1. Answers
  2. Creating an AWS OpenSearch Domain Policy

How do I create an AWS OpenSearch domain policy?

In this guide, we will create an AWS OpenSearch domain policy using Pulumi in TypeScript. This policy will define access control rules for your OpenSearch domain, ensuring that only authorized users and services can interact with it.

Key Points

  • Define an OpenSearch domain.
  • Create a domain policy to manage access control.
  • Use Pulumi to manage the infrastructure as code.

Below is the Pulumi program to create an AWS OpenSearch domain and apply a domain policy:

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

// Define the OpenSearch domain
const domain = new aws.opensearch.Domain("myDomain", {
    domainName: "example-domain",
    engineVersion: "OpenSearch_1.0",
    clusterConfig: {
        instanceType: "m6g.large.search",
        instanceCount: 2,
    },
    ebsOptions: {
        ebsEnabled: true,
        volumeSize: 10,
        volumeType: "gp2",
    },
    accessPolicies: pulumi.output({
        Version: "2012-10-17",
        Statement: [{
            Effect: "Allow",
            Principal: {
                AWS: "*"
            },
            Action: "es:*",
            Resource: "arn:aws:es:us-west-2:123456789012:domain/example-domain/*"
        }]
    }).apply(JSON.stringify),
});

// Create the domain policy
const domainPolicy = new aws.opensearch.DomainPolicy("myDomainPolicy", {
    domainName: domain.domainName,
    accessPolicies: domain.accessPolicies,
});

// Export the domain endpoint
export const domainEndpoint = domain.endpoint;

Summary

In this guide, we created an AWS OpenSearch domain and applied a domain policy using Pulumi in TypeScript. The policy defines access control rules to manage who can interact with the OpenSearch domain. This ensures that your OpenSearch domain remains secure and accessible only to authorized users and services.

Deploy this code

Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.

Sign up

New to Pulumi?

Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.

Sign up