Provides an AWS OpenSearch Application resource. OpenSearch Applications provide a user interface for interacting with OpenSearch data and managing OpenSearch resources.
Example Usage
Basic Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.opensearch.Application("example", {name: "my-opensearch-app"});
import pulumi
import pulumi_aws as aws
example = aws.opensearch.Application("example", name="my-opensearch-app")
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/opensearch"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := opensearch.NewApplication(ctx, "example", &opensearch.ApplicationArgs{
Name: pulumi.String("my-opensearch-app"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.OpenSearch.Application("example", new()
{
Name = "my-opensearch-app",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.opensearch.Application;
import com.pulumi.aws.opensearch.ApplicationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Application("example", ApplicationArgs.builder()
.name("my-opensearch-app")
.build());
}
}
resources:
example:
type: aws:opensearch:Application
properties:
name: my-opensearch-app
Application with Configuration
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.opensearch.Application("example", {
name: "my-opensearch-app",
appConfigs: [
{
key: "opensearchDashboards.dashboardAdmin.users",
value: "admin-user",
},
{
key: "opensearchDashboards.dashboardAdmin.groups",
value: "admin-group",
},
],
tags: {
Environment: "production",
Team: "data-platform",
},
});
import pulumi
import pulumi_aws as aws
example = aws.opensearch.Application("example",
name="my-opensearch-app",
app_configs=[
{
"key": "opensearchDashboards.dashboardAdmin.users",
"value": "admin-user",
},
{
"key": "opensearchDashboards.dashboardAdmin.groups",
"value": "admin-group",
},
],
tags={
"Environment": "production",
"Team": "data-platform",
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/opensearch"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := opensearch.NewApplication(ctx, "example", &opensearch.ApplicationArgs{
Name: pulumi.String("my-opensearch-app"),
AppConfigs: opensearch.ApplicationAppConfigArray{
&opensearch.ApplicationAppConfigArgs{
Key: pulumi.String("opensearchDashboards.dashboardAdmin.users"),
Value: pulumi.String("admin-user"),
},
&opensearch.ApplicationAppConfigArgs{
Key: pulumi.String("opensearchDashboards.dashboardAdmin.groups"),
Value: pulumi.String("admin-group"),
},
},
Tags: pulumi.StringMap{
"Environment": pulumi.String("production"),
"Team": pulumi.String("data-platform"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.OpenSearch.Application("example", new()
{
Name = "my-opensearch-app",
AppConfigs = new[]
{
new Aws.OpenSearch.Inputs.ApplicationAppConfigArgs
{
Key = "opensearchDashboards.dashboardAdmin.users",
Value = "admin-user",
},
new Aws.OpenSearch.Inputs.ApplicationAppConfigArgs
{
Key = "opensearchDashboards.dashboardAdmin.groups",
Value = "admin-group",
},
},
Tags =
{
{ "Environment", "production" },
{ "Team", "data-platform" },
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.opensearch.Application;
import com.pulumi.aws.opensearch.ApplicationArgs;
import com.pulumi.aws.opensearch.inputs.ApplicationAppConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Application("example", ApplicationArgs.builder()
.name("my-opensearch-app")
.appConfigs(
ApplicationAppConfigArgs.builder()
.key("opensearchDashboards.dashboardAdmin.users")
.value("admin-user")
.build(),
ApplicationAppConfigArgs.builder()
.key("opensearchDashboards.dashboardAdmin.groups")
.value("admin-group")
.build())
.tags(Map.ofEntries(
Map.entry("Environment", "production"),
Map.entry("Team", "data-platform")
))
.build());
}
}
resources:
example:
type: aws:opensearch:Application
properties:
name: my-opensearch-app
appConfigs:
- key: opensearchDashboards.dashboardAdmin.users
value: admin-user
- key: opensearchDashboards.dashboardAdmin.groups
value: admin-group
tags:
Environment: production
Team: data-platform
Application with Data Sources
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.opensearch.Domain("example", {
domainName: "example-domain",
engineVersion: "OpenSearch_2.3",
clusterConfig: {
instanceType: "t3.small.search",
},
ebsOptions: {
ebsEnabled: true,
volumeSize: 20,
},
});
const exampleApplication = new aws.opensearch.Application("example", {
name: "my-opensearch-app",
dataSources: [{
dataSourceArn: example.arn,
dataSourceDescription: "Primary OpenSearch domain for analytics",
}],
tags: {
Environment: "production",
},
});
import pulumi
import pulumi_aws as aws
example = aws.opensearch.Domain("example",
domain_name="example-domain",
engine_version="OpenSearch_2.3",
cluster_config={
"instance_type": "t3.small.search",
},
ebs_options={
"ebs_enabled": True,
"volume_size": 20,
})
example_application = aws.opensearch.Application("example",
name="my-opensearch-app",
data_sources=[{
"data_source_arn": example.arn,
"data_source_description": "Primary OpenSearch domain for analytics",
}],
tags={
"Environment": "production",
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/opensearch"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := opensearch.NewDomain(ctx, "example", &opensearch.DomainArgs{
DomainName: pulumi.String("example-domain"),
EngineVersion: pulumi.String("OpenSearch_2.3"),
ClusterConfig: &opensearch.DomainClusterConfigArgs{
InstanceType: pulumi.String("t3.small.search"),
},
EbsOptions: &opensearch.DomainEbsOptionsArgs{
EbsEnabled: pulumi.Bool(true),
VolumeSize: pulumi.Int(20),
},
})
if err != nil {
return err
}
_, err = opensearch.NewApplication(ctx, "example", &opensearch.ApplicationArgs{
Name: pulumi.String("my-opensearch-app"),
DataSources: opensearch.ApplicationDataSourceArray{
&opensearch.ApplicationDataSourceArgs{
DataSourceArn: example.Arn,
DataSourceDescription: pulumi.String("Primary OpenSearch domain for analytics"),
},
},
Tags: pulumi.StringMap{
"Environment": pulumi.String("production"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.OpenSearch.Domain("example", new()
{
DomainName = "example-domain",
EngineVersion = "OpenSearch_2.3",
ClusterConfig = new Aws.OpenSearch.Inputs.DomainClusterConfigArgs
{
InstanceType = "t3.small.search",
},
EbsOptions = new Aws.OpenSearch.Inputs.DomainEbsOptionsArgs
{
EbsEnabled = true,
VolumeSize = 20,
},
});
var exampleApplication = new Aws.OpenSearch.Application("example", new()
{
Name = "my-opensearch-app",
DataSources = new[]
{
new Aws.OpenSearch.Inputs.ApplicationDataSourceArgs
{
DataSourceArn = example.Arn,
DataSourceDescription = "Primary OpenSearch domain for analytics",
},
},
Tags =
{
{ "Environment", "production" },
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.opensearch.Domain;
import com.pulumi.aws.opensearch.DomainArgs;
import com.pulumi.aws.opensearch.inputs.DomainClusterConfigArgs;
import com.pulumi.aws.opensearch.inputs.DomainEbsOptionsArgs;
import com.pulumi.aws.opensearch.Application;
import com.pulumi.aws.opensearch.ApplicationArgs;
import com.pulumi.aws.opensearch.inputs.ApplicationDataSourceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Domain("example", DomainArgs.builder()
.domainName("example-domain")
.engineVersion("OpenSearch_2.3")
.clusterConfig(DomainClusterConfigArgs.builder()
.instanceType("t3.small.search")
.build())
.ebsOptions(DomainEbsOptionsArgs.builder()
.ebsEnabled(true)
.volumeSize(20)
.build())
.build());
var exampleApplication = new Application("exampleApplication", ApplicationArgs.builder()
.name("my-opensearch-app")
.dataSources(ApplicationDataSourceArgs.builder()
.dataSourceArn(example.arn())
.dataSourceDescription("Primary OpenSearch domain for analytics")
.build())
.tags(Map.of("Environment", "production"))
.build());
}
}
resources:
example:
type: aws:opensearch:Domain
properties:
domainName: example-domain
engineVersion: OpenSearch_2.3
clusterConfig:
instanceType: t3.small.search
ebsOptions:
ebsEnabled: true
volumeSize: 20
exampleApplication:
type: aws:opensearch:Application
name: example
properties:
name: my-opensearch-app
dataSources:
- dataSourceArn: ${example.arn}
dataSourceDescription: Primary OpenSearch domain for analytics
tags:
Environment: production
Application with IAM Identity Center Integration
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
// Data sources for account and region information
const example = aws.ssoadmin.getInstances({});
const current = aws.getCallerIdentity({});
const currentGetRegion = aws.getRegion({});
// IAM Policy for OpenSearch Application Identity Center Integration
const opensearchIdentityCenter = new aws.iam.Policy("opensearch_identity_center", {
name: "opensearch-identity-center-policy",
description: "Policy for OpenSearch Application Identity Center integration",
policy: JSON.stringify({
Version: "2012-10-17",
Statement: [
{
Sid: "IdentityStoreOpenSearchDomainConnectivity",
Effect: "Allow",
Action: [
"identitystore:DescribeUser",
"identitystore:ListGroupMembershipsForMember",
"identitystore:DescribeGroup",
],
Resource: "*",
Condition: {
"ForAnyValue:StringEquals": {
"aws:CalledViaLast": "es.amazonaws.com",
},
},
},
{
Sid: "OpenSearchDomain",
Effect: "Allow",
Action: ["es:ESHttp*"],
Resource: "*",
},
{
Sid: "OpenSearchServerless",
Effect: "Allow",
Action: ["aoss:APIAccessAll"],
Resource: "*",
},
],
}),
});
// IAM Role for OpenSearch Application
const opensearchApplication = new aws.iam.Role("opensearch_application", {
name: "opensearch-application-role",
assumeRolePolicy: JSON.stringify({
Version: "2012-10-17",
Statement: [
{
Effect: "Allow",
Principal: {
Service: "application.opensearchservice.amazonaws.com",
},
Action: "sts:AssumeRole",
},
{
Effect: "Allow",
Principal: {
Service: "application.opensearchservice.amazonaws.com",
},
Action: "sts:SetContext",
Condition: {
"ForAllValues:ArnEquals": {
"sts:RequestContextProviders": Promise.all([current, currentGetRegion]).then(([current, currentGetRegion]) => `arn:aws:iam::${current.accountId}:oidc-provider/portal.sso.${currentGetRegion.id}.amazonaws.com/apl/*`),
},
},
},
],
}),
});
// Attach policy to role
const opensearchIdentityCenterRolePolicyAttachment = new aws.iam.RolePolicyAttachment("opensearch_identity_center", {
role: opensearchApplication.name,
policyArn: opensearchIdentityCenter.arn,
});
const exampleApplication = new aws.opensearch.Application("example", {
name: "my-opensearch-app",
iamIdentityCenterOptions: {
enabled: true,
iamIdentityCenterInstanceArn: example.then(example => example.arns?.[0]),
iamRoleForIdentityCenterApplicationArn: opensearchApplication.arn,
},
tags: {
Environment: "production",
},
});
import pulumi
import json
import pulumi_aws as aws
# Data sources for account and region information
example = aws.ssoadmin.get_instances()
current = aws.get_caller_identity()
current_get_region = aws.get_region()
# IAM Policy for OpenSearch Application Identity Center Integration
opensearch_identity_center = aws.iam.Policy("opensearch_identity_center",
name="opensearch-identity-center-policy",
description="Policy for OpenSearch Application Identity Center integration",
policy=json.dumps({
"Version": "2012-10-17",
"Statement": [
{
"Sid": "IdentityStoreOpenSearchDomainConnectivity",
"Effect": "Allow",
"Action": [
"identitystore:DescribeUser",
"identitystore:ListGroupMembershipsForMember",
"identitystore:DescribeGroup",
],
"Resource": "*",
"Condition": {
"ForAnyValue:StringEquals": {
"aws:CalledViaLast": "es.amazonaws.com",
},
},
},
{
"Sid": "OpenSearchDomain",
"Effect": "Allow",
"Action": ["es:ESHttp*"],
"Resource": "*",
},
{
"Sid": "OpenSearchServerless",
"Effect": "Allow",
"Action": ["aoss:APIAccessAll"],
"Resource": "*",
},
],
}))
# IAM Role for OpenSearch Application
opensearch_application = aws.iam.Role("opensearch_application",
name="opensearch-application-role",
assume_role_policy=json.dumps({
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "application.opensearchservice.amazonaws.com",
},
"Action": "sts:AssumeRole",
},
{
"Effect": "Allow",
"Principal": {
"Service": "application.opensearchservice.amazonaws.com",
},
"Action": "sts:SetContext",
"Condition": {
"ForAllValues:ArnEquals": {
"sts:RequestContextProviders": f"arn:aws:iam::{current.account_id}:oidc-provider/portal.sso.{current_get_region.id}.amazonaws.com/apl/*",
},
},
},
],
}))
# Attach policy to role
opensearch_identity_center_role_policy_attachment = aws.iam.RolePolicyAttachment("opensearch_identity_center",
role=opensearch_application.name,
policy_arn=opensearch_identity_center.arn)
example_application = aws.opensearch.Application("example",
name="my-opensearch-app",
iam_identity_center_options={
"enabled": True,
"iam_identity_center_instance_arn": example.arns[0],
"iam_role_for_identity_center_application_arn": opensearch_application.arn,
},
tags={
"Environment": "production",
})
package main
import (
"encoding/json"
"fmt"
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws"
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/iam"
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/opensearch"
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/ssoadmin"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// Data sources for account and region information
example, err := ssoadmin.GetInstances(ctx, &ssoadmin.GetInstancesArgs{}, nil)
if err != nil {
return err
}
current, err := aws.GetCallerIdentity(ctx, &aws.GetCallerIdentityArgs{}, nil)
if err != nil {
return err
}
currentGetRegion, err := aws.GetRegion(ctx, &aws.GetRegionArgs{}, nil)
if err != nil {
return err
}
tmpJSON0, err := json.Marshal(map[string]interface{}{
"Version": "2012-10-17",
"Statement": []interface{}{
map[string]interface{}{
"Sid": "IdentityStoreOpenSearchDomainConnectivity",
"Effect": "Allow",
"Action": []string{
"identitystore:DescribeUser",
"identitystore:ListGroupMembershipsForMember",
"identitystore:DescribeGroup",
},
"Resource": "*",
"Condition": map[string]interface{}{
"ForAnyValue:StringEquals": map[string]interface{}{
"aws:CalledViaLast": "es.amazonaws.com",
},
},
},
map[string]interface{}{
"Sid": "OpenSearchDomain",
"Effect": "Allow",
"Action": []string{
"es:ESHttp*",
},
"Resource": "*",
},
map[string]interface{}{
"Sid": "OpenSearchServerless",
"Effect": "Allow",
"Action": []string{
"aoss:APIAccessAll",
},
"Resource": "*",
},
},
})
if err != nil {
return err
}
json0 := string(tmpJSON0)
// IAM Policy for OpenSearch Application Identity Center Integration
opensearchIdentityCenter, err := iam.NewPolicy(ctx, "opensearch_identity_center", &iam.PolicyArgs{
Name: pulumi.String("opensearch-identity-center-policy"),
Description: pulumi.String("Policy for OpenSearch Application Identity Center integration"),
Policy: pulumi.String(json0),
})
if err != nil {
return err
}
tmpJSON1, err := json.Marshal(map[string]interface{}{
"Version": "2012-10-17",
"Statement": []map[string]interface{}{
map[string]interface{}{
"Effect": "Allow",
"Principal": map[string]interface{}{
"Service": "application.opensearchservice.amazonaws.com",
},
"Action": "sts:AssumeRole",
},
map[string]interface{}{
"Effect": "Allow",
"Principal": map[string]interface{}{
"Service": "application.opensearchservice.amazonaws.com",
},
"Action": "sts:SetContext",
"Condition": map[string]interface{}{
"ForAllValues:ArnEquals": map[string]interface{}{
"sts:RequestContextProviders": fmt.Sprintf("arn:aws:iam::%v:oidc-provider/portal.sso.%v.amazonaws.com/apl/*", current.AccountId, currentGetRegion.Id),
},
},
},
},
})
if err != nil {
return err
}
json1 := string(tmpJSON1)
// IAM Role for OpenSearch Application
opensearchApplication, err := iam.NewRole(ctx, "opensearch_application", &iam.RoleArgs{
Name: pulumi.String("opensearch-application-role"),
AssumeRolePolicy: pulumi.String(json1),
})
if err != nil {
return err
}
// Attach policy to role
_, err = iam.NewRolePolicyAttachment(ctx, "opensearch_identity_center", &iam.RolePolicyAttachmentArgs{
Role: opensearchApplication.Name,
PolicyArn: opensearchIdentityCenter.Arn,
})
if err != nil {
return err
}
_, err = opensearch.NewApplication(ctx, "example", &opensearch.ApplicationArgs{
Name: pulumi.String("my-opensearch-app"),
IamIdentityCenterOptions: &opensearch.ApplicationIamIdentityCenterOptionsArgs{
Enabled: pulumi.Bool(true),
IamIdentityCenterInstanceArn: pulumi.String(example.Arns[0]),
IamRoleForIdentityCenterApplicationArn: opensearchApplication.Arn,
},
Tags: pulumi.StringMap{
"Environment": pulumi.String("production"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
// Data sources for account and region information
var example = Aws.SsoAdmin.GetInstances.Invoke();
var current = Aws.GetCallerIdentity.Invoke();
var currentGetRegion = Aws.GetRegion.Invoke();
// IAM Policy for OpenSearch Application Identity Center Integration
var opensearchIdentityCenter = new Aws.Iam.Policy("opensearch_identity_center", new()
{
Name = "opensearch-identity-center-policy",
Description = "Policy for OpenSearch Application Identity Center integration",
PolicyDocument = JsonSerializer.Serialize(new Dictionary<string, object?>
{
["Version"] = "2012-10-17",
["Statement"] = new[]
{
new Dictionary<string, object?>
{
["Sid"] = "IdentityStoreOpenSearchDomainConnectivity",
["Effect"] = "Allow",
["Action"] = new[]
{
"identitystore:DescribeUser",
"identitystore:ListGroupMembershipsForMember",
"identitystore:DescribeGroup",
},
["Resource"] = "*",
["Condition"] = new Dictionary<string, object?>
{
["ForAnyValue:StringEquals"] = new Dictionary<string, object?>
{
["aws:CalledViaLast"] = "es.amazonaws.com",
},
},
},
new Dictionary<string, object?>
{
["Sid"] = "OpenSearchDomain",
["Effect"] = "Allow",
["Action"] = new[]
{
"es:ESHttp*",
},
["Resource"] = "*",
},
new Dictionary<string, object?>
{
["Sid"] = "OpenSearchServerless",
["Effect"] = "Allow",
["Action"] = new[]
{
"aoss:APIAccessAll",
},
["Resource"] = "*",
},
},
}),
});
// IAM Role for OpenSearch Application
var opensearchApplication = new Aws.Iam.Role("opensearch_application", new()
{
Name = "opensearch-application-role",
AssumeRolePolicy = JsonSerializer.Serialize(new Dictionary<string, object?>
{
["Version"] = "2012-10-17",
["Statement"] = new[]
{
new Dictionary<string, object?>
{
["Effect"] = "Allow",
["Principal"] = new Dictionary<string, object?>
{
["Service"] = "application.opensearchservice.amazonaws.com",
},
["Action"] = "sts:AssumeRole",
},
new Dictionary<string, object?>
{
["Effect"] = "Allow",
["Principal"] = new Dictionary<string, object?>
{
["Service"] = "application.opensearchservice.amazonaws.com",
},
["Action"] = "sts:SetContext",
["Condition"] = new Dictionary<string, object?>
{
["ForAllValues:ArnEquals"] = new Dictionary<string, object?>
{
["sts:RequestContextProviders"] = Output.Tuple(current, currentGetRegion).Apply(values =>
{
var current = values.Item1;
var currentGetRegion = values.Item2;
return $"arn:aws:iam::{current.Apply(getCallerIdentityResult => getCallerIdentityResult.AccountId)}:oidc-provider/portal.sso.{currentGetRegion.Apply(getRegionResult => getRegionResult.Id)}.amazonaws.com/apl/*";
}),
},
},
},
},
}),
});
// Attach policy to role
var opensearchIdentityCenterRolePolicyAttachment = new Aws.Iam.RolePolicyAttachment("opensearch_identity_center", new()
{
Role = opensearchApplication.Name,
PolicyArn = opensearchIdentityCenter.Arn,
});
var exampleApplication = new Aws.OpenSearch.Application("example", new()
{
Name = "my-opensearch-app",
IamIdentityCenterOptions = new Aws.OpenSearch.Inputs.ApplicationIamIdentityCenterOptionsArgs
{
Enabled = true,
IamIdentityCenterInstanceArn = example.Apply(getInstancesResult => getInstancesResult.Arns[0]),
IamRoleForIdentityCenterApplicationArn = opensearchApplication.Arn,
},
Tags =
{
{ "Environment", "production" },
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ssoadmin.SsoadminFunctions;
import com.pulumi.aws.ssoadmin.inputs.GetInstancesArgs;
import com.pulumi.aws.AwsFunctions;
import com.pulumi.aws.inputs.GetCallerIdentityArgs;
import com.pulumi.aws.inputs.GetRegionArgs;
import com.pulumi.aws.iam.Policy;
import com.pulumi.aws.iam.PolicyArgs;
import com.pulumi.aws.iam.Role;
import com.pulumi.aws.iam.RoleArgs;
import com.pulumi.aws.iam.RolePolicyAttachment;
import com.pulumi.aws.iam.RolePolicyAttachmentArgs;
import com.pulumi.aws.opensearch.Application;
import com.pulumi.aws.opensearch.ApplicationArgs;
import com.pulumi.aws.opensearch.inputs.ApplicationIamIdentityCenterOptionsArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// Data sources for account and region information
final var example = SsoadminFunctions.getInstances(GetInstancesArgs.builder()
.build());
final var current = AwsFunctions.getCallerIdentity(GetCallerIdentityArgs.builder()
.build());
final var currentGetRegion = AwsFunctions.getRegion(GetRegionArgs.builder()
.build());
// IAM Policy for OpenSearch Application Identity Center Integration
var opensearchIdentityCenter = new Policy("opensearchIdentityCenter", PolicyArgs.builder()
.name("opensearch-identity-center-policy")
.description("Policy for OpenSearch Application Identity Center integration")
.policy(serializeJson(
jsonObject(
jsonProperty("Version", "2012-10-17"),
jsonProperty("Statement", jsonArray(
jsonObject(
jsonProperty("Sid", "IdentityStoreOpenSearchDomainConnectivity"),
jsonProperty("Effect", "Allow"),
jsonProperty("Action", jsonArray(
"identitystore:DescribeUser",
"identitystore:ListGroupMembershipsForMember",
"identitystore:DescribeGroup"
)),
jsonProperty("Resource", "*"),
jsonProperty("Condition", jsonObject(
jsonProperty("ForAnyValue:StringEquals", jsonObject(
jsonProperty("aws:CalledViaLast", "es.amazonaws.com")
))
))
),
jsonObject(
jsonProperty("Sid", "OpenSearchDomain"),
jsonProperty("Effect", "Allow"),
jsonProperty("Action", jsonArray("es:ESHttp*")),
jsonProperty("Resource", "*")
),
jsonObject(
jsonProperty("Sid", "OpenSearchServerless"),
jsonProperty("Effect", "Allow"),
jsonProperty("Action", jsonArray("aoss:APIAccessAll")),
jsonProperty("Resource", "*")
)
))
)))
.build());
// IAM Role for OpenSearch Application
var opensearchApplication = new Role("opensearchApplication", RoleArgs.builder()
.name("opensearch-application-role")
.assumeRolePolicy(serializeJson(
jsonObject(
jsonProperty("Version", "2012-10-17"),
jsonProperty("Statement", jsonArray(
jsonObject(
jsonProperty("Effect", "Allow"),
jsonProperty("Principal", jsonObject(
jsonProperty("Service", "application.opensearchservice.amazonaws.com")
)),
jsonProperty("Action", "sts:AssumeRole")
),
jsonObject(
jsonProperty("Effect", "Allow"),
jsonProperty("Principal", jsonObject(
jsonProperty("Service", "application.opensearchservice.amazonaws.com")
)),
jsonProperty("Action", "sts:SetContext"),
jsonProperty("Condition", jsonObject(
jsonProperty("ForAllValues:ArnEquals", jsonObject(
jsonProperty("sts:RequestContextProviders", String.format("arn:aws:iam::%s:oidc-provider/portal.sso.%s.amazonaws.com/apl/*", current.accountId(),currentGetRegion.id()))
))
))
)
))
)))
.build());
// Attach policy to role
var opensearchIdentityCenterRolePolicyAttachment = new RolePolicyAttachment("opensearchIdentityCenterRolePolicyAttachment", RolePolicyAttachmentArgs.builder()
.role(opensearchApplication.name())
.policyArn(opensearchIdentityCenter.arn())
.build());
var exampleApplication = new Application("exampleApplication", ApplicationArgs.builder()
.name("my-opensearch-app")
.iamIdentityCenterOptions(ApplicationIamIdentityCenterOptionsArgs.builder()
.enabled(true)
.iamIdentityCenterInstanceArn(example.arns()[0])
.iamRoleForIdentityCenterApplicationArn(opensearchApplication.arn())
.build())
.tags(Map.of("Environment", "production"))
.build());
}
}
resources:
# IAM Policy for OpenSearch Application Identity Center Integration
opensearchIdentityCenter:
type: aws:iam:Policy
name: opensearch_identity_center
properties:
name: opensearch-identity-center-policy
description: Policy for OpenSearch Application Identity Center integration
policy:
fn::toJSON:
Version: 2012-10-17
Statement:
- Sid: IdentityStoreOpenSearchDomainConnectivity
Effect: Allow
Action:
- identitystore:DescribeUser
- identitystore:ListGroupMembershipsForMember
- identitystore:DescribeGroup
Resource: '*'
Condition:
ForAnyValue:StringEquals:
aws:CalledViaLast: es.amazonaws.com
- Sid: OpenSearchDomain
Effect: Allow
Action:
- es:ESHttp*
Resource: '*'
- Sid: OpenSearchServerless
Effect: Allow
Action:
- aoss:APIAccessAll
Resource: '*'
# IAM Role for OpenSearch Application
opensearchApplication:
type: aws:iam:Role
name: opensearch_application
properties:
name: opensearch-application-role
assumeRolePolicy:
fn::toJSON:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
Service: application.opensearchservice.amazonaws.com
Action: sts:AssumeRole
- Effect: Allow
Principal:
Service: application.opensearchservice.amazonaws.com
Action: sts:SetContext
Condition:
ForAllValues:ArnEquals:
sts:RequestContextProviders: arn:aws:iam::${current.accountId}:oidc-provider/portal.sso.${currentGetRegion.id}.amazonaws.com/apl/*
# Attach policy to role
opensearchIdentityCenterRolePolicyAttachment:
type: aws:iam:RolePolicyAttachment
name: opensearch_identity_center
properties:
role: ${opensearchApplication.name}
policyArn: ${opensearchIdentityCenter.arn}
exampleApplication:
type: aws:opensearch:Application
name: example
properties:
name: my-opensearch-app
iamIdentityCenterOptions:
enabled: true
iamIdentityCenterInstanceArn: ${example.arns[0]}
iamRoleForIdentityCenterApplicationArn: ${opensearchApplication.arn}
tags:
Environment: production
variables:
# Data sources for account and region information
example:
fn::invoke:
function: aws:ssoadmin:getInstances
arguments: {}
current:
fn::invoke:
function: aws:getCallerIdentity
arguments: {}
currentGetRegion:
fn::invoke:
function: aws:getRegion
arguments: {}
Additional Information
For more information about OpenSearch Applications, see the AWS OpenSearch Service Developer Guide.
For information about configuring IAM Identity Center with OpenSearch Applications, see Using AWS IAM Identity Center authentication.
Create Application Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Application(name: string, args?: ApplicationArgs, opts?: CustomResourceOptions);@overload
def Application(resource_name: str,
args: Optional[ApplicationArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def Application(resource_name: str,
opts: Optional[ResourceOptions] = None,
app_configs: Optional[Sequence[ApplicationAppConfigArgs]] = None,
data_sources: Optional[Sequence[ApplicationDataSourceArgs]] = None,
iam_identity_center_options: Optional[ApplicationIamIdentityCenterOptionsArgs] = None,
kms_key_arn: Optional[str] = None,
name: Optional[str] = None,
region: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None,
timeouts: Optional[ApplicationTimeoutsArgs] = None)func NewApplication(ctx *Context, name string, args *ApplicationArgs, opts ...ResourceOption) (*Application, error)public Application(string name, ApplicationArgs? args = null, CustomResourceOptions? opts = null)
public Application(String name, ApplicationArgs args)
public Application(String name, ApplicationArgs args, CustomResourceOptions options)
type: aws:opensearch:Application
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ApplicationArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ApplicationArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ApplicationArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ApplicationArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ApplicationArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var exampleapplicationResourceResourceFromOpensearchapplication = new Aws.OpenSearch.Application("exampleapplicationResourceResourceFromOpensearchapplication", new()
{
AppConfigs = new[]
{
new Aws.OpenSearch.Inputs.ApplicationAppConfigArgs
{
Key = "string",
Value = "string",
},
},
DataSources = new[]
{
new Aws.OpenSearch.Inputs.ApplicationDataSourceArgs
{
DataSourceArn = "string",
DataSourceDescription = "string",
},
},
IamIdentityCenterOptions = new Aws.OpenSearch.Inputs.ApplicationIamIdentityCenterOptionsArgs
{
Enabled = false,
IamIdentityCenterApplicationArn = "string",
IamIdentityCenterInstanceArn = "string",
IamRoleForIdentityCenterApplicationArn = "string",
},
KmsKeyArn = "string",
Name = "string",
Region = "string",
Tags =
{
{ "string", "string" },
},
Timeouts = new Aws.OpenSearch.Inputs.ApplicationTimeoutsArgs
{
Create = "string",
Delete = "string",
Update = "string",
},
});
example, err := opensearch.NewApplication(ctx, "exampleapplicationResourceResourceFromOpensearchapplication", &opensearch.ApplicationArgs{
AppConfigs: opensearch.ApplicationAppConfigArray{
&opensearch.ApplicationAppConfigArgs{
Key: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
DataSources: opensearch.ApplicationDataSourceArray{
&opensearch.ApplicationDataSourceArgs{
DataSourceArn: pulumi.String("string"),
DataSourceDescription: pulumi.String("string"),
},
},
IamIdentityCenterOptions: &opensearch.ApplicationIamIdentityCenterOptionsArgs{
Enabled: pulumi.Bool(false),
IamIdentityCenterApplicationArn: pulumi.String("string"),
IamIdentityCenterInstanceArn: pulumi.String("string"),
IamRoleForIdentityCenterApplicationArn: pulumi.String("string"),
},
KmsKeyArn: pulumi.String("string"),
Name: pulumi.String("string"),
Region: pulumi.String("string"),
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
Timeouts: &opensearch.ApplicationTimeoutsArgs{
Create: pulumi.String("string"),
Delete: pulumi.String("string"),
Update: pulumi.String("string"),
},
})
var exampleapplicationResourceResourceFromOpensearchapplication = new com.pulumi.aws.opensearch.Application("exampleapplicationResourceResourceFromOpensearchapplication", com.pulumi.aws.opensearch.ApplicationArgs.builder()
.appConfigs(ApplicationAppConfigArgs.builder()
.key("string")
.value("string")
.build())
.dataSources(ApplicationDataSourceArgs.builder()
.dataSourceArn("string")
.dataSourceDescription("string")
.build())
.iamIdentityCenterOptions(ApplicationIamIdentityCenterOptionsArgs.builder()
.enabled(false)
.iamIdentityCenterApplicationArn("string")
.iamIdentityCenterInstanceArn("string")
.iamRoleForIdentityCenterApplicationArn("string")
.build())
.kmsKeyArn("string")
.name("string")
.region("string")
.tags(Map.of("string", "string"))
.timeouts(ApplicationTimeoutsArgs.builder()
.create("string")
.delete("string")
.update("string")
.build())
.build());
exampleapplication_resource_resource_from_opensearchapplication = aws.opensearch.Application("exampleapplicationResourceResourceFromOpensearchapplication",
app_configs=[{
"key": "string",
"value": "string",
}],
data_sources=[{
"data_source_arn": "string",
"data_source_description": "string",
}],
iam_identity_center_options={
"enabled": False,
"iam_identity_center_application_arn": "string",
"iam_identity_center_instance_arn": "string",
"iam_role_for_identity_center_application_arn": "string",
},
kms_key_arn="string",
name="string",
region="string",
tags={
"string": "string",
},
timeouts={
"create": "string",
"delete": "string",
"update": "string",
})
const exampleapplicationResourceResourceFromOpensearchapplication = new aws.opensearch.Application("exampleapplicationResourceResourceFromOpensearchapplication", {
appConfigs: [{
key: "string",
value: "string",
}],
dataSources: [{
dataSourceArn: "string",
dataSourceDescription: "string",
}],
iamIdentityCenterOptions: {
enabled: false,
iamIdentityCenterApplicationArn: "string",
iamIdentityCenterInstanceArn: "string",
iamRoleForIdentityCenterApplicationArn: "string",
},
kmsKeyArn: "string",
name: "string",
region: "string",
tags: {
string: "string",
},
timeouts: {
create: "string",
"delete": "string",
update: "string",
},
});
type: aws:opensearch:Application
properties:
appConfigs:
- key: string
value: string
dataSources:
- dataSourceArn: string
dataSourceDescription: string
iamIdentityCenterOptions:
enabled: false
iamIdentityCenterApplicationArn: string
iamIdentityCenterInstanceArn: string
iamRoleForIdentityCenterApplicationArn: string
kmsKeyArn: string
name: string
region: string
tags:
string: string
timeouts:
create: string
delete: string
update: string
Application Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Application resource accepts the following input properties:
- App
Configs List<ApplicationApp Config> - Configuration block(s) for OpenSearch application settings. See App Config below.
- Data
Sources List<ApplicationData Source> - Configuration block(s) for data sources to link to the OpenSearch application. See Data Source below.
- Iam
Identity ApplicationCenter Options Iam Identity Center Options - Configuration block for integrating AWS IAM Identity Center with the OpenSearch application. See IAM Identity Center Options below.
- Kms
Key stringArn - ARN of the KMS key used to encrypt the application's data at rest.
- Name string
- The unique name of the OpenSearch application. Names must be unique within an AWS Region for each account. Must be between 3 and 30 characters, start with a lowercase letter, and contain only lowercase letters, numbers, and hyphens.
- Region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Dictionary<string, string>
- A map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Timeouts
Application
Timeouts
- App
Configs []ApplicationApp Config Args - Configuration block(s) for OpenSearch application settings. See App Config below.
- Data
Sources []ApplicationData Source Args - Configuration block(s) for data sources to link to the OpenSearch application. See Data Source below.
- Iam
Identity ApplicationCenter Options Iam Identity Center Options Args - Configuration block for integrating AWS IAM Identity Center with the OpenSearch application. See IAM Identity Center Options below.
- Kms
Key stringArn - ARN of the KMS key used to encrypt the application's data at rest.
- Name string
- The unique name of the OpenSearch application. Names must be unique within an AWS Region for each account. Must be between 3 and 30 characters, start with a lowercase letter, and contain only lowercase letters, numbers, and hyphens.
- Region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- map[string]string
- A map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Timeouts
Application
Timeouts Args
- app
Configs List<ApplicationApp Config> - Configuration block(s) for OpenSearch application settings. See App Config below.
- data
Sources List<ApplicationData Source> - Configuration block(s) for data sources to link to the OpenSearch application. See Data Source below.
- iam
Identity ApplicationCenter Options Iam Identity Center Options - Configuration block for integrating AWS IAM Identity Center with the OpenSearch application. See IAM Identity Center Options below.
- kms
Key StringArn - ARN of the KMS key used to encrypt the application's data at rest.
- name String
- The unique name of the OpenSearch application. Names must be unique within an AWS Region for each account. Must be between 3 and 30 characters, start with a lowercase letter, and contain only lowercase letters, numbers, and hyphens.
- region String
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Map<String,String>
- A map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - timeouts
Application
Timeouts
- app
Configs ApplicationApp Config[] - Configuration block(s) for OpenSearch application settings. See App Config below.
- data
Sources ApplicationData Source[] - Configuration block(s) for data sources to link to the OpenSearch application. See Data Source below.
- iam
Identity ApplicationCenter Options Iam Identity Center Options - Configuration block for integrating AWS IAM Identity Center with the OpenSearch application. See IAM Identity Center Options below.
- kms
Key stringArn - ARN of the KMS key used to encrypt the application's data at rest.
- name string
- The unique name of the OpenSearch application. Names must be unique within an AWS Region for each account. Must be between 3 and 30 characters, start with a lowercase letter, and contain only lowercase letters, numbers, and hyphens.
- region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- {[key: string]: string}
- A map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - timeouts
Application
Timeouts
- app_
configs Sequence[ApplicationApp Config Args] - Configuration block(s) for OpenSearch application settings. See App Config below.
- data_
sources Sequence[ApplicationData Source Args] - Configuration block(s) for data sources to link to the OpenSearch application. See Data Source below.
- iam_
identity_ Applicationcenter_ options Iam Identity Center Options Args - Configuration block for integrating AWS IAM Identity Center with the OpenSearch application. See IAM Identity Center Options below.
- kms_
key_ strarn - ARN of the KMS key used to encrypt the application's data at rest.
- name str
- The unique name of the OpenSearch application. Names must be unique within an AWS Region for each account. Must be between 3 and 30 characters, start with a lowercase letter, and contain only lowercase letters, numbers, and hyphens.
- region str
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Mapping[str, str]
- A map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - timeouts
Application
Timeouts Args
- app
Configs List<Property Map> - Configuration block(s) for OpenSearch application settings. See App Config below.
- data
Sources List<Property Map> - Configuration block(s) for data sources to link to the OpenSearch application. See Data Source below.
- iam
Identity Property MapCenter Options - Configuration block for integrating AWS IAM Identity Center with the OpenSearch application. See IAM Identity Center Options below.
- kms
Key StringArn - ARN of the KMS key used to encrypt the application's data at rest.
- name String
- The unique name of the OpenSearch application. Names must be unique within an AWS Region for each account. Must be between 3 and 30 characters, start with a lowercase letter, and contain only lowercase letters, numbers, and hyphens.
- region String
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Map<String>
- A map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - timeouts Property Map
Outputs
All input properties are implicitly available as output properties. Additionally, the Application resource produces the following output properties:
- Arn string
- The Amazon Resource Name (ARN) of the OpenSearch application.
- Endpoint string
- Endpoint URL of the OpenSearch application.
- Id string
- The provider-assigned unique ID for this managed resource.
- Dictionary<string, string>
- A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.
- Arn string
- The Amazon Resource Name (ARN) of the OpenSearch application.
- Endpoint string
- Endpoint URL of the OpenSearch application.
- Id string
- The provider-assigned unique ID for this managed resource.
- map[string]string
- A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.
- arn String
- The Amazon Resource Name (ARN) of the OpenSearch application.
- endpoint String
- Endpoint URL of the OpenSearch application.
- id String
- The provider-assigned unique ID for this managed resource.
- Map<String,String>
- A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.
- arn string
- The Amazon Resource Name (ARN) of the OpenSearch application.
- endpoint string
- Endpoint URL of the OpenSearch application.
- id string
- The provider-assigned unique ID for this managed resource.
- {[key: string]: string}
- A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.
- arn str
- The Amazon Resource Name (ARN) of the OpenSearch application.
- endpoint str
- Endpoint URL of the OpenSearch application.
- id str
- The provider-assigned unique ID for this managed resource.
- Mapping[str, str]
- A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.
- arn String
- The Amazon Resource Name (ARN) of the OpenSearch application.
- endpoint String
- Endpoint URL of the OpenSearch application.
- id String
- The provider-assigned unique ID for this managed resource.
- Map<String>
- A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.
Look up Existing Application Resource
Get an existing Application resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ApplicationState, opts?: CustomResourceOptions): Application@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
app_configs: Optional[Sequence[ApplicationAppConfigArgs]] = None,
arn: Optional[str] = None,
data_sources: Optional[Sequence[ApplicationDataSourceArgs]] = None,
endpoint: Optional[str] = None,
iam_identity_center_options: Optional[ApplicationIamIdentityCenterOptionsArgs] = None,
kms_key_arn: Optional[str] = None,
name: Optional[str] = None,
region: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None,
tags_all: Optional[Mapping[str, str]] = None,
timeouts: Optional[ApplicationTimeoutsArgs] = None) -> Applicationfunc GetApplication(ctx *Context, name string, id IDInput, state *ApplicationState, opts ...ResourceOption) (*Application, error)public static Application Get(string name, Input<string> id, ApplicationState? state, CustomResourceOptions? opts = null)public static Application get(String name, Output<String> id, ApplicationState state, CustomResourceOptions options)resources: _: type: aws:opensearch:Application get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- App
Configs List<ApplicationApp Config> - Configuration block(s) for OpenSearch application settings. See App Config below.
- Arn string
- The Amazon Resource Name (ARN) of the OpenSearch application.
- Data
Sources List<ApplicationData Source> - Configuration block(s) for data sources to link to the OpenSearch application. See Data Source below.
- Endpoint string
- Endpoint URL of the OpenSearch application.
- Iam
Identity ApplicationCenter Options Iam Identity Center Options - Configuration block for integrating AWS IAM Identity Center with the OpenSearch application. See IAM Identity Center Options below.
- Kms
Key stringArn - ARN of the KMS key used to encrypt the application's data at rest.
- Name string
- The unique name of the OpenSearch application. Names must be unique within an AWS Region for each account. Must be between 3 and 30 characters, start with a lowercase letter, and contain only lowercase letters, numbers, and hyphens.
- Region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Dictionary<string, string>
- A map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Dictionary<string, string>
- A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - Timeouts
Application
Timeouts
- App
Configs []ApplicationApp Config Args - Configuration block(s) for OpenSearch application settings. See App Config below.
- Arn string
- The Amazon Resource Name (ARN) of the OpenSearch application.
- Data
Sources []ApplicationData Source Args - Configuration block(s) for data sources to link to the OpenSearch application. See Data Source below.
- Endpoint string
- Endpoint URL of the OpenSearch application.
- Iam
Identity ApplicationCenter Options Iam Identity Center Options Args - Configuration block for integrating AWS IAM Identity Center with the OpenSearch application. See IAM Identity Center Options below.
- Kms
Key stringArn - ARN of the KMS key used to encrypt the application's data at rest.
- Name string
- The unique name of the OpenSearch application. Names must be unique within an AWS Region for each account. Must be between 3 and 30 characters, start with a lowercase letter, and contain only lowercase letters, numbers, and hyphens.
- Region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- map[string]string
- A map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - map[string]string
- A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - Timeouts
Application
Timeouts Args
- app
Configs List<ApplicationApp Config> - Configuration block(s) for OpenSearch application settings. See App Config below.
- arn String
- The Amazon Resource Name (ARN) of the OpenSearch application.
- data
Sources List<ApplicationData Source> - Configuration block(s) for data sources to link to the OpenSearch application. See Data Source below.
- endpoint String
- Endpoint URL of the OpenSearch application.
- iam
Identity ApplicationCenter Options Iam Identity Center Options - Configuration block for integrating AWS IAM Identity Center with the OpenSearch application. See IAM Identity Center Options below.
- kms
Key StringArn - ARN of the KMS key used to encrypt the application's data at rest.
- name String
- The unique name of the OpenSearch application. Names must be unique within an AWS Region for each account. Must be between 3 and 30 characters, start with a lowercase letter, and contain only lowercase letters, numbers, and hyphens.
- region String
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Map<String,String>
- A map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Map<String,String>
- A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - timeouts
Application
Timeouts
- app
Configs ApplicationApp Config[] - Configuration block(s) for OpenSearch application settings. See App Config below.
- arn string
- The Amazon Resource Name (ARN) of the OpenSearch application.
- data
Sources ApplicationData Source[] - Configuration block(s) for data sources to link to the OpenSearch application. See Data Source below.
- endpoint string
- Endpoint URL of the OpenSearch application.
- iam
Identity ApplicationCenter Options Iam Identity Center Options - Configuration block for integrating AWS IAM Identity Center with the OpenSearch application. See IAM Identity Center Options below.
- kms
Key stringArn - ARN of the KMS key used to encrypt the application's data at rest.
- name string
- The unique name of the OpenSearch application. Names must be unique within an AWS Region for each account. Must be between 3 and 30 characters, start with a lowercase letter, and contain only lowercase letters, numbers, and hyphens.
- region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- {[key: string]: string}
- A map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - {[key: string]: string}
- A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - timeouts
Application
Timeouts
- app_
configs Sequence[ApplicationApp Config Args] - Configuration block(s) for OpenSearch application settings. See App Config below.
- arn str
- The Amazon Resource Name (ARN) of the OpenSearch application.
- data_
sources Sequence[ApplicationData Source Args] - Configuration block(s) for data sources to link to the OpenSearch application. See Data Source below.
- endpoint str
- Endpoint URL of the OpenSearch application.
- iam_
identity_ Applicationcenter_ options Iam Identity Center Options Args - Configuration block for integrating AWS IAM Identity Center with the OpenSearch application. See IAM Identity Center Options below.
- kms_
key_ strarn - ARN of the KMS key used to encrypt the application's data at rest.
- name str
- The unique name of the OpenSearch application. Names must be unique within an AWS Region for each account. Must be between 3 and 30 characters, start with a lowercase letter, and contain only lowercase letters, numbers, and hyphens.
- region str
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Mapping[str, str]
- A map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Mapping[str, str]
- A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - timeouts
Application
Timeouts Args
- app
Configs List<Property Map> - Configuration block(s) for OpenSearch application settings. See App Config below.
- arn String
- The Amazon Resource Name (ARN) of the OpenSearch application.
- data
Sources List<Property Map> - Configuration block(s) for data sources to link to the OpenSearch application. See Data Source below.
- endpoint String
- Endpoint URL of the OpenSearch application.
- iam
Identity Property MapCenter Options - Configuration block for integrating AWS IAM Identity Center with the OpenSearch application. See IAM Identity Center Options below.
- kms
Key StringArn - ARN of the KMS key used to encrypt the application's data at rest.
- name String
- The unique name of the OpenSearch application. Names must be unique within an AWS Region for each account. Must be between 3 and 30 characters, start with a lowercase letter, and contain only lowercase letters, numbers, and hyphens.
- region String
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Map<String>
- A map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Map<String>
- A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - timeouts Property Map
Supporting Types
ApplicationAppConfig, ApplicationAppConfigArgs
ApplicationDataSource, ApplicationDataSourceArgs
- Data
Source stringArn - The Amazon Resource Name (ARN) of the OpenSearch domain or collection. Must be between 20 and 2048 characters.
- Data
Source stringDescription - A detailed description of the data source. Must be at most 1000 characters and contain only alphanumeric characters, underscores, spaces, and the following special characters:
@#%*+=:?./!-.
- Data
Source stringArn - The Amazon Resource Name (ARN) of the OpenSearch domain or collection. Must be between 20 and 2048 characters.
- Data
Source stringDescription - A detailed description of the data source. Must be at most 1000 characters and contain only alphanumeric characters, underscores, spaces, and the following special characters:
@#%*+=:?./!-.
- data
Source StringArn - The Amazon Resource Name (ARN) of the OpenSearch domain or collection. Must be between 20 and 2048 characters.
- data
Source StringDescription - A detailed description of the data source. Must be at most 1000 characters and contain only alphanumeric characters, underscores, spaces, and the following special characters:
@#%*+=:?./!-.
- data
Source stringArn - The Amazon Resource Name (ARN) of the OpenSearch domain or collection. Must be between 20 and 2048 characters.
- data
Source stringDescription - A detailed description of the data source. Must be at most 1000 characters and contain only alphanumeric characters, underscores, spaces, and the following special characters:
@#%*+=:?./!-.
- data_
source_ strarn - The Amazon Resource Name (ARN) of the OpenSearch domain or collection. Must be between 20 and 2048 characters.
- data_
source_ strdescription - A detailed description of the data source. Must be at most 1000 characters and contain only alphanumeric characters, underscores, spaces, and the following special characters:
@#%*+=:?./!-.
- data
Source StringArn - The Amazon Resource Name (ARN) of the OpenSearch domain or collection. Must be between 20 and 2048 characters.
- data
Source StringDescription - A detailed description of the data source. Must be at most 1000 characters and contain only alphanumeric characters, underscores, spaces, and the following special characters:
@#%*+=:?./!-.
ApplicationIamIdentityCenterOptions, ApplicationIamIdentityCenterOptionsArgs
- Enabled bool
- Specifies whether IAM Identity Center is enabled or disabled.
- Iam
Identity stringCenter Application Arn - Iam
Identity stringCenter Instance Arn - The Amazon Resource Name (ARN) of the IAM Identity Center instance. Must be between 20 and 2048 characters.
- Iam
Role stringFor Identity Center Application Arn - The ARN of the IAM role associated with the IAM Identity Center application. Must be between 20 and 2048 characters and match the pattern for IAM role ARNs.
- Enabled bool
- Specifies whether IAM Identity Center is enabled or disabled.
- Iam
Identity stringCenter Application Arn - Iam
Identity stringCenter Instance Arn - The Amazon Resource Name (ARN) of the IAM Identity Center instance. Must be between 20 and 2048 characters.
- Iam
Role stringFor Identity Center Application Arn - The ARN of the IAM role associated with the IAM Identity Center application. Must be between 20 and 2048 characters and match the pattern for IAM role ARNs.
- enabled Boolean
- Specifies whether IAM Identity Center is enabled or disabled.
- iam
Identity StringCenter Application Arn - iam
Identity StringCenter Instance Arn - The Amazon Resource Name (ARN) of the IAM Identity Center instance. Must be between 20 and 2048 characters.
- iam
Role StringFor Identity Center Application Arn - The ARN of the IAM role associated with the IAM Identity Center application. Must be between 20 and 2048 characters and match the pattern for IAM role ARNs.
- enabled boolean
- Specifies whether IAM Identity Center is enabled or disabled.
- iam
Identity stringCenter Application Arn - iam
Identity stringCenter Instance Arn - The Amazon Resource Name (ARN) of the IAM Identity Center instance. Must be between 20 and 2048 characters.
- iam
Role stringFor Identity Center Application Arn - The ARN of the IAM role associated with the IAM Identity Center application. Must be between 20 and 2048 characters and match the pattern for IAM role ARNs.
- enabled bool
- Specifies whether IAM Identity Center is enabled or disabled.
- iam_
identity_ strcenter_ application_ arn - iam_
identity_ strcenter_ instance_ arn - The Amazon Resource Name (ARN) of the IAM Identity Center instance. Must be between 20 and 2048 characters.
- iam_
role_ strfor_ identity_ center_ application_ arn - The ARN of the IAM role associated with the IAM Identity Center application. Must be between 20 and 2048 characters and match the pattern for IAM role ARNs.
- enabled Boolean
- Specifies whether IAM Identity Center is enabled or disabled.
- iam
Identity StringCenter Application Arn - iam
Identity StringCenter Instance Arn - The Amazon Resource Name (ARN) of the IAM Identity Center instance. Must be between 20 and 2048 characters.
- iam
Role StringFor Identity Center Application Arn - The ARN of the IAM role associated with the IAM Identity Center application. Must be between 20 and 2048 characters and match the pattern for IAM role ARNs.
ApplicationTimeouts, ApplicationTimeoutsArgs
- Create string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- Delete string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
- Update string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- Create string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- Delete string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
- Update string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- create String
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- delete String
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
- update String
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- create string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- delete string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
- update string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- create str
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- delete str
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
- update str
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- create String
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- delete String
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
- update String
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
Import
Using pulumi import, import OpenSearch applications using the id. For example:
$ pulumi import aws:opensearch/application:Application example app-1234567890abcdef0
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
awsTerraform Provider.
