1. Sign in to the AWS Management Console: Go to the AWS Management Console and sign in with your credentials.
2. Navigate to the OpenSearch Service: From the services dropdown, select “OpenSearch Service” under the Analytics section.
3. Select the OpenSearch Domain: Choose the OpenSearch domain that you want to configure to export logs to CloudWatch.
4. Navigate to the CloudWatch Logs section: In the left-hand navigation pane, click on the “Logs” section under the “Data” category.
5. Enable CloudWatch Logs: Click on the “Enable” button to enable the export of OpenSearch logs to CloudWatch.
6. Configure Log Settings: In the CloudWatch Logs configuration window, you can specify the log group name, log stream name, and the IAM role that has permission to write logs to CloudWatch.
7. Review and Confirm: Review the settings you have configured and click on the “Confirm” button to apply the changes.
8. Verify Configuration: After the configuration is applied, you can verify that the OpenSearch logs are now being exported to CloudWatch by checking the CloudWatch Logs console.

​

1. Enable the Log Publishing Option: Run the following AWS CLI command to enable the log publishing option for your OpenSearch domain. Replace <domain-name> with the name of your OpenSearch domain.
   Copy

   Ask AI

   aws opensearchservice update-domain-config --domain-name <domain-name> --advanced-security-options "AuditLogs: { CloudWatchLogs: { Enabled: true }}"
   

2. Verify the Configuration: You can verify that the log publishing option is enabled for your OpenSearch domain by describing the domain configuration using the following command:
   Copy

   Ask AI

   aws opensearchservice describe-elasticsearch-domain-config --domain-name <domain-name>
   

3. Check CloudWatch Logs: Once the configuration is updated, you should start seeing the OpenSearch logs in CloudWatch Logs. You can access these logs from the AWS Management Console or by using the CloudWatch Logs API.

1. Install Boto3: Boto3 is the AWS SDK for Python and will allow you to interact with AWS services from your Python script. You can install it using pip:
   Copy

   Ask AI

   pip install boto3
   

2. Update OpenSearch Domain Policy: Update the OpenSearch domain policy to allow the OpenSearch domain to publish logs to CloudWatch Logs. You can use the following Python script to update the domain policy:
   Copy

   Ask AI

   import boto3
   
   # Define the OpenSearch domain name
   domain_name = 'your-opensearch-domain-name'
   
   # Create a CloudWatch Logs resource policy
   cloudwatch_policy = {
       "Version": "2012-10-17",
       "Statement": [
           {
               "Effect": "Allow",
               "Principal": {
                   "Service": "es.amazonaws.com"
               },
               "Action": "logs:PutLogEvents",
               "Resource": "arn:aws:logs:*:*:log-group:/aws/opensearch-service/*"
           }
       ]
   }
   
   # Update the OpenSearch domain access policy
   client = boto3.client('es')
   response = client.update_elasticsearch_domain_config(
       DomainName=domain_name,
       ElasticsearchClusterConfig={
           'CloudWatchLogsLogGroupArn': 'arn:aws:logs:us-east-1:123456789012:log-group:/aws/opensearch-service/*',
           'CloudWatchLogsRoleArn': 'arn:aws:iam::123456789012:role/your-cloudwatch-role'
       },
       AccessPolicies=json.dumps(cloudwatch_policy)
   )
   
   print(response)
   

3. Replace placeholders: Replace the placeholder values in the script with your actual OpenSearch domain name, CloudWatch Logs Log Group ARN, and CloudWatch Logs Role ARN.
4. Run the script: Save the script in a Python file (e.g., remediate_opensearch_logs.py) and run it using the Python interpreter:
   Copy

   Ask AI

   python remediate_opensearch_logs.py
   

5. Verify the configuration: After running the script, verify that the OpenSearch domain is now exporting logs to CloudWatch Logs by checking the CloudWatch Logs console for log streams related to your OpenSearch domain.