Unable to set MultiAZWithStandbyEnabled in override

[bishoym]

How did you install the Amplify CLI?

npm

If applicable, what version of Node.js are you using?

No response

Amplify CLI Version

12.4.0

What operating system are you using?

MacOS Ventura

Did you make any manual changes to the cloud resources managed by Amplify? Please describe the changes made.

No manual changes made. We're running a multi-env setup so I'm trying to get everything configured dynamically through overrides.

Describe the bug

I'd like to setup Multi-AZ with Standby through an amplify override. As of now, I'm able to get about 90% of the way there.

Here's my current overrides.js file

import {
    AmplifyApiGraphQlResourceStackTemplate,
    AmplifyProjectInfo,
} from '@aws-amplify/cli-extensibility-helper';

const PROD_CONFIG = {
    instanceType: 'm5.large.elasticsearch',
    instanceCount: 3,
    zoneAwarenessEnabled: true,
    zoneAwarenessConfig: {
        availabilityZoneCount: 3,
    },
    dedicatedMasterEnabled: true,
    dedicatedMasterCount: 3,
    dedicatedMasterType: 'm5.large.elasticsearch',
    multiAzWithStandbyEnabled: true,  // <-- This is the important bit. The rest of the config deploys as expected
}
const DEV_CONFIG = {
    instanceType: 't3.small.elasticsearch',
    instanceCount: 1,
}

export function override(
    resources: AmplifyApiGraphQlResourceStackTemplate,
    amplifyProjectInfo: AmplifyProjectInfo
) {
    const osConfig = amplifyProjectInfo.envName === "PROD" ? PROD_CONFIG : DEV_CONFIG;
    const encryptAtRestEnabled = amplifyProjectInfo.envName === "PROD";

    resources.opensearch.OpenSearchDomain.elasticsearchVersion = 'OpenSearch_1.3';
    resources.opensearch.OpenSearchDomain.elasticsearchClusterConfig = {
        ...resources.opensearch.OpenSearchDomain.elasticsearchClusterConfig,
        ...osConfig
    };
    resources.opensearch.OpenSearchDomain.encryptionAtRestOptions = {
        ...resources.opensearch.OpenSearchDomain.encryptionAtRestOptions,
        enabled: encryptAtRestEnabled,

    };
    resources.opensearch.OpenSearchStreamingLambdaFunction.runtime = "python3.9";
}

Expected behavior

I'm able to replicate most -if not all- of the same config that I can manually set through the AWS console; except this one property.

Reproduction steps

1. Run amplify override api
2. Add above config to project
3. Amplify push
4. Verify changes in AWS console

Project Identifier

No response

Log output

``` # Put your logs below this line ```

Additional information

No response

Before submitting, please confirm:

• [X] I have done my best to include a minimal, self-contained set of instructions for consistently reproducing the issue.
• [X] I have removed any sensitive information from my code snippets and submission.

[edwardfoyle]

Hi @bishoym what is the error you are seeing when you try to deploy your backend? One thing that I notice is it looks like the CDK Domain construct has a clusterConfig property rather than elasticsearchClusterConfig. Could you try using clusterConfig instead?

[bishoym]

Hey @edwardfoyle, I'm on @aws-amplify/cli-extensibility-helper version ^3.0.0 as an FYI. Note: The reason I mention my version is because I get this error in VSCode when adding multiAzWithStandbyEnabled in the first place: Object literal may only specify known properties, and multiAzWithStandbyEnabled does not exist in type ElasticsearchClusterConfigProperty.

That said, here's some further info based on your response:

• I'm not seeing a clusterConfig property. If I try to use that, I get a Property clusterConfig does not exist on type CfnDomain TS error in VSCode. Want me to ignore it and try an amplify push anyway?

• RE what happens on deployment, the answer is nothing. It doesn't throw an error where I would expect it to. It deploys just fine. The problem is that the final deployment—as verified by checking the AWS console—ends up defined as 3-AZ without standby. The rest of the config is parsed and deployed properly.

• I also tried stripping down my config to just this property and got the following error on amplify push: You must choose a minimum of three data nodes for a three Availability Zone deployment [...] If the default is 1 node without standby it wouldn't ask for 3 nodes unless it also understood that I was trying to set multiAzWithStandby.

  • If I go further and specify the following properties only: instanceCount, instanceType, and multiAzWithStandbyEnabled I get a successful push but the AWS console now says I've got 3 nodes in 1-AZ without standby—not quite what I was hoping for.

[ykethan]

hey, I'm going to transfer this over to our API repository for better assistance on the OpenSearch configuration 🙂.

[bishoym]

Hi @ykethan thanks for making the transfer. Any idea when I might hear back about this? We're shooting for SOC-II compliance and this config is critical for the audit.

[AaronZyLee]

The elasticSearch naming properties are expected as the current searchable in amplify does not fully migrate to the opensearch module yet, which still stays on the ElasticSearch 7.10. This results the different CfnDomain for elasticsearch and opensearch. As a consequence, the extensibility helper stays at the old APIs for elasticsearch to meet the current situtation.

This is a limitation for the current amplify overrides for elastic search to open search as the module is not fully migrated. This will be addressed once we finish the full migration from elastic search to opensearch.

[bishoym]

@AaronZyLee any ideas for a workaround? We can set the property manually through the console, but it gets overwritten on amplify push.

Not ideal because SOC-II type-2 compliance requires the config be maintained for at least a year afaik.