OpenSearch Version

01 Sign in to the AWS Management Console.

02 Navigate to Amazon OpenSearch console at https://console.aws.amazon.com/esv3/.

03 In the main navigation panel, under Dashboard, select Domains.

04 Click on the name (link) of the OpenSearch domain that you want to examine.

05 In the General information section, check the Version attribute value to determine the OpenSearch/ElasticSearch version installed on the selected domain. If the Upgrade available link is listed under the OpenSearch/ElasticSearch version installed, a new version of OpenSearch/ElasticSearch is available, therefore the selected Amazon OpenSearch domain should be upgraded to benefit from all the improvements that come with the latest version of OpenSearch/ElasticSearch.

06 Repeat steps no. 4 and 5 for each Amazon OpenSearch cluster available within the current AWS region.

07 Change the AWS cloud region from the navigation bar and repeat the Audit process for other regions.

01 Run list-domain-names command (OSX/Linux/UNIX) to list the name of each Amazon OpenSearch cluster (domain) available in the selected AWS region:

aws es list-domain-names
  --region us-east-1
  --query 'DomainNames[*].DomainName'

02 The command output should return the identifier (name) of each OpenSearch domain provisioned in the selected region:

[
	"trendmicro",
	"cloudconformity"
]

03 Run describe-elasticsearch-domain command (OSX/Linux/UNIX) using the name of the Amazon OpenSearch cluster that you want to examine as the identifier parameter and custom query filters to describe the OpenSearch/ElasticSearch version installed on the selected domain:

aws es describe-elasticsearch-domain
  --region us-east-1
  --domain-name trendmicro
  --query 'DomainStatus.ElasticsearchVersion'

04 The command output should return the OpenSearch/ElasticSearch version installed:

"OpenSearch_2.11"

05 Check the latest version of the OpenSearch/ElasticSearch engine supported by Amazon OpenSearch, listed on this page, and compare that with the version number returned at the previous step. If there is a newer engine version released and supported by OpenSearch service, the selected Amazon OpenSearch domain should be upgraded to benefit from all the improvements that come with the latest version of OpenSearch/ElasticSearch.

06 Repeat steps no. 3 – 5 for each Amazon OpenSearch cluster available in the selected AWS region.

07 Change the AWS cloud region by updating the --region command parameter value and repeat the Audit process for other regions.

01 CloudFormation template (JSON):

{
	"AWSTemplateFormatVersion": "2010-09-09",
	"Description": "Upgrade OpenSearch/ElasticSearch Engine Version to Latest Version",
	"Resources": {
	"OpenSearchDomain": {
		"Type":"AWS::OpenSearchService::Domain",
		"Properties": {
			"DomainName": "cc-opensearch-domain",
			"EngineVersion": "OpenSearch_2.11",
			"ClusterConfig": {
				"InstanceType": "t3.small.search",
				"InstanceCount": "2"
			},
			"EBSOptions": {
				"EBSEnabled": true,
				"VolumeType": "gp2",
				"VolumeSize": "50"
			},
			"AccessPolicies": {
				"Version":"2012-10-17",
				"Statement":[
				{
					"Effect": "Allow",
					"Principal": {
						"AWS": "arn:aws:iam::123456789012:user/cc-opensearch-user"
					},
					"Action":"es:*",
					"Resource": "arn:aws:es:us-east-1:123456789012:domain/cc-opensearch-domain/*"
				}
				]
			}
		}
		}
	}
}

02 CloudFormation template (YAML):

AWSTemplateFormatVersion: '2010-09-09'
	Description: Upgrade OpenSearch/ElasticSearch Engine Version to Latest Version
	Resources:
		OpenSearchDomain:
		Type: AWS::OpenSearchService::Domain
		Properties:
			DomainName: cc-opensearch-domain
			EngineVersion: OpenSearch_2.11
			ClusterConfig:
			InstanceType: t3.small.search
			InstanceCount: '2'
			EBSOptions:
			EBSEnabled: true
			VolumeType: gp2
			VolumeSize: '50'
			AccessPolicies:
			Version: '2012-10-17'
			Statement:
				- Effect: Allow
				Principal:
					AWS: arn:aws:iam::123456789012:user/cc-opensearch-user
				Action: es:*
				Resource: arn:aws:es:us-east-1:123456789012:domain/cc-opensearch-domain/*

01 Terraform configuration file (.tf):

terraform {
	required_providers {
		aws = {
			source  = "hashicorp/aws"
			version = "~> 4.0"
		}
	}

	required_version = ">= 0.14.9"
}

provider "aws" {
	region  = "us-east-1"
}

resource "aws_opensearch_domain" "opensearch-domain" {
	domain_name = "cc-opensearch-domain"

	# Upgrade OpenSearch/ElasticSearch Engine Version to Latest Version
	engine_version = "OpenSearch_2.11"

	cluster_config {
		instance_type = "t3.small.search"
		instance_count = 2
	}

	ebs_options {
		ebs_enabled = true
		volume_size = 50
		volume_type = "gp2"
	}

	access_policies = <<POLICY
	{
		"Version": "2012-10-17",
		"Statement":[
			{
				"Effect": "Allow",
				"Principal": {
				"AWS": "arn:aws:iam::123456789012:user/cc-opensearch-user"
				},
				"Action":"es:*",
				"Resource": "arn:aws:es:us-east-1:123456789012:domain/cc-opensearch-domain/*"
			}
		]
	}
	POLICY

}

01 Sign in to the AWS Management Console.

02 Navigate to Amazon OpenSearch console at https://console.aws.amazon.com/esv3/.

03 In the main navigation panel, under Dashboard, select Domains.

04 Select the OpenSearch domain that you want to reconfigure, choose Actions from the console top menu, and select Upgrade under Version upgrade.

05 In the Upgrade version configuration window, perform the following actions:

1. Choose the latest version of OpenSearch/ElasticSearch from the Select upgrade version dropdown list. If the latest version of OpenSearch is selected, check the Enable compatibility mode checkbox.
2. Under Action, choose Check upgrade eligibility to determine if the selected domain is eligible to upgrade. If the domain is eligible to upgrade, the Amazon OpenSearch console will return the following confirmation message: This domain is eligible for an upgrade from <old-version> to <new-version>.
3. Under Action, choose Upgrade domain, type upgrade in the required field, and choose Upgrade to initiate the in-place upgrade for the selected OpenSearch domain. The upgrade process is irreversible and can't be paused or canceled. During an upgrade, you can't make configuration changes to the selected domain. The domain status will become Active once the upgrade process is completed.

06 Repeat steps no. 4 and 5 to upgrade the engine version for other Amazon OpenSearch domains available within the current AWS region.

07 Change the AWS cloud region from the navigation bar and repeat the Remediation process for other regions.

01 Run upgrade-elasticsearch-domain command (OSX/Linux/UNIX) with the --perform-check-only parameter to perform an upgrade eligibility check to the latest OpenSearch/Elasticsearch compatible version:

aws es upgrade-elasticsearch-domain
  --region us-east-1
  --domain-name trendmicro
  --target-version "OpenSearch_2.11"
  --perform-check-only

02 If the specified domain is eligible to upgrade, the upgrade-elasticsearch-domain command should return the following output:

{
	"DomainName": "trendmicro",
	"TargetVersion": "OpenSearch_2.11",
	"PerformCheckOnly": true
}

03 If the selected Amazon OpenSearch domain is eligible to upgrade, run upgrade-elasticsearch-domain command (OSX/Linux/UNIX) without the --perform-check-only parameter to initiate the in-place upgrade for the selected Amazon OpenSearch domain. The upgrade process is irreversible and can't be paused or canceled. During an upgrade, you can't make configuration changes to the selected domain. The domain status will become "Active" once the upgrade process is completed:

aws es upgrade-elasticsearch-domain
  --region us-east-1
  --domain-name trendmicro
  --target-version "OpenSearch_1.2"

04 The output should return the upgrade-elasticsearch-domain command request metadata:

{
	"DomainName": "trendmicro",
	"TargetVersion": "OpenSearch_2.11"
}

05 Repeat steps no. 1 – 4 to upgrade the engine version for other Amazon OpenSearch domains available in the selected AWS region.

06 Change the AWS cloud region by updating the --region command parameter value and repeat the Remediation process for other regions.