Deployments and Infrastructure > Shared OpenSearch Cluster
Shared OpenSearch Cluster
Deploy a shared Amazon OpenSearch cluster for use across multiple Webiny development environments.
- when and why to use a shared OpenSearch cluster for development
- which settings Webiny requires and has tested
- how to deploy a dev-suitable cluster with Pulumi — basic and HTTPS/fine-grained access variants
- how to connect your Webiny environments to the shared cluster
Overview
Running a dedicated OpenSearch domain per developer is expensive. A practical alternative is to deploy one shared cluster and point each developer’s Webiny environment at it, using a unique index prefix to isolate their data within the same domain.
The shared cluster must be deployed and managed outside of Webiny — Webiny does not provision it. You can use the AWS console, Terraform, Pulumi, or any infrastructure tooling you already use.
If you do not need OpenSearch in dev at all, see DynamoDB-Only Dev Environments for the simpler alternative.
Recommended Configuration
The following settings are what Webiny uses internally and has tested against.
| Setting | Recommended value |
|---|---|
| Engine version | OpenSearch_3.3 |
| Instance type | t3.small.search |
| Instance count | 1 |
| EBS volume type | gp2 |
| EBS volume size | 10 GB |
rest.action.multi.allow_explicit_index | true |
For CI environments where reliability matters more, Webiny uses r5.large.search with an instance count of 2. Scale up from the defaults above as needed.
A dev cluster deployed without encryption at rest, node-to-node encryption, or HTTPS enforcement relies on AWS defaults. This is acceptable for a private VPC-based cluster, but add these settings for any cluster reachable over a public network.
Deploying With Pulumi
Basic
The following program deploys a minimal OpenSearch cluster suitable for shared development use. Access control uses account-level IAM signing, which works with Webiny’s default configuration.
Note the endpoint output after deploying — you will need it when connecting Webiny.
With HTTPS and Fine-Grained Access
For clusters accessible over a public network, or for CI environments that require fine-grained access control, add encryption, HTTPS enforcement, and an internal user database. The example below also provisions a custom domain via Route53 and ACM — skip the certificate and DNS resources if you do not need a custom endpoint.
When using fine-grained access control, pass username and password when connecting Webiny — see Amazon OpenSearch for the props.
Connecting Webiny
Once the cluster is running, configure each Webiny environment to point to it. See Amazon OpenSearch for the full list of configuration options.
A typical dev setup where multiple developers share one cluster looks like this:
Each developer sets a unique indexPrefix — for example alice_ or bob_ — so their Webiny indexes do not overlap inside the shared cluster. If the cluster is reachable via a custom endpoint, add the endpoint prop as well.