1. Packages
  2. AWS Cloud Control
  3. API Docs
  4. opensearchservice
  5. Domain

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.13.0 published on Wednesday, Dec 4, 2024 by Pulumi

aws-native.opensearchservice.Domain

Explore with Pulumi AI

aws-native logo

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.13.0 published on Wednesday, Dec 4, 2024 by Pulumi

    An example resource schema demonstrating some basic constructs and validation rules.

    Create Domain Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new Domain(name: string, args?: DomainArgs, opts?: CustomResourceOptions);
    @overload
    def Domain(resource_name: str,
               args: Optional[DomainArgs] = None,
               opts: Optional[ResourceOptions] = None)
    
    @overload
    def Domain(resource_name: str,
               opts: Optional[ResourceOptions] = None,
               access_policies: Optional[Any] = None,
               advanced_options: Optional[Mapping[str, str]] = None,
               advanced_security_options: Optional[DomainAdvancedSecurityOptionsInputArgs] = None,
               cluster_config: Optional[DomainClusterConfigArgs] = None,
               cognito_options: Optional[DomainCognitoOptionsArgs] = None,
               domain_endpoint_options: Optional[DomainEndpointOptionsArgs] = None,
               domain_name: Optional[str] = None,
               ebs_options: Optional[DomainEbsOptionsArgs] = None,
               encryption_at_rest_options: Optional[DomainEncryptionAtRestOptionsArgs] = None,
               engine_version: Optional[str] = None,
               identity_center_options: Optional[DomainIdentityCenterOptionsArgs] = None,
               ip_address_type: Optional[str] = None,
               log_publishing_options: Optional[Mapping[str, DomainLogPublishingOptionArgs]] = None,
               node_to_node_encryption_options: Optional[DomainNodeToNodeEncryptionOptionsArgs] = None,
               off_peak_window_options: Optional[DomainOffPeakWindowOptionsArgs] = None,
               skip_shard_migration_wait: Optional[bool] = None,
               snapshot_options: Optional[DomainSnapshotOptionsArgs] = None,
               software_update_options: Optional[DomainSoftwareUpdateOptionsArgs] = None,
               tags: Optional[Sequence[_root_inputs.TagArgs]] = None,
               vpc_options: Optional[DomainVpcOptionsArgs] = None)
    func NewDomain(ctx *Context, name string, args *DomainArgs, opts ...ResourceOption) (*Domain, error)
    public Domain(string name, DomainArgs? args = null, CustomResourceOptions? opts = null)
    public Domain(String name, DomainArgs args)
    public Domain(String name, DomainArgs args, CustomResourceOptions options)
    
    type: aws-native:opensearchservice:Domain
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args DomainArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args DomainArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args DomainArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args DomainArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args DomainArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Domain Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The Domain resource accepts the following input properties:

    AccessPolicies object

    An AWS Identity and Access Management ( IAM ) policy document that specifies who can access the OpenSearch Service domain and their permissions. For more information, see Configuring access policies in the Amazon OpenSearch Service Developer Guide .

    Search the CloudFormation User Guide for AWS::OpenSearchService::Domain for more information about the expected schema for this property.

    AdvancedOptions Dictionary<string, string>
    Additional options to specify for the OpenSearch Service domain. For more information, see AdvancedOptions in the OpenSearch Service API reference.
    AdvancedSecurityOptions Pulumi.AwsNative.OpenSearchService.Inputs.DomainAdvancedSecurityOptionsInput

    Specifies options for fine-grained access control and SAML authentication.

    If you specify advanced security options, you must also enable node-to-node encryption ( NodeToNodeEncryptionOptions ) and encryption at rest ( EncryptionAtRestOptions ). You must also enable EnforceHTTPS within DomainEndpointOptions , which requires HTTPS for all traffic to the domain.

    ClusterConfig Pulumi.AwsNative.OpenSearchService.Inputs.DomainClusterConfig
    Container for the cluster configuration of a domain.
    CognitoOptions Pulumi.AwsNative.OpenSearchService.Inputs.DomainCognitoOptions
    Configures OpenSearch Service to use Amazon Cognito authentication for OpenSearch Dashboards.
    DomainEndpointOptions Pulumi.AwsNative.OpenSearchService.Inputs.DomainEndpointOptions
    Specifies additional options for the domain endpoint, such as whether to require HTTPS for all traffic or whether to use a custom endpoint rather than the default endpoint.
    DomainName string

    A name for the OpenSearch Service domain. The name must have a minimum length of 3 and a maximum length of 28. If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the domain name. For more information, see Name Type .

    Required when creating a new domain.

    If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.

    EbsOptions Pulumi.AwsNative.OpenSearchService.Inputs.DomainEbsOptions
    The configurations of Amazon Elastic Block Store (Amazon EBS) volumes that are attached to data nodes in the OpenSearch Service domain. For more information, see EBS volume size limits in the Amazon OpenSearch Service Developer Guide .
    EncryptionAtRestOptions Pulumi.AwsNative.OpenSearchService.Inputs.DomainEncryptionAtRestOptions

    Whether the domain should encrypt data at rest, and if so, the AWS KMS key to use. See Encryption of data at rest for Amazon OpenSearch Service .

    If no encryption at rest options were initially specified in the template, updating this property by adding it causes no interruption. However, if you change this property after it's already been set within a template, the domain is deleted and recreated in order to modify the property.

    EngineVersion string

    The version of OpenSearch to use. The value must be in the format OpenSearch_X.Y or Elasticsearch_X.Y . If not specified, the latest version of OpenSearch is used. For information about the versions that OpenSearch Service supports, see Supported versions of OpenSearch and Elasticsearch in the Amazon OpenSearch Service Developer Guide .

    If you set the EnableVersionUpgrade update policy to true , you can update EngineVersion without interruption. When EnableVersionUpgrade is set to false , or is not specified, updating EngineVersion results in replacement .

    IdentityCenterOptions Pulumi.AwsNative.OpenSearchService.Inputs.DomainIdentityCenterOptions
    Container for IAM Identity Center Option control for the domain.
    IpAddressType string
    Choose either dual stack or IPv4 as your IP address type. Dual stack allows you to share domain resources across IPv4 and IPv6 address types, and is the recommended option. If you set your IP address type to dual stack, you can't change your address type later.
    LogPublishingOptions Dictionary<string, Pulumi.AwsNative.OpenSearchService.Inputs.DomainLogPublishingOptionArgs>
    An object with one or more of the following keys: SEARCH_SLOW_LOGS , ES_APPLICATION_LOGS , INDEX_SLOW_LOGS , AUDIT_LOGS , depending on the types of logs you want to publish. Each key needs a valid LogPublishingOption value. For the full syntax, see the examples .
    NodeToNodeEncryptionOptions Pulumi.AwsNative.OpenSearchService.Inputs.DomainNodeToNodeEncryptionOptions
    Specifies whether node-to-node encryption is enabled. See Node-to-node encryption for Amazon OpenSearch Service .
    OffPeakWindowOptions Pulumi.AwsNative.OpenSearchService.Inputs.DomainOffPeakWindowOptions
    Options for a domain's off-peak window, during which OpenSearch Service can perform mandatory configuration changes on the domain.
    SkipShardMigrationWait bool
    SnapshotOptions Pulumi.AwsNative.OpenSearchService.Inputs.DomainSnapshotOptions
    DEPRECATED . The automated snapshot configuration for the OpenSearch Service domain indexes.
    SoftwareUpdateOptions Pulumi.AwsNative.OpenSearchService.Inputs.DomainSoftwareUpdateOptions
    Service software update options for the domain.
    Tags List<Pulumi.AwsNative.Inputs.Tag>
    An arbitrary set of tags (key-value pairs) for this Domain.
    VpcOptions Pulumi.AwsNative.OpenSearchService.Inputs.DomainVpcOptions

    The virtual private cloud (VPC) configuration for the OpenSearch Service domain. For more information, see Launching your Amazon OpenSearch Service domains within a VPC in the Amazon OpenSearch Service Developer Guide .

    If you remove this entity altogether, along with its associated properties, it causes a replacement. You might encounter this scenario if you're updating your security configuration from a VPC to a public endpoint.

    AccessPolicies interface{}

    An AWS Identity and Access Management ( IAM ) policy document that specifies who can access the OpenSearch Service domain and their permissions. For more information, see Configuring access policies in the Amazon OpenSearch Service Developer Guide .

    Search the CloudFormation User Guide for AWS::OpenSearchService::Domain for more information about the expected schema for this property.

    AdvancedOptions map[string]string
    Additional options to specify for the OpenSearch Service domain. For more information, see AdvancedOptions in the OpenSearch Service API reference.
    AdvancedSecurityOptions DomainAdvancedSecurityOptionsInputArgs

    Specifies options for fine-grained access control and SAML authentication.

    If you specify advanced security options, you must also enable node-to-node encryption ( NodeToNodeEncryptionOptions ) and encryption at rest ( EncryptionAtRestOptions ). You must also enable EnforceHTTPS within DomainEndpointOptions , which requires HTTPS for all traffic to the domain.

    ClusterConfig DomainClusterConfigArgs
    Container for the cluster configuration of a domain.
    CognitoOptions DomainCognitoOptionsArgs
    Configures OpenSearch Service to use Amazon Cognito authentication for OpenSearch Dashboards.
    DomainEndpointOptions DomainEndpointOptionsArgs
    Specifies additional options for the domain endpoint, such as whether to require HTTPS for all traffic or whether to use a custom endpoint rather than the default endpoint.
    DomainName string

    A name for the OpenSearch Service domain. The name must have a minimum length of 3 and a maximum length of 28. If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the domain name. For more information, see Name Type .

    Required when creating a new domain.

    If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.

    EbsOptions DomainEbsOptionsArgs
    The configurations of Amazon Elastic Block Store (Amazon EBS) volumes that are attached to data nodes in the OpenSearch Service domain. For more information, see EBS volume size limits in the Amazon OpenSearch Service Developer Guide .
    EncryptionAtRestOptions DomainEncryptionAtRestOptionsArgs

    Whether the domain should encrypt data at rest, and if so, the AWS KMS key to use. See Encryption of data at rest for Amazon OpenSearch Service .

    If no encryption at rest options were initially specified in the template, updating this property by adding it causes no interruption. However, if you change this property after it's already been set within a template, the domain is deleted and recreated in order to modify the property.

    EngineVersion string

    The version of OpenSearch to use. The value must be in the format OpenSearch_X.Y or Elasticsearch_X.Y . If not specified, the latest version of OpenSearch is used. For information about the versions that OpenSearch Service supports, see Supported versions of OpenSearch and Elasticsearch in the Amazon OpenSearch Service Developer Guide .

    If you set the EnableVersionUpgrade update policy to true , you can update EngineVersion without interruption. When EnableVersionUpgrade is set to false , or is not specified, updating EngineVersion results in replacement .

    IdentityCenterOptions DomainIdentityCenterOptionsArgs
    Container for IAM Identity Center Option control for the domain.
    IpAddressType string
    Choose either dual stack or IPv4 as your IP address type. Dual stack allows you to share domain resources across IPv4 and IPv6 address types, and is the recommended option. If you set your IP address type to dual stack, you can't change your address type later.
    LogPublishingOptions map[string]DomainLogPublishingOptionArgs
    An object with one or more of the following keys: SEARCH_SLOW_LOGS , ES_APPLICATION_LOGS , INDEX_SLOW_LOGS , AUDIT_LOGS , depending on the types of logs you want to publish. Each key needs a valid LogPublishingOption value. For the full syntax, see the examples .
    NodeToNodeEncryptionOptions DomainNodeToNodeEncryptionOptionsArgs
    Specifies whether node-to-node encryption is enabled. See Node-to-node encryption for Amazon OpenSearch Service .
    OffPeakWindowOptions DomainOffPeakWindowOptionsArgs
    Options for a domain's off-peak window, during which OpenSearch Service can perform mandatory configuration changes on the domain.
    SkipShardMigrationWait bool
    SnapshotOptions DomainSnapshotOptionsArgs
    DEPRECATED . The automated snapshot configuration for the OpenSearch Service domain indexes.
    SoftwareUpdateOptions DomainSoftwareUpdateOptionsArgs
    Service software update options for the domain.
    Tags TagArgs
    An arbitrary set of tags (key-value pairs) for this Domain.
    VpcOptions DomainVpcOptionsArgs

    The virtual private cloud (VPC) configuration for the OpenSearch Service domain. For more information, see Launching your Amazon OpenSearch Service domains within a VPC in the Amazon OpenSearch Service Developer Guide .

    If you remove this entity altogether, along with its associated properties, it causes a replacement. You might encounter this scenario if you're updating your security configuration from a VPC to a public endpoint.

    accessPolicies Object

    An AWS Identity and Access Management ( IAM ) policy document that specifies who can access the OpenSearch Service domain and their permissions. For more information, see Configuring access policies in the Amazon OpenSearch Service Developer Guide .

    Search the CloudFormation User Guide for AWS::OpenSearchService::Domain for more information about the expected schema for this property.

    advancedOptions Map<String,String>
    Additional options to specify for the OpenSearch Service domain. For more information, see AdvancedOptions in the OpenSearch Service API reference.
    advancedSecurityOptions DomainAdvancedSecurityOptionsInput

    Specifies options for fine-grained access control and SAML authentication.

    If you specify advanced security options, you must also enable node-to-node encryption ( NodeToNodeEncryptionOptions ) and encryption at rest ( EncryptionAtRestOptions ). You must also enable EnforceHTTPS within DomainEndpointOptions , which requires HTTPS for all traffic to the domain.

    clusterConfig DomainClusterConfig
    Container for the cluster configuration of a domain.
    cognitoOptions DomainCognitoOptions
    Configures OpenSearch Service to use Amazon Cognito authentication for OpenSearch Dashboards.
    domainEndpointOptions DomainEndpointOptions
    Specifies additional options for the domain endpoint, such as whether to require HTTPS for all traffic or whether to use a custom endpoint rather than the default endpoint.
    domainName String

    A name for the OpenSearch Service domain. The name must have a minimum length of 3 and a maximum length of 28. If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the domain name. For more information, see Name Type .

    Required when creating a new domain.

    If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.

    ebsOptions DomainEbsOptions
    The configurations of Amazon Elastic Block Store (Amazon EBS) volumes that are attached to data nodes in the OpenSearch Service domain. For more information, see EBS volume size limits in the Amazon OpenSearch Service Developer Guide .
    encryptionAtRestOptions DomainEncryptionAtRestOptions

    Whether the domain should encrypt data at rest, and if so, the AWS KMS key to use. See Encryption of data at rest for Amazon OpenSearch Service .

    If no encryption at rest options were initially specified in the template, updating this property by adding it causes no interruption. However, if you change this property after it's already been set within a template, the domain is deleted and recreated in order to modify the property.

    engineVersion String

    The version of OpenSearch to use. The value must be in the format OpenSearch_X.Y or Elasticsearch_X.Y . If not specified, the latest version of OpenSearch is used. For information about the versions that OpenSearch Service supports, see Supported versions of OpenSearch and Elasticsearch in the Amazon OpenSearch Service Developer Guide .

    If you set the EnableVersionUpgrade update policy to true , you can update EngineVersion without interruption. When EnableVersionUpgrade is set to false , or is not specified, updating EngineVersion results in replacement .

    identityCenterOptions DomainIdentityCenterOptions
    Container for IAM Identity Center Option control for the domain.
    ipAddressType String
    Choose either dual stack or IPv4 as your IP address type. Dual stack allows you to share domain resources across IPv4 and IPv6 address types, and is the recommended option. If you set your IP address type to dual stack, you can't change your address type later.
    logPublishingOptions Map<String,DomainLogPublishingOptionArgs>
    An object with one or more of the following keys: SEARCH_SLOW_LOGS , ES_APPLICATION_LOGS , INDEX_SLOW_LOGS , AUDIT_LOGS , depending on the types of logs you want to publish. Each key needs a valid LogPublishingOption value. For the full syntax, see the examples .
    nodeToNodeEncryptionOptions DomainNodeToNodeEncryptionOptions
    Specifies whether node-to-node encryption is enabled. See Node-to-node encryption for Amazon OpenSearch Service .
    offPeakWindowOptions DomainOffPeakWindowOptions
    Options for a domain's off-peak window, during which OpenSearch Service can perform mandatory configuration changes on the domain.
    skipShardMigrationWait Boolean
    snapshotOptions DomainSnapshotOptions
    DEPRECATED . The automated snapshot configuration for the OpenSearch Service domain indexes.
    softwareUpdateOptions DomainSoftwareUpdateOptions
    Service software update options for the domain.
    tags List<Tag>
    An arbitrary set of tags (key-value pairs) for this Domain.
    vpcOptions DomainVpcOptions

    The virtual private cloud (VPC) configuration for the OpenSearch Service domain. For more information, see Launching your Amazon OpenSearch Service domains within a VPC in the Amazon OpenSearch Service Developer Guide .

    If you remove this entity altogether, along with its associated properties, it causes a replacement. You might encounter this scenario if you're updating your security configuration from a VPC to a public endpoint.

    accessPolicies any

    An AWS Identity and Access Management ( IAM ) policy document that specifies who can access the OpenSearch Service domain and their permissions. For more information, see Configuring access policies in the Amazon OpenSearch Service Developer Guide .

    Search the CloudFormation User Guide for AWS::OpenSearchService::Domain for more information about the expected schema for this property.

    advancedOptions {[key: string]: string}
    Additional options to specify for the OpenSearch Service domain. For more information, see AdvancedOptions in the OpenSearch Service API reference.
    advancedSecurityOptions DomainAdvancedSecurityOptionsInput

    Specifies options for fine-grained access control and SAML authentication.

    If you specify advanced security options, you must also enable node-to-node encryption ( NodeToNodeEncryptionOptions ) and encryption at rest ( EncryptionAtRestOptions ). You must also enable EnforceHTTPS within DomainEndpointOptions , which requires HTTPS for all traffic to the domain.

    clusterConfig DomainClusterConfig
    Container for the cluster configuration of a domain.
    cognitoOptions DomainCognitoOptions
    Configures OpenSearch Service to use Amazon Cognito authentication for OpenSearch Dashboards.
    domainEndpointOptions DomainEndpointOptions
    Specifies additional options for the domain endpoint, such as whether to require HTTPS for all traffic or whether to use a custom endpoint rather than the default endpoint.
    domainName string

    A name for the OpenSearch Service domain. The name must have a minimum length of 3 and a maximum length of 28. If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the domain name. For more information, see Name Type .

    Required when creating a new domain.

    If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.

    ebsOptions DomainEbsOptions
    The configurations of Amazon Elastic Block Store (Amazon EBS) volumes that are attached to data nodes in the OpenSearch Service domain. For more information, see EBS volume size limits in the Amazon OpenSearch Service Developer Guide .
    encryptionAtRestOptions DomainEncryptionAtRestOptions

    Whether the domain should encrypt data at rest, and if so, the AWS KMS key to use. See Encryption of data at rest for Amazon OpenSearch Service .

    If no encryption at rest options were initially specified in the template, updating this property by adding it causes no interruption. However, if you change this property after it's already been set within a template, the domain is deleted and recreated in order to modify the property.

    engineVersion string

    The version of OpenSearch to use. The value must be in the format OpenSearch_X.Y or Elasticsearch_X.Y . If not specified, the latest version of OpenSearch is used. For information about the versions that OpenSearch Service supports, see Supported versions of OpenSearch and Elasticsearch in the Amazon OpenSearch Service Developer Guide .

    If you set the EnableVersionUpgrade update policy to true , you can update EngineVersion without interruption. When EnableVersionUpgrade is set to false , or is not specified, updating EngineVersion results in replacement .

    identityCenterOptions DomainIdentityCenterOptions
    Container for IAM Identity Center Option control for the domain.
    ipAddressType string
    Choose either dual stack or IPv4 as your IP address type. Dual stack allows you to share domain resources across IPv4 and IPv6 address types, and is the recommended option. If you set your IP address type to dual stack, you can't change your address type later.
    logPublishingOptions {[key: string]: DomainLogPublishingOptionArgs}
    An object with one or more of the following keys: SEARCH_SLOW_LOGS , ES_APPLICATION_LOGS , INDEX_SLOW_LOGS , AUDIT_LOGS , depending on the types of logs you want to publish. Each key needs a valid LogPublishingOption value. For the full syntax, see the examples .
    nodeToNodeEncryptionOptions DomainNodeToNodeEncryptionOptions
    Specifies whether node-to-node encryption is enabled. See Node-to-node encryption for Amazon OpenSearch Service .
    offPeakWindowOptions DomainOffPeakWindowOptions
    Options for a domain's off-peak window, during which OpenSearch Service can perform mandatory configuration changes on the domain.
    skipShardMigrationWait boolean
    snapshotOptions DomainSnapshotOptions
    DEPRECATED . The automated snapshot configuration for the OpenSearch Service domain indexes.
    softwareUpdateOptions DomainSoftwareUpdateOptions
    Service software update options for the domain.
    tags Tag[]
    An arbitrary set of tags (key-value pairs) for this Domain.
    vpcOptions DomainVpcOptions

    The virtual private cloud (VPC) configuration for the OpenSearch Service domain. For more information, see Launching your Amazon OpenSearch Service domains within a VPC in the Amazon OpenSearch Service Developer Guide .

    If you remove this entity altogether, along with its associated properties, it causes a replacement. You might encounter this scenario if you're updating your security configuration from a VPC to a public endpoint.

    access_policies Any

    An AWS Identity and Access Management ( IAM ) policy document that specifies who can access the OpenSearch Service domain and their permissions. For more information, see Configuring access policies in the Amazon OpenSearch Service Developer Guide .

    Search the CloudFormation User Guide for AWS::OpenSearchService::Domain for more information about the expected schema for this property.

    advanced_options Mapping[str, str]
    Additional options to specify for the OpenSearch Service domain. For more information, see AdvancedOptions in the OpenSearch Service API reference.
    advanced_security_options DomainAdvancedSecurityOptionsInputArgs

    Specifies options for fine-grained access control and SAML authentication.

    If you specify advanced security options, you must also enable node-to-node encryption ( NodeToNodeEncryptionOptions ) and encryption at rest ( EncryptionAtRestOptions ). You must also enable EnforceHTTPS within DomainEndpointOptions , which requires HTTPS for all traffic to the domain.

    cluster_config DomainClusterConfigArgs
    Container for the cluster configuration of a domain.
    cognito_options DomainCognitoOptionsArgs
    Configures OpenSearch Service to use Amazon Cognito authentication for OpenSearch Dashboards.
    domain_endpoint_options DomainEndpointOptionsArgs
    Specifies additional options for the domain endpoint, such as whether to require HTTPS for all traffic or whether to use a custom endpoint rather than the default endpoint.
    domain_name str

    A name for the OpenSearch Service domain. The name must have a minimum length of 3 and a maximum length of 28. If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the domain name. For more information, see Name Type .

    Required when creating a new domain.

    If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.

    ebs_options DomainEbsOptionsArgs
    The configurations of Amazon Elastic Block Store (Amazon EBS) volumes that are attached to data nodes in the OpenSearch Service domain. For more information, see EBS volume size limits in the Amazon OpenSearch Service Developer Guide .
    encryption_at_rest_options DomainEncryptionAtRestOptionsArgs

    Whether the domain should encrypt data at rest, and if so, the AWS KMS key to use. See Encryption of data at rest for Amazon OpenSearch Service .

    If no encryption at rest options were initially specified in the template, updating this property by adding it causes no interruption. However, if you change this property after it's already been set within a template, the domain is deleted and recreated in order to modify the property.

    engine_version str

    The version of OpenSearch to use. The value must be in the format OpenSearch_X.Y or Elasticsearch_X.Y . If not specified, the latest version of OpenSearch is used. For information about the versions that OpenSearch Service supports, see Supported versions of OpenSearch and Elasticsearch in the Amazon OpenSearch Service Developer Guide .

    If you set the EnableVersionUpgrade update policy to true , you can update EngineVersion without interruption. When EnableVersionUpgrade is set to false , or is not specified, updating EngineVersion results in replacement .

    identity_center_options DomainIdentityCenterOptionsArgs
    Container for IAM Identity Center Option control for the domain.
    ip_address_type str
    Choose either dual stack or IPv4 as your IP address type. Dual stack allows you to share domain resources across IPv4 and IPv6 address types, and is the recommended option. If you set your IP address type to dual stack, you can't change your address type later.
    log_publishing_options Mapping[str, DomainLogPublishingOptionArgs]
    An object with one or more of the following keys: SEARCH_SLOW_LOGS , ES_APPLICATION_LOGS , INDEX_SLOW_LOGS , AUDIT_LOGS , depending on the types of logs you want to publish. Each key needs a valid LogPublishingOption value. For the full syntax, see the examples .
    node_to_node_encryption_options DomainNodeToNodeEncryptionOptionsArgs
    Specifies whether node-to-node encryption is enabled. See Node-to-node encryption for Amazon OpenSearch Service .
    off_peak_window_options DomainOffPeakWindowOptionsArgs
    Options for a domain's off-peak window, during which OpenSearch Service can perform mandatory configuration changes on the domain.
    skip_shard_migration_wait bool
    snapshot_options DomainSnapshotOptionsArgs
    DEPRECATED . The automated snapshot configuration for the OpenSearch Service domain indexes.
    software_update_options DomainSoftwareUpdateOptionsArgs
    Service software update options for the domain.
    tags Sequence[TagArgs]
    An arbitrary set of tags (key-value pairs) for this Domain.
    vpc_options DomainVpcOptionsArgs

    The virtual private cloud (VPC) configuration for the OpenSearch Service domain. For more information, see Launching your Amazon OpenSearch Service domains within a VPC in the Amazon OpenSearch Service Developer Guide .

    If you remove this entity altogether, along with its associated properties, it causes a replacement. You might encounter this scenario if you're updating your security configuration from a VPC to a public endpoint.

    accessPolicies Any

    An AWS Identity and Access Management ( IAM ) policy document that specifies who can access the OpenSearch Service domain and their permissions. For more information, see Configuring access policies in the Amazon OpenSearch Service Developer Guide .

    Search the CloudFormation User Guide for AWS::OpenSearchService::Domain for more information about the expected schema for this property.

    advancedOptions Map<String>
    Additional options to specify for the OpenSearch Service domain. For more information, see AdvancedOptions in the OpenSearch Service API reference.
    advancedSecurityOptions Property Map

    Specifies options for fine-grained access control and SAML authentication.

    If you specify advanced security options, you must also enable node-to-node encryption ( NodeToNodeEncryptionOptions ) and encryption at rest ( EncryptionAtRestOptions ). You must also enable EnforceHTTPS within DomainEndpointOptions , which requires HTTPS for all traffic to the domain.

    clusterConfig Property Map
    Container for the cluster configuration of a domain.
    cognitoOptions Property Map
    Configures OpenSearch Service to use Amazon Cognito authentication for OpenSearch Dashboards.
    domainEndpointOptions Property Map
    Specifies additional options for the domain endpoint, such as whether to require HTTPS for all traffic or whether to use a custom endpoint rather than the default endpoint.
    domainName String

    A name for the OpenSearch Service domain. The name must have a minimum length of 3 and a maximum length of 28. If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the domain name. For more information, see Name Type .

    Required when creating a new domain.

    If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.

    ebsOptions Property Map
    The configurations of Amazon Elastic Block Store (Amazon EBS) volumes that are attached to data nodes in the OpenSearch Service domain. For more information, see EBS volume size limits in the Amazon OpenSearch Service Developer Guide .
    encryptionAtRestOptions Property Map

    Whether the domain should encrypt data at rest, and if so, the AWS KMS key to use. See Encryption of data at rest for Amazon OpenSearch Service .

    If no encryption at rest options were initially specified in the template, updating this property by adding it causes no interruption. However, if you change this property after it's already been set within a template, the domain is deleted and recreated in order to modify the property.

    engineVersion String

    The version of OpenSearch to use. The value must be in the format OpenSearch_X.Y or Elasticsearch_X.Y . If not specified, the latest version of OpenSearch is used. For information about the versions that OpenSearch Service supports, see Supported versions of OpenSearch and Elasticsearch in the Amazon OpenSearch Service Developer Guide .

    If you set the EnableVersionUpgrade update policy to true , you can update EngineVersion without interruption. When EnableVersionUpgrade is set to false , or is not specified, updating EngineVersion results in replacement .

    identityCenterOptions Property Map
    Container for IAM Identity Center Option control for the domain.
    ipAddressType String
    Choose either dual stack or IPv4 as your IP address type. Dual stack allows you to share domain resources across IPv4 and IPv6 address types, and is the recommended option. If you set your IP address type to dual stack, you can't change your address type later.
    logPublishingOptions Map<Property Map>
    An object with one or more of the following keys: SEARCH_SLOW_LOGS , ES_APPLICATION_LOGS , INDEX_SLOW_LOGS , AUDIT_LOGS , depending on the types of logs you want to publish. Each key needs a valid LogPublishingOption value. For the full syntax, see the examples .
    nodeToNodeEncryptionOptions Property Map
    Specifies whether node-to-node encryption is enabled. See Node-to-node encryption for Amazon OpenSearch Service .
    offPeakWindowOptions Property Map
    Options for a domain's off-peak window, during which OpenSearch Service can perform mandatory configuration changes on the domain.
    skipShardMigrationWait Boolean
    snapshotOptions Property Map
    DEPRECATED . The automated snapshot configuration for the OpenSearch Service domain indexes.
    softwareUpdateOptions Property Map
    Service software update options for the domain.
    tags List<Property Map>
    An arbitrary set of tags (key-value pairs) for this Domain.
    vpcOptions Property Map

    The virtual private cloud (VPC) configuration for the OpenSearch Service domain. For more information, see Launching your Amazon OpenSearch Service domains within a VPC in the Amazon OpenSearch Service Developer Guide .

    If you remove this entity altogether, along with its associated properties, it causes a replacement. You might encounter this scenario if you're updating your security configuration from a VPC to a public endpoint.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the Domain resource produces the following output properties:

    Arn string
    The Amazon Resource Name (ARN) of the CloudFormation stack.
    AwsId string
    The resource ID. For example, 123456789012/my-domain .
    DomainArn string
    The Amazon Resource Name (ARN) of the domain. See Identifiers for IAM Entities in Using AWS Identity and Access Management for more information.
    DomainEndpoint string
    The domain-specific endpoint used for requests to the OpenSearch APIs, such as search-mystack-1ab2cdefghij-ab1c2deckoyb3hofw7wpqa3cm.us-west-1.es.amazonaws.com .
    DomainEndpointV2 string
    If IPAddressType to set to dualstack , a version 2 domain endpoint is provisioned. This endpoint functions like a normal endpoint, except that it works with both IPv4 and IPv6 IP addresses. Normal endpoints work only with IPv4 IP addresses.
    DomainEndpoints Dictionary<string, string>
    Id string
    The provider-assigned unique ID for this managed resource.
    ServiceSoftwareOptions Pulumi.AwsNative.OpenSearchService.Outputs.DomainServiceSoftwareOptions
    Arn string
    The Amazon Resource Name (ARN) of the CloudFormation stack.
    AwsId string
    The resource ID. For example, 123456789012/my-domain .
    DomainArn string
    The Amazon Resource Name (ARN) of the domain. See Identifiers for IAM Entities in Using AWS Identity and Access Management for more information.
    DomainEndpoint string
    The domain-specific endpoint used for requests to the OpenSearch APIs, such as search-mystack-1ab2cdefghij-ab1c2deckoyb3hofw7wpqa3cm.us-west-1.es.amazonaws.com .
    DomainEndpointV2 string
    If IPAddressType to set to dualstack , a version 2 domain endpoint is provisioned. This endpoint functions like a normal endpoint, except that it works with both IPv4 and IPv6 IP addresses. Normal endpoints work only with IPv4 IP addresses.
    DomainEndpoints map[string]string
    Id string
    The provider-assigned unique ID for this managed resource.
    ServiceSoftwareOptions DomainServiceSoftwareOptions
    arn String
    The Amazon Resource Name (ARN) of the CloudFormation stack.
    awsId String
    The resource ID. For example, 123456789012/my-domain .
    domainArn String
    The Amazon Resource Name (ARN) of the domain. See Identifiers for IAM Entities in Using AWS Identity and Access Management for more information.
    domainEndpoint String
    The domain-specific endpoint used for requests to the OpenSearch APIs, such as search-mystack-1ab2cdefghij-ab1c2deckoyb3hofw7wpqa3cm.us-west-1.es.amazonaws.com .
    domainEndpointV2 String
    If IPAddressType to set to dualstack , a version 2 domain endpoint is provisioned. This endpoint functions like a normal endpoint, except that it works with both IPv4 and IPv6 IP addresses. Normal endpoints work only with IPv4 IP addresses.
    domainEndpoints Map<String,String>
    id String
    The provider-assigned unique ID for this managed resource.
    serviceSoftwareOptions DomainServiceSoftwareOptions
    arn string
    The Amazon Resource Name (ARN) of the CloudFormation stack.
    awsId string
    The resource ID. For example, 123456789012/my-domain .
    domainArn string
    The Amazon Resource Name (ARN) of the domain. See Identifiers for IAM Entities in Using AWS Identity and Access Management for more information.
    domainEndpoint string
    The domain-specific endpoint used for requests to the OpenSearch APIs, such as search-mystack-1ab2cdefghij-ab1c2deckoyb3hofw7wpqa3cm.us-west-1.es.amazonaws.com .
    domainEndpointV2 string
    If IPAddressType to set to dualstack , a version 2 domain endpoint is provisioned. This endpoint functions like a normal endpoint, except that it works with both IPv4 and IPv6 IP addresses. Normal endpoints work only with IPv4 IP addresses.
    domainEndpoints {[key: string]: string}
    id string
    The provider-assigned unique ID for this managed resource.
    serviceSoftwareOptions DomainServiceSoftwareOptions
    arn str
    The Amazon Resource Name (ARN) of the CloudFormation stack.
    aws_id str
    The resource ID. For example, 123456789012/my-domain .
    domain_arn str
    The Amazon Resource Name (ARN) of the domain. See Identifiers for IAM Entities in Using AWS Identity and Access Management for more information.
    domain_endpoint str
    The domain-specific endpoint used for requests to the OpenSearch APIs, such as search-mystack-1ab2cdefghij-ab1c2deckoyb3hofw7wpqa3cm.us-west-1.es.amazonaws.com .
    domain_endpoint_v2 str
    If IPAddressType to set to dualstack , a version 2 domain endpoint is provisioned. This endpoint functions like a normal endpoint, except that it works with both IPv4 and IPv6 IP addresses. Normal endpoints work only with IPv4 IP addresses.
    domain_endpoints Mapping[str, str]
    id str
    The provider-assigned unique ID for this managed resource.
    service_software_options DomainServiceSoftwareOptions
    arn String
    The Amazon Resource Name (ARN) of the CloudFormation stack.
    awsId String
    The resource ID. For example, 123456789012/my-domain .
    domainArn String
    The Amazon Resource Name (ARN) of the domain. See Identifiers for IAM Entities in Using AWS Identity and Access Management for more information.
    domainEndpoint String
    The domain-specific endpoint used for requests to the OpenSearch APIs, such as search-mystack-1ab2cdefghij-ab1c2deckoyb3hofw7wpqa3cm.us-west-1.es.amazonaws.com .
    domainEndpointV2 String
    If IPAddressType to set to dualstack , a version 2 domain endpoint is provisioned. This endpoint functions like a normal endpoint, except that it works with both IPv4 and IPv6 IP addresses. Normal endpoints work only with IPv4 IP addresses.
    domainEndpoints Map<String>
    id String
    The provider-assigned unique ID for this managed resource.
    serviceSoftwareOptions Property Map

    Supporting Types

    DomainAdvancedSecurityOptionsInput, DomainAdvancedSecurityOptionsInputArgs

    AnonymousAuthDisableDate string
    Date and time when the migration period will be disabled. Only necessary when enabling fine-grained access control on an existing domain .
    AnonymousAuthEnabled bool
    True to enable a 30-day migration period during which administrators can create role mappings. Only necessary when enabling fine-grained access control on an existing domain .
    Enabled bool
    True to enable fine-grained access control. You must also enable encryption of data at rest and node-to-node encryption. See Fine-grained access control in Amazon OpenSearch Service .
    InternalUserDatabaseEnabled bool
    True to enable the internal user database.
    JwtOptions Pulumi.AwsNative.OpenSearchService.Inputs.DomainJwtOptions
    Container for information about the JWT configuration of the Amazon OpenSearch Service.
    MasterUserOptions Pulumi.AwsNative.OpenSearchService.Inputs.DomainMasterUserOptions
    Specifies information about the master user.
    SamlOptions Pulumi.AwsNative.OpenSearchService.Inputs.DomainSamlOptions
    Container for information about the SAML configuration for OpenSearch Dashboards.
    AnonymousAuthDisableDate string
    Date and time when the migration period will be disabled. Only necessary when enabling fine-grained access control on an existing domain .
    AnonymousAuthEnabled bool
    True to enable a 30-day migration period during which administrators can create role mappings. Only necessary when enabling fine-grained access control on an existing domain .
    Enabled bool
    True to enable fine-grained access control. You must also enable encryption of data at rest and node-to-node encryption. See Fine-grained access control in Amazon OpenSearch Service .
    InternalUserDatabaseEnabled bool
    True to enable the internal user database.
    JwtOptions DomainJwtOptions
    Container for information about the JWT configuration of the Amazon OpenSearch Service.
    MasterUserOptions DomainMasterUserOptions
    Specifies information about the master user.
    SamlOptions DomainSamlOptions
    Container for information about the SAML configuration for OpenSearch Dashboards.
    anonymousAuthDisableDate String
    Date and time when the migration period will be disabled. Only necessary when enabling fine-grained access control on an existing domain .
    anonymousAuthEnabled Boolean
    True to enable a 30-day migration period during which administrators can create role mappings. Only necessary when enabling fine-grained access control on an existing domain .
    enabled Boolean
    True to enable fine-grained access control. You must also enable encryption of data at rest and node-to-node encryption. See Fine-grained access control in Amazon OpenSearch Service .
    internalUserDatabaseEnabled Boolean
    True to enable the internal user database.
    jwtOptions DomainJwtOptions
    Container for information about the JWT configuration of the Amazon OpenSearch Service.
    masterUserOptions DomainMasterUserOptions
    Specifies information about the master user.
    samlOptions DomainSamlOptions
    Container for information about the SAML configuration for OpenSearch Dashboards.
    anonymousAuthDisableDate string
    Date and time when the migration period will be disabled. Only necessary when enabling fine-grained access control on an existing domain .
    anonymousAuthEnabled boolean
    True to enable a 30-day migration period during which administrators can create role mappings. Only necessary when enabling fine-grained access control on an existing domain .
    enabled boolean
    True to enable fine-grained access control. You must also enable encryption of data at rest and node-to-node encryption. See Fine-grained access control in Amazon OpenSearch Service .
    internalUserDatabaseEnabled boolean
    True to enable the internal user database.
    jwtOptions DomainJwtOptions
    Container for information about the JWT configuration of the Amazon OpenSearch Service.
    masterUserOptions DomainMasterUserOptions
    Specifies information about the master user.
    samlOptions DomainSamlOptions
    Container for information about the SAML configuration for OpenSearch Dashboards.
    anonymous_auth_disable_date str
    Date and time when the migration period will be disabled. Only necessary when enabling fine-grained access control on an existing domain .
    anonymous_auth_enabled bool
    True to enable a 30-day migration period during which administrators can create role mappings. Only necessary when enabling fine-grained access control on an existing domain .
    enabled bool
    True to enable fine-grained access control. You must also enable encryption of data at rest and node-to-node encryption. See Fine-grained access control in Amazon OpenSearch Service .
    internal_user_database_enabled bool
    True to enable the internal user database.
    jwt_options DomainJwtOptions
    Container for information about the JWT configuration of the Amazon OpenSearch Service.
    master_user_options DomainMasterUserOptions
    Specifies information about the master user.
    saml_options DomainSamlOptions
    Container for information about the SAML configuration for OpenSearch Dashboards.
    anonymousAuthDisableDate String
    Date and time when the migration period will be disabled. Only necessary when enabling fine-grained access control on an existing domain .
    anonymousAuthEnabled Boolean
    True to enable a 30-day migration period during which administrators can create role mappings. Only necessary when enabling fine-grained access control on an existing domain .
    enabled Boolean
    True to enable fine-grained access control. You must also enable encryption of data at rest and node-to-node encryption. See Fine-grained access control in Amazon OpenSearch Service .
    internalUserDatabaseEnabled Boolean
    True to enable the internal user database.
    jwtOptions Property Map
    Container for information about the JWT configuration of the Amazon OpenSearch Service.
    masterUserOptions Property Map
    Specifies information about the master user.
    samlOptions Property Map
    Container for information about the SAML configuration for OpenSearch Dashboards.

    DomainClusterConfig, DomainClusterConfigArgs

    ColdStorageOptions Pulumi.AwsNative.OpenSearchService.Inputs.DomainColdStorageOptions
    Container for cold storage configuration options.
    DedicatedMasterCount int
    The number of instances to use for the master node. If you specify this property, you must specify true for the DedicatedMasterEnabled property.
    DedicatedMasterEnabled bool
    Indicates whether to use a dedicated master node for the OpenSearch Service domain. A dedicated master node is a cluster node that performs cluster management tasks, but doesn't hold data or respond to data upload requests. Dedicated master nodes offload cluster management tasks to increase the stability of your search clusters. See Dedicated master nodes in Amazon OpenSearch Service .
    DedicatedMasterType string
    The hardware configuration of the computer that hosts the dedicated master node, such as m3.medium.search . If you specify this property, you must specify true for the DedicatedMasterEnabled property. For valid values, see Supported instance types in Amazon OpenSearch Service .
    InstanceCount int
    The number of data nodes (instances) to use in the OpenSearch Service domain.
    InstanceType string
    The instance type for your data nodes, such as m3.medium.search . For valid values, see Supported instance types in Amazon OpenSearch Service .
    MultiAzWithStandbyEnabled bool
    Indicates whether Multi-AZ with Standby deployment option is enabled. For more information, see Multi-AZ with Standby .
    WarmCount int
    The number of warm nodes in the cluster.
    WarmEnabled bool
    Whether to enable UltraWarm storage for the cluster. See UltraWarm storage for Amazon OpenSearch Service .
    WarmType string
    The instance type for the cluster's warm nodes.
    ZoneAwarenessConfig Pulumi.AwsNative.OpenSearchService.Inputs.DomainZoneAwarenessConfig
    Specifies zone awareness configuration options. Only use if ZoneAwarenessEnabled is true .
    ZoneAwarenessEnabled bool
    Indicates whether to enable zone awareness for the OpenSearch Service domain. When you enable zone awareness, OpenSearch Service allocates the nodes and replica index shards that belong to a cluster across two Availability Zones (AZs) in the same region to prevent data loss and minimize downtime in the event of node or data center failure. Don't enable zone awareness if your cluster has no replica index shards or is a single-node cluster. For more information, see Configuring a multi-AZ domain in Amazon OpenSearch Service .
    ColdStorageOptions DomainColdStorageOptions
    Container for cold storage configuration options.
    DedicatedMasterCount int
    The number of instances to use for the master node. If you specify this property, you must specify true for the DedicatedMasterEnabled property.
    DedicatedMasterEnabled bool
    Indicates whether to use a dedicated master node for the OpenSearch Service domain. A dedicated master node is a cluster node that performs cluster management tasks, but doesn't hold data or respond to data upload requests. Dedicated master nodes offload cluster management tasks to increase the stability of your search clusters. See Dedicated master nodes in Amazon OpenSearch Service .
    DedicatedMasterType string
    The hardware configuration of the computer that hosts the dedicated master node, such as m3.medium.search . If you specify this property, you must specify true for the DedicatedMasterEnabled property. For valid values, see Supported instance types in Amazon OpenSearch Service .
    InstanceCount int
    The number of data nodes (instances) to use in the OpenSearch Service domain.
    InstanceType string
    The instance type for your data nodes, such as m3.medium.search . For valid values, see Supported instance types in Amazon OpenSearch Service .
    MultiAzWithStandbyEnabled bool
    Indicates whether Multi-AZ with Standby deployment option is enabled. For more information, see Multi-AZ with Standby .
    WarmCount int
    The number of warm nodes in the cluster.
    WarmEnabled bool
    Whether to enable UltraWarm storage for the cluster. See UltraWarm storage for Amazon OpenSearch Service .
    WarmType string
    The instance type for the cluster's warm nodes.
    ZoneAwarenessConfig DomainZoneAwarenessConfig
    Specifies zone awareness configuration options. Only use if ZoneAwarenessEnabled is true .
    ZoneAwarenessEnabled bool
    Indicates whether to enable zone awareness for the OpenSearch Service domain. When you enable zone awareness, OpenSearch Service allocates the nodes and replica index shards that belong to a cluster across two Availability Zones (AZs) in the same region to prevent data loss and minimize downtime in the event of node or data center failure. Don't enable zone awareness if your cluster has no replica index shards or is a single-node cluster. For more information, see Configuring a multi-AZ domain in Amazon OpenSearch Service .
    coldStorageOptions DomainColdStorageOptions
    Container for cold storage configuration options.
    dedicatedMasterCount Integer
    The number of instances to use for the master node. If you specify this property, you must specify true for the DedicatedMasterEnabled property.
    dedicatedMasterEnabled Boolean
    Indicates whether to use a dedicated master node for the OpenSearch Service domain. A dedicated master node is a cluster node that performs cluster management tasks, but doesn't hold data or respond to data upload requests. Dedicated master nodes offload cluster management tasks to increase the stability of your search clusters. See Dedicated master nodes in Amazon OpenSearch Service .
    dedicatedMasterType String
    The hardware configuration of the computer that hosts the dedicated master node, such as m3.medium.search . If you specify this property, you must specify true for the DedicatedMasterEnabled property. For valid values, see Supported instance types in Amazon OpenSearch Service .
    instanceCount Integer
    The number of data nodes (instances) to use in the OpenSearch Service domain.
    instanceType String
    The instance type for your data nodes, such as m3.medium.search . For valid values, see Supported instance types in Amazon OpenSearch Service .
    multiAzWithStandbyEnabled Boolean
    Indicates whether Multi-AZ with Standby deployment option is enabled. For more information, see Multi-AZ with Standby .
    warmCount Integer
    The number of warm nodes in the cluster.
    warmEnabled Boolean
    Whether to enable UltraWarm storage for the cluster. See UltraWarm storage for Amazon OpenSearch Service .
    warmType String
    The instance type for the cluster's warm nodes.
    zoneAwarenessConfig DomainZoneAwarenessConfig
    Specifies zone awareness configuration options. Only use if ZoneAwarenessEnabled is true .
    zoneAwarenessEnabled Boolean
    Indicates whether to enable zone awareness for the OpenSearch Service domain. When you enable zone awareness, OpenSearch Service allocates the nodes and replica index shards that belong to a cluster across two Availability Zones (AZs) in the same region to prevent data loss and minimize downtime in the event of node or data center failure. Don't enable zone awareness if your cluster has no replica index shards or is a single-node cluster. For more information, see Configuring a multi-AZ domain in Amazon OpenSearch Service .
    coldStorageOptions DomainColdStorageOptions
    Container for cold storage configuration options.
    dedicatedMasterCount number
    The number of instances to use for the master node. If you specify this property, you must specify true for the DedicatedMasterEnabled property.
    dedicatedMasterEnabled boolean
    Indicates whether to use a dedicated master node for the OpenSearch Service domain. A dedicated master node is a cluster node that performs cluster management tasks, but doesn't hold data or respond to data upload requests. Dedicated master nodes offload cluster management tasks to increase the stability of your search clusters. See Dedicated master nodes in Amazon OpenSearch Service .
    dedicatedMasterType string
    The hardware configuration of the computer that hosts the dedicated master node, such as m3.medium.search . If you specify this property, you must specify true for the DedicatedMasterEnabled property. For valid values, see Supported instance types in Amazon OpenSearch Service .
    instanceCount number
    The number of data nodes (instances) to use in the OpenSearch Service domain.
    instanceType string
    The instance type for your data nodes, such as m3.medium.search . For valid values, see Supported instance types in Amazon OpenSearch Service .
    multiAzWithStandbyEnabled boolean
    Indicates whether Multi-AZ with Standby deployment option is enabled. For more information, see Multi-AZ with Standby .
    warmCount number
    The number of warm nodes in the cluster.
    warmEnabled boolean
    Whether to enable UltraWarm storage for the cluster. See UltraWarm storage for Amazon OpenSearch Service .
    warmType string
    The instance type for the cluster's warm nodes.
    zoneAwarenessConfig DomainZoneAwarenessConfig
    Specifies zone awareness configuration options. Only use if ZoneAwarenessEnabled is true .
    zoneAwarenessEnabled boolean
    Indicates whether to enable zone awareness for the OpenSearch Service domain. When you enable zone awareness, OpenSearch Service allocates the nodes and replica index shards that belong to a cluster across two Availability Zones (AZs) in the same region to prevent data loss and minimize downtime in the event of node or data center failure. Don't enable zone awareness if your cluster has no replica index shards or is a single-node cluster. For more information, see Configuring a multi-AZ domain in Amazon OpenSearch Service .
    cold_storage_options DomainColdStorageOptions
    Container for cold storage configuration options.
    dedicated_master_count int
    The number of instances to use for the master node. If you specify this property, you must specify true for the DedicatedMasterEnabled property.
    dedicated_master_enabled bool
    Indicates whether to use a dedicated master node for the OpenSearch Service domain. A dedicated master node is a cluster node that performs cluster management tasks, but doesn't hold data or respond to data upload requests. Dedicated master nodes offload cluster management tasks to increase the stability of your search clusters. See Dedicated master nodes in Amazon OpenSearch Service .
    dedicated_master_type str
    The hardware configuration of the computer that hosts the dedicated master node, such as m3.medium.search . If you specify this property, you must specify true for the DedicatedMasterEnabled property. For valid values, see Supported instance types in Amazon OpenSearch Service .
    instance_count int
    The number of data nodes (instances) to use in the OpenSearch Service domain.
    instance_type str
    The instance type for your data nodes, such as m3.medium.search . For valid values, see Supported instance types in Amazon OpenSearch Service .
    multi_az_with_standby_enabled bool
    Indicates whether Multi-AZ with Standby deployment option is enabled. For more information, see Multi-AZ with Standby .
    warm_count int
    The number of warm nodes in the cluster.
    warm_enabled bool
    Whether to enable UltraWarm storage for the cluster. See UltraWarm storage for Amazon OpenSearch Service .
    warm_type str
    The instance type for the cluster's warm nodes.
    zone_awareness_config DomainZoneAwarenessConfig
    Specifies zone awareness configuration options. Only use if ZoneAwarenessEnabled is true .
    zone_awareness_enabled bool
    Indicates whether to enable zone awareness for the OpenSearch Service domain. When you enable zone awareness, OpenSearch Service allocates the nodes and replica index shards that belong to a cluster across two Availability Zones (AZs) in the same region to prevent data loss and minimize downtime in the event of node or data center failure. Don't enable zone awareness if your cluster has no replica index shards or is a single-node cluster. For more information, see Configuring a multi-AZ domain in Amazon OpenSearch Service .
    coldStorageOptions Property Map
    Container for cold storage configuration options.
    dedicatedMasterCount Number
    The number of instances to use for the master node. If you specify this property, you must specify true for the DedicatedMasterEnabled property.
    dedicatedMasterEnabled Boolean
    Indicates whether to use a dedicated master node for the OpenSearch Service domain. A dedicated master node is a cluster node that performs cluster management tasks, but doesn't hold data or respond to data upload requests. Dedicated master nodes offload cluster management tasks to increase the stability of your search clusters. See Dedicated master nodes in Amazon OpenSearch Service .
    dedicatedMasterType String
    The hardware configuration of the computer that hosts the dedicated master node, such as m3.medium.search . If you specify this property, you must specify true for the DedicatedMasterEnabled property. For valid values, see Supported instance types in Amazon OpenSearch Service .
    instanceCount Number
    The number of data nodes (instances) to use in the OpenSearch Service domain.
    instanceType String
    The instance type for your data nodes, such as m3.medium.search . For valid values, see Supported instance types in Amazon OpenSearch Service .
    multiAzWithStandbyEnabled Boolean
    Indicates whether Multi-AZ with Standby deployment option is enabled. For more information, see Multi-AZ with Standby .
    warmCount Number
    The number of warm nodes in the cluster.
    warmEnabled Boolean
    Whether to enable UltraWarm storage for the cluster. See UltraWarm storage for Amazon OpenSearch Service .
    warmType String
    The instance type for the cluster's warm nodes.
    zoneAwarenessConfig Property Map
    Specifies zone awareness configuration options. Only use if ZoneAwarenessEnabled is true .
    zoneAwarenessEnabled Boolean
    Indicates whether to enable zone awareness for the OpenSearch Service domain. When you enable zone awareness, OpenSearch Service allocates the nodes and replica index shards that belong to a cluster across two Availability Zones (AZs) in the same region to prevent data loss and minimize downtime in the event of node or data center failure. Don't enable zone awareness if your cluster has no replica index shards or is a single-node cluster. For more information, see Configuring a multi-AZ domain in Amazon OpenSearch Service .

    DomainCognitoOptions, DomainCognitoOptionsArgs

    Enabled bool
    Whether to enable or disable Amazon Cognito authentication for OpenSearch Dashboards. See Amazon Cognito authentication for OpenSearch Dashboards .
    IdentityPoolId string

    The Amazon Cognito identity pool ID that you want OpenSearch Service to use for OpenSearch Dashboards authentication.

    Required if you enabled Cognito Authentication for OpenSearch Dashboards.

    RoleArn string

    The AmazonOpenSearchServiceCognitoAccess role that allows OpenSearch Service to configure your user pool and identity pool.

    Required if you enabled Cognito Authentication for OpenSearch Dashboards.

    UserPoolId string

    The Amazon Cognito user pool ID that you want OpenSearch Service to use for OpenSearch Dashboards authentication.

    Required if you enabled Cognito Authentication for OpenSearch Dashboards.

    Enabled bool
    Whether to enable or disable Amazon Cognito authentication for OpenSearch Dashboards. See Amazon Cognito authentication for OpenSearch Dashboards .
    IdentityPoolId string

    The Amazon Cognito identity pool ID that you want OpenSearch Service to use for OpenSearch Dashboards authentication.

    Required if you enabled Cognito Authentication for OpenSearch Dashboards.

    RoleArn string

    The AmazonOpenSearchServiceCognitoAccess role that allows OpenSearch Service to configure your user pool and identity pool.

    Required if you enabled Cognito Authentication for OpenSearch Dashboards.

    UserPoolId string

    The Amazon Cognito user pool ID that you want OpenSearch Service to use for OpenSearch Dashboards authentication.

    Required if you enabled Cognito Authentication for OpenSearch Dashboards.

    enabled Boolean
    Whether to enable or disable Amazon Cognito authentication for OpenSearch Dashboards. See Amazon Cognito authentication for OpenSearch Dashboards .
    identityPoolId String

    The Amazon Cognito identity pool ID that you want OpenSearch Service to use for OpenSearch Dashboards authentication.

    Required if you enabled Cognito Authentication for OpenSearch Dashboards.

    roleArn String

    The AmazonOpenSearchServiceCognitoAccess role that allows OpenSearch Service to configure your user pool and identity pool.

    Required if you enabled Cognito Authentication for OpenSearch Dashboards.

    userPoolId String

    The Amazon Cognito user pool ID that you want OpenSearch Service to use for OpenSearch Dashboards authentication.

    Required if you enabled Cognito Authentication for OpenSearch Dashboards.

    enabled boolean
    Whether to enable or disable Amazon Cognito authentication for OpenSearch Dashboards. See Amazon Cognito authentication for OpenSearch Dashboards .
    identityPoolId string

    The Amazon Cognito identity pool ID that you want OpenSearch Service to use for OpenSearch Dashboards authentication.

    Required if you enabled Cognito Authentication for OpenSearch Dashboards.

    roleArn string

    The AmazonOpenSearchServiceCognitoAccess role that allows OpenSearch Service to configure your user pool and identity pool.

    Required if you enabled Cognito Authentication for OpenSearch Dashboards.

    userPoolId string

    The Amazon Cognito user pool ID that you want OpenSearch Service to use for OpenSearch Dashboards authentication.

    Required if you enabled Cognito Authentication for OpenSearch Dashboards.

    enabled bool
    Whether to enable or disable Amazon Cognito authentication for OpenSearch Dashboards. See Amazon Cognito authentication for OpenSearch Dashboards .
    identity_pool_id str

    The Amazon Cognito identity pool ID that you want OpenSearch Service to use for OpenSearch Dashboards authentication.

    Required if you enabled Cognito Authentication for OpenSearch Dashboards.

    role_arn str

    The AmazonOpenSearchServiceCognitoAccess role that allows OpenSearch Service to configure your user pool and identity pool.

    Required if you enabled Cognito Authentication for OpenSearch Dashboards.

    user_pool_id str

    The Amazon Cognito user pool ID that you want OpenSearch Service to use for OpenSearch Dashboards authentication.

    Required if you enabled Cognito Authentication for OpenSearch Dashboards.

    enabled Boolean
    Whether to enable or disable Amazon Cognito authentication for OpenSearch Dashboards. See Amazon Cognito authentication for OpenSearch Dashboards .
    identityPoolId String

    The Amazon Cognito identity pool ID that you want OpenSearch Service to use for OpenSearch Dashboards authentication.

    Required if you enabled Cognito Authentication for OpenSearch Dashboards.

    roleArn String

    The AmazonOpenSearchServiceCognitoAccess role that allows OpenSearch Service to configure your user pool and identity pool.

    Required if you enabled Cognito Authentication for OpenSearch Dashboards.

    userPoolId String

    The Amazon Cognito user pool ID that you want OpenSearch Service to use for OpenSearch Dashboards authentication.

    Required if you enabled Cognito Authentication for OpenSearch Dashboards.

    DomainColdStorageOptions, DomainColdStorageOptionsArgs

    Enabled bool
    Whether to enable or disable cold storage on the domain. You must enable UltraWarm storage to enable cold storage.
    Enabled bool
    Whether to enable or disable cold storage on the domain. You must enable UltraWarm storage to enable cold storage.
    enabled Boolean
    Whether to enable or disable cold storage on the domain. You must enable UltraWarm storage to enable cold storage.
    enabled boolean
    Whether to enable or disable cold storage on the domain. You must enable UltraWarm storage to enable cold storage.
    enabled bool
    Whether to enable or disable cold storage on the domain. You must enable UltraWarm storage to enable cold storage.
    enabled Boolean
    Whether to enable or disable cold storage on the domain. You must enable UltraWarm storage to enable cold storage.

    DomainEbsOptions, DomainEbsOptionsArgs

    EbsEnabled bool
    Specifies whether Amazon EBS volumes are attached to data nodes in the OpenSearch Service domain.
    Iops int
    The number of I/O operations per second (IOPS) that the volume supports. This property applies only to the gp3 and provisioned IOPS EBS volume types.
    Throughput int
    The throughput (in MiB/s) of the EBS volumes attached to data nodes. Applies only to the gp3 volume type.
    VolumeSize int
    The size (in GiB) of the EBS volume for each data node. The minimum and maximum size of an EBS volume depends on the EBS volume type and the instance type to which it is attached. For more information, see EBS volume size limits in the Amazon OpenSearch Service Developer Guide .
    VolumeType string
    The EBS volume type to use with the OpenSearch Service domain. If you choose gp3 , you must also specify values for Iops and Throughput . For more information about each type, see Amazon EBS volume types in the Amazon EC2 User Guide for Linux Instances .
    EbsEnabled bool
    Specifies whether Amazon EBS volumes are attached to data nodes in the OpenSearch Service domain.
    Iops int
    The number of I/O operations per second (IOPS) that the volume supports. This property applies only to the gp3 and provisioned IOPS EBS volume types.
    Throughput int
    The throughput (in MiB/s) of the EBS volumes attached to data nodes. Applies only to the gp3 volume type.
    VolumeSize int
    The size (in GiB) of the EBS volume for each data node. The minimum and maximum size of an EBS volume depends on the EBS volume type and the instance type to which it is attached. For more information, see EBS volume size limits in the Amazon OpenSearch Service Developer Guide .
    VolumeType string
    The EBS volume type to use with the OpenSearch Service domain. If you choose gp3 , you must also specify values for Iops and Throughput . For more information about each type, see Amazon EBS volume types in the Amazon EC2 User Guide for Linux Instances .
    ebsEnabled Boolean
    Specifies whether Amazon EBS volumes are attached to data nodes in the OpenSearch Service domain.
    iops Integer
    The number of I/O operations per second (IOPS) that the volume supports. This property applies only to the gp3 and provisioned IOPS EBS volume types.
    throughput Integer
    The throughput (in MiB/s) of the EBS volumes attached to data nodes. Applies only to the gp3 volume type.
    volumeSize Integer
    The size (in GiB) of the EBS volume for each data node. The minimum and maximum size of an EBS volume depends on the EBS volume type and the instance type to which it is attached. For more information, see EBS volume size limits in the Amazon OpenSearch Service Developer Guide .
    volumeType String
    The EBS volume type to use with the OpenSearch Service domain. If you choose gp3 , you must also specify values for Iops and Throughput . For more information about each type, see Amazon EBS volume types in the Amazon EC2 User Guide for Linux Instances .
    ebsEnabled boolean
    Specifies whether Amazon EBS volumes are attached to data nodes in the OpenSearch Service domain.
    iops number
    The number of I/O operations per second (IOPS) that the volume supports. This property applies only to the gp3 and provisioned IOPS EBS volume types.
    throughput number
    The throughput (in MiB/s) of the EBS volumes attached to data nodes. Applies only to the gp3 volume type.
    volumeSize number
    The size (in GiB) of the EBS volume for each data node. The minimum and maximum size of an EBS volume depends on the EBS volume type and the instance type to which it is attached. For more information, see EBS volume size limits in the Amazon OpenSearch Service Developer Guide .
    volumeType string
    The EBS volume type to use with the OpenSearch Service domain. If you choose gp3 , you must also specify values for Iops and Throughput . For more information about each type, see Amazon EBS volume types in the Amazon EC2 User Guide for Linux Instances .
    ebs_enabled bool
    Specifies whether Amazon EBS volumes are attached to data nodes in the OpenSearch Service domain.
    iops int
    The number of I/O operations per second (IOPS) that the volume supports. This property applies only to the gp3 and provisioned IOPS EBS volume types.
    throughput int
    The throughput (in MiB/s) of the EBS volumes attached to data nodes. Applies only to the gp3 volume type.
    volume_size int
    The size (in GiB) of the EBS volume for each data node. The minimum and maximum size of an EBS volume depends on the EBS volume type and the instance type to which it is attached. For more information, see EBS volume size limits in the Amazon OpenSearch Service Developer Guide .
    volume_type str
    The EBS volume type to use with the OpenSearch Service domain. If you choose gp3 , you must also specify values for Iops and Throughput . For more information about each type, see Amazon EBS volume types in the Amazon EC2 User Guide for Linux Instances .
    ebsEnabled Boolean
    Specifies whether Amazon EBS volumes are attached to data nodes in the OpenSearch Service domain.
    iops Number
    The number of I/O operations per second (IOPS) that the volume supports. This property applies only to the gp3 and provisioned IOPS EBS volume types.
    throughput Number
    The throughput (in MiB/s) of the EBS volumes attached to data nodes. Applies only to the gp3 volume type.
    volumeSize Number
    The size (in GiB) of the EBS volume for each data node. The minimum and maximum size of an EBS volume depends on the EBS volume type and the instance type to which it is attached. For more information, see EBS volume size limits in the Amazon OpenSearch Service Developer Guide .
    volumeType String
    The EBS volume type to use with the OpenSearch Service domain. If you choose gp3 , you must also specify values for Iops and Throughput . For more information about each type, see Amazon EBS volume types in the Amazon EC2 User Guide for Linux Instances .

    DomainEncryptionAtRestOptions, DomainEncryptionAtRestOptionsArgs

    Enabled bool

    Specify true to enable encryption at rest. Required if you enable fine-grained access control in AdvancedSecurityOptionsInput .

    If no encryption at rest options were initially specified in the template, updating this property by adding it causes no interruption. However, if you change this property after it's already been set within a template, the domain is deleted and recreated in order to modify the property.

    KmsKeyId string

    The KMS key ID. Takes the form 1a2a3a4-1a2a-3a4a-5a6a-1a2a3a4a5a6a . Required if you enable encryption at rest.

    You can also use keyAlias as a value.

    If no encryption at rest options were initially specified in the template, updating this property by adding it causes no interruption. However, if you change this property after it's already been set within a template, the domain is deleted and recreated in order to modify the property.

    Enabled bool

    Specify true to enable encryption at rest. Required if you enable fine-grained access control in AdvancedSecurityOptionsInput .

    If no encryption at rest options were initially specified in the template, updating this property by adding it causes no interruption. However, if you change this property after it's already been set within a template, the domain is deleted and recreated in order to modify the property.

    KmsKeyId string

    The KMS key ID. Takes the form 1a2a3a4-1a2a-3a4a-5a6a-1a2a3a4a5a6a . Required if you enable encryption at rest.

    You can also use keyAlias as a value.

    If no encryption at rest options were initially specified in the template, updating this property by adding it causes no interruption. However, if you change this property after it's already been set within a template, the domain is deleted and recreated in order to modify the property.

    enabled Boolean

    Specify true to enable encryption at rest. Required if you enable fine-grained access control in AdvancedSecurityOptionsInput .

    If no encryption at rest options were initially specified in the template, updating this property by adding it causes no interruption. However, if you change this property after it's already been set within a template, the domain is deleted and recreated in order to modify the property.

    kmsKeyId String

    The KMS key ID. Takes the form 1a2a3a4-1a2a-3a4a-5a6a-1a2a3a4a5a6a . Required if you enable encryption at rest.

    You can also use keyAlias as a value.

    If no encryption at rest options were initially specified in the template, updating this property by adding it causes no interruption. However, if you change this property after it's already been set within a template, the domain is deleted and recreated in order to modify the property.

    enabled boolean

    Specify true to enable encryption at rest. Required if you enable fine-grained access control in AdvancedSecurityOptionsInput .

    If no encryption at rest options were initially specified in the template, updating this property by adding it causes no interruption. However, if you change this property after it's already been set within a template, the domain is deleted and recreated in order to modify the property.

    kmsKeyId string

    The KMS key ID. Takes the form 1a2a3a4-1a2a-3a4a-5a6a-1a2a3a4a5a6a . Required if you enable encryption at rest.

    You can also use keyAlias as a value.

    If no encryption at rest options were initially specified in the template, updating this property by adding it causes no interruption. However, if you change this property after it's already been set within a template, the domain is deleted and recreated in order to modify the property.

    enabled bool

    Specify true to enable encryption at rest. Required if you enable fine-grained access control in AdvancedSecurityOptionsInput .

    If no encryption at rest options were initially specified in the template, updating this property by adding it causes no interruption. However, if you change this property after it's already been set within a template, the domain is deleted and recreated in order to modify the property.

    kms_key_id str

    The KMS key ID. Takes the form 1a2a3a4-1a2a-3a4a-5a6a-1a2a3a4a5a6a . Required if you enable encryption at rest.

    You can also use keyAlias as a value.

    If no encryption at rest options were initially specified in the template, updating this property by adding it causes no interruption. However, if you change this property after it's already been set within a template, the domain is deleted and recreated in order to modify the property.

    enabled Boolean

    Specify true to enable encryption at rest. Required if you enable fine-grained access control in AdvancedSecurityOptionsInput .

    If no encryption at rest options were initially specified in the template, updating this property by adding it causes no interruption. However, if you change this property after it's already been set within a template, the domain is deleted and recreated in order to modify the property.

    kmsKeyId String

    The KMS key ID. Takes the form 1a2a3a4-1a2a-3a4a-5a6a-1a2a3a4a5a6a . Required if you enable encryption at rest.

    You can also use keyAlias as a value.

    If no encryption at rest options were initially specified in the template, updating this property by adding it causes no interruption. However, if you change this property after it's already been set within a template, the domain is deleted and recreated in order to modify the property.

    DomainEndpointOptions, DomainEndpointOptionsArgs

    CustomEndpoint string
    The fully qualified URL for your custom endpoint. Required if you enabled a custom endpoint for the domain.
    CustomEndpointCertificateArn string
    The AWS Certificate Manager ARN for your domain's SSL/TLS certificate. Required if you enabled a custom endpoint for the domain.
    CustomEndpointEnabled bool
    True to enable a custom endpoint for the domain. If enabled, you must also provide values for CustomEndpoint and CustomEndpointCertificateArn .
    EnforceHttps bool
    True to require that all traffic to the domain arrive over HTTPS. Required if you enable fine-grained access control in AdvancedSecurityOptions .
    TlsSecurityPolicy string
    The minimum TLS version required for traffic to the domain. The policy can be one of the following values:

    • Policy-Min-TLS-1-0-2019-07: TLS security policy that supports TLS version 1.0 to TLS version 1.2
    • Policy-Min-TLS-1-2-2019-07: TLS security policy that supports only TLS version 1.2
    • Policy-Min-TLS-1-2-PFS-2023-10: TLS security policy that supports TLS version 1.2 to TLS version 1.3 with perfect forward secrecy cipher suites
    CustomEndpoint string
    The fully qualified URL for your custom endpoint. Required if you enabled a custom endpoint for the domain.
    CustomEndpointCertificateArn string
    The AWS Certificate Manager ARN for your domain's SSL/TLS certificate. Required if you enabled a custom endpoint for the domain.
    CustomEndpointEnabled bool
    True to enable a custom endpoint for the domain. If enabled, you must also provide values for CustomEndpoint and CustomEndpointCertificateArn .
    EnforceHttps bool
    True to require that all traffic to the domain arrive over HTTPS. Required if you enable fine-grained access control in AdvancedSecurityOptions .
    TlsSecurityPolicy string
    The minimum TLS version required for traffic to the domain. The policy can be one of the following values:

    • Policy-Min-TLS-1-0-2019-07: TLS security policy that supports TLS version 1.0 to TLS version 1.2
    • Policy-Min-TLS-1-2-2019-07: TLS security policy that supports only TLS version 1.2
    • Policy-Min-TLS-1-2-PFS-2023-10: TLS security policy that supports TLS version 1.2 to TLS version 1.3 with perfect forward secrecy cipher suites
    customEndpoint String
    The fully qualified URL for your custom endpoint. Required if you enabled a custom endpoint for the domain.
    customEndpointCertificateArn String
    The AWS Certificate Manager ARN for your domain's SSL/TLS certificate. Required if you enabled a custom endpoint for the domain.
    customEndpointEnabled Boolean
    True to enable a custom endpoint for the domain. If enabled, you must also provide values for CustomEndpoint and CustomEndpointCertificateArn .
    enforceHttps Boolean
    True to require that all traffic to the domain arrive over HTTPS. Required if you enable fine-grained access control in AdvancedSecurityOptions .
    tlsSecurityPolicy String
    The minimum TLS version required for traffic to the domain. The policy can be one of the following values:

    • Policy-Min-TLS-1-0-2019-07: TLS security policy that supports TLS version 1.0 to TLS version 1.2
    • Policy-Min-TLS-1-2-2019-07: TLS security policy that supports only TLS version 1.2
    • Policy-Min-TLS-1-2-PFS-2023-10: TLS security policy that supports TLS version 1.2 to TLS version 1.3 with perfect forward secrecy cipher suites
    customEndpoint string
    The fully qualified URL for your custom endpoint. Required if you enabled a custom endpoint for the domain.
    customEndpointCertificateArn string
    The AWS Certificate Manager ARN for your domain's SSL/TLS certificate. Required if you enabled a custom endpoint for the domain.
    customEndpointEnabled boolean
    True to enable a custom endpoint for the domain. If enabled, you must also provide values for CustomEndpoint and CustomEndpointCertificateArn .
    enforceHttps boolean
    True to require that all traffic to the domain arrive over HTTPS. Required if you enable fine-grained access control in AdvancedSecurityOptions .
    tlsSecurityPolicy string
    The minimum TLS version required for traffic to the domain. The policy can be one of the following values:

    • Policy-Min-TLS-1-0-2019-07: TLS security policy that supports TLS version 1.0 to TLS version 1.2
    • Policy-Min-TLS-1-2-2019-07: TLS security policy that supports only TLS version 1.2
    • Policy-Min-TLS-1-2-PFS-2023-10: TLS security policy that supports TLS version 1.2 to TLS version 1.3 with perfect forward secrecy cipher suites
    custom_endpoint str
    The fully qualified URL for your custom endpoint. Required if you enabled a custom endpoint for the domain.
    custom_endpoint_certificate_arn str
    The AWS Certificate Manager ARN for your domain's SSL/TLS certificate. Required if you enabled a custom endpoint for the domain.
    custom_endpoint_enabled bool
    True to enable a custom endpoint for the domain. If enabled, you must also provide values for CustomEndpoint and CustomEndpointCertificateArn .
    enforce_https bool
    True to require that all traffic to the domain arrive over HTTPS. Required if you enable fine-grained access control in AdvancedSecurityOptions .
    tls_security_policy str
    The minimum TLS version required for traffic to the domain. The policy can be one of the following values:

    • Policy-Min-TLS-1-0-2019-07: TLS security policy that supports TLS version 1.0 to TLS version 1.2
    • Policy-Min-TLS-1-2-2019-07: TLS security policy that supports only TLS version 1.2
    • Policy-Min-TLS-1-2-PFS-2023-10: TLS security policy that supports TLS version 1.2 to TLS version 1.3 with perfect forward secrecy cipher suites
    customEndpoint String
    The fully qualified URL for your custom endpoint. Required if you enabled a custom endpoint for the domain.
    customEndpointCertificateArn String
    The AWS Certificate Manager ARN for your domain's SSL/TLS certificate. Required if you enabled a custom endpoint for the domain.
    customEndpointEnabled Boolean
    True to enable a custom endpoint for the domain. If enabled, you must also provide values for CustomEndpoint and CustomEndpointCertificateArn .
    enforceHttps Boolean
    True to require that all traffic to the domain arrive over HTTPS. Required if you enable fine-grained access control in AdvancedSecurityOptions .
    tlsSecurityPolicy String
    The minimum TLS version required for traffic to the domain. The policy can be one of the following values:

    • Policy-Min-TLS-1-0-2019-07: TLS security policy that supports TLS version 1.0 to TLS version 1.2
    • Policy-Min-TLS-1-2-2019-07: TLS security policy that supports only TLS version 1.2
    • Policy-Min-TLS-1-2-PFS-2023-10: TLS security policy that supports TLS version 1.2 to TLS version 1.3 with perfect forward secrecy cipher suites

    DomainIdentityCenterOptions, DomainIdentityCenterOptionsArgs

    EnabledApiAccess bool
    Whether Identity Center is enabled.
    IdentityCenterApplicationArn string
    The ARN of the Identity Center application.
    IdentityCenterInstanceArn string
    The ARN of the Identity Center instance.
    IdentityStoreId string
    The IdentityStoreId for Identity Center options.
    RolesKey Pulumi.AwsNative.OpenSearchService.DomainRolesKeyIdcType
    The roles key for Identity Center options.
    SubjectKey Pulumi.AwsNative.OpenSearchService.DomainSubjectKeyIdcType
    The subject key for Identity Center options.
    EnabledApiAccess bool
    Whether Identity Center is enabled.
    IdentityCenterApplicationArn string
    The ARN of the Identity Center application.
    IdentityCenterInstanceArn string
    The ARN of the Identity Center instance.
    IdentityStoreId string
    The IdentityStoreId for Identity Center options.
    RolesKey DomainRolesKeyIdcType
    The roles key for Identity Center options.
    SubjectKey DomainSubjectKeyIdcType
    The subject key for Identity Center options.
    enabledApiAccess Boolean
    Whether Identity Center is enabled.
    identityCenterApplicationArn String
    The ARN of the Identity Center application.
    identityCenterInstanceArn String
    The ARN of the Identity Center instance.
    identityStoreId String
    The IdentityStoreId for Identity Center options.
    rolesKey DomainRolesKeyIdcType
    The roles key for Identity Center options.
    subjectKey DomainSubjectKeyIdcType
    The subject key for Identity Center options.
    enabledApiAccess boolean
    Whether Identity Center is enabled.
    identityCenterApplicationArn string
    The ARN of the Identity Center application.
    identityCenterInstanceArn string
    The ARN of the Identity Center instance.
    identityStoreId string
    The IdentityStoreId for Identity Center options.
    rolesKey DomainRolesKeyIdcType
    The roles key for Identity Center options.
    subjectKey DomainSubjectKeyIdcType
    The subject key for Identity Center options.
    enabled_api_access bool
    Whether Identity Center is enabled.
    identity_center_application_arn str
    The ARN of the Identity Center application.
    identity_center_instance_arn str
    The ARN of the Identity Center instance.
    identity_store_id str
    The IdentityStoreId for Identity Center options.
    roles_key DomainRolesKeyIdcType
    The roles key for Identity Center options.
    subject_key DomainSubjectKeyIdcType
    The subject key for Identity Center options.
    enabledApiAccess Boolean
    Whether Identity Center is enabled.
    identityCenterApplicationArn String
    The ARN of the Identity Center application.
    identityCenterInstanceArn String
    The ARN of the Identity Center instance.
    identityStoreId String
    The IdentityStoreId for Identity Center options.
    rolesKey "GroupName" | "GroupId"
    The roles key for Identity Center options.
    subjectKey "UserName" | "UserId" | "Email"
    The subject key for Identity Center options.

    DomainIdp, DomainIdpArgs

    EntityId string
    The unique entity ID of the application in the SAML identity provider.
    MetadataContent string
    The metadata of the SAML application, in XML format.
    EntityId string
    The unique entity ID of the application in the SAML identity provider.
    MetadataContent string
    The metadata of the SAML application, in XML format.
    entityId String
    The unique entity ID of the application in the SAML identity provider.
    metadataContent String
    The metadata of the SAML application, in XML format.
    entityId string
    The unique entity ID of the application in the SAML identity provider.
    metadataContent string
    The metadata of the SAML application, in XML format.
    entity_id str
    The unique entity ID of the application in the SAML identity provider.
    metadata_content str
    The metadata of the SAML application, in XML format.
    entityId String
    The unique entity ID of the application in the SAML identity provider.
    metadataContent String
    The metadata of the SAML application, in XML format.

    DomainJwtOptions, DomainJwtOptionsArgs

    Enabled bool
    PublicKey string
    RolesKey string
    SubjectKey string
    Enabled bool
    PublicKey string
    RolesKey string
    SubjectKey string
    enabled Boolean
    publicKey String
    rolesKey String
    subjectKey String
    enabled boolean
    publicKey string
    rolesKey string
    subjectKey string
    enabled Boolean
    publicKey String
    rolesKey String
    subjectKey String

    DomainLogPublishingOption, DomainLogPublishingOptionArgs

    DomainMasterUserOptions, DomainMasterUserOptionsArgs

    MasterUserArn string
    Amazon Resource Name (ARN) for the master user. The ARN can point to an IAM user or role. This property is required for Amazon Cognito to work, and it must match the role configured for Cognito. Only specify if InternalUserDatabaseEnabled is false in AdvancedSecurityOptionsInput .
    MasterUserName string

    Username for the master user. Only specify if InternalUserDatabaseEnabled is true in AdvancedSecurityOptionsInput .

    If you don't want to specify this value directly within the template, you can use a dynamic reference instead.

    MasterUserPassword string

    Password for the master user. Only specify if InternalUserDatabaseEnabled is true in AdvancedSecurityOptionsInput .

    If you don't want to specify this value directly within the template, you can use a dynamic reference instead.

    MasterUserArn string
    Amazon Resource Name (ARN) for the master user. The ARN can point to an IAM user or role. This property is required for Amazon Cognito to work, and it must match the role configured for Cognito. Only specify if InternalUserDatabaseEnabled is false in AdvancedSecurityOptionsInput .
    MasterUserName string

    Username for the master user. Only specify if InternalUserDatabaseEnabled is true in AdvancedSecurityOptionsInput .

    If you don't want to specify this value directly within the template, you can use a dynamic reference instead.

    MasterUserPassword string

    Password for the master user. Only specify if InternalUserDatabaseEnabled is true in AdvancedSecurityOptionsInput .

    If you don't want to specify this value directly within the template, you can use a dynamic reference instead.

    masterUserArn String
    Amazon Resource Name (ARN) for the master user. The ARN can point to an IAM user or role. This property is required for Amazon Cognito to work, and it must match the role configured for Cognito. Only specify if InternalUserDatabaseEnabled is false in AdvancedSecurityOptionsInput .
    masterUserName String

    Username for the master user. Only specify if InternalUserDatabaseEnabled is true in AdvancedSecurityOptionsInput .

    If you don't want to specify this value directly within the template, you can use a dynamic reference instead.

    masterUserPassword String

    Password for the master user. Only specify if InternalUserDatabaseEnabled is true in AdvancedSecurityOptionsInput .

    If you don't want to specify this value directly within the template, you can use a dynamic reference instead.

    masterUserArn string
    Amazon Resource Name (ARN) for the master user. The ARN can point to an IAM user or role. This property is required for Amazon Cognito to work, and it must match the role configured for Cognito. Only specify if InternalUserDatabaseEnabled is false in AdvancedSecurityOptionsInput .
    masterUserName string

    Username for the master user. Only specify if InternalUserDatabaseEnabled is true in AdvancedSecurityOptionsInput .

    If you don't want to specify this value directly within the template, you can use a dynamic reference instead.

    masterUserPassword string

    Password for the master user. Only specify if InternalUserDatabaseEnabled is true in AdvancedSecurityOptionsInput .

    If you don't want to specify this value directly within the template, you can use a dynamic reference instead.

    master_user_arn str
    Amazon Resource Name (ARN) for the master user. The ARN can point to an IAM user or role. This property is required for Amazon Cognito to work, and it must match the role configured for Cognito. Only specify if InternalUserDatabaseEnabled is false in AdvancedSecurityOptionsInput .
    master_user_name str

    Username for the master user. Only specify if InternalUserDatabaseEnabled is true in AdvancedSecurityOptionsInput .

    If you don't want to specify this value directly within the template, you can use a dynamic reference instead.

    master_user_password str

    Password for the master user. Only specify if InternalUserDatabaseEnabled is true in AdvancedSecurityOptionsInput .

    If you don't want to specify this value directly within the template, you can use a dynamic reference instead.

    masterUserArn String
    Amazon Resource Name (ARN) for the master user. The ARN can point to an IAM user or role. This property is required for Amazon Cognito to work, and it must match the role configured for Cognito. Only specify if InternalUserDatabaseEnabled is false in AdvancedSecurityOptionsInput .
    masterUserName String

    Username for the master user. Only specify if InternalUserDatabaseEnabled is true in AdvancedSecurityOptionsInput .

    If you don't want to specify this value directly within the template, you can use a dynamic reference instead.

    masterUserPassword String

    Password for the master user. Only specify if InternalUserDatabaseEnabled is true in AdvancedSecurityOptionsInput .

    If you don't want to specify this value directly within the template, you can use a dynamic reference instead.

    DomainNodeToNodeEncryptionOptions, DomainNodeToNodeEncryptionOptionsArgs

    Enabled bool
    Specifies to enable or disable node-to-node encryption on the domain. Required if you enable fine-grained access control in AdvancedSecurityOptionsInput .
    Enabled bool
    Specifies to enable or disable node-to-node encryption on the domain. Required if you enable fine-grained access control in AdvancedSecurityOptionsInput .
    enabled Boolean
    Specifies to enable or disable node-to-node encryption on the domain. Required if you enable fine-grained access control in AdvancedSecurityOptionsInput .
    enabled boolean
    Specifies to enable or disable node-to-node encryption on the domain. Required if you enable fine-grained access control in AdvancedSecurityOptionsInput .
    enabled bool
    Specifies to enable or disable node-to-node encryption on the domain. Required if you enable fine-grained access control in AdvancedSecurityOptionsInput .
    enabled Boolean
    Specifies to enable or disable node-to-node encryption on the domain. Required if you enable fine-grained access control in AdvancedSecurityOptionsInput .

    DomainOffPeakWindow, DomainOffPeakWindowArgs

    WindowStartTime Pulumi.AwsNative.OpenSearchService.Inputs.DomainWindowStartTime
    The desired start time for an off-peak maintenance window.
    WindowStartTime DomainWindowStartTime
    The desired start time for an off-peak maintenance window.
    windowStartTime DomainWindowStartTime
    The desired start time for an off-peak maintenance window.
    windowStartTime DomainWindowStartTime
    The desired start time for an off-peak maintenance window.
    window_start_time DomainWindowStartTime
    The desired start time for an off-peak maintenance window.
    windowStartTime Property Map
    The desired start time for an off-peak maintenance window.

    DomainOffPeakWindowOptions, DomainOffPeakWindowOptionsArgs

    Enabled bool
    Specifies whether off-peak window settings are enabled for the domain.
    OffPeakWindow Pulumi.AwsNative.OpenSearchService.Inputs.DomainOffPeakWindow
    Off-peak window settings for the domain.
    Enabled bool
    Specifies whether off-peak window settings are enabled for the domain.
    OffPeakWindow DomainOffPeakWindow
    Off-peak window settings for the domain.
    enabled Boolean
    Specifies whether off-peak window settings are enabled for the domain.
    offPeakWindow DomainOffPeakWindow
    Off-peak window settings for the domain.
    enabled boolean
    Specifies whether off-peak window settings are enabled for the domain.
    offPeakWindow DomainOffPeakWindow
    Off-peak window settings for the domain.
    enabled bool
    Specifies whether off-peak window settings are enabled for the domain.
    off_peak_window DomainOffPeakWindow
    Off-peak window settings for the domain.
    enabled Boolean
    Specifies whether off-peak window settings are enabled for the domain.
    offPeakWindow Property Map
    Off-peak window settings for the domain.

    DomainRolesKeyIdcType, DomainRolesKeyIdcTypeArgs

    GroupName
    GroupName
    GroupId
    GroupId
    DomainRolesKeyIdcTypeGroupName
    GroupName
    DomainRolesKeyIdcTypeGroupId
    GroupId
    GroupName
    GroupName
    GroupId
    GroupId
    GroupName
    GroupName
    GroupId
    GroupId
    GROUP_NAME
    GroupName
    GROUP_ID
    GroupId
    "GroupName"
    GroupName
    "GroupId"
    GroupId

    DomainSamlOptions, DomainSamlOptionsArgs

    Enabled bool
    True to enable SAML authentication for a domain.
    Idp Pulumi.AwsNative.OpenSearchService.Inputs.DomainIdp
    The SAML Identity Provider's information.
    MasterBackendRole string
    The backend role that the SAML master user is mapped to.
    MasterUserName string
    The SAML master user name, which is stored in the domain's internal user database.
    RolesKey string
    Element of the SAML assertion to use for backend roles. Default is roles .
    SessionTimeoutMinutes int
    The duration, in minutes, after which a user session becomes inactive. Acceptable values are between 1 and 1440, and the default value is 60.
    SubjectKey string
    Element of the SAML assertion to use for the user name. Default is NameID .
    Enabled bool
    True to enable SAML authentication for a domain.
    Idp DomainIdp
    The SAML Identity Provider's information.
    MasterBackendRole string
    The backend role that the SAML master user is mapped to.
    MasterUserName string
    The SAML master user name, which is stored in the domain's internal user database.
    RolesKey string
    Element of the SAML assertion to use for backend roles. Default is roles .
    SessionTimeoutMinutes int
    The duration, in minutes, after which a user session becomes inactive. Acceptable values are between 1 and 1440, and the default value is 60.
    SubjectKey string
    Element of the SAML assertion to use for the user name. Default is NameID .
    enabled Boolean
    True to enable SAML authentication for a domain.
    idp DomainIdp
    The SAML Identity Provider's information.
    masterBackendRole String
    The backend role that the SAML master user is mapped to.
    masterUserName String
    The SAML master user name, which is stored in the domain's internal user database.
    rolesKey String
    Element of the SAML assertion to use for backend roles. Default is roles .
    sessionTimeoutMinutes Integer
    The duration, in minutes, after which a user session becomes inactive. Acceptable values are between 1 and 1440, and the default value is 60.
    subjectKey String
    Element of the SAML assertion to use for the user name. Default is NameID .
    enabled boolean
    True to enable SAML authentication for a domain.
    idp DomainIdp
    The SAML Identity Provider's information.
    masterBackendRole string
    The backend role that the SAML master user is mapped to.
    masterUserName string
    The SAML master user name, which is stored in the domain's internal user database.
    rolesKey string
    Element of the SAML assertion to use for backend roles. Default is roles .
    sessionTimeoutMinutes number
    The duration, in minutes, after which a user session becomes inactive. Acceptable values are between 1 and 1440, and the default value is 60.
    subjectKey string
    Element of the SAML assertion to use for the user name. Default is NameID .
    enabled bool
    True to enable SAML authentication for a domain.
    idp DomainIdp
    The SAML Identity Provider's information.
    master_backend_role str
    The backend role that the SAML master user is mapped to.
    master_user_name str
    The SAML master user name, which is stored in the domain's internal user database.
    roles_key str
    Element of the SAML assertion to use for backend roles. Default is roles .
    session_timeout_minutes int
    The duration, in minutes, after which a user session becomes inactive. Acceptable values are between 1 and 1440, and the default value is 60.
    subject_key str
    Element of the SAML assertion to use for the user name. Default is NameID .
    enabled Boolean
    True to enable SAML authentication for a domain.
    idp Property Map
    The SAML Identity Provider's information.
    masterBackendRole String
    The backend role that the SAML master user is mapped to.
    masterUserName String
    The SAML master user name, which is stored in the domain's internal user database.
    rolesKey String
    Element of the SAML assertion to use for backend roles. Default is roles .
    sessionTimeoutMinutes Number
    The duration, in minutes, after which a user session becomes inactive. Acceptable values are between 1 and 1440, and the default value is 60.
    subjectKey String
    Element of the SAML assertion to use for the user name. Default is NameID .

    DomainServiceSoftwareOptions, DomainServiceSoftwareOptionsArgs

    AutomatedUpdateDate string
    The timestamp, in Epoch time, until which you can manually request a service software update. After this date, we automatically update your service software.
    Cancellable bool
    True if you're able to cancel your service software version update. False if you can't cancel your service software update.
    CurrentVersion string
    The current service software version present on the domain.
    Description string
    A description of the service software update status.
    NewVersion string
    The new service software version, if one is available.
    OptionalDeployment bool
    True if a service software is never automatically updated. False if a service software is automatically updated after the automated update date.
    UpdateAvailable bool
    True if you're able to update your service software version. False if you can't update your service software version.
    UpdateStatus string
    The status of your service software update.
    AutomatedUpdateDate string
    The timestamp, in Epoch time, until which you can manually request a service software update. After this date, we automatically update your service software.
    Cancellable bool
    True if you're able to cancel your service software version update. False if you can't cancel your service software update.
    CurrentVersion string
    The current service software version present on the domain.
    Description string
    A description of the service software update status.
    NewVersion string
    The new service software version, if one is available.
    OptionalDeployment bool
    True if a service software is never automatically updated. False if a service software is automatically updated after the automated update date.
    UpdateAvailable bool
    True if you're able to update your service software version. False if you can't update your service software version.
    UpdateStatus string
    The status of your service software update.
    automatedUpdateDate String
    The timestamp, in Epoch time, until which you can manually request a service software update. After this date, we automatically update your service software.
    cancellable Boolean
    True if you're able to cancel your service software version update. False if you can't cancel your service software update.
    currentVersion String
    The current service software version present on the domain.
    description String
    A description of the service software update status.
    newVersion String
    The new service software version, if one is available.
    optionalDeployment Boolean
    True if a service software is never automatically updated. False if a service software is automatically updated after the automated update date.
    updateAvailable Boolean
    True if you're able to update your service software version. False if you can't update your service software version.
    updateStatus String
    The status of your service software update.
    automatedUpdateDate string
    The timestamp, in Epoch time, until which you can manually request a service software update. After this date, we automatically update your service software.
    cancellable boolean
    True if you're able to cancel your service software version update. False if you can't cancel your service software update.
    currentVersion string
    The current service software version present on the domain.
    description string
    A description of the service software update status.
    newVersion string
    The new service software version, if one is available.
    optionalDeployment boolean
    True if a service software is never automatically updated. False if a service software is automatically updated after the automated update date.
    updateAvailable boolean
    True if you're able to update your service software version. False if you can't update your service software version.
    updateStatus string
    The status of your service software update.
    automated_update_date str
    The timestamp, in Epoch time, until which you can manually request a service software update. After this date, we automatically update your service software.
    cancellable bool
    True if you're able to cancel your service software version update. False if you can't cancel your service software update.
    current_version str
    The current service software version present on the domain.
    description str
    A description of the service software update status.
    new_version str
    The new service software version, if one is available.
    optional_deployment bool
    True if a service software is never automatically updated. False if a service software is automatically updated after the automated update date.
    update_available bool
    True if you're able to update your service software version. False if you can't update your service software version.
    update_status str
    The status of your service software update.
    automatedUpdateDate String
    The timestamp, in Epoch time, until which you can manually request a service software update. After this date, we automatically update your service software.
    cancellable Boolean
    True if you're able to cancel your service software version update. False if you can't cancel your service software update.
    currentVersion String
    The current service software version present on the domain.
    description String
    A description of the service software update status.
    newVersion String
    The new service software version, if one is available.
    optionalDeployment Boolean
    True if a service software is never automatically updated. False if a service software is automatically updated after the automated update date.
    updateAvailable Boolean
    True if you're able to update your service software version. False if you can't update your service software version.
    updateStatus String
    The status of your service software update.

    DomainSnapshotOptions, DomainSnapshotOptionsArgs

    AutomatedSnapshotStartHour int
    The hour in UTC during which the service takes an automated daily snapshot of the indexes in the OpenSearch Service domain. For example, if you specify 0, OpenSearch Service takes an automated snapshot everyday between midnight and 1 am. You can specify a value between 0 and 23.
    AutomatedSnapshotStartHour int
    The hour in UTC during which the service takes an automated daily snapshot of the indexes in the OpenSearch Service domain. For example, if you specify 0, OpenSearch Service takes an automated snapshot everyday between midnight and 1 am. You can specify a value between 0 and 23.
    automatedSnapshotStartHour Integer
    The hour in UTC during which the service takes an automated daily snapshot of the indexes in the OpenSearch Service domain. For example, if you specify 0, OpenSearch Service takes an automated snapshot everyday between midnight and 1 am. You can specify a value between 0 and 23.
    automatedSnapshotStartHour number
    The hour in UTC during which the service takes an automated daily snapshot of the indexes in the OpenSearch Service domain. For example, if you specify 0, OpenSearch Service takes an automated snapshot everyday between midnight and 1 am. You can specify a value between 0 and 23.
    automated_snapshot_start_hour int
    The hour in UTC during which the service takes an automated daily snapshot of the indexes in the OpenSearch Service domain. For example, if you specify 0, OpenSearch Service takes an automated snapshot everyday between midnight and 1 am. You can specify a value between 0 and 23.
    automatedSnapshotStartHour Number
    The hour in UTC during which the service takes an automated daily snapshot of the indexes in the OpenSearch Service domain. For example, if you specify 0, OpenSearch Service takes an automated snapshot everyday between midnight and 1 am. You can specify a value between 0 and 23.

    DomainSoftwareUpdateOptions, DomainSoftwareUpdateOptionsArgs

    AutoSoftwareUpdateEnabled bool
    Specifies whether automatic service software updates are enabled for the domain.
    AutoSoftwareUpdateEnabled bool
    Specifies whether automatic service software updates are enabled for the domain.
    autoSoftwareUpdateEnabled Boolean
    Specifies whether automatic service software updates are enabled for the domain.
    autoSoftwareUpdateEnabled boolean
    Specifies whether automatic service software updates are enabled for the domain.
    auto_software_update_enabled bool
    Specifies whether automatic service software updates are enabled for the domain.
    autoSoftwareUpdateEnabled Boolean
    Specifies whether automatic service software updates are enabled for the domain.

    DomainSubjectKeyIdcType, DomainSubjectKeyIdcTypeArgs

    UserName
    UserName
    UserId
    UserId
    Email
    Email
    DomainSubjectKeyIdcTypeUserName
    UserName
    DomainSubjectKeyIdcTypeUserId
    UserId
    DomainSubjectKeyIdcTypeEmail
    Email
    UserName
    UserName
    UserId
    UserId
    Email
    Email
    UserName
    UserName
    UserId
    UserId
    Email
    Email
    USER_NAME
    UserName
    USER_ID
    UserId
    EMAIL
    Email
    "UserName"
    UserName
    "UserId"
    UserId
    "Email"
    Email

    DomainVpcOptions, DomainVpcOptionsArgs

    SecurityGroupIds List<string>
    The list of security group IDs that are associated with the VPC endpoints for the domain. If you don't provide a security group ID, OpenSearch Service uses the default security group for the VPC. To learn more, see Security groups for your VPC in the Amazon VPC User Guide .
    SubnetIds List<string>

    Provide one subnet ID for each Availability Zone that your domain uses. For example, you must specify three subnet IDs for a three-AZ domain. To learn more, see VPCs and subnets in the Amazon VPC User Guide .

    If you specify more than one subnet, you must also configure ZoneAwarenessEnabled and ZoneAwarenessConfig within ClusterConfig , otherwise you'll see the error "You must specify exactly one subnet" during template creation.

    SecurityGroupIds []string
    The list of security group IDs that are associated with the VPC endpoints for the domain. If you don't provide a security group ID, OpenSearch Service uses the default security group for the VPC. To learn more, see Security groups for your VPC in the Amazon VPC User Guide .
    SubnetIds []string

    Provide one subnet ID for each Availability Zone that your domain uses. For example, you must specify three subnet IDs for a three-AZ domain. To learn more, see VPCs and subnets in the Amazon VPC User Guide .

    If you specify more than one subnet, you must also configure ZoneAwarenessEnabled and ZoneAwarenessConfig within ClusterConfig , otherwise you'll see the error "You must specify exactly one subnet" during template creation.

    securityGroupIds List<String>
    The list of security group IDs that are associated with the VPC endpoints for the domain. If you don't provide a security group ID, OpenSearch Service uses the default security group for the VPC. To learn more, see Security groups for your VPC in the Amazon VPC User Guide .
    subnetIds List<String>

    Provide one subnet ID for each Availability Zone that your domain uses. For example, you must specify three subnet IDs for a three-AZ domain. To learn more, see VPCs and subnets in the Amazon VPC User Guide .

    If you specify more than one subnet, you must also configure ZoneAwarenessEnabled and ZoneAwarenessConfig within ClusterConfig , otherwise you'll see the error "You must specify exactly one subnet" during template creation.

    securityGroupIds string[]
    The list of security group IDs that are associated with the VPC endpoints for the domain. If you don't provide a security group ID, OpenSearch Service uses the default security group for the VPC. To learn more, see Security groups for your VPC in the Amazon VPC User Guide .
    subnetIds string[]

    Provide one subnet ID for each Availability Zone that your domain uses. For example, you must specify three subnet IDs for a three-AZ domain. To learn more, see VPCs and subnets in the Amazon VPC User Guide .

    If you specify more than one subnet, you must also configure ZoneAwarenessEnabled and ZoneAwarenessConfig within ClusterConfig , otherwise you'll see the error "You must specify exactly one subnet" during template creation.

    security_group_ids Sequence[str]
    The list of security group IDs that are associated with the VPC endpoints for the domain. If you don't provide a security group ID, OpenSearch Service uses the default security group for the VPC. To learn more, see Security groups for your VPC in the Amazon VPC User Guide .
    subnet_ids Sequence[str]

    Provide one subnet ID for each Availability Zone that your domain uses. For example, you must specify three subnet IDs for a three-AZ domain. To learn more, see VPCs and subnets in the Amazon VPC User Guide .

    If you specify more than one subnet, you must also configure ZoneAwarenessEnabled and ZoneAwarenessConfig within ClusterConfig , otherwise you'll see the error "You must specify exactly one subnet" during template creation.

    securityGroupIds List<String>
    The list of security group IDs that are associated with the VPC endpoints for the domain. If you don't provide a security group ID, OpenSearch Service uses the default security group for the VPC. To learn more, see Security groups for your VPC in the Amazon VPC User Guide .
    subnetIds List<String>

    Provide one subnet ID for each Availability Zone that your domain uses. For example, you must specify three subnet IDs for a three-AZ domain. To learn more, see VPCs and subnets in the Amazon VPC User Guide .

    If you specify more than one subnet, you must also configure ZoneAwarenessEnabled and ZoneAwarenessConfig within ClusterConfig , otherwise you'll see the error "You must specify exactly one subnet" during template creation.

    DomainWindowStartTime, DomainWindowStartTimeArgs

    Hours int
    The start hour of the window in Coordinated Universal Time (UTC), using 24-hour time. For example, 17 refers to 5:00 P.M. UTC. The minimum value is 0 and the maximum value is 23.
    Minutes int
    The start minute of the window, in UTC. The minimum value is 0 and the maximum value is 59.
    Hours int
    The start hour of the window in Coordinated Universal Time (UTC), using 24-hour time. For example, 17 refers to 5:00 P.M. UTC. The minimum value is 0 and the maximum value is 23.
    Minutes int
    The start minute of the window, in UTC. The minimum value is 0 and the maximum value is 59.
    hours Integer
    The start hour of the window in Coordinated Universal Time (UTC), using 24-hour time. For example, 17 refers to 5:00 P.M. UTC. The minimum value is 0 and the maximum value is 23.
    minutes Integer
    The start minute of the window, in UTC. The minimum value is 0 and the maximum value is 59.
    hours number
    The start hour of the window in Coordinated Universal Time (UTC), using 24-hour time. For example, 17 refers to 5:00 P.M. UTC. The minimum value is 0 and the maximum value is 23.
    minutes number
    The start minute of the window, in UTC. The minimum value is 0 and the maximum value is 59.
    hours int
    The start hour of the window in Coordinated Universal Time (UTC), using 24-hour time. For example, 17 refers to 5:00 P.M. UTC. The minimum value is 0 and the maximum value is 23.
    minutes int
    The start minute of the window, in UTC. The minimum value is 0 and the maximum value is 59.
    hours Number
    The start hour of the window in Coordinated Universal Time (UTC), using 24-hour time. For example, 17 refers to 5:00 P.M. UTC. The minimum value is 0 and the maximum value is 23.
    minutes Number
    The start minute of the window, in UTC. The minimum value is 0 and the maximum value is 59.

    DomainZoneAwarenessConfig, DomainZoneAwarenessConfigArgs

    AvailabilityZoneCount int

    If you enabled multiple Availability Zones (AZs), the number of AZs that you want the domain to use.

    Valid values are 2 and 3 . Default is 2.

    AvailabilityZoneCount int

    If you enabled multiple Availability Zones (AZs), the number of AZs that you want the domain to use.

    Valid values are 2 and 3 . Default is 2.

    availabilityZoneCount Integer

    If you enabled multiple Availability Zones (AZs), the number of AZs that you want the domain to use.

    Valid values are 2 and 3 . Default is 2.

    availabilityZoneCount number

    If you enabled multiple Availability Zones (AZs), the number of AZs that you want the domain to use.

    Valid values are 2 and 3 . Default is 2.

    availability_zone_count int

    If you enabled multiple Availability Zones (AZs), the number of AZs that you want the domain to use.

    Valid values are 2 and 3 . Default is 2.

    availabilityZoneCount Number

    If you enabled multiple Availability Zones (AZs), the number of AZs that you want the domain to use.

    Valid values are 2 and 3 . Default is 2.

    Tag, TagArgs

    Key string
    The key name of the tag
    Value string
    The value of the tag
    Key string
    The key name of the tag
    Value string
    The value of the tag
    key String
    The key name of the tag
    value String
    The value of the tag
    key string
    The key name of the tag
    value string
    The value of the tag
    key str
    The key name of the tag
    value str
    The value of the tag
    key String
    The key name of the tag
    value String
    The value of the tag

    Package Details

    Repository
    AWS Native pulumi/pulumi-aws-native
    License
    Apache-2.0
    aws-native logo

    We recommend new projects start with resources from the AWS provider.

    AWS Cloud Control v1.13.0 published on Wednesday, Dec 4, 2024 by Pulumi