本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。 # CloudFormation 用于创建 Amazon OpenSearch 无服务器集合 您可以使用 CloudFormation 创建 Amazon OpenSearch 无服务器资源,例如集合、安全策略和 VPC 终端节点。有关全面的 OpenSearch 无服务器 CloudFormation 参考,请参阅《*CloudFormation 用户*指南》中的 [Amazon OpenSearch Serverless](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_OpenSearchServerless.html)。 以下示例 CloudFormation 模板创建了一个简单的数据访问策略、网络策略和安全策略以及匹配的集合。这是快速启动并运行 Amazon OpenSearch Serverless 并配置必要元素以创建和使用集合的好方法。 **重要** 此示例使用公共网络访问权限,建议不要将其用于生产工作负载。我们建议使用 VPC 访问来保护您的集合。有关更多信息,请参阅[AWS::OpenSearchServerless::VpcEndpoint](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchserverless-vpcendpoint.html)和[通过以下方式访问数据平面 AWS PrivateLink](serverless-vpc.md)。 ``` AWSTemplateFormatVersion: 2010-09-09 Description: 'Amazon OpenSearch Serverless template to create an IAM user, encryption policy, data access policy and collection' Resources: IAMUSer: Type: 'AWS::IAM::User' Properties: UserName: aossadmin DataAccessPolicy: Type: 'AWS::OpenSearchServerless::AccessPolicy' Properties: Name: quickstart-access-policy Type: data Description: Access policy for quickstart collection Policy: !Sub >- [{"Description":"Access for cfn user","Rules":[{"ResourceType":"index","Resource":["index/*/*"],"Permission":["aoss:*"]}, {"ResourceType":"collection","Resource":["collection/quickstart"],"Permission":["aoss:*"]}], "Principal":["arn:aws:iam::${AWS::AccountId}:user/aossadmin"]}] NetworkPolicy: Type: 'AWS::OpenSearchServerless::SecurityPolicy' Properties: Name: quickstart-network-policy Type: network Description: Network policy for quickstart collection Policy: >- [{"Rules":[{"ResourceType":"collection","Resource":["collection/quickstart"]}, {"ResourceType":"dashboard","Resource":["collection/quickstart"]}],"AllowFromPublic":true}] EncryptionPolicy: Type: 'AWS::OpenSearchServerless::SecurityPolicy' Properties: Name: quickstart-security-policy Type: encryption Description: Encryption policy for quickstart collection Policy: >- {"Rules":[{"ResourceType":"collection","Resource":["collection/quickstart"]}],"AWSOwnedKey":true} Collection: Type: 'AWS::OpenSearchServerless::Collection' Properties: Name: quickstart Type: TIMESERIES Description: Collection to holds timeseries data DependsOn: EncryptionPolicy Outputs: IAMUser: Value: !Ref IAMUSer DashboardURL: Value: !GetAtt Collection.DashboardEndpoint CollectionARN: Value: !GetAtt Collection.Arn ```