-
Notifications
You must be signed in to change notification settings - Fork 25
/
Copy pathchef_elasticsearch.yaml
241 lines (231 loc) · 7.77 KB
/
chef_elasticsearch.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
AWSTemplateFormatVersion: '2010-09-09'
Description: Chef Server Elasticsearch 5.1.1
Parameters:
# Required Parameters
VPC:
Description: Choose VPC to use
Type: AWS::EC2::VPC::Id
ChefServerSubnets:
Description: Provide a list of Subnet IDs for the Chef Servers (must be within the specified VPC)
Type: List<AWS::EC2::Subnet::Id>
ContactEmail:
Description: Contact email for Cloudwatch notifications and instance tagging
Type: String
ContactDept:
Description: Contact department for billing purposes
Type: String
###############################################################################
# Performance Settings
ElasticSearchInstanceType:
Description: The Instance type to use for ElasticSearch instances (Note, must have ephemeral storage, the instance type affects the total amount of elasticsearch storage. i3 strongly recommended)
Type: String
Default: 'i3.large.elasticsearch'
AllowedValues:
[
'i3.large.elasticsearch',
'i3.xlarge.elasticsearch',
'i3.2xlarge.elasticsearch',
'i3.4xlarge.elasticsearch',
'i3.8xlarge.elasticsearch',
'i3.16xlarge.elasticsearch',
'i2.xlarge.elasticsearch',
'i2.2xlarge.elasticsearch',
'm3.medium.elasticsearch',
'm3.large.elasticsearch',
'm3.xlarge.elasticsearch',
'm3.medium.elasticsearch',
'r3.large.elasticsearch',
'r3.xlarge.elasticsearch',
'r3.2xlarge.elasticsearch',
'r3.4xlarge.elasticsearch',
'r3.8xlarge.elasticsearch',
]
ElasticSearchVersion:
Description: Version of ElasticSearch to use
Type: String
Default: '5.6'
AllowedValues:
- '2.3'
- '5.3'
- '5.5'
- '5.6'
ElasticSearchShardCount:
Description: Number of ElasticSearch hosts to provision at launch (3 recommended, 2 provides HA)
Default: 3
Type: Number
###############################################################################
# Security Settings
FrontendSecurityGroupId:
Description: Supply a security group for your chef frontends
Type: AWS::EC2::SecurityGroup::Id
ChefRole:
Description: Supply an IAM Role for the Chef Servers
Type: String
###############################################################################
# Input from Parent Stack
AlertNotificationTopic:
Description: SNS topic
Type: String
Conditions:
2ZoneES: !Equals [!Ref ElasticSearchShardCount, 2]
Resources:
# ElasticSearch
#########################################################################################
ESSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: 'Elasticsearch Frontend Access'
VpcId: !Ref VPC
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 443
ToPort: 443
SourceSecurityGroupId: !Ref FrontendSecurityGroupId
ElasticsearchDomain:
Type: AWS::Elasticsearch::Domain
Properties:
ElasticsearchVersion: !Ref ElasticSearchVersion
ElasticsearchClusterConfig:
InstanceCount: !Sub ${ElasticSearchShardCount}
ZoneAwarenessEnabled: true
ZoneAwarenessConfig:
AvailabilityZoneCount: !If [2ZoneES, 2, 3]
InstanceType: !Ref ElasticSearchInstanceType
DedicatedMasterEnabled: false
SnapshotOptions:
AutomatedSnapshotStartHour: 0
AccessPolicies:
Version: '2012-10-17'
Statement:
- Effect: 'Allow'
Principal:
AWS: !Ref ChefRole
Action: 'es:*'
Resource: !Sub 'arn:aws:es:${AWS::Region}:${AWS::AccountId}:*'
VPCOptions:
SubnetIds:
!If [
2ZoneES,
[
!Select [0, !Ref ChefServerSubnets],
!Select [1, !Ref ChefServerSubnets],
],
[
!Select [0, !Ref ChefServerSubnets],
!Select [1, !Ref ChefServerSubnets],
!Select [2, !Ref ChefServerSubnets],
],
]
SecurityGroupIds:
- !Ref ESSecurityGroup
AdvancedOptions:
rest.action.multi.allow_explicit_index: 'true'
Tags:
- Key: Name
Value: !Sub ${AWS::StackName}-ES
- Key: X-Dept
Value: !Ref ContactDept
- Key: X-Contact
Value: !Ref ContactEmail
# Monitoring
#########################################################################################
ESClusterRed:
Type: AWS::CloudWatch::Alarm
Properties:
AlarmName: !Sub ESClusterRed-${AWS::StackName}
AlarmDescription: Alarm when both primary and replica shards are down.
AlarmActions: [!Ref AlertNotificationTopic]
MetricName: ClusterStatus.red
Namespace: AWS/ES
ComparisonOperator: GreaterThanOrEqualToThreshold
EvaluationPeriods: 1
Period: 60
Statistic: Minimum
Threshold: 1
Dimensions:
- Name: DomainName
Value: !Ref ElasticsearchDomain
- Name: ClientId
Value: !Ref AWS::AccountId
ESClusterYellow:
Type: AWS::CloudWatch::Alarm
Properties:
AlarmName: !Sub ESClusterYellow-${AWS::StackName}
AlarmDescription: Alarm when replica shards are down for 15 minutes.
AlarmActions: [!Ref AlertNotificationTopic]
MetricName: ClusterStatus.yellow
Namespace: AWS/ES
ComparisonOperator: GreaterThanOrEqualToThreshold
EvaluationPeriods: 1
Period: 60
Statistic: Minimum
Threshold: 1
Dimensions:
- Name: DomainName
Value: !Ref ElasticsearchDomain
- Name: ClientId
Value: !Ref AWS::AccountId
ESFreeStorageSpace:
Type: AWS::CloudWatch::Alarm
Properties:
AlarmName: !Sub ESFreeStorageSpace-${AWS::StackName}
AlarmDescription: Alarm when free storage space on any node falls below threshold.
AlarmActions: [!Ref AlertNotificationTopic]
MetricName: FreeStorageSpace
Namespace: AWS/ES
ComparisonOperator: LessThanOrEqualToThreshold
EvaluationPeriods: 5
Period: 60
# Reports when any node in the cluster falls below the threshold.
Statistic: Minimum
Threshold: 2000
Dimensions:
- Name: DomainName
Value: !Ref ElasticsearchDomain
- Name: ClientId
Value: !Ref AWS::AccountId
ESCPUUtilization:
Type: AWS::CloudWatch::Alarm
Properties:
AlarmName: !Sub ESCPUUtilization-${AWS::StackName}
AlarmDescription: Alarm when all nodes' average CPU load passes threshold.
AlarmActions: [!Ref AlertNotificationTopic]
MetricName: CPUUtilization
Namespace: AWS/ES
ComparisonOperator: GreaterThanOrEqualToThreshold
EvaluationPeriods: 2
Period: 300
Statistic: Average
Threshold: 80
Unit: Percent
Dimensions:
- Name: DomainName
Value: !Ref ElasticsearchDomain
- Name: ClientId
Value: !Ref AWS::AccountId
ESJVMMemoryPressure:
Type: AWS::CloudWatch::Alarm
Properties:
AlarmName: !Sub ESJVMMemoryPressure-${AWS::StackName}
AlarmDescription: Alarm when maximum percentage of the Java heap used for all data nodes in the cluster exceeds threshold.
AlarmActions: [!Ref AlertNotificationTopic]
MetricName: JVMMemoryPressure
Namespace: AWS/ES
ComparisonOperator: GreaterThanOrEqualToThreshold
EvaluationPeriods: 2
Period: 300
Statistic: Maximum
Threshold: 90
Unit: Percent
Dimensions:
- Name: DomainName
Value: !Ref ElasticsearchDomain
- Name: ClientId
Value: !Ref AWS::AccountId
Outputs:
ElasticsearchDomain:
Value: !Ref ElasticsearchDomain
Description: The elasticsearch domain
DomainEndpoint:
Value: !GetAtt ElasticsearchDomain.DomainEndpoint
Description: The elasticsearch domain endpoint