Chatbot/create_opensearch_domain.py at main · Capstone-MathCaptain/Chatbot · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
import boto3
import json
import os
from dotenv import load_dotenv
load_dotenv(dotenv_path=".env")
boto3.setup_default_session(
    aws_access_key_id=os.getenv("AWS_ACCESS_KEY_ID"),
    aws_secret_access_key=os.getenv("AWS_SECRET_ACCESS_KEY"),
    region_name=os.getenv("AWS_DEFAULT_REGION", "us-east-1")
)

# OpenSearch 클라이언트 생성 (리전 확인 필수!)
client = boto3.client("opensearch", region_name="us-east-1")

# 도메인 이름
domain_name = "mydomain-finegrained"

# 마스터 사용자 자격 증명 설정 (fine-grained access control용)
master_user_name = os.getenv("OS_MASTER_USER")
master_user_password = os.getenv("OS_MASTER_PASSWORD")

# VPC 설정 정보
vpc_config = {
    "SubnetIds": [
        "subnet-0bf0f220ebc8165a7"
    ],
    "SecurityGroupIds": [
        "sg-0225afb45fd02af83"
    ]
}

# 도메인 생성 요청
response = client.create_domain(
    DomainName=domain_name,
    EngineVersion="OpenSearch_2.17",
    ClusterConfig={
        "InstanceType": "r6g.large.search",
        "InstanceCount": 2,
        "DedicatedMasterEnabled": False,
        "ZoneAwarenessEnabled": False
    },
    EBSOptions={
        "EBSEnabled": True,
        "VolumeSize": 10,
        "VolumeType": "gp3"
    },
    AccessPolicies=json.dumps({
        "Version": "2012-10-17",
        "Statement": [
            {
                "Effect": "Allow",
                "Principal": {
                    "AWS": "*"
                },
                "Action": "es:*",
                "Resource": f"arn:aws:es:us-east-1:160885280013:domain/{domain_name}/*"
            }
        ]
    }),
    VPCOptions=vpc_config,
    CognitoOptions={"Enabled": False},
    EncryptionAtRestOptions={"Enabled": True},
    NodeToNodeEncryptionOptions={"Enabled": True},
    DomainEndpointOptions={
        "EnforceHTTPS": True,
        "TLSSecurityPolicy": "Policy-Min-TLS-1-2-2019-07"
    },
    AdvancedSecurityOptions={
        "Enabled": True,
        "InternalUserDatabaseEnabled": True,
        "MasterUserOptions": {
            "MasterUserName": master_user_name,
            "MasterUserPassword": master_user_password
        }
    }
)

print("도메인 생성 요청이 완료되었습니다.")
print(response)