diff --git a/packages/@aws-cdk/aws-elasticsearch/lib/domain.ts b/packages/@aws-cdk/aws-elasticsearch/lib/domain.ts index 480361c1358f6..668086dab5372 100644 --- a/packages/@aws-cdk/aws-elasticsearch/lib/domain.ts +++ b/packages/@aws-cdk/aws-elasticsearch/lib/domain.ts @@ -1474,6 +1474,36 @@ export class Domain extends DomainBase implements IDomain { }); } + const logPublishing: Record = {}; + + if (this.appLogGroup) { + logPublishing.ES_APPLICATION_LOGS = { + enabled: true, + cloudWatchLogsLogGroupArn: this.appLogGroup.logGroupArn, + }; + } + + if (this.slowSearchLogGroup) { + logPublishing.SEARCH_SLOW_LOGS = { + enabled: true, + cloudWatchLogsLogGroupArn: this.slowSearchLogGroup.logGroupArn, + }; + } + + if (this.slowIndexLogGroup) { + logPublishing.INDEX_SLOW_LOGS = { + enabled: true, + cloudWatchLogsLogGroupArn: this.slowIndexLogGroup.logGroupArn, + }; + } + + if (this.auditLogGroup) { + logPublishing.AUDIT_LOGS = { + enabled: this.auditLogGroup != null, + cloudWatchLogsLogGroupArn: this.auditLogGroup?.logGroupArn, + }; + } + // Create the domain this.domain = new CfnDomain(this, 'Resource', { domainName: this.physicalName, @@ -1506,24 +1536,7 @@ export class Domain extends DomainBase implements IDomain { : undefined, }, nodeToNodeEncryptionOptions: { enabled: nodeToNodeEncryptionEnabled }, - logPublishingOptions: { - AUDIT_LOGS: { - enabled: this.auditLogGroup != null, - cloudWatchLogsLogGroupArn: this.auditLogGroup?.logGroupArn, - }, - ES_APPLICATION_LOGS: { - enabled: this.appLogGroup != null, - cloudWatchLogsLogGroupArn: this.appLogGroup?.logGroupArn, - }, - SEARCH_SLOW_LOGS: { - enabled: this.slowSearchLogGroup != null, - cloudWatchLogsLogGroupArn: this.slowSearchLogGroup?.logGroupArn, - }, - INDEX_SLOW_LOGS: { - enabled: this.slowIndexLogGroup != null, - cloudWatchLogsLogGroupArn: this.slowIndexLogGroup?.logGroupArn, - }, - }, + logPublishingOptions: logPublishing, cognitoOptions: { enabled: props.cognitoKibanaAuth != null, identityPoolId: props.cognitoKibanaAuth?.identityPoolId, diff --git a/packages/@aws-cdk/aws-elasticsearch/test/domain.test.ts b/packages/@aws-cdk/aws-elasticsearch/test/domain.test.ts index affa1d45e4477..ff85a85e218f8 100644 --- a/packages/@aws-cdk/aws-elasticsearch/test/domain.test.ts +++ b/packages/@aws-cdk/aws-elasticsearch/test/domain.test.ts @@ -89,18 +89,10 @@ test('minimal example renders correctly', () => { Enabled: false, }, LogPublishingOptions: { - AUDIT_LOGS: { - Enabled: false, - }, - ES_APPLICATION_LOGS: { - Enabled: false, - }, - SEARCH_SLOW_LOGS: { - Enabled: false, - }, - INDEX_SLOW_LOGS: { - Enabled: false, - }, + AUDIT_LOGS: assert.ABSENT, + ES_APPLICATION_LOGS: assert.ABSENT, + SEARCH_SLOW_LOGS: assert.ABSENT, + INDEX_SLOW_LOGS: assert.ABSENT, }, NodeToNodeEncryptionOptions: { Enabled: false, @@ -133,9 +125,6 @@ describe('log groups', () => { expect(stack).toHaveResourceLike('AWS::Elasticsearch::Domain', { LogPublishingOptions: { - ES_APPLICATION_LOGS: { - Enabled: false, - }, SEARCH_SLOW_LOGS: { CloudWatchLogsLogGroupArn: { 'Fn::GetAtt': [ @@ -145,9 +134,9 @@ describe('log groups', () => { }, Enabled: true, }, - INDEX_SLOW_LOGS: { - Enabled: false, - }, + AUDIT_LOGS: assert.ABSENT, + ES_APPLICATION_LOGS: assert.ABSENT, + INDEX_SLOW_LOGS: assert.ABSENT, }, }); }); @@ -162,12 +151,6 @@ describe('log groups', () => { expect(stack).toHaveResourceLike('AWS::Elasticsearch::Domain', { LogPublishingOptions: { - ES_APPLICATION_LOGS: { - Enabled: false, - }, - SEARCH_SLOW_LOGS: { - Enabled: false, - }, INDEX_SLOW_LOGS: { CloudWatchLogsLogGroupArn: { 'Fn::GetAtt': [ @@ -177,6 +160,9 @@ describe('log groups', () => { }, Enabled: true, }, + AUDIT_LOGS: assert.ABSENT, + ES_APPLICATION_LOGS: assert.ABSENT, + SEARCH_SLOW_LOGS: assert.ABSENT, }, }); }); @@ -200,12 +186,9 @@ describe('log groups', () => { }, Enabled: true, }, - SEARCH_SLOW_LOGS: { - Enabled: false, - }, - INDEX_SLOW_LOGS: { - Enabled: false, - }, + AUDIT_LOGS: assert.ABSENT, + SEARCH_SLOW_LOGS: assert.ABSENT, + INDEX_SLOW_LOGS: assert.ABSENT, }, }); }); @@ -237,15 +220,9 @@ describe('log groups', () => { }, Enabled: true, }, - ES_APPLICATION_LOGS: { - Enabled: false, - }, - SEARCH_SLOW_LOGS: { - Enabled: false, - }, - INDEX_SLOW_LOGS: { - Enabled: false, - }, + ES_APPLICATION_LOGS: assert.ABSENT, + SEARCH_SLOW_LOGS: assert.ABSENT, + INDEX_SLOW_LOGS: assert.ABSENT, }, }); }); @@ -296,6 +273,7 @@ describe('log groups', () => { }, Enabled: true, }, + AUDIT_LOGS: assert.ABSENT, }, }); expect(stack).toHaveResourceLike('AWS::Elasticsearch::Domain', { @@ -327,6 +305,7 @@ describe('log groups', () => { }, Enabled: true, }, + AUDIT_LOGS: assert.ABSENT, }, }); }); @@ -385,12 +364,6 @@ describe('log groups', () => { expect(stack).toHaveResourceLike('AWS::Elasticsearch::Domain', { LogPublishingOptions: { - AUDIT_LOGS: { - Enabled: false, - }, - ES_APPLICATION_LOGS: { - Enabled: false, - }, SEARCH_SLOW_LOGS: { CloudWatchLogsLogGroupArn: { 'Fn::GetAtt': [ @@ -400,9 +373,9 @@ describe('log groups', () => { }, Enabled: true, }, - INDEX_SLOW_LOGS: { - Enabled: false, - }, + AUDIT_LOGS: assert.ABSENT, + ES_APPLICATION_LOGS: assert.ABSENT, + INDEX_SLOW_LOGS: assert.ABSENT, }, }); }); @@ -420,15 +393,6 @@ describe('log groups', () => { expect(stack).toHaveResourceLike('AWS::Elasticsearch::Domain', { LogPublishingOptions: { - AUDIT_LOGS: { - Enabled: false, - }, - ES_APPLICATION_LOGS: { - Enabled: false, - }, - SEARCH_SLOW_LOGS: { - Enabled: false, - }, INDEX_SLOW_LOGS: { CloudWatchLogsLogGroupArn: { 'Fn::GetAtt': [ @@ -438,6 +402,9 @@ describe('log groups', () => { }, Enabled: true, }, + AUDIT_LOGS: assert.ABSENT, + ES_APPLICATION_LOGS: assert.ABSENT, + SEARCH_SLOW_LOGS: assert.ABSENT, }, }); }); @@ -455,9 +422,6 @@ describe('log groups', () => { expect(stack).toHaveResourceLike('AWS::Elasticsearch::Domain', { LogPublishingOptions: { - AUDIT_LOGS: { - Enabled: false, - }, ES_APPLICATION_LOGS: { CloudWatchLogsLogGroupArn: { 'Fn::GetAtt': [ @@ -467,12 +431,9 @@ describe('log groups', () => { }, Enabled: true, }, - SEARCH_SLOW_LOGS: { - Enabled: false, - }, - INDEX_SLOW_LOGS: { - Enabled: false, - }, + AUDIT_LOGS: assert.ABSENT, + SEARCH_SLOW_LOGS: assert.ABSENT, + INDEX_SLOW_LOGS: assert.ABSENT, }, }); }); @@ -507,15 +468,9 @@ describe('log groups', () => { }, Enabled: true, }, - ES_APPLICATION_LOGS: { - Enabled: false, - }, - SEARCH_SLOW_LOGS: { - Enabled: false, - }, - INDEX_SLOW_LOGS: { - Enabled: false, - }, + ES_APPLICATION_LOGS: assert.ABSENT, + SEARCH_SLOW_LOGS: assert.ABSENT, + INDEX_SLOW_LOGS: assert.ABSENT, }, }); }); diff --git a/packages/@aws-cdk/aws-elasticsearch/test/integ.elasticsearch.advancedsecurity.expected.json b/packages/@aws-cdk/aws-elasticsearch/test/integ.elasticsearch.advancedsecurity.expected.json index a4ec48af68521..e919ee6365e8e 100644 --- a/packages/@aws-cdk/aws-elasticsearch/test/integ.elasticsearch.advancedsecurity.expected.json +++ b/packages/@aws-cdk/aws-elasticsearch/test/integ.elasticsearch.advancedsecurity.expected.json @@ -40,20 +40,7 @@ "EncryptionAtRestOptions": { "Enabled": true }, - "LogPublishingOptions": { - "AUDIT_LOGS": { - "Enabled": false - }, - "ES_APPLICATION_LOGS": { - "Enabled": false - }, - "SEARCH_SLOW_LOGS": { - "Enabled": false - }, - "INDEX_SLOW_LOGS": { - "Enabled": false - } - }, + "LogPublishingOptions": {}, "NodeToNodeEncryptionOptions": { "Enabled": true } diff --git a/packages/@aws-cdk/aws-elasticsearch/test/integ.elasticsearch.custom-kms-key.expected.json b/packages/@aws-cdk/aws-elasticsearch/test/integ.elasticsearch.custom-kms-key.expected.json index f987bec734004..fafc653e73740 100644 --- a/packages/@aws-cdk/aws-elasticsearch/test/integ.elasticsearch.custom-kms-key.expected.json +++ b/packages/@aws-cdk/aws-elasticsearch/test/integ.elasticsearch.custom-kms-key.expected.json @@ -211,9 +211,6 @@ } }, "LogPublishingOptions": { - "AUDIT_LOGS": { - "Enabled": false - }, "ES_APPLICATION_LOGS": { "CloudWatchLogsLogGroupArn": { "Fn::GetAtt": [ @@ -231,9 +228,6 @@ ] }, "Enabled": true - }, - "INDEX_SLOW_LOGS": { - "Enabled": false } }, "NodeToNodeEncryptionOptions": { @@ -442,13 +436,13 @@ ] } }, - "Handler": "index.handler", "Role": { "Fn::GetAtt": [ "AWS679f53fac002430cb0da5b7982bd2287ServiceRoleC1EA0FF2", "Arn" ] }, + "Handler": "index.handler", "Runtime": "nodejs12.x", "Timeout": 120 }, diff --git a/packages/@aws-cdk/aws-elasticsearch/test/integ.elasticsearch.expected.json b/packages/@aws-cdk/aws-elasticsearch/test/integ.elasticsearch.expected.json index a6a6dd2b0d37f..6c782aee20cc9 100644 --- a/packages/@aws-cdk/aws-elasticsearch/test/integ.elasticsearch.expected.json +++ b/packages/@aws-cdk/aws-elasticsearch/test/integ.elasticsearch.expected.json @@ -157,9 +157,6 @@ "Enabled": true }, "LogPublishingOptions": { - "AUDIT_LOGS": { - "Enabled": false - }, "ES_APPLICATION_LOGS": { "CloudWatchLogsLogGroupArn": { "Fn::GetAtt": [ @@ -177,9 +174,6 @@ ] }, "Enabled": true - }, - "INDEX_SLOW_LOGS": { - "Enabled": false } }, "NodeToNodeEncryptionOptions": { @@ -358,13 +352,13 @@ ] } }, - "Handler": "index.handler", "Role": { "Fn::GetAtt": [ "AWS679f53fac002430cb0da5b7982bd2287ServiceRoleC1EA0FF2", "Arn" ] }, + "Handler": "index.handler", "Runtime": "nodejs12.x", "Timeout": 120 }, @@ -529,9 +523,6 @@ "Enabled": true }, "LogPublishingOptions": { - "AUDIT_LOGS": { - "Enabled": false - }, "ES_APPLICATION_LOGS": { "CloudWatchLogsLogGroupArn": { "Fn::GetAtt": [ @@ -549,9 +540,6 @@ ] }, "Enabled": true - }, - "INDEX_SLOW_LOGS": { - "Enabled": false } }, "NodeToNodeEncryptionOptions": { diff --git a/packages/@aws-cdk/aws-elasticsearch/test/integ.elasticsearch.unsignedbasicauth.expected.json b/packages/@aws-cdk/aws-elasticsearch/test/integ.elasticsearch.unsignedbasicauth.expected.json index 99ca282a3469a..b55ac9e14df69 100644 --- a/packages/@aws-cdk/aws-elasticsearch/test/integ.elasticsearch.unsignedbasicauth.expected.json +++ b/packages/@aws-cdk/aws-elasticsearch/test/integ.elasticsearch.unsignedbasicauth.expected.json @@ -4,8 +4,8 @@ "Type": "AWS::SecretsManager::Secret", "Properties": { "GenerateSecretString": { - "GenerateStringKey": "password", "ExcludeCharacters": "{}'\\*[]()`", + "GenerateStringKey": "password", "SecretStringTemplate": "{\"username\":\"admin\"}" } } @@ -54,20 +54,7 @@ "EncryptionAtRestOptions": { "Enabled": true }, - "LogPublishingOptions": { - "AUDIT_LOGS": { - "Enabled": false - }, - "ES_APPLICATION_LOGS": { - "Enabled": false - }, - "SEARCH_SLOW_LOGS": { - "Enabled": false - }, - "INDEX_SLOW_LOGS": { - "Enabled": false - } - }, + "LogPublishingOptions": {}, "NodeToNodeEncryptionOptions": { "Enabled": true } @@ -297,4 +284,4 @@ "Description": "Artifact hash for asset \"b64b129569a5ac7a9abf88a18ac0b504d1fb1208872460476ed3fd435830eb94\"" } } -} +} \ No newline at end of file