Home Arrow Icon Knowledge base Arrow Icon Global Arrow Icon How do I map a backend role in OpenSearch for DeepSeek


How do I map a backend role in OpenSearch for DeepSeek


To map a backend role in OpenSearch for DeepSeek, follow these detailed steps:

1. Create an IAM Role for Signing the Create Connector Request**

First, you need to create an IAM role specifically for signing the create connector request. This role will be used to authenticate and authorize the connection between OpenSearch and DeepSeek.

1. Name the IAM Role: Name the role something like `my_create_deepseek_connector_role`.

2. Custom Trust Policy: Define a custom trust policy for this role. This policy specifies which AWS IAM user can assume this role. Here's an example of what the policy might look like: 

json
   {
     "Version": "2012-10-17",
     "Statement": [
       {
         "Effect": "Allow",
         "Principal": {
           "AWS": "your_iam_user_arn"
         },
         "Action": "sts:AssumeRole"
       }
     ]
   }

Replace `your_iam_user_arn` with the ARN of the IAM user that will run the `aws sts assume-role` command later.

3. Permissions: Define the necessary permissions for this role. You need to allow the role to pass itself and perform HTTP POST operations on your OpenSearch domain. Here's an example of what the permissions policy might look like: 

json
   {
     "Version": "2012-10-17",
     "Statement": [
       {
         "Effect": "Allow",
         "Action": "iam:PassRole",
         "Resource": "your_iam_role_arn_created_in_step1"
       },
       {
         "Effect": "Allow",
         "Action": "es:ESHttpPost",
         "Resource": "your_opensearch_domain_arn_created_in_step0"
       }
     ]
   }

Replace `your_iam_role_arn_created_in_step1` with the ARN of the role you are creating, and `your_opensearch_domain_arn_created_in_step0` with the ARN of your OpenSearch domain.

2. Map the Backend Role in OpenSearch**

Now that you have created the IAM role, you need to map it as a backend role in OpenSearch.

1. Access OpenSearch Dashboards: Log in to your OpenSearch Dashboards.

2. Navigate to Security: From the left navigation menu, select Security.

3. Select Roles: Click on Roles and then select the role you want to map the backend role to, such as `ml_full_access`.

4. Manage Mapped Users: On the role details page, select the Mapped users tab and then click on Manage mapping.

5. Enter the IAM Role ARN: In the Manage mapping section, enter the ARN of the IAM role you created earlier (`my_create_deepseek_connector_role`) in the backend roles field.

6. Map the Role: Click Map to successfully configure the IAM role as a backend role in your OpenSearch cluster.

3. Integrate DeepSeek with OpenSearch**

To integrate DeepSeek with OpenSearch, you can use the connector framework provided by OpenSearch. Here’s a brief overview of how to set up a retrieval-augmented generation (RAG) pipeline:

1. Set Up OpenSearch: Ensure OpenSearch is running and accessible.

2. Install Required Packages: Install necessary Python packages like `opensearch-py`, `transformers`, `torch`, and `sentence-transformers` using pip.

3. Create a Connector for DeepSeek: Use OpenSearch’s connector blueprints to create a connector for the DeepSeek model. This involves specifying the model endpoint and any necessary authentication details.

4. Configure RAG Pipeline: Set up a RAG pipeline in OpenSearch that uses the DeepSeek connector for text generation. This pipeline typically involves searching the vector database for relevant information and then using DeepSeek to generate a response based on that information.

By following these steps, you can effectively map a backend role in OpenSearch for DeepSeek integration and set up a RAG system that leverages the capabilities of both platforms.

Citations:
[1] https://github.com/opensearch-project/ml-commons/blob/main/docs/tutorials/aws/RAG_with_DeepSeek_R1_model_on_Bedrock.md
[2] https://opensearch.org/blog/OpenSearch-Now-Supports-DeepSeek-Chat-Models/
[3] https://opster.com/guides/opensearch/opensearch-security/opensearch-security-access-control-users-roles-permissions/
[4] https://github.com/opensearch-project/ml-commons/blob/main/docs/tutorials/aws/RAG_with_DeepSeek_R1_model_on_Sagemaker.md
[5] https://opensearch.org/blog/deepseek-integration-rag/
[6] https://aws.amazon.com/blogs/big-data/field-level-security-in-amazon-opensearch-service/
[7] https://opensearch.org/docs/latest/security/access-control/users-roles/
[8] https://aws.amazon.com/blogs/big-data/use-deepseek-with-amazon-opensearch-service-vector-database-and-amazon-sagemaker/
[9] https://opensearch.isharkfly.com/security/access-control/users-roles/