From 6d8339da118a3cf168c77ef6713ff358f7c82e0d Mon Sep 17 00:00:00 2001 From: Geoffrey Kleinberg Date: Thu, 13 Feb 2025 11:48:46 -0500 Subject: [PATCH 1/2] Describe the process to create a private OSS instance Provides a high level overview of the steps needed to create a private OSS instance via the AWS CLI. --- Opensearch_spinup.md | 37 ++++++++++++++++++++++++++++++++++++- 1 file changed, 36 insertions(+), 1 deletion(-) diff --git a/Opensearch_spinup.md b/Opensearch_spinup.md index de80539..81918a6 100644 --- a/Opensearch_spinup.md +++ b/Opensearch_spinup.md @@ -39,4 +39,39 @@ Note: This section is where you give permissions to perform actions on the colle - Click on "Dev Tools" on the left side of the screen - You can now run queries on your collection in this environment - Refer to this Official AWS Tutorial for more info on the basics of how to use OpenSearch Dashboards: - - https://docs.aws.amazon.com/opensearch-service/latest/developerguide/quick-start.html \ No newline at end of file + - https://docs.aws.amazon.com/opensearch-service/latest/developerguide/quick-start.html + + +## Spin Up a Private Instance with CLI + +This will walk you through setting up a private instance of OpenSearch Serverless (OSS) that is accessible via an EC2 instance. We will call our collection `collection-name` in this example. + +First, we will create the VPC endpoint that we will use to interact with the OSS instance. Run the following command: + +``` +aws opensearchserverless create-vpc-endpoint + --name collection-name-endpoint + --vpc-id vpc-id + --subnet-ids subnet-id-list + --security-group-ids security-group-list +``` + +**The step above is currently the one failing.** + +After this, we must create a security policy using +``` +aws opensearchserverless create-security-policy +``` +as described [here](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/serverless-manage.html#serverless-create). Documentation for the command is [here](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/opensearchserverless/create-security-policy.html). The security policy has to allow traffic from the VPC endpoint previously created. + +Following that, we will have permission to create a collection using +``` +aws opensearchserverless create-collection +``` +as described [here](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/serverless-manage.html#serverless-create). Documentation for the command is [here](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/opensearchserverless/create-collection.html). + +Finally, we must create a data access policy using +``` +aws opensearchserverless create-access-policy +``` +as described [here](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/serverless-data-access.html#serverless-data-access-cli). This policy will allow traffic from the VPC endpoint created above. Documentation for the command is [here](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/opensearchserverless/create-access-policy.html). \ No newline at end of file From 2b69240b12f9d6fd76c3c95938700f54f7b57856 Mon Sep 17 00:00:00 2001 From: Geoffrey Kleinberg Date: Thu, 13 Feb 2025 11:51:12 -0500 Subject: [PATCH 2/2] Add a link to the documentation of create-vpc-endpoint --- Opensearch_spinup.md | 1 + 1 file changed, 1 insertion(+) diff --git a/Opensearch_spinup.md b/Opensearch_spinup.md index 81918a6..cdcfc2c 100644 --- a/Opensearch_spinup.md +++ b/Opensearch_spinup.md @@ -55,6 +55,7 @@ aws opensearchserverless create-vpc-endpoint --subnet-ids subnet-id-list --security-group-ids security-group-list ``` +Documentation for this command is [here](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/opensearchserverless/create-vpc-endpoint.html). **The step above is currently the one failing.**