AWS OpenSearch | Creating an OpenSearch domain within a VPC and accessing it using Proxy API

Поділитися
Вставка
  • Опубліковано 30 жов 2024

КОМЕНТАРІ • 98

  • @AN-ys3wn
    @AN-ys3wn Рік тому +1

    You just save my so much time, I have been looking this for a week. Thanks a lot. Keep the good job and your video are well explained.

  • @rajiv7
    @rajiv7 Рік тому +3

    Thanks you so much, this is what I was looking for..the way to access OS within VPC

  • @TalFefer
    @TalFefer 8 годин тому

    Hey, and thanks for the good guide. In the JSON policy that we copy-paste, should we change the default regone in the JSON?

  • @haneepcr
    @haneepcr Рік тому +1

    Excellent Video for OpenSearch with VPC

  • @vladgursky149
    @vladgursky149 Рік тому +1

    Very interested method to replace additional instances with reverse proxy to services on private networks with Lambda Proxy.

  • @sundaraaj
    @sundaraaj Рік тому +2

    Thanks for the video, it was useful. Would you share some details or post a video on AWS DMS target endpoint as OpenSearch creations, as it involves user role mapping.

    • @listentolearn2363
      @listentolearn2363  Рік тому

      you are welcome :) thanks. I haven't really worked with DMS endpoints. I will try to do some research around it and get back.

  • @mukeshprajapati5671
    @mukeshprajapati5671 9 місяців тому +1

    Good solution to access opensearch dashboard. Any ways to provide authentication with the dashboard? With current configuration, it is using lambda role.

    • @listentolearn2363
      @listentolearn2363  9 місяців тому

      Hello, Since the entire dashboard in exposed using api gateway, setting up proper authentication and controlling access to the api will automatically limit the access to opensearch dashboard. There are various ways to control api gateway access - docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-integrate-with-cognito.html
      if you are interested, here is the video about lambda authorisers -
      ua-cam.com/video/Q5RwxhCONy8/v-deo.html

    • @mukeshprajapati5671
      @mukeshprajapati5671 9 місяців тому +1

      @@listentolearn2363 Thanks. Will check that out.

  • @ramyahello
    @ramyahello Рік тому +1

    Very good video !! thanks for info. I have a question how are you opening the Open search dashboard what is the exact URL

    • @listentolearn2363
      @listentolearn2363  Рік тому +1

      Hi Ramya,
      thanks. glad you found it informative.
      please use below url:
      //_dashboards/app/dev_tools#/console
      Thanks.

  • @benny4470
    @benny4470 Рік тому +1

    pls do make a video also about creating a domain with public access and how to stream the logs to opensearch using a lambda function and visualize it in kibana dashboard, it will be more helpful if you do.
    Thanks in advance

    • @listentolearn2363
      @listentolearn2363  Рік тому

      Hi Benny,
      ua-cam.com/video/06a3NJwM1VU/v-deo.html - this video demonstrates setting up a public access domain and stream s3 data using lambda. It also shows how to access that data in kibana. You could customise it to stream log data instead of s3.
      Thanks.

    • @benny4470
      @benny4470 Рік тому +1

      Thanks it is so useful, glad about your work 👍.

  • @arunverma6384
    @arunverma6384 Рік тому +3

    Very Helpful. Try hard finally was able to get with /_dashboards/app/dev_tools#/console

  • @tsandler
    @tsandler Рік тому +1

    Hello! great video and well explained, but I have the following doubt: doing this I am removing network protection from my dashboard and it becomes public, or do am I missing something? What are the benefits of doing this instead of removing the VPC from my open search domain directly? Thank you!

    • @listentolearn2363
      @listentolearn2363  Рік тому +1

      Hi Tobias, Thanks for your interest and to answer your question, open search domain within the VPC is still protected and you are allowing only lambda to access the open search domain. You need to add some type of auth mechanism to api gateway in order to restrict access to the dashboard.
      If you like, please checkout this video that explains about api gateway authorisers - ua-cam.com/video/Q5RwxhCONy8/v-deo.html

    • @tsandler
      @tsandler Рік тому

      @@listentolearn2363 thank you for your response! I understand your point, but if you end up protecting your api gateway with cognito for example, why don’t you do the same with open search and avoid the vpc? I’m getting into open search (I have already worked a lot with api gateway), so I would like to understand the pros and cons of the solution, or if there is any other advantage that I might not be seeing. Thank you!

    • @listentolearn2363
      @listentolearn2363  Рік тому +1

      VPC provides an extra layer of security. You can give this a read to understand the pros and cons - docs.aws.amazon.com/opensearch-service/latest/developerguide/vpc.html

  • @Spdroo7
    @Spdroo7 11 місяців тому

    Hi, thanks for the tutorial but I’m having trouble opening the open search dashboard after following your video. Can you provide more details on the HOST?

    • @listentolearn2363
      @listentolearn2363  11 місяців тому

      please use below url:
      //_dashboards/app/dev_tools#/console
      you can find the host and api-stage-name in apigateway.

  • @hdimessi
    @hdimessi 9 місяців тому +1

    Once the domain and the indexes are created, shouldn't that lambda proxy function be removed? I mean maybe change it in a way that it'll only expose the search api that way you can hide it behind an auth provider... otherwise the whole thing would just be publicly available for everyone. I'm not much of an expert on this that's why I'm writing this comment trying to get some guidance on the matter. What do you think?

    • @listentolearn2363
      @listentolearn2363  9 місяців тому

      Hello, Since the entire dashboard in exposed using api gateway, setting up proper authentication and controlling access to the api will automatically limit the access to opensearch dashboard. There are various ways to control api gateway access - docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-integrate-with-cognito.html
      if you are interested, here is the video about lambda authorisers -
      ua-cam.com/video/Q5RwxhCONy8/v-deo.html

  • @gursharanvicky
    @gursharanvicky Місяць тому

    I have got error:
    OpenSearch Dashboards did not load properly. Check the server output for more information.

  • @ThangTran-sv8sb
    @ThangTran-sv8sb Рік тому +1

    The api gateway gave me this error "Missing Authentication Token" when no query parameters were given, with any query string the gateway gave this root cause error type: "index_not_found_exception",

    • @listentolearn2363
      @listentolearn2363  Рік тому

      Could you please paste the URL you are trying to access?
      Please make sure you are hitting the right url:
      //_dashboards/app/dev_tools#/console

    • @Spdroo7
      @Spdroo7 11 місяців тому

      I’m hitting this url and it still doesn’t help. It gives me an error about checking my aws access secret.

  • @tientraninh3813
    @tientraninh3813 6 місяців тому

    Can i use internal user database to login the dashboard?

  • @vasanthkumar-sb5jm
    @vasanthkumar-sb5jm Рік тому +1

    nice. Neatly explained

  • @M00nsave445
    @M00nsave445 7 місяців тому +1

    Thank you for the tutorial. I am getting this error though:
    "errorMessage": "'NoneType' object has no attribute 'upper'",
    "errorType": "AttributeError",
    "stackTrace": [
    " File \"/var/task/lambda_function.py\", line 95, in lambda_handler
    'method': method.upper(),
    "

    • @listentolearn2363
      @listentolearn2363  6 місяців тому

      Hello,
      Looks like the event object is missing or getting passed as None. Please check your api gateway setup and try triggering a test event from api gateway.

  • @sapnokasahar3098
    @sapnokasahar3098 Рік тому +1

    I have done all same exact still I have got "Internal server error"

    • @listentolearn2363
      @listentolearn2363  Рік тому

      Hi Sapnoka,
      Could you please paste the URL you are trying to access?
      Please make sure you are hitting the right url:
      //_dashboards/app/dev_tools#/console
      If you are seeing any specific errors in cloudwatch, can you share the error?

  • @sanjanamylavarapu3542
    @sanjanamylavarapu3542 Рік тому +1

    Hey
    I followed all the steps but in the last step when I used my API gateway url, it says “OpenSearch Dashboards did not load properly. Check the server output for more information.”

    • @listentolearn2363
      @listentolearn2363  Рік тому +1

      I would suggest seeing the cloudwatch logs to check for any errors. If that looks good, then you can try enabling the api gateway logs and check for any errors there.

    • @vladgursky149
      @vladgursky149 Рік тому

      Same error for me to. Dashboard connected. An same error on 10 second of downloading. The error explained on stackoverflow as limitation for Lambda to 6 MB. JSON send in full size in request.

    • @vladgursky149
      @vladgursky149 Рік тому

      @@listentolearn2363 Errors in browser: Refused to execute inline script because it violates the following Content Security Policy directive: script-src unsafe-eval self.

    • @vladgursky149
      @vladgursky149 Рік тому

      ​@@listentolearn2363 CloudWatch. RuntimeError: Failed to post invocation response. LAMBDA_RUNTIME Failed to post handler success response. Http response code: 413.

    • @bakmyster
      @bakmyster Рік тому

      After having a look at the API Gateway Cloudwatch logs, it seems the error is
      "Lambda execution failed with status 200 due to customer function error: Response payload size exceeded maximum allowed payload size"

  • @yashgangrade5460
    @yashgangrade5460 7 місяців тому

    Getting Internal server error. In the lambda handler event is coming as empty checked in CloudWatch logs

    • @listentolearn2363
      @listentolearn2363  6 місяців тому

      Please try to check you api gateway setup and the version of opensearch

  • @zabajone7101
    @zabajone7101 11 місяців тому

    When im trying to access api gateway endpoint I'm getting "OpenSearch Dashboards did not load properly. Check the server output for more information." And in lambda logs i see that LAMBDA_RUNTIME Failed to post handler success response. Http response code: 413, probably due to payload limit threshold ? Im wondering why it did not happen in your video ?

    • @listentolearn2363
      @listentolearn2363  11 місяців тому

      Hello, thanks for giving it a try. Could compare the versions of opensearch domain and python used pls?

    • @AjithKumarVS4
      @AjithKumarVS4 5 місяців тому

      getting the same error ; how did you resolve ?

  • @saradhapurushothaman1755
    @saradhapurushothaman1755 Рік тому +1

    Super... 👍🏽👍🏽👍🏽👌👌👌😊

  • @TheBoundlessSky1234
    @TheBoundlessSky1234 Рік тому +2

    Great content, but the audio is too low

  • @philippephilippe1265
    @philippephilippe1265 8 місяців тому

    I am having error for {missing Authentication Token} when hitting API URL. did anyone have same issue?

    • @listentolearn2363
      @listentolearn2363  8 місяців тому

      Could you please paste the URL you are trying to access?
      Please make sure you are hitting the right url:
      //_dashboards/app/dev_tools#/console

  • @softwaredevelopmentideas
    @softwaredevelopmentideas Рік тому +1

    If you do same witch cdk, that would be nice too :)

  • @reshmitp3788
    @reshmitp3788 Рік тому

    Still unable to access the web page
    . Any changes need to make in the code if we are changing the region? I'm not proficient in python.

    • @listentolearn2363
      @listentolearn2363  Рік тому

      Hi Reshma,
      The region is taken from AWS session, so this should work in a different region as well.
      Could you please share the error that you are seeing?
      It would be nice if you can share the cloudwatch logs as well.

  • @prasadaraovipparla8474
    @prasadaraovipparla8474 Рік тому

    I'm getting below error while executing the lambda function, any idea ?
    "errorMessage": "unsupported operand type(s) for +: 'NoneType' and 'str'",

    • @listentolearn2363
      @listentolearn2363  Рік тому

      Hi Prasada, what is the url that you are trying to access? Does the page load?

    • @prasadaraovipparla8474
      @prasadaraovipparla8474 Рік тому

      ​@@listentolearn2363 i setup everything like you explained, and after that, when i hit the API GW URL, i got the internal server error, so i thought i could test the lambda directly. When I was testing the lambda, i saw the error that i mentioned above.

    • @listentolearn2363
      @listentolearn2363  Рік тому

      ah okay, cant run standalone test on this lambda as its tied to the url.. Are you seeing any errors in cloudwatch logs when you got the internal server error?

  • @Ketul1993
    @Ketul1993 Рік тому

    I am gettting following error while making request using API
    ```message "Missing Authentication Token"
    ```

    • @listentolearn2363
      @listentolearn2363  Рік тому

      Hi Ketul,
      Could you please paste the URL you are trying to access?
      Please make sure you are hitting the right url:
      //_dashboards/app/dev_tools#/console

  • @ajmalkhalil752
    @ajmalkhalil752 Рік тому

    followed the whole process but unable to access the opensearch UI...can you please help

    • @listentolearn2363
      @listentolearn2363  Рік тому

      Hi Ajmal,
      Could you please paste the URL you are trying to access?
      Please make sure you are hitting the right url:
      //_dashboards/app/dev_tools#/console
      If you are seeing any specific errors, can you share the error?

  • @ajmalkhalil752
    @ajmalkhalil752 Рік тому

    hi, after some hit and trial. I'm getting this page and it seems like not working properly and why it is only redirecting towards only this dev tools. Can you please suggest something so its start working properly. Your help is highly appreciated
    OpenSearch Dashboards logo is not available
    Getting erros like this Expected ',' or ']' after array element in JSON at position 324

    • @listentolearn2363
      @listentolearn2363  Рік тому

      Hi Ajmal,
      The current python implementation only supports dev tools. If you would like to access other sections of the dashboard, please feel free to extend the code.

    • @ajmalkhalil752
      @ajmalkhalil752 Рік тому

      @@listentolearn2363 Thanks, but why opensearch page is getting broken? l was assuming we will be able to access the opensearch via this process but unable to do that. This is not the correct way to access the opensearch i beleive. Pls suggest anything else.

  • @rborgaonkar100
    @rborgaonkar100 Рік тому

    This is not working with OS 2.7. It keeps giving signature error
    "message":"The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.

    The Canonical String for this request should have been
    'GET
    /_dashboards/app/home

    content-type:......
    Same error with Python 3.8 or 3.11

    • @AN-ys3wn
      @AN-ys3wn Рік тому

      go with OS 1.3, thats what I am doing.

    • @listentolearn2363
      @listentolearn2363  Рік тому

      I have it tested only in OS 1.3. Can you try with it? 2.7 might need few code update. I have to look into it.

  • @alvinronnie3904
    @alvinronnie3904 Рік тому

    I’ve been getting the following error: “Request must contain a osd-xsrf header. The cloud watch logs don’t indicate anything either.

    • @listentolearn2363
      @listentolearn2363  Рік тому

      Hi Alvin,
      What version of OpenSearch are you using?
      And when are you seeing this error? Is it while loading the first page or while running any specific commands?

    • @alvinronnie3904
      @alvinronnie3904 Рік тому

      @@listentolearn2363 I’m using open search 2.3. And yes, it is while loading the first page

    • @alvinronnie3904
      @alvinronnie3904 Рік тому

      @@listentolearn2363 Would be great if you could help me asap as I’ve been stuck on this for more than a week

    • @listentolearn2363
      @listentolearn2363  Рік тому

      If using a lower version is not a problem, can you try with 1.3? as I haven't tested it with 2.3 yet.
      I think the header is causing a problem in 2.3 but am not sure yet. see opensearch.org/docs/latest/troubleshoot/index/

    • @alvinronnie3904
      @alvinronnie3904 Рік тому

      @@listentolearn2363 the domain had been defined for quite some time. Was using en ec2 instance before to access it outside its vpc. So not possible to try it with 1.3. Also I tried adding the header in the lambda function, but it keeps giving internal server error. Also I’m unable to debug the lambda function at all since adding any print or log statement results in an error

  • @Joneco
    @Joneco Рік тому

    this is not working if you choose to user elasticsearch core in aws opensearch... you could create another video for that, maybe i just changing the py code

    • @listentolearn2363
      @listentolearn2363  Рік тому

      thanks for giving it a try. you are right, the code is specific to opensearch.
      however, we can get it working with elasticsearch by making few changes to the code. I will try to add it to the repo.

  • @sapnokasahar3098
    @sapnokasahar3098 Рік тому

    Please help me it shows
    "Message:Internal server error"

    • @listentolearn2363
      @listentolearn2363  Рік тому

      can you share the errors from cloudwatch logs?

    • @vladgursky149
      @vladgursky149 Рік тому

      I got "internal server error" because not changed every occurrence of AWS region in all listed policies first time and because of not correct URL in second time: /_dashboards/app/dev_tools#/console

    • @TalesFromEveryLand
      @TalesFromEveryLand Рік тому

      same problem@@vladgursky149

  • @rajiv7
    @rajiv7 Рік тому

    does not work...{"message": "Internal server error"} OR Token error...

    • @listentolearn2363
      @listentolearn2363  Рік тому

      Ensure you are accessing the correct URL. It is in the description of the video. The proxy works only for kibana dashboard.

  • @rajiv7
    @rajiv7 Рік тому

    no luck, trying make it run since yesterday...