.
I also considered asking on Stack Overflow. I can't get this working, can you give me any help?
This is a 🚀 Feature Request
The text was updated successfully, but these errors were encountered: