feat(aws): add AWS OpenSearch Serverless (AOSS) support (#213)

* init aoss support

Signed-off-by: ps48 <pshenoy36@gmail.com>

* remove mv2 lock

Signed-off-by: ps48 <pshenoy36@gmail.com>

* add support for serverless and fix otel demo flags

Signed-off-by: ps48 <pshenoy36@gmail.com>

* delete mem files

Signed-off-by: ps48 <pshenoy36@gmail.com>

* update index patterns

Signed-off-by: ps48 <pshenoy36@gmail.com>

* resolve comments

Signed-off-by: ps48 <pshenoy36@gmail.com>

---------

Signed-off-by: ps48 <pshenoy36@gmail.com>

Author: ps48

.env

@@ -225,5 +225,9 @@ JAEGER_HOST=jaeger
 JAEGER_UI_PORT=16686
 JAEGER_GRPC_PORT=4317
 
+# Telemetry Docs (referenced by frontend-proxy envoy template)
+TELEMETRY_DOCS_HOST=otel-collector
+TELEMETRY_DOCS_PORT=4318
+
 # Java Options (workaround for OSX JDK bug)
 _JAVA_OPTIONS=

aws/cdk/bin/app.ts

@@ -11,12 +11,17 @@ const env = {
   region: process.env.CDK_DEFAULT_REGION,
 };
 
-// Slow-changing infra: OpenSearch domain, AMP workspace, DQS data source
+const opensearchType = (app.node.tryGetContext('opensearchType') as 'managed' | 'serverless') || 'managed';
+
+// Slow-changing infra: OpenSearch domain/collection, AMP workspace, DQS data source
 const infra = new InfraStack(app, 'ObsInfra', {
   env,
-  osInstanceType: 'r6g.large.search',
-  osInstanceCount: 1,
-  osVolumeSize: 100,
+  opensearchType,
+  ...(opensearchType !== 'serverless' && {
+    osInstanceType: 'r6g.large.search',
+    osInstanceCount: 1,
+    osVolumeSize: 100,
+  }),
 });
 
 // Fast-iteration stack: FGAC, OSIS pipeline, OpenSearch App, UI init

aws/cdk/lib/demo-workload.ts

@@ -86,6 +86,17 @@ export class DemoWorkload extends Construct {
           'git clone --depth 1 https://github.com/opensearch-project/observability-stack.git /opt/obs-stack',
           'cd /opt/obs-stack',
           '',
+          '# Patch otel-demo frontend-proxy: upstream envoy template references',
+          '# ${TELEMETRY_DOCS_HOST}/${TELEMETRY_DOCS_PORT} but those aren\'t wired',
+          '# through compose, so envoy bootstraps with an empty socket address and',
+          '# crash-loops. Inject the vars and forward them into the service.',
+          'if ! grep -q "^TELEMETRY_DOCS_HOST=" .env; then',
+          '  printf "\\nTELEMETRY_DOCS_HOST=otel-collector\\nTELEMETRY_DOCS_PORT=4318\\n" >> .env',
+          'fi',
+          'if ! grep -q "TELEMETRY_DOCS_HOST" docker-compose.otel-demo.yml; then',
+          '  sed -i "/^      - FLAGD_UI_PORT$/a\\      - TELEMETRY_DOCS_HOST\\n      - TELEMETRY_DOCS_PORT" docker-compose.otel-demo.yml',
+          'fi',
+          '',
           'cat > docker-compose/otel-collector/config.yaml << \'COLLECTOREOF\'',
           'extensions:',
           '  sigv4auth:',
@@ -157,6 +168,11 @@ export class DemoWorkload extends Construct {
           '    logging: *logging',
           'MANAGEDEOF',
           '',
+          '# Kafka\'s healthcheck can exceed compose\'s dependency grace window on',
+          '# first boot, leaving kafka-dependent services in Created state. Retry',
+          '# once — second pass finds kafka healthy and starts the stragglers.',
+          'docker compose -f docker-compose.managed.yml up -d || true',
+          'sleep 60',
           'docker compose -f docker-compose.managed.yml up -d',
         ].join('\n'),
         { OsiEndpoint: osiEndpoint },

aws/cdk/lib/infra-stack.ts

@@ -1,15 +1,18 @@
 import * as cdk from 'aws-cdk-lib';
 import { Construct } from 'constructs';
 import { OpenSearchConstruct } from './opensearch';
+import { OpenSearchServerlessConstruct } from './opensearch-serverless';
 import { PrometheusConstruct } from './prometheus';
 
 export interface InfraStackProps extends cdk.StackProps {
+  opensearchType?: 'managed' | 'serverless';
   osInstanceType?: string;
   osInstanceCount?: number;
   osVolumeSize?: number;
 }
 
 export class InfraStack extends cdk.Stack {
+  public readonly opensearchType: string;
   public readonly domainEndpoint: string;
   public readonly domainArn: string;
   public readonly masterPasswordSecretArn: string;
@@ -24,21 +27,35 @@ export class InfraStack extends cdk.Stack {
 
     cdk.Tags.of(this).add('observability-stack', this.stackName);
 
-    const opensearch = new OpenSearchConstruct(this, 'OpenSearch', {
-      instanceType: props.osInstanceType ?? 'r6g.large.search',
-      instanceCount: props.osInstanceCount ?? 1,
-      volumeSize: props.osVolumeSize ?? 100,
-    });
+    this.opensearchType = props.opensearchType ?? 'managed';
+
+    if (this.opensearchType === 'serverless') {
+      const collectionName = `obs-${this.stackName}`.toLowerCase().replace(/[^a-z0-9-]/g, '-').slice(0, 32);
+      const serverless = new OpenSearchServerlessConstruct(this, 'OpenSearchServerless', {
+        collectionName,
+      });
+
+      this.domainEndpoint = serverless.collectionEndpoint;
+      this.domainArn = serverless.collectionArn;
+      this.masterPasswordSecretArn = '';
+      this.pipelineRoleArn = serverless.pipelineRole.roleArn;
+    } else {
+      const opensearch = new OpenSearchConstruct(this, 'OpenSearch', {
+        instanceType: props.osInstanceType ?? 'r6g.large.search',
+        instanceCount: props.osInstanceCount ?? 1,
+        volumeSize: props.osVolumeSize ?? 100,
+      });
+
+      this.domainEndpoint = opensearch.domain.domainEndpoint;
+      this.domainArn = opensearch.domain.domainArn;
+      this.masterPasswordSecretArn = opensearch.masterPasswordSecret.secretArn;
+      this.pipelineRoleArn = opensearch.pipelineRole.roleArn;
+    }
 
     const prometheus = new PrometheusConstruct(this, 'Prometheus', {
-      domainArn: opensearch.domain.domainArn,
+      domainArn: this.domainArn,
     });
 
-    // Store for cross-stack refs
-    this.domainEndpoint = opensearch.domain.domainEndpoint;
-    this.domainArn = opensearch.domain.domainArn;
-    this.masterPasswordSecretArn = opensearch.masterPasswordSecret.secretArn;
-    this.pipelineRoleArn = opensearch.pipelineRole.roleArn;
     this.ampWorkspaceArn = prometheus.workspace.attrArn;
     this.ampWorkspaceId = prometheus.workspace.attrWorkspaceId;
     this.dqsDataSourceArn = prometheus.dataSourceArn;
@@ -48,9 +65,12 @@ export class InfraStack extends cdk.Stack {
     const exp = (name: string, value: string) =>
       new cdk.CfnOutput(this, name, { value, exportName: `${this.stackName}-${name}` });
 
+    exp('OpenSearchType', this.opensearchType);
     exp('DomainEndpoint', this.domainEndpoint);
     exp('DomainArn', this.domainArn);
-    exp('MasterPasswordSecretArn', this.masterPasswordSecretArn);
+    if (this.masterPasswordSecretArn) {
+      exp('MasterPasswordSecretArn', this.masterPasswordSecretArn);
+    }
     exp('PipelineRoleArn', this.pipelineRoleArn);
     exp('AmpWorkspaceArn', this.ampWorkspaceArn);
     exp('AmpWorkspaceId', this.ampWorkspaceId);

aws/cdk/lib/ingestion-pipeline.ts

@@ -10,6 +10,7 @@ export interface IngestionPipelineProps {
   region: string;
   minOcu: number;
   maxOcu: number;
+  serverless?: boolean;
 }
 
 export class IngestionPipeline extends Construct {
@@ -22,14 +23,18 @@ export class IngestionPipeline extends Construct {
     const stack = cdk.Stack.of(this);
     this.pipelineName = `obs-stack-${stack.stackName}`.toLowerCase().replace(/[^a-z0-9-]/g, '-').slice(0, 28);
 
-    const opensearchEndpoint = `https://${props.domainEndpoint}`;
+    const opensearchEndpoint = props.domainEndpoint.startsWith('https://')
+      ? props.domainEndpoint
+      : `https://${props.domainEndpoint}`;
     const prometheusUrl = `https://aps-workspaces.${props.region}.amazonaws.com/workspaces/${props.prometheusWorkspaceId}/api/v1/remote_write`;
 
+    const renderFn = props.serverless ? renderServerlessPipelineYaml : renderManagedPipelineYaml;
+
     this.pipeline = new osis.CfnPipeline(this, 'Pipeline', {
       pipelineName: this.pipelineName,
       minUnits: props.minOcu,
       maxUnits: props.maxOcu,
-      pipelineConfigurationBody: renderPipelineYaml({
+      pipelineConfigurationBody: renderFn({
         pipelineName: this.pipelineName,
         opensearchEndpoint,
         prometheusUrl,
@@ -41,13 +46,17 @@ export class IngestionPipeline extends Construct {
   }
 }
 
-function renderPipelineYaml(cfg: {
+interface PipelineConfig {
   pipelineName: string;
   opensearchEndpoint: string;
   prometheusUrl: string;
   region: string;
   roleArn: string;
-}): string {
+}
+
+// ── Managed (AOS) pipeline ──────────────────────────────────────────────────
+
+function renderManagedPipelineYaml(cfg: PipelineConfig): string {
   return `\
 version: '2'
 otlp-pipeline:
@@ -164,3 +173,138 @@ otel-metrics-pipeline:
           region: '${cfg.region}'
 `;
 }
+
+// ── Serverless (AOSS) pipeline ──────────────────────────────────────────────
+
+const LOGS_TEMPLATE = JSON.stringify({"version":1,"template":{"mappings":{"date_detection":false,"_source":{"enabled":true},"dynamic_templates":[{"long_resource_attributes":{"mapping":{"type":"long"},"path_match":"resource.attributes.*","match_mapping_type":"long"}},{"double_resource_attributes":{"mapping":{"type":"double"},"path_match":"resource.attributes.*","match_mapping_type":"double"}},{"string_resource_attributes":{"mapping":{"type":"keyword","ignore_above":256},"path_match":"resource.attributes.*","match_mapping_type":"string"}},{"long_scope_attributes":{"mapping":{"type":"long"},"path_match":"instrumentationScope.attributes.*","match_mapping_type":"long"}},{"double_scope_attributes":{"mapping":{"type":"double"},"path_match":"instrumentationScope.attributes.*","match_mapping_type":"double"}},{"string_scope_attributes":{"mapping":{"type":"keyword","ignore_above":256},"path_match":"instrumentationScope.attributes.*","match_mapping_type":"string"}},{"long_attributes":{"mapping":{"type":"long"},"path_match":"attributes.*","match_mapping_type":"long"}},{"double_attributes":{"mapping":{"type":"double"},"path_match":"attributes.*","match_mapping_type":"double"}},{"string_attributes":{"mapping":{"type":"keyword","ignore_above":256},"path_match":"attributes.*","match_mapping_type":"string"}}],"properties":{"droppedAttributesCount":{"type":"integer"},"instrumentationScope":{"properties":{"droppedAttributesCount":{"type":"integer"},"schemaUrl":{"type":"keyword","ignore_above":256},"name":{"type":"keyword","ignore_above":128},"version":{"type":"keyword","ignore_above":64}}},"resource":{"properties":{"droppedAttributesCount":{"type":"integer"},"schemaUrl":{"type":"keyword","ignore_above":256}}},"severity":{"properties":{"number":{"type":"integer"},"text":{"type":"keyword","ignore_above":32}}},"body":{"type":"text"},"@timestamp":{"type":"date_nanos"},"time":{"type":"date_nanos"},"observedTime":{"type":"date_nanos"},"traceId":{"type":"keyword","ignore_above":32},"spanId":{"type":"keyword","ignore_above":16},"flags":{"type":"long"}}}}});
+
+const TRACES_TEMPLATE = JSON.stringify({"version":1,"template":{"mappings":{"date_detection":false,"_source":{"enabled":true},"dynamic_templates":[{"long_resource_attributes":{"mapping":{"type":"long"},"path_match":"resource.attributes.*","match_mapping_type":"long"}},{"double_resource_attributes":{"mapping":{"type":"double"},"path_match":"resource.attributes.*","match_mapping_type":"double"}},{"string_resource_attributes":{"mapping":{"type":"keyword","ignore_above":256},"path_match":"resource.attributes.*","match_mapping_type":"string"}},{"long_scope_attributes":{"mapping":{"type":"long"},"path_match":"instrumentationScope.attributes.*","match_mapping_type":"long"}},{"double_scope_attributes":{"mapping":{"type":"double"},"path_match":"instrumentationScope.attributes.*","match_mapping_type":"double"}},{"string_scope_attributes":{"mapping":{"type":"keyword","ignore_above":256},"path_match":"instrumentationScope.attributes.*","match_mapping_type":"string"}},{"long_attributes":{"mapping":{"type":"long"},"path_match":"attributes.*","match_mapping_type":"long"}},{"double_attributes":{"mapping":{"type":"double"},"path_match":"attributes.*","match_mapping_type":"double"}},{"string_attributes":{"mapping":{"type":"keyword","ignore_above":256},"path_match":"attributes.*","match_mapping_type":"string"}}],"properties":{"droppedAttributesCount":{"type":"integer"},"instrumentationScope":{"properties":{"droppedAttributesCount":{"type":"integer"},"schemaUrl":{"type":"keyword","ignore_above":256},"name":{"type":"keyword","ignore_above":128},"version":{"type":"keyword","ignore_above":64}}},"resource":{"properties":{"droppedAttributesCount":{"type":"integer"},"schemaUrl":{"type":"keyword","ignore_above":256}}},"traceId":{"type":"keyword","ignore_above":32},"spanId":{"type":"keyword","ignore_above":16},"parentSpanId":{"type":"keyword","ignore_above":16},"name":{"ignore_above":1024,"type":"keyword"},"traceState":{"ignore_above":1024,"type":"keyword"},"traceGroup":{"ignore_above":1024,"type":"keyword"},"traceGroupFields":{"properties":{"endTime":{"type":"date_nanos"},"durationInNanos":{"type":"long"},"statusCode":{"type":"integer"}}},"kind":{"type":"keyword","ignore_above":32},"serviceName":{"type":"keyword","ignore_above":256},"startTime":{"type":"date_nanos"},"endTime":{"type":"date_nanos"},"@timestamp":{"type":"date_nanos"},"time":{"type":"date_nanos"},"status":{"properties":{"code":{"type":"integer"},"message":{"type":"keyword","ignore_above":2048}}},"durationInNanos":{"type":"long"},"events":{"type":"nested","properties":{"name":{"type":"keyword","ignore_above":256},"attributes":{"type":"object"},"droppedAttributesCount":{"type":"integer"},"time":{"type":"date_nanos"}}},"droppedEventsCount":{"type":"integer"},"links":{"type":"nested","properties":{"traceId":{"type":"keyword","ignore_above":32},"spanId":{"type":"keyword","ignore_above":16},"traceState":{"ignore_above":1024,"type":"keyword"},"attributes":{"type":"object"},"droppedAttributesCount":{"type":"integer"}}},"droppedLinksCount":{"type":"integer"}}}}});
+
+const SERVICE_MAP_TEMPLATE = JSON.stringify({"version":0,"template":{"mappings":{"date_detection":false,"dynamic_templates":[{"long_group_by_attributes":{"path_match":"*.groupByAttributes.*","match_mapping_type":"long","mapping":{"type":"long"}}},{"double_group_by_attributes":{"path_match":"*.groupByAttributes.*","match_mapping_type":"double","mapping":{"type":"double"}}},{"string_group_by_attributes":{"path_match":"*.groupByAttributes.*","match_mapping_type":"string","mapping":{"type":"keyword"}}},{"long_operation_attributes":{"path_match":"*.attributes.*","match_mapping_type":"long","mapping":{"type":"long"}}},{"double_operation_attributes":{"path_match":"*.attributes.*","match_mapping_type":"double","mapping":{"type":"double"}}},{"string_operation_attributes":{"path_match":"*.attributes.*","match_mapping_type":"string","mapping":{"type":"keyword"}}}],"_source":{"enabled":true},"properties":{"sourceNode":{"properties":{"type":{"type":"keyword"},"keyAttributes":{"properties":{"environment":{"type":"keyword"},"name":{"type":"keyword"}}},"groupByAttributes":{"type":"object","dynamic":"true"}}},"targetNode":{"properties":{"type":{"type":"keyword"},"keyAttributes":{"properties":{"environment":{"type":"keyword"},"name":{"type":"keyword"}}},"groupByAttributes":{"type":"object","dynamic":"true"}}},"sourceOperation":{"properties":{"name":{"type":"keyword"},"attributes":{"type":"object","dynamic":"true"}}},"targetOperation":{"properties":{"name":{"type":"keyword"},"attributes":{"type":"object","dynamic":"true"}}},"nodeConnectionHash":{"type":"keyword"},"operationConnectionHash":{"type":"keyword"},"timestamp":{"type":"date","format":"strict_date_optional_time||epoch_millis"}}}}});
+
+function renderServerlessPipelineYaml(cfg: PipelineConfig): string {
+  return `\
+version: '2'
+otlp-pipeline:
+  source:
+    otlp:
+      logs_path: '/${cfg.pipelineName}/v1/logs'
+      traces_path: '/${cfg.pipelineName}/v1/traces'
+      metrics_path: '/${cfg.pipelineName}/v1/metrics'
+  route:
+    - logs: 'getEventType() == "LOG"'
+    - traces: 'getEventType() == "TRACE"'
+    - metrics: 'getEventType() == "METRIC"'
+  processor: []
+  sink:
+    - pipeline:
+        name: otel-logs-pipeline
+        routes:
+          - logs
+    - pipeline:
+        name: otel-traces-pipeline
+        routes:
+          - traces
+    - pipeline:
+        name: otel-metrics-pipeline
+        routes:
+          - metrics
+
+otel-logs-pipeline:
+  source:
+    pipeline:
+      name: otlp-pipeline
+  processor:
+    - copy_values:
+        entries:
+          - from_key: "time"
+            to_key: "@timestamp"
+  sink:
+    - opensearch:
+        hosts:
+          - '${cfg.opensearchEndpoint}'
+        index: 'logs-otel-v1'
+        template_type: 'index-template'
+        template_content: '${LOGS_TEMPLATE}'
+        aws:
+          serverless: true
+          region: '${cfg.region}'
+          sts_role_arn: "${cfg.roleArn}"
+
+otel-traces-pipeline:
+  source:
+    pipeline:
+      name: otlp-pipeline
+  processor: []
+  sink:
+    - pipeline:
+        name: traces-raw-pipeline
+        routes: []
+    - pipeline:
+        name: service-map-pipeline
+        routes: []
+
+traces-raw-pipeline:
+  source:
+    pipeline:
+      name: otel-traces-pipeline
+  processor:
+    - otel_traces:
+  sink:
+    - opensearch:
+        hosts:
+          - '${cfg.opensearchEndpoint}'
+        index: 'otel-v1-apm-span'
+        template_type: 'index-template'
+        template_content: '${TRACES_TEMPLATE}'
+        aws:
+          serverless: true
+          region: '${cfg.region}'
+          sts_role_arn: "${cfg.roleArn}"
+
+service-map-pipeline:
+  source:
+    pipeline:
+      name: otel-traces-pipeline
+  processor:
+    - otel_apm_service_map:
+        db_path: /tmp/otel-apm-service-map
+        group_by_attributes:
+          - telemetry.sdk.language
+        window_duration: 30s
+  route:
+    - otel_apm_service_map_route: 'getEventType() == "SERVICE_MAP"'
+    - service_processed_metrics: 'getEventType() == "METRIC"'
+  sink:
+    - opensearch:
+        hosts:
+          - '${cfg.opensearchEndpoint}'
+        aws:
+          serverless: true
+          region: '${cfg.region}'
+          sts_role_arn: "${cfg.roleArn}"
+        routes:
+          - otel_apm_service_map_route
+        index: 'otel-v2-apm-service-map'
+        template_type: 'index-template'
+        template_content: '${SERVICE_MAP_TEMPLATE}'
+    - prometheus:
+        url: '${cfg.prometheusUrl}'
+        aws:
+          region: '${cfg.region}'
+        routes:
+          - service_processed_metrics
+
+otel-metrics-pipeline:
+  source:
+    pipeline:
+      name: otlp-pipeline
+  processor:
+    - otel_metrics:
+  sink:
+    - prometheus:
+        url: '${cfg.prometheusUrl}'
+        aws:
+          region: '${cfg.region}'
+`;
+}