feat: add support to push logs to opensearch

install.sh

@@ -366,6 +366,72 @@ while true; do
     fi
 done
 
+validate_opensearch_password() {
+    local master_password=$1
+
+    # Check length (at least 8 characters)
+    if [[ ${#master_password} -lt 8 ]]; then
+        display_error "Error: Password must be at least 8 characters."
+        return 1
+    fi
+
+    # Check if it starts with an alphabet
+    if [[ ! $master_password =~ ^[A-Za-z] ]]; then
+        display_error "Error: Password must start with a letter."
+        return 1
+    fi
+
+    # Check for at least one uppercase letter and one lowercase letter
+    if [[ ! $master_password =~ [A-Z] || ! $master_password =~ [a-z] ]]; then
+        display_error "Error: Password must include at least one uppercase and one lowercase letter."
+        return 1
+    fi
+
+    # Check for at least one digit
+    if [[ ! $master_password =~ [0-9] ]]; then
+        display_error "Error: Password must include at least one digit."
+        return 1
+    fi
+
+    # Check for special characters
+    if [[ $password == [^A-Za-z0-9] ]]; then
+        display_error "Error: Password should include special characters."
+        return 1
+    fi
+
+    # read password again to confirm
+    echo "Please re-enter the password: "
+    read -r -s master_password_confirm
+    if [[ "$master_password" != "$master_password_confirm" ]]; then
+        display_error "Error: Passwords do not match."
+        return 1
+    fi
+
+    return 0
+
+}
+
+echo "Do you want to push logs to S3 and Open Search? [y/n]: "
+read -r OPEN_SEARCH_SERVICE
+
+if [[ "$OPEN_SEARCH_SERVICE" == "y" ]]; then
+    read -p "Please enter the Master UserName for Open Search Service: " OPEN_SEARCH_MASTER_USER_NAME
+    while true; do
+        echo "Please enter the Master Password for Open Search Service: "
+        read -r -s OPEN_SEARCH_MASTER_PASSWORD
+        if validate_opensearch_password "$OPEN_SEARCH_MASTER_PASSWORD"; then
+            break
+        fi
+    done
+
+elif [[ "$OPEN_SEARCH_SERVICE" == "n" ]]; then
+    break
+else
+    echo "Invalid input. Please enter 'y' or 'n'."
+    read -r OPEN_SEARCH_SERVICE
+fi
+
+
 if [[ "$INSTALLATION_MODE" == 2 ]]; then
 
     while true; do
@@ -426,7 +492,7 @@ if [[ "$INSTALLATION_MODE" == 2 ]]; then
         aws iam delete-role --role-name $ROLE_NAME 2>/dev/null
         cdk bootstrap aws://$AWS_ACCOUNT_ID/$AWS_DEFAULT_REGION -c aws_arn=$AWS_ARN
     fi
-    if cdk deploy --require-approval never -c db_pass=$DB_PASS -c admin_api_key=$ADMIN_API_KEY -c aws_arn=$AWS_ARN -c master_enc_key=$MASTER_ENC_KEY -c vpn_ips=$VPN_IPS -c base_ami=$base_ami -c envoy_ami=$envoy_ami -c squid_ami=$squid_ami $LOCKER; then
+    if cdk deploy --require-approval never -c db_pass=$DB_PASS -c admin_api_key=$ADMIN_API_KEY -c aws_arn=$AWS_ARN -c master_enc_key=$MASTER_ENC_KEY -c vpn_ips=$VPN_IPS -c base_ami=$base_ami -c envoy_ami=$envoy_ami -c squid_ami=$squid_ami $LOCKER -c open_search_service=$OPEN_SEARCH_SERVICE -c open_search_master_user_name=$OPEN_SEARCH_MASTER_USER_NAME -c open_search_master_password=$OPEN_SEARCH_MASTER_PASSWORD; then
         # Wait for the EKS Cluster to be deployed
         echo $(aws eks create-addon --cluster-name hs-eks-cluster --addon-name amazon-cloudwatch-observability)
 

lib/aws/eks.ts

@@ -7,7 +7,7 @@ import { Construct } from "constructs";
 import { Config } from "./config";
 import { ElasticacheStack } from "./elasticache";
 import { DataBaseConstruct } from "./rds";
-import { LogsBucket } from "./log_bucket";
+import { LogsStack } from "./log_stack";
 import * as kms from "aws-cdk-lib/aws-kms";
 import { readFileSync } from "fs";
 import { Secret } from "aws-cdk-lib/aws-secretsmanager";
@@ -63,8 +63,12 @@ export class EksStack {
         eks.ClusterLoggingTypes.SCHEDULER,
       ]
     });
-
-    const logsBucket = new LogsBucket(scope, cluster, "app-logs-s3-service-account");
+
+    let push_logs = scope.node.tryGetContext('open_search_service') || 'n';
+    if (`${push_logs}` == "y"){
+      const logsStack = new LogsStack(scope, cluster, "app-logs-s3-service-account");
+    }
+
     cluster.node.addDependency(ecrTransfer.codebuildTrigger);
 
     cdk.Tags.of(cluster).add("SubStack", "HyperswitchEKS");