Elasticsearch catalogs #
You can use an Elasticsearch catalog to configure access to Elasticsearch in the following deployments:
Configure a catalog #
To create an Elasticsearch catalog, select Catalogs in the main navigation and click Configure a catalog. On the Select a data source screen, select Elasticsearch.
Select a cloud provider #
The Cloud provider configuration is necessary to allow Starburst Galaxy to correctly match catalogs and clusters.
The data source configured in a catalog, and the cluster must operate in the same cloud provider and region for performance and cost reasons.
Define catalog name and description #
The Name of the catalog is visible in the Query editor and other clients. It is used to identify the catalog when writing SQL or showing the catalog and its nested schemas and tables in client applications.
The name is displayed in the Query editor, and when running a SHOW
CATALOGS command. It is used to fully
qualify the name of any table in SQL queries following the
catalogname.schemaname.tablename syntax. For example, you can run the
following query in the sample cluster without first setting the catalog or
SELECT * FROM tpch.sf1.nation;
The Description is a short, optional paragraph that provides further details about the catalog. It appears in the Starburst Galaxy user interface and can help other users determine what data can be accessed with the catalog.
Configure the connection #
The connection to the database requires username and password authentication and details to connect to the database server, typically hostname or IP address and port. The following sections detail the setup for the supported cloud providers.
A connection to the database can be established directly, if the Starburst Galaxy IP range/CIDR is allowed to connect.
If the database is only accessible inside the virtual private cloud (VPC) of the cloud provider, you can use an SSH tunnel with a bastion host in the VPC.
Elasticsearch configuration #
To configure the connection to your Elasticsearch cluster, you must provide details according to your cloud provider.
Provide the following details to connect to your Elasticsearch or OpenSearch cluster with AWS:
- Elasticsearch endpoint, find the endpoint in the portal of your Elasticsearch or OpenSearch cluster.
- Port, the Elasticsearch port is typically 443.
Select one of the following authentication methods:
- Password based
- Cross account IAM role
- AWS access key
With Password based authentication, provide your username and password.
With Cross account IAM role authentication, provide the endpoint region and the alias for the cross account role.
With AWS access key authentication, provide the endpoint region, AWS access key, and the AWS secret key.
Read External security in AWS to learn about configuring these details in the AWS console.
Google Cloud and Microsoft Azure #
Provide the following details to connect to your Elasticsearch cluster with Google Cloud or Microsoft Azure:
- Elasticsearch endpoint, find the endpoint in the Microsoft Azure or Google Cloud portal.
- Port, the Elasticsearch port is typically 443.
- Username, your Elasticsearch username.
- Password, use the password for your username.
Test the connection #
Once you have configured the connection details, use the Test connection button to confirm data access is working. If the test is successful, you can save the catalog.
If the test fails, Starburst Galaxy provides detailed diagnostic information that you can use to fix the database configuration in the cloud provider system.
Connect catalog #
Click Connect catalog, and proceed to set permissions where you can grant access to certain roles.
Set permissions #
This optional step allows you to configure read only access to the catalog.
Click Skip to go straight to adding the catalog to a cluster. If you skip this step, you can add read only access to your catalog for any Starburst Galaxy role later. Skipping this step leaves only the following roles with access to schemas and tables in the catalog:
- Administrative roles.
- The currently logged-in role that created the catalog.
Setting permissions grants all specified roles read only access to the catalog. As a result, users have read access to all contained schema, tables, and views.
Use the following steps to assign read access to roles:
- In the Catalog-level permissions section, toggle the Read-only catalog switch to prevent write access. For catalogs pre-set to read-only, this option is already set to Read-only catalog and disabled.
- In the Role-level permissions section, expand the menu in the Roles with read access field.
- Select one or more roles from the list to grant read access to.
Click Save access controls.
Add to cluster #
You can add your catalog to a cluster later by editing a cluster. Click Skip to proceed to the catalogs page.
Use the following steps to add your catalog to an existing cluster or create a new cluster in the same cloud region:
- In the Add to cluster section, expand the menu in the Select cluster field.
- Select one or more existing clusters from the drop down menu.
- Click Create a new cluster to create a new cluster in the same region, and add it to the cluster selection menu.
Click Add to cluster to view your new catalog’s configuration.
The Pending changes to clusters dialog appears when you try to add a catalog to a running cluster.
- In the Pending changes to cluster dialog, click Return to catalogs to edit the catalog or create a new catalog.
- Click Go to clusters to confirm the addition of the catalog to the running cluster.
On the Clusters page, click the Update icon beside the running cluster, to add the catalog.
Is the information on this page helpful?