1. Packages
  2. AWS
  3. API Docs
  4. opensearch
  5. Domain
AWS v6.55.0 published on Monday, Oct 7, 2024 by Pulumi

aws.opensearch.Domain

Explore with Pulumi AI

aws logo
AWS v6.55.0 published on Monday, Oct 7, 2024 by Pulumi

    Manages an Amazon OpenSearch Domain.

    Elasticsearch vs. OpenSearch

    Amazon OpenSearch Service is the successor to Amazon Elasticsearch Service and supports OpenSearch and legacy Elasticsearch OSS (up to 7.10, the final open source version of the software).

    OpenSearch Domain configurations are similar in many ways to Elasticsearch Domain configurations. However, there are important differences including these:

    • OpenSearch has engine_version while Elasticsearch has elasticsearch_version
    • Versions are specified differently - e.g., Elasticsearch_7.10 with OpenSearch vs. 7.10 for Elasticsearch.
    • instance_type argument values end in search for OpenSearch vs. elasticsearch for Elasticsearch (e.g., t2.micro.search vs. t2.micro.elasticsearch).
    • The AWS-managed service-linked role for OpenSearch is called AWSServiceRoleForAmazonOpenSearchService instead of AWSServiceRoleForAmazonElasticsearchService for Elasticsearch.

    There are also some potentially unexpected similarities in configurations:

    • ARNs for both are prefaced with arn:aws:es:.
    • Both OpenSearch and Elasticsearch use assume role policies that refer to the Principal Service as es.amazonaws.com.
    • IAM policy actions, such as those you will find in access_policies, are prefaced with es: for both.

    Example Usage

    Basic Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const example = new aws.opensearch.Domain("example", {
        domainName: "example",
        engineVersion: "Elasticsearch_7.10",
        clusterConfig: {
            instanceType: "r4.large.search",
        },
        tags: {
            Domain: "TestDomain",
        },
    });
    
    import pulumi
    import pulumi_aws as aws
    
    example = aws.opensearch.Domain("example",
        domain_name="example",
        engine_version="Elasticsearch_7.10",
        cluster_config={
            "instance_type": "r4.large.search",
        },
        tags={
            "Domain": "TestDomain",
        })
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := opensearch.NewDomain(ctx, "example", &opensearch.DomainArgs{
    			DomainName:    pulumi.String("example"),
    			EngineVersion: pulumi.String("Elasticsearch_7.10"),
    			ClusterConfig: &opensearch.DomainClusterConfigArgs{
    				InstanceType: pulumi.String("r4.large.search"),
    			},
    			Tags: pulumi.StringMap{
    				"Domain": pulumi.String("TestDomain"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var example = new Aws.OpenSearch.Domain("example", new()
        {
            DomainName = "example",
            EngineVersion = "Elasticsearch_7.10",
            ClusterConfig = new Aws.OpenSearch.Inputs.DomainClusterConfigArgs
            {
                InstanceType = "r4.large.search",
            },
            Tags = 
            {
                { "Domain", "TestDomain" },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.opensearch.Domain;
    import com.pulumi.aws.opensearch.DomainArgs;
    import com.pulumi.aws.opensearch.inputs.DomainClusterConfigArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var example = new Domain("example", DomainArgs.builder()
                .domainName("example")
                .engineVersion("Elasticsearch_7.10")
                .clusterConfig(DomainClusterConfigArgs.builder()
                    .instanceType("r4.large.search")
                    .build())
                .tags(Map.of("Domain", "TestDomain"))
                .build());
    
        }
    }
    
    resources:
      example:
        type: aws:opensearch:Domain
        properties:
          domainName: example
          engineVersion: Elasticsearch_7.10
          clusterConfig:
            instanceType: r4.large.search
          tags:
            Domain: TestDomain
    

    Access Policy

    See also: aws.opensearch.DomainPolicy resource

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const config = new pulumi.Config();
    const domain = config.get("domain") || "tf-test";
    const current = aws.getRegion({});
    const currentGetCallerIdentity = aws.getCallerIdentity({});
    const example = Promise.all([current, currentGetCallerIdentity]).then(([current, currentGetCallerIdentity]) => aws.iam.getPolicyDocument({
        statements: [{
            effect: "Allow",
            principals: [{
                type: "*",
                identifiers: ["*"],
            }],
            actions: ["es:*"],
            resources: [`arn:aws:es:${current.name}:${currentGetCallerIdentity.accountId}:domain/${domain}/*`],
            conditions: [{
                test: "IpAddress",
                variable: "aws:SourceIp",
                values: ["66.193.100.22/32"],
            }],
        }],
    }));
    const exampleDomain = new aws.opensearch.Domain("example", {
        domainName: domain,
        accessPolicies: example.then(example => example.json),
    });
    
    import pulumi
    import pulumi_aws as aws
    
    config = pulumi.Config()
    domain = config.get("domain")
    if domain is None:
        domain = "tf-test"
    current = aws.get_region()
    current_get_caller_identity = aws.get_caller_identity()
    example = aws.iam.get_policy_document(statements=[{
        "effect": "Allow",
        "principals": [{
            "type": "*",
            "identifiers": ["*"],
        }],
        "actions": ["es:*"],
        "resources": [f"arn:aws:es:{current.name}:{current_get_caller_identity.account_id}:domain/{domain}/*"],
        "conditions": [{
            "test": "IpAddress",
            "variable": "aws:SourceIp",
            "values": ["66.193.100.22/32"],
        }],
    }])
    example_domain = aws.opensearch.Domain("example",
        domain_name=domain,
        access_policies=example.json)
    
    package main
    
    import (
    	"fmt"
    
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws"
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		cfg := config.New(ctx, "")
    		domain := "tf-test"
    		if param := cfg.Get("domain"); param != "" {
    			domain = param
    		}
    		current, err := aws.GetRegion(ctx, nil, nil)
    		if err != nil {
    			return err
    		}
    		currentGetCallerIdentity, err := aws.GetCallerIdentity(ctx, nil, nil)
    		if err != nil {
    			return err
    		}
    		example, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{
    			Statements: []iam.GetPolicyDocumentStatement{
    				{
    					Effect: pulumi.StringRef("Allow"),
    					Principals: []iam.GetPolicyDocumentStatementPrincipal{
    						{
    							Type: "*",
    							Identifiers: []string{
    								"*",
    							},
    						},
    					},
    					Actions: []string{
    						"es:*",
    					},
    					Resources: []string{
    						fmt.Sprintf("arn:aws:es:%v:%v:domain/%v/*", current.Name, currentGetCallerIdentity.AccountId, domain),
    					},
    					Conditions: []iam.GetPolicyDocumentStatementCondition{
    						{
    							Test:     "IpAddress",
    							Variable: "aws:SourceIp",
    							Values: []string{
    								"66.193.100.22/32",
    							},
    						},
    					},
    				},
    			},
    		}, nil)
    		if err != nil {
    			return err
    		}
    		_, err = opensearch.NewDomain(ctx, "example", &opensearch.DomainArgs{
    			DomainName:     pulumi.String(domain),
    			AccessPolicies: pulumi.String(example.Json),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var config = new Config();
        var domain = config.Get("domain") ?? "tf-test";
        var current = Aws.GetRegion.Invoke();
    
        var currentGetCallerIdentity = Aws.GetCallerIdentity.Invoke();
    
        var example = Aws.Iam.GetPolicyDocument.Invoke(new()
        {
            Statements = new[]
            {
                new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
                {
                    Effect = "Allow",
                    Principals = new[]
                    {
                        new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs
                        {
                            Type = "*",
                            Identifiers = new[]
                            {
                                "*",
                            },
                        },
                    },
                    Actions = new[]
                    {
                        "es:*",
                    },
                    Resources = new[]
                    {
                        $"arn:aws:es:{current.Apply(getRegionResult => getRegionResult.Name)}:{currentGetCallerIdentity.Apply(getCallerIdentityResult => getCallerIdentityResult.AccountId)}:domain/{domain}/*",
                    },
                    Conditions = new[]
                    {
                        new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs
                        {
                            Test = "IpAddress",
                            Variable = "aws:SourceIp",
                            Values = new[]
                            {
                                "66.193.100.22/32",
                            },
                        },
                    },
                },
            },
        });
    
        var exampleDomain = new Aws.OpenSearch.Domain("example", new()
        {
            DomainName = domain,
            AccessPolicies = example.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.AwsFunctions;
    import com.pulumi.aws.inputs.GetRegionArgs;
    import com.pulumi.aws.inputs.GetCallerIdentityArgs;
    import com.pulumi.aws.iam.IamFunctions;
    import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
    import com.pulumi.aws.opensearch.Domain;
    import com.pulumi.aws.opensearch.DomainArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            final var config = ctx.config();
            final var domain = config.get("domain").orElse("tf-test");
            final var current = AwsFunctions.getRegion();
    
            final var currentGetCallerIdentity = AwsFunctions.getCallerIdentity();
    
            final var example = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
                .statements(GetPolicyDocumentStatementArgs.builder()
                    .effect("Allow")
                    .principals(GetPolicyDocumentStatementPrincipalArgs.builder()
                        .type("*")
                        .identifiers("*")
                        .build())
                    .actions("es:*")
                    .resources(String.format("arn:aws:es:%s:%s:domain/%s/*", current.applyValue(getRegionResult -> getRegionResult.name()),currentGetCallerIdentity.applyValue(getCallerIdentityResult -> getCallerIdentityResult.accountId()),domain))
                    .conditions(GetPolicyDocumentStatementConditionArgs.builder()
                        .test("IpAddress")
                        .variable("aws:SourceIp")
                        .values("66.193.100.22/32")
                        .build())
                    .build())
                .build());
    
            var exampleDomain = new Domain("exampleDomain", DomainArgs.builder()
                .domainName(domain)
                .accessPolicies(example.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json()))
                .build());
    
        }
    }
    
    configuration:
      domain:
        type: string
        default: tf-test
    resources:
      exampleDomain:
        type: aws:opensearch:Domain
        name: example
        properties:
          domainName: ${domain}
          accessPolicies: ${example.json}
    variables:
      current:
        fn::invoke:
          Function: aws:getRegion
          Arguments: {}
      currentGetCallerIdentity:
        fn::invoke:
          Function: aws:getCallerIdentity
          Arguments: {}
      example:
        fn::invoke:
          Function: aws:iam:getPolicyDocument
          Arguments:
            statements:
              - effect: Allow
                principals:
                  - type: '*'
                    identifiers:
                      - '*'
                actions:
                  - es:*
                resources:
                  - arn:aws:es:${current.name}:${currentGetCallerIdentity.accountId}:domain/${domain}/*
                conditions:
                  - test: IpAddress
                    variable: aws:SourceIp
                    values:
                      - 66.193.100.22/32
    

    Log publishing to CloudWatch Logs

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const exampleLogGroup = new aws.cloudwatch.LogGroup("example", {name: "example"});
    const example = aws.iam.getPolicyDocument({
        statements: [{
            effect: "Allow",
            principals: [{
                type: "Service",
                identifiers: ["es.amazonaws.com"],
            }],
            actions: [
                "logs:PutLogEvents",
                "logs:PutLogEventsBatch",
                "logs:CreateLogStream",
            ],
            resources: ["arn:aws:logs:*"],
        }],
    });
    const exampleLogResourcePolicy = new aws.cloudwatch.LogResourcePolicy("example", {
        policyName: "example",
        policyDocument: example.then(example => example.json),
    });
    const exampleDomain = new aws.opensearch.Domain("example", {logPublishingOptions: [{
        cloudwatchLogGroupArn: exampleLogGroup.arn,
        logType: "INDEX_SLOW_LOGS",
    }]});
    
    import pulumi
    import pulumi_aws as aws
    
    example_log_group = aws.cloudwatch.LogGroup("example", name="example")
    example = aws.iam.get_policy_document(statements=[{
        "effect": "Allow",
        "principals": [{
            "type": "Service",
            "identifiers": ["es.amazonaws.com"],
        }],
        "actions": [
            "logs:PutLogEvents",
            "logs:PutLogEventsBatch",
            "logs:CreateLogStream",
        ],
        "resources": ["arn:aws:logs:*"],
    }])
    example_log_resource_policy = aws.cloudwatch.LogResourcePolicy("example",
        policy_name="example",
        policy_document=example.json)
    example_domain = aws.opensearch.Domain("example", log_publishing_options=[{
        "cloudwatch_log_group_arn": example_log_group.arn,
        "log_type": "INDEX_SLOW_LOGS",
    }])
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch"
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		exampleLogGroup, err := cloudwatch.NewLogGroup(ctx, "example", &cloudwatch.LogGroupArgs{
    			Name: pulumi.String("example"),
    		})
    		if err != nil {
    			return err
    		}
    		example, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{
    			Statements: []iam.GetPolicyDocumentStatement{
    				{
    					Effect: pulumi.StringRef("Allow"),
    					Principals: []iam.GetPolicyDocumentStatementPrincipal{
    						{
    							Type: "Service",
    							Identifiers: []string{
    								"es.amazonaws.com",
    							},
    						},
    					},
    					Actions: []string{
    						"logs:PutLogEvents",
    						"logs:PutLogEventsBatch",
    						"logs:CreateLogStream",
    					},
    					Resources: []string{
    						"arn:aws:logs:*",
    					},
    				},
    			},
    		}, nil)
    		if err != nil {
    			return err
    		}
    		_, err = cloudwatch.NewLogResourcePolicy(ctx, "example", &cloudwatch.LogResourcePolicyArgs{
    			PolicyName:     pulumi.String("example"),
    			PolicyDocument: pulumi.String(example.Json),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = opensearch.NewDomain(ctx, "example", &opensearch.DomainArgs{
    			LogPublishingOptions: opensearch.DomainLogPublishingOptionArray{
    				&opensearch.DomainLogPublishingOptionArgs{
    					CloudwatchLogGroupArn: exampleLogGroup.Arn,
    					LogType:               pulumi.String("INDEX_SLOW_LOGS"),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var exampleLogGroup = new Aws.CloudWatch.LogGroup("example", new()
        {
            Name = "example",
        });
    
        var example = Aws.Iam.GetPolicyDocument.Invoke(new()
        {
            Statements = new[]
            {
                new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
                {
                    Effect = "Allow",
                    Principals = new[]
                    {
                        new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs
                        {
                            Type = "Service",
                            Identifiers = new[]
                            {
                                "es.amazonaws.com",
                            },
                        },
                    },
                    Actions = new[]
                    {
                        "logs:PutLogEvents",
                        "logs:PutLogEventsBatch",
                        "logs:CreateLogStream",
                    },
                    Resources = new[]
                    {
                        "arn:aws:logs:*",
                    },
                },
            },
        });
    
        var exampleLogResourcePolicy = new Aws.CloudWatch.LogResourcePolicy("example", new()
        {
            PolicyName = "example",
            PolicyDocument = example.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
        });
    
        var exampleDomain = new Aws.OpenSearch.Domain("example", new()
        {
            LogPublishingOptions = new[]
            {
                new Aws.OpenSearch.Inputs.DomainLogPublishingOptionArgs
                {
                    CloudwatchLogGroupArn = exampleLogGroup.Arn,
                    LogType = "INDEX_SLOW_LOGS",
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.cloudwatch.LogGroup;
    import com.pulumi.aws.cloudwatch.LogGroupArgs;
    import com.pulumi.aws.iam.IamFunctions;
    import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
    import com.pulumi.aws.cloudwatch.LogResourcePolicy;
    import com.pulumi.aws.cloudwatch.LogResourcePolicyArgs;
    import com.pulumi.aws.opensearch.Domain;
    import com.pulumi.aws.opensearch.DomainArgs;
    import com.pulumi.aws.opensearch.inputs.DomainLogPublishingOptionArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var exampleLogGroup = new LogGroup("exampleLogGroup", LogGroupArgs.builder()
                .name("example")
                .build());
    
            final var example = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
                .statements(GetPolicyDocumentStatementArgs.builder()
                    .effect("Allow")
                    .principals(GetPolicyDocumentStatementPrincipalArgs.builder()
                        .type("Service")
                        .identifiers("es.amazonaws.com")
                        .build())
                    .actions(                
                        "logs:PutLogEvents",
                        "logs:PutLogEventsBatch",
                        "logs:CreateLogStream")
                    .resources("arn:aws:logs:*")
                    .build())
                .build());
    
            var exampleLogResourcePolicy = new LogResourcePolicy("exampleLogResourcePolicy", LogResourcePolicyArgs.builder()
                .policyName("example")
                .policyDocument(example.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json()))
                .build());
    
            var exampleDomain = new Domain("exampleDomain", DomainArgs.builder()
                .logPublishingOptions(DomainLogPublishingOptionArgs.builder()
                    .cloudwatchLogGroupArn(exampleLogGroup.arn())
                    .logType("INDEX_SLOW_LOGS")
                    .build())
                .build());
    
        }
    }
    
    resources:
      exampleLogGroup:
        type: aws:cloudwatch:LogGroup
        name: example
        properties:
          name: example
      exampleLogResourcePolicy:
        type: aws:cloudwatch:LogResourcePolicy
        name: example
        properties:
          policyName: example
          policyDocument: ${example.json}
      exampleDomain:
        type: aws:opensearch:Domain
        name: example
        properties:
          logPublishingOptions:
            - cloudwatchLogGroupArn: ${exampleLogGroup.arn}
              logType: INDEX_SLOW_LOGS
    variables:
      example:
        fn::invoke:
          Function: aws:iam:getPolicyDocument
          Arguments:
            statements:
              - effect: Allow
                principals:
                  - type: Service
                    identifiers:
                      - es.amazonaws.com
                actions:
                  - logs:PutLogEvents
                  - logs:PutLogEventsBatch
                  - logs:CreateLogStream
                resources:
                  - arn:aws:logs:*
    

    VPC based OpenSearch

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const config = new pulumi.Config();
    const vpc = config.requireObject("vpc");
    const domain = config.get("domain") || "tf-test";
    const example = aws.ec2.getVpc({
        tags: {
            Name: vpc,
        },
    });
    const exampleGetSubnets = example.then(example => aws.ec2.getSubnets({
        filters: [{
            name: "vpc-id",
            values: [example.id],
        }],
        tags: {
            Tier: "private",
        },
    }));
    const current = aws.getRegion({});
    const currentGetCallerIdentity = aws.getCallerIdentity({});
    const exampleSecurityGroup = new aws.ec2.SecurityGroup("example", {
        name: `${vpc}-opensearch-${domain}`,
        description: "Managed by Pulumi",
        vpcId: example.then(example => example.id),
        ingress: [{
            fromPort: 443,
            toPort: 443,
            protocol: "tcp",
            cidrBlocks: [example.then(example => example.cidrBlock)],
        }],
    });
    const exampleServiceLinkedRole = new aws.iam.ServiceLinkedRole("example", {awsServiceName: "opensearchservice.amazonaws.com"});
    const exampleGetPolicyDocument = Promise.all([current, currentGetCallerIdentity]).then(([current, currentGetCallerIdentity]) => aws.iam.getPolicyDocument({
        statements: [{
            effect: "Allow",
            principals: [{
                type: "*",
                identifiers: ["*"],
            }],
            actions: ["es:*"],
            resources: [`arn:aws:es:${current.name}:${currentGetCallerIdentity.accountId}:domain/${domain}/*`],
        }],
    }));
    const exampleDomain = new aws.opensearch.Domain("example", {
        domainName: domain,
        engineVersion: "OpenSearch_1.0",
        clusterConfig: {
            instanceType: "m4.large.search",
            zoneAwarenessEnabled: true,
        },
        vpcOptions: {
            subnetIds: [
                exampleGetSubnets.then(exampleGetSubnets => exampleGetSubnets.ids?.[0]),
                exampleGetSubnets.then(exampleGetSubnets => exampleGetSubnets.ids?.[1]),
            ],
            securityGroupIds: [exampleSecurityGroup.id],
        },
        advancedOptions: {
            "rest.action.multi.allow_explicit_index": "true",
        },
        accessPolicies: exampleGetPolicyDocument.then(exampleGetPolicyDocument => exampleGetPolicyDocument.json),
        tags: {
            Domain: "TestDomain",
        },
    }, {
        dependsOn: [exampleServiceLinkedRole],
    });
    
    import pulumi
    import pulumi_aws as aws
    
    config = pulumi.Config()
    vpc = config.require_object("vpc")
    domain = config.get("domain")
    if domain is None:
        domain = "tf-test"
    example = aws.ec2.get_vpc(tags={
        "Name": vpc,
    })
    example_get_subnets = aws.ec2.get_subnets(filters=[{
            "name": "vpc-id",
            "values": [example.id],
        }],
        tags={
            "Tier": "private",
        })
    current = aws.get_region()
    current_get_caller_identity = aws.get_caller_identity()
    example_security_group = aws.ec2.SecurityGroup("example",
        name=f"{vpc}-opensearch-{domain}",
        description="Managed by Pulumi",
        vpc_id=example.id,
        ingress=[{
            "from_port": 443,
            "to_port": 443,
            "protocol": "tcp",
            "cidr_blocks": [example.cidr_block],
        }])
    example_service_linked_role = aws.iam.ServiceLinkedRole("example", aws_service_name="opensearchservice.amazonaws.com")
    example_get_policy_document = aws.iam.get_policy_document(statements=[{
        "effect": "Allow",
        "principals": [{
            "type": "*",
            "identifiers": ["*"],
        }],
        "actions": ["es:*"],
        "resources": [f"arn:aws:es:{current.name}:{current_get_caller_identity.account_id}:domain/{domain}/*"],
    }])
    example_domain = aws.opensearch.Domain("example",
        domain_name=domain,
        engine_version="OpenSearch_1.0",
        cluster_config={
            "instance_type": "m4.large.search",
            "zone_awareness_enabled": True,
        },
        vpc_options={
            "subnet_ids": [
                example_get_subnets.ids[0],
                example_get_subnets.ids[1],
            ],
            "security_group_ids": [example_security_group.id],
        },
        advanced_options={
            "rest.action.multi.allow_explicit_index": "true",
        },
        access_policies=example_get_policy_document.json,
        tags={
            "Domain": "TestDomain",
        },
        opts = pulumi.ResourceOptions(depends_on=[example_service_linked_role]))
    
    package main
    
    import (
    	"fmt"
    
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws"
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2"
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config"
    )
    func main() {
    pulumi.Run(func(ctx *pulumi.Context) error {
    cfg := config.New(ctx, "")
    vpc := cfg.RequireObject("vpc")
    domain := "tf-test";
    if param := cfg.Get("domain"); param != ""{
    domain = param
    }
    example, err := ec2.LookupVpc(ctx, &ec2.LookupVpcArgs{
    Tags: pulumi.StringMap{
    "Name": vpc,
    },
    }, nil);
    if err != nil {
    return err
    }
    exampleGetSubnets, err := ec2.GetSubnets(ctx, &ec2.GetSubnetsArgs{
    Filters: []ec2.GetSubnetsFilter{
    {
    Name: "vpc-id",
    Values: interface{}{
    example.Id,
    },
    },
    },
    Tags: map[string]interface{}{
    "Tier": "private",
    },
    }, nil);
    if err != nil {
    return err
    }
    current, err := aws.GetRegion(ctx, nil, nil);
    if err != nil {
    return err
    }
    currentGetCallerIdentity, err := aws.GetCallerIdentity(ctx, nil, nil);
    if err != nil {
    return err
    }
    exampleSecurityGroup, err := ec2.NewSecurityGroup(ctx, "example", &ec2.SecurityGroupArgs{
    Name: pulumi.Sprintf("%v-opensearch-%v", vpc, domain),
    Description: pulumi.String("Managed by Pulumi"),
    VpcId: pulumi.String(example.Id),
    Ingress: ec2.SecurityGroupIngressArray{
    &ec2.SecurityGroupIngressArgs{
    FromPort: pulumi.Int(443),
    ToPort: pulumi.Int(443),
    Protocol: pulumi.String("tcp"),
    CidrBlocks: pulumi.StringArray{
    pulumi.String(example.CidrBlock),
    },
    },
    },
    })
    if err != nil {
    return err
    }
    exampleServiceLinkedRole, err := iam.NewServiceLinkedRole(ctx, "example", &iam.ServiceLinkedRoleArgs{
    AwsServiceName: pulumi.String("opensearchservice.amazonaws.com"),
    })
    if err != nil {
    return err
    }
    exampleGetPolicyDocument, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{
    Statements: []iam.GetPolicyDocumentStatement{
    {
    Effect: pulumi.StringRef("Allow"),
    Principals: []iam.GetPolicyDocumentStatementPrincipal{
    {
    Type: "*",
    Identifiers: []string{
    "*",
    },
    },
    },
    Actions: []string{
    "es:*",
    },
    Resources: []string{
    fmt.Sprintf("arn:aws:es:%v:%v:domain/%v/*", current.Name, currentGetCallerIdentity.AccountId, domain),
    },
    },
    },
    }, nil);
    if err != nil {
    return err
    }
    _, err = opensearch.NewDomain(ctx, "example", &opensearch.DomainArgs{
    DomainName: pulumi.String(domain),
    EngineVersion: pulumi.String("OpenSearch_1.0"),
    ClusterConfig: &opensearch.DomainClusterConfigArgs{
    InstanceType: pulumi.String("m4.large.search"),
    ZoneAwarenessEnabled: pulumi.Bool(true),
    },
    VpcOptions: &opensearch.DomainVpcOptionsArgs{
    SubnetIds: pulumi.StringArray{
    pulumi.String(exampleGetSubnets.Ids[0]),
    pulumi.String(exampleGetSubnets.Ids[1]),
    },
    SecurityGroupIds: pulumi.StringArray{
    exampleSecurityGroup.ID(),
    },
    },
    AdvancedOptions: pulumi.StringMap{
    "rest.action.multi.allow_explicit_index": pulumi.String("true"),
    },
    AccessPolicies: pulumi.String(exampleGetPolicyDocument.Json),
    Tags: pulumi.StringMap{
    "Domain": pulumi.String("TestDomain"),
    },
    }, pulumi.DependsOn([]pulumi.Resource{
    exampleServiceLinkedRole,
    }))
    if err != nil {
    return err
    }
    return nil
    })
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var config = new Config();
        var vpc = config.RequireObject<dynamic>("vpc");
        var domain = config.Get("domain") ?? "tf-test";
        var example = Aws.Ec2.GetVpc.Invoke(new()
        {
            Tags = 
            {
                { "Name", vpc },
            },
        });
    
        var exampleGetSubnets = Aws.Ec2.GetSubnets.Invoke(new()
        {
            Filters = new[]
            {
                new Aws.Ec2.Inputs.GetSubnetsFilterInputArgs
                {
                    Name = "vpc-id",
                    Values = new[]
                    {
                        example.Apply(getVpcResult => getVpcResult.Id),
                    },
                },
            },
            Tags = 
            {
                { "Tier", "private" },
            },
        });
    
        var current = Aws.GetRegion.Invoke();
    
        var currentGetCallerIdentity = Aws.GetCallerIdentity.Invoke();
    
        var exampleSecurityGroup = new Aws.Ec2.SecurityGroup("example", new()
        {
            Name = $"{vpc}-opensearch-{domain}",
            Description = "Managed by Pulumi",
            VpcId = example.Apply(getVpcResult => getVpcResult.Id),
            Ingress = new[]
            {
                new Aws.Ec2.Inputs.SecurityGroupIngressArgs
                {
                    FromPort = 443,
                    ToPort = 443,
                    Protocol = "tcp",
                    CidrBlocks = new[]
                    {
                        example.Apply(getVpcResult => getVpcResult.CidrBlock),
                    },
                },
            },
        });
    
        var exampleServiceLinkedRole = new Aws.Iam.ServiceLinkedRole("example", new()
        {
            AwsServiceName = "opensearchservice.amazonaws.com",
        });
    
        var exampleGetPolicyDocument = Aws.Iam.GetPolicyDocument.Invoke(new()
        {
            Statements = new[]
            {
                new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
                {
                    Effect = "Allow",
                    Principals = new[]
                    {
                        new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs
                        {
                            Type = "*",
                            Identifiers = new[]
                            {
                                "*",
                            },
                        },
                    },
                    Actions = new[]
                    {
                        "es:*",
                    },
                    Resources = new[]
                    {
                        $"arn:aws:es:{current.Apply(getRegionResult => getRegionResult.Name)}:{currentGetCallerIdentity.Apply(getCallerIdentityResult => getCallerIdentityResult.AccountId)}:domain/{domain}/*",
                    },
                },
            },
        });
    
        var exampleDomain = new Aws.OpenSearch.Domain("example", new()
        {
            DomainName = domain,
            EngineVersion = "OpenSearch_1.0",
            ClusterConfig = new Aws.OpenSearch.Inputs.DomainClusterConfigArgs
            {
                InstanceType = "m4.large.search",
                ZoneAwarenessEnabled = true,
            },
            VpcOptions = new Aws.OpenSearch.Inputs.DomainVpcOptionsArgs
            {
                SubnetIds = new[]
                {
                    exampleGetSubnets.Apply(getSubnetsResult => getSubnetsResult.Ids[0]),
                    exampleGetSubnets.Apply(getSubnetsResult => getSubnetsResult.Ids[1]),
                },
                SecurityGroupIds = new[]
                {
                    exampleSecurityGroup.Id,
                },
            },
            AdvancedOptions = 
            {
                { "rest.action.multi.allow_explicit_index", "true" },
            },
            AccessPolicies = exampleGetPolicyDocument.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
            Tags = 
            {
                { "Domain", "TestDomain" },
            },
        }, new CustomResourceOptions
        {
            DependsOn =
            {
                exampleServiceLinkedRole,
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.ec2.Ec2Functions;
    import com.pulumi.aws.ec2.inputs.GetVpcArgs;
    import com.pulumi.aws.ec2.inputs.GetSubnetsArgs;
    import com.pulumi.aws.AwsFunctions;
    import com.pulumi.aws.inputs.GetRegionArgs;
    import com.pulumi.aws.inputs.GetCallerIdentityArgs;
    import com.pulumi.aws.ec2.SecurityGroup;
    import com.pulumi.aws.ec2.SecurityGroupArgs;
    import com.pulumi.aws.ec2.inputs.SecurityGroupIngressArgs;
    import com.pulumi.aws.iam.ServiceLinkedRole;
    import com.pulumi.aws.iam.ServiceLinkedRoleArgs;
    import com.pulumi.aws.iam.IamFunctions;
    import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
    import com.pulumi.aws.opensearch.Domain;
    import com.pulumi.aws.opensearch.DomainArgs;
    import com.pulumi.aws.opensearch.inputs.DomainClusterConfigArgs;
    import com.pulumi.aws.opensearch.inputs.DomainVpcOptionsArgs;
    import com.pulumi.resources.CustomResourceOptions;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            final var config = ctx.config();
            final var vpc = config.get("vpc");
            final var domain = config.get("domain").orElse("tf-test");
            final var example = Ec2Functions.getVpc(GetVpcArgs.builder()
                .tags(Map.of("Name", vpc))
                .build());
    
            final var exampleGetSubnets = Ec2Functions.getSubnets(GetSubnetsArgs.builder()
                .filters(GetSubnetsFilterArgs.builder()
                    .name("vpc-id")
                    .values(example.applyValue(getVpcResult -> getVpcResult.id()))
                    .build())
                .tags(Map.of("Tier", "private"))
                .build());
    
            final var current = AwsFunctions.getRegion();
    
            final var currentGetCallerIdentity = AwsFunctions.getCallerIdentity();
    
            var exampleSecurityGroup = new SecurityGroup("exampleSecurityGroup", SecurityGroupArgs.builder()
                .name(String.format("%s-opensearch-%s", vpc,domain))
                .description("Managed by Pulumi")
                .vpcId(example.applyValue(getVpcResult -> getVpcResult.id()))
                .ingress(SecurityGroupIngressArgs.builder()
                    .fromPort(443)
                    .toPort(443)
                    .protocol("tcp")
                    .cidrBlocks(example.applyValue(getVpcResult -> getVpcResult.cidrBlock()))
                    .build())
                .build());
    
            var exampleServiceLinkedRole = new ServiceLinkedRole("exampleServiceLinkedRole", ServiceLinkedRoleArgs.builder()
                .awsServiceName("opensearchservice.amazonaws.com")
                .build());
    
            final var exampleGetPolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
                .statements(GetPolicyDocumentStatementArgs.builder()
                    .effect("Allow")
                    .principals(GetPolicyDocumentStatementPrincipalArgs.builder()
                        .type("*")
                        .identifiers("*")
                        .build())
                    .actions("es:*")
                    .resources(String.format("arn:aws:es:%s:%s:domain/%s/*", current.applyValue(getRegionResult -> getRegionResult.name()),currentGetCallerIdentity.applyValue(getCallerIdentityResult -> getCallerIdentityResult.accountId()),domain))
                    .build())
                .build());
    
            var exampleDomain = new Domain("exampleDomain", DomainArgs.builder()
                .domainName(domain)
                .engineVersion("OpenSearch_1.0")
                .clusterConfig(DomainClusterConfigArgs.builder()
                    .instanceType("m4.large.search")
                    .zoneAwarenessEnabled(true)
                    .build())
                .vpcOptions(DomainVpcOptionsArgs.builder()
                    .subnetIds(                
                        exampleGetSubnets.applyValue(getSubnetsResult -> getSubnetsResult.ids()[0]),
                        exampleGetSubnets.applyValue(getSubnetsResult -> getSubnetsResult.ids()[1]))
                    .securityGroupIds(exampleSecurityGroup.id())
                    .build())
                .advancedOptions(Map.of("rest.action.multi.allow_explicit_index", "true"))
                .accessPolicies(exampleGetPolicyDocument.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json()))
                .tags(Map.of("Domain", "TestDomain"))
                .build(), CustomResourceOptions.builder()
                    .dependsOn(exampleServiceLinkedRole)
                    .build());
    
        }
    }
    
    configuration:
      vpc:
        type: dynamic
      domain:
        type: string
        default: tf-test
    resources:
      exampleSecurityGroup:
        type: aws:ec2:SecurityGroup
        name: example
        properties:
          name: ${vpc}-opensearch-${domain}
          description: Managed by Pulumi
          vpcId: ${example.id}
          ingress:
            - fromPort: 443
              toPort: 443
              protocol: tcp
              cidrBlocks:
                - ${example.cidrBlock}
      exampleServiceLinkedRole:
        type: aws:iam:ServiceLinkedRole
        name: example
        properties:
          awsServiceName: opensearchservice.amazonaws.com
      exampleDomain:
        type: aws:opensearch:Domain
        name: example
        properties:
          domainName: ${domain}
          engineVersion: OpenSearch_1.0
          clusterConfig:
            instanceType: m4.large.search
            zoneAwarenessEnabled: true
          vpcOptions:
            subnetIds:
              - ${exampleGetSubnets.ids[0]}
              - ${exampleGetSubnets.ids[1]}
            securityGroupIds:
              - ${exampleSecurityGroup.id}
          advancedOptions:
            rest.action.multi.allow_explicit_index: 'true'
          accessPolicies: ${exampleGetPolicyDocument.json}
          tags:
            Domain: TestDomain
        options:
          dependson:
            - ${exampleServiceLinkedRole}
    variables:
      example:
        fn::invoke:
          Function: aws:ec2:getVpc
          Arguments:
            tags:
              Name: ${vpc}
      exampleGetSubnets:
        fn::invoke:
          Function: aws:ec2:getSubnets
          Arguments:
            filters:
              - name: vpc-id
                values:
                  - ${example.id}
            tags:
              Tier: private
      current:
        fn::invoke:
          Function: aws:getRegion
          Arguments: {}
      currentGetCallerIdentity:
        fn::invoke:
          Function: aws:getCallerIdentity
          Arguments: {}
      exampleGetPolicyDocument:
        fn::invoke:
          Function: aws:iam:getPolicyDocument
          Arguments:
            statements:
              - effect: Allow
                principals:
                  - type: '*'
                    identifiers:
                      - '*'
                actions:
                  - es:*
                resources:
                  - arn:aws:es:${current.name}:${currentGetCallerIdentity.accountId}:domain/${domain}/*
    

    Enabling fine-grained access control on an existing domain

    This example shows two configurations: one to create a domain without fine-grained access control and the second to modify the domain to enable fine-grained access control. For more information, see Enabling fine-grained access control.

    First apply

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const example = new aws.opensearch.Domain("example", {
        domainName: "ggkitty",
        engineVersion: "Elasticsearch_7.1",
        clusterConfig: {
            instanceType: "r5.large.search",
        },
        advancedSecurityOptions: {
            enabled: false,
            anonymousAuthEnabled: true,
            internalUserDatabaseEnabled: true,
            masterUserOptions: {
                masterUserName: "example",
                masterUserPassword: "Barbarbarbar1!",
            },
        },
        encryptAtRest: {
            enabled: true,
        },
        domainEndpointOptions: {
            enforceHttps: true,
            tlsSecurityPolicy: "Policy-Min-TLS-1-2-2019-07",
        },
        nodeToNodeEncryption: {
            enabled: true,
        },
        ebsOptions: {
            ebsEnabled: true,
            volumeSize: 10,
        },
    });
    
    import pulumi
    import pulumi_aws as aws
    
    example = aws.opensearch.Domain("example",
        domain_name="ggkitty",
        engine_version="Elasticsearch_7.1",
        cluster_config={
            "instance_type": "r5.large.search",
        },
        advanced_security_options={
            "enabled": False,
            "anonymous_auth_enabled": True,
            "internal_user_database_enabled": True,
            "master_user_options": {
                "master_user_name": "example",
                "master_user_password": "Barbarbarbar1!",
            },
        },
        encrypt_at_rest={
            "enabled": True,
        },
        domain_endpoint_options={
            "enforce_https": True,
            "tls_security_policy": "Policy-Min-TLS-1-2-2019-07",
        },
        node_to_node_encryption={
            "enabled": True,
        },
        ebs_options={
            "ebs_enabled": True,
            "volume_size": 10,
        })
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := opensearch.NewDomain(ctx, "example", &opensearch.DomainArgs{
    			DomainName:    pulumi.String("ggkitty"),
    			EngineVersion: pulumi.String("Elasticsearch_7.1"),
    			ClusterConfig: &opensearch.DomainClusterConfigArgs{
    				InstanceType: pulumi.String("r5.large.search"),
    			},
    			AdvancedSecurityOptions: &opensearch.DomainAdvancedSecurityOptionsArgs{
    				Enabled:                     pulumi.Bool(false),
    				AnonymousAuthEnabled:        pulumi.Bool(true),
    				InternalUserDatabaseEnabled: pulumi.Bool(true),
    				MasterUserOptions: &opensearch.DomainAdvancedSecurityOptionsMasterUserOptionsArgs{
    					MasterUserName:     pulumi.String("example"),
    					MasterUserPassword: pulumi.String("Barbarbarbar1!"),
    				},
    			},
    			EncryptAtRest: &opensearch.DomainEncryptAtRestArgs{
    				Enabled: pulumi.Bool(true),
    			},
    			DomainEndpointOptions: &opensearch.DomainDomainEndpointOptionsArgs{
    				EnforceHttps:      pulumi.Bool(true),
    				TlsSecurityPolicy: pulumi.String("Policy-Min-TLS-1-2-2019-07"),
    			},
    			NodeToNodeEncryption: &opensearch.DomainNodeToNodeEncryptionArgs{
    				Enabled: pulumi.Bool(true),
    			},
    			EbsOptions: &opensearch.DomainEbsOptionsArgs{
    				EbsEnabled: pulumi.Bool(true),
    				VolumeSize: pulumi.Int(10),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var example = new Aws.OpenSearch.Domain("example", new()
        {
            DomainName = "ggkitty",
            EngineVersion = "Elasticsearch_7.1",
            ClusterConfig = new Aws.OpenSearch.Inputs.DomainClusterConfigArgs
            {
                InstanceType = "r5.large.search",
            },
            AdvancedSecurityOptions = new Aws.OpenSearch.Inputs.DomainAdvancedSecurityOptionsArgs
            {
                Enabled = false,
                AnonymousAuthEnabled = true,
                InternalUserDatabaseEnabled = true,
                MasterUserOptions = new Aws.OpenSearch.Inputs.DomainAdvancedSecurityOptionsMasterUserOptionsArgs
                {
                    MasterUserName = "example",
                    MasterUserPassword = "Barbarbarbar1!",
                },
            },
            EncryptAtRest = new Aws.OpenSearch.Inputs.DomainEncryptAtRestArgs
            {
                Enabled = true,
            },
            DomainEndpointOptions = new Aws.OpenSearch.Inputs.DomainDomainEndpointOptionsArgs
            {
                EnforceHttps = true,
                TlsSecurityPolicy = "Policy-Min-TLS-1-2-2019-07",
            },
            NodeToNodeEncryption = new Aws.OpenSearch.Inputs.DomainNodeToNodeEncryptionArgs
            {
                Enabled = true,
            },
            EbsOptions = new Aws.OpenSearch.Inputs.DomainEbsOptionsArgs
            {
                EbsEnabled = true,
                VolumeSize = 10,
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.opensearch.Domain;
    import com.pulumi.aws.opensearch.DomainArgs;
    import com.pulumi.aws.opensearch.inputs.DomainClusterConfigArgs;
    import com.pulumi.aws.opensearch.inputs.DomainAdvancedSecurityOptionsArgs;
    import com.pulumi.aws.opensearch.inputs.DomainAdvancedSecurityOptionsMasterUserOptionsArgs;
    import com.pulumi.aws.opensearch.inputs.DomainEncryptAtRestArgs;
    import com.pulumi.aws.opensearch.inputs.DomainDomainEndpointOptionsArgs;
    import com.pulumi.aws.opensearch.inputs.DomainNodeToNodeEncryptionArgs;
    import com.pulumi.aws.opensearch.inputs.DomainEbsOptionsArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var example = new Domain("example", DomainArgs.builder()
                .domainName("ggkitty")
                .engineVersion("Elasticsearch_7.1")
                .clusterConfig(DomainClusterConfigArgs.builder()
                    .instanceType("r5.large.search")
                    .build())
                .advancedSecurityOptions(DomainAdvancedSecurityOptionsArgs.builder()
                    .enabled(false)
                    .anonymousAuthEnabled(true)
                    .internalUserDatabaseEnabled(true)
                    .masterUserOptions(DomainAdvancedSecurityOptionsMasterUserOptionsArgs.builder()
                        .masterUserName("example")
                        .masterUserPassword("Barbarbarbar1!")
                        .build())
                    .build())
                .encryptAtRest(DomainEncryptAtRestArgs.builder()
                    .enabled(true)
                    .build())
                .domainEndpointOptions(DomainDomainEndpointOptionsArgs.builder()
                    .enforceHttps(true)
                    .tlsSecurityPolicy("Policy-Min-TLS-1-2-2019-07")
                    .build())
                .nodeToNodeEncryption(DomainNodeToNodeEncryptionArgs.builder()
                    .enabled(true)
                    .build())
                .ebsOptions(DomainEbsOptionsArgs.builder()
                    .ebsEnabled(true)
                    .volumeSize(10)
                    .build())
                .build());
    
        }
    }
    
    resources:
      example:
        type: aws:opensearch:Domain
        properties:
          domainName: ggkitty
          engineVersion: Elasticsearch_7.1
          clusterConfig:
            instanceType: r5.large.search
          advancedSecurityOptions:
            enabled: false
            anonymousAuthEnabled: true
            internalUserDatabaseEnabled: true
            masterUserOptions:
              masterUserName: example
              masterUserPassword: Barbarbarbar1!
          encryptAtRest:
            enabled: true
          domainEndpointOptions:
            enforceHttps: true
            tlsSecurityPolicy: Policy-Min-TLS-1-2-2019-07
          nodeToNodeEncryption:
            enabled: true
          ebsOptions:
            ebsEnabled: true
            volumeSize: 10
    

    Second apply

    Notice that the only change is advanced_security_options.0.enabled is now set to true.

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const example = new aws.opensearch.Domain("example", {
        domainName: "ggkitty",
        engineVersion: "Elasticsearch_7.1",
        clusterConfig: {
            instanceType: "r5.large.search",
        },
        advancedSecurityOptions: {
            enabled: true,
            anonymousAuthEnabled: true,
            internalUserDatabaseEnabled: true,
            masterUserOptions: {
                masterUserName: "example",
                masterUserPassword: "Barbarbarbar1!",
            },
        },
        encryptAtRest: {
            enabled: true,
        },
        domainEndpointOptions: {
            enforceHttps: true,
            tlsSecurityPolicy: "Policy-Min-TLS-1-2-2019-07",
        },
        nodeToNodeEncryption: {
            enabled: true,
        },
        ebsOptions: {
            ebsEnabled: true,
            volumeSize: 10,
        },
    });
    
    import pulumi
    import pulumi_aws as aws
    
    example = aws.opensearch.Domain("example",
        domain_name="ggkitty",
        engine_version="Elasticsearch_7.1",
        cluster_config={
            "instance_type": "r5.large.search",
        },
        advanced_security_options={
            "enabled": True,
            "anonymous_auth_enabled": True,
            "internal_user_database_enabled": True,
            "master_user_options": {
                "master_user_name": "example",
                "master_user_password": "Barbarbarbar1!",
            },
        },
        encrypt_at_rest={
            "enabled": True,
        },
        domain_endpoint_options={
            "enforce_https": True,
            "tls_security_policy": "Policy-Min-TLS-1-2-2019-07",
        },
        node_to_node_encryption={
            "enabled": True,
        },
        ebs_options={
            "ebs_enabled": True,
            "volume_size": 10,
        })
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := opensearch.NewDomain(ctx, "example", &opensearch.DomainArgs{
    			DomainName:    pulumi.String("ggkitty"),
    			EngineVersion: pulumi.String("Elasticsearch_7.1"),
    			ClusterConfig: &opensearch.DomainClusterConfigArgs{
    				InstanceType: pulumi.String("r5.large.search"),
    			},
    			AdvancedSecurityOptions: &opensearch.DomainAdvancedSecurityOptionsArgs{
    				Enabled:                     pulumi.Bool(true),
    				AnonymousAuthEnabled:        pulumi.Bool(true),
    				InternalUserDatabaseEnabled: pulumi.Bool(true),
    				MasterUserOptions: &opensearch.DomainAdvancedSecurityOptionsMasterUserOptionsArgs{
    					MasterUserName:     pulumi.String("example"),
    					MasterUserPassword: pulumi.String("Barbarbarbar1!"),
    				},
    			},
    			EncryptAtRest: &opensearch.DomainEncryptAtRestArgs{
    				Enabled: pulumi.Bool(true),
    			},
    			DomainEndpointOptions: &opensearch.DomainDomainEndpointOptionsArgs{
    				EnforceHttps:      pulumi.Bool(true),
    				TlsSecurityPolicy: pulumi.String("Policy-Min-TLS-1-2-2019-07"),
    			},
    			NodeToNodeEncryption: &opensearch.DomainNodeToNodeEncryptionArgs{
    				Enabled: pulumi.Bool(true),
    			},
    			EbsOptions: &opensearch.DomainEbsOptionsArgs{
    				EbsEnabled: pulumi.Bool(true),
    				VolumeSize: pulumi.Int(10),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var example = new Aws.OpenSearch.Domain("example", new()
        {
            DomainName = "ggkitty",
            EngineVersion = "Elasticsearch_7.1",
            ClusterConfig = new Aws.OpenSearch.Inputs.DomainClusterConfigArgs
            {
                InstanceType = "r5.large.search",
            },
            AdvancedSecurityOptions = new Aws.OpenSearch.Inputs.DomainAdvancedSecurityOptionsArgs
            {
                Enabled = true,
                AnonymousAuthEnabled = true,
                InternalUserDatabaseEnabled = true,
                MasterUserOptions = new Aws.OpenSearch.Inputs.DomainAdvancedSecurityOptionsMasterUserOptionsArgs
                {
                    MasterUserName = "example",
                    MasterUserPassword = "Barbarbarbar1!",
                },
            },
            EncryptAtRest = new Aws.OpenSearch.Inputs.DomainEncryptAtRestArgs
            {
                Enabled = true,
            },
            DomainEndpointOptions = new Aws.OpenSearch.Inputs.DomainDomainEndpointOptionsArgs
            {
                EnforceHttps = true,
                TlsSecurityPolicy = "Policy-Min-TLS-1-2-2019-07",
            },
            NodeToNodeEncryption = new Aws.OpenSearch.Inputs.DomainNodeToNodeEncryptionArgs
            {
                Enabled = true,
            },
            EbsOptions = new Aws.OpenSearch.Inputs.DomainEbsOptionsArgs
            {
                EbsEnabled = true,
                VolumeSize = 10,
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.opensearch.Domain;
    import com.pulumi.aws.opensearch.DomainArgs;
    import com.pulumi.aws.opensearch.inputs.DomainClusterConfigArgs;
    import com.pulumi.aws.opensearch.inputs.DomainAdvancedSecurityOptionsArgs;
    import com.pulumi.aws.opensearch.inputs.DomainAdvancedSecurityOptionsMasterUserOptionsArgs;
    import com.pulumi.aws.opensearch.inputs.DomainEncryptAtRestArgs;
    import com.pulumi.aws.opensearch.inputs.DomainDomainEndpointOptionsArgs;
    import com.pulumi.aws.opensearch.inputs.DomainNodeToNodeEncryptionArgs;
    import com.pulumi.aws.opensearch.inputs.DomainEbsOptionsArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var example = new Domain("example", DomainArgs.builder()
                .domainName("ggkitty")
                .engineVersion("Elasticsearch_7.1")
                .clusterConfig(DomainClusterConfigArgs.builder()
                    .instanceType("r5.large.search")
                    .build())
                .advancedSecurityOptions(DomainAdvancedSecurityOptionsArgs.builder()
                    .enabled(true)
                    .anonymousAuthEnabled(true)
                    .internalUserDatabaseEnabled(true)
                    .masterUserOptions(DomainAdvancedSecurityOptionsMasterUserOptionsArgs.builder()
                        .masterUserName("example")
                        .masterUserPassword("Barbarbarbar1!")
                        .build())
                    .build())
                .encryptAtRest(DomainEncryptAtRestArgs.builder()
                    .enabled(true)
                    .build())
                .domainEndpointOptions(DomainDomainEndpointOptionsArgs.builder()
                    .enforceHttps(true)
                    .tlsSecurityPolicy("Policy-Min-TLS-1-2-2019-07")
                    .build())
                .nodeToNodeEncryption(DomainNodeToNodeEncryptionArgs.builder()
                    .enabled(true)
                    .build())
                .ebsOptions(DomainEbsOptionsArgs.builder()
                    .ebsEnabled(true)
                    .volumeSize(10)
                    .build())
                .build());
    
        }
    }
    
    resources:
      example:
        type: aws:opensearch:Domain
        properties:
          domainName: ggkitty
          engineVersion: Elasticsearch_7.1
          clusterConfig:
            instanceType: r5.large.search
          advancedSecurityOptions:
            enabled: true
            anonymousAuthEnabled: true
            internalUserDatabaseEnabled: true
            masterUserOptions:
              masterUserName: example
              masterUserPassword: Barbarbarbar1!
          encryptAtRest:
            enabled: true
          domainEndpointOptions:
            enforceHttps: true
            tlsSecurityPolicy: Policy-Min-TLS-1-2-2019-07
          nodeToNodeEncryption:
            enabled: true
          ebsOptions:
            ebsEnabled: true
            volumeSize: 10
    

    Create Domain Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new Domain(name: string, args?: DomainArgs, opts?: CustomResourceOptions);
    @overload
    def Domain(resource_name: str,
               args: Optional[DomainArgs] = None,
               opts: Optional[ResourceOptions] = None)
    
    @overload
    def Domain(resource_name: str,
               opts: Optional[ResourceOptions] = None,
               access_policies: Optional[str] = None,
               advanced_options: Optional[Mapping[str, str]] = None,
               advanced_security_options: Optional[DomainAdvancedSecurityOptionsArgs] = None,
               auto_tune_options: Optional[DomainAutoTuneOptionsArgs] = None,
               cluster_config: Optional[DomainClusterConfigArgs] = None,
               cognito_options: Optional[DomainCognitoOptionsArgs] = None,
               domain_endpoint_options: Optional[DomainDomainEndpointOptionsArgs] = None,
               domain_name: Optional[str] = None,
               ebs_options: Optional[DomainEbsOptionsArgs] = None,
               encrypt_at_rest: Optional[DomainEncryptAtRestArgs] = None,
               engine_version: Optional[str] = None,
               ip_address_type: Optional[str] = None,
               log_publishing_options: Optional[Sequence[DomainLogPublishingOptionArgs]] = None,
               node_to_node_encryption: Optional[DomainNodeToNodeEncryptionArgs] = None,
               off_peak_window_options: Optional[DomainOffPeakWindowOptionsArgs] = None,
               snapshot_options: Optional[DomainSnapshotOptionsArgs] = None,
               software_update_options: Optional[DomainSoftwareUpdateOptionsArgs] = None,
               tags: Optional[Mapping[str, str]] = None,
               vpc_options: Optional[DomainVpcOptionsArgs] = None)
    func NewDomain(ctx *Context, name string, args *DomainArgs, opts ...ResourceOption) (*Domain, error)
    public Domain(string name, DomainArgs? args = null, CustomResourceOptions? opts = null)
    public Domain(String name, DomainArgs args)
    public Domain(String name, DomainArgs args, CustomResourceOptions options)
    
    type: aws:opensearch:Domain
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args DomainArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args DomainArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args DomainArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args DomainArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args DomainArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var exampledomainResourceResourceFromOpensearchdomain = new Aws.OpenSearch.Domain("exampledomainResourceResourceFromOpensearchdomain", new()
    {
        AccessPolicies = "string",
        AdvancedOptions = 
        {
            { "string", "string" },
        },
        AdvancedSecurityOptions = new Aws.OpenSearch.Inputs.DomainAdvancedSecurityOptionsArgs
        {
            Enabled = false,
            AnonymousAuthEnabled = false,
            InternalUserDatabaseEnabled = false,
            MasterUserOptions = new Aws.OpenSearch.Inputs.DomainAdvancedSecurityOptionsMasterUserOptionsArgs
            {
                MasterUserArn = "string",
                MasterUserName = "string",
                MasterUserPassword = "string",
            },
        },
        AutoTuneOptions = new Aws.OpenSearch.Inputs.DomainAutoTuneOptionsArgs
        {
            DesiredState = "string",
            MaintenanceSchedules = new[]
            {
                new Aws.OpenSearch.Inputs.DomainAutoTuneOptionsMaintenanceScheduleArgs
                {
                    CronExpressionForRecurrence = "string",
                    Duration = new Aws.OpenSearch.Inputs.DomainAutoTuneOptionsMaintenanceScheduleDurationArgs
                    {
                        Unit = "string",
                        Value = 0,
                    },
                    StartAt = "string",
                },
            },
            RollbackOnDisable = "string",
            UseOffPeakWindow = false,
        },
        ClusterConfig = new Aws.OpenSearch.Inputs.DomainClusterConfigArgs
        {
            ColdStorageOptions = new Aws.OpenSearch.Inputs.DomainClusterConfigColdStorageOptionsArgs
            {
                Enabled = false,
            },
            DedicatedMasterCount = 0,
            DedicatedMasterEnabled = false,
            DedicatedMasterType = "string",
            InstanceCount = 0,
            InstanceType = "string",
            MultiAzWithStandbyEnabled = false,
            WarmCount = 0,
            WarmEnabled = false,
            WarmType = "string",
            ZoneAwarenessConfig = new Aws.OpenSearch.Inputs.DomainClusterConfigZoneAwarenessConfigArgs
            {
                AvailabilityZoneCount = 0,
            },
            ZoneAwarenessEnabled = false,
        },
        CognitoOptions = new Aws.OpenSearch.Inputs.DomainCognitoOptionsArgs
        {
            IdentityPoolId = "string",
            RoleArn = "string",
            UserPoolId = "string",
            Enabled = false,
        },
        DomainEndpointOptions = new Aws.OpenSearch.Inputs.DomainDomainEndpointOptionsArgs
        {
            CustomEndpoint = "string",
            CustomEndpointCertificateArn = "string",
            CustomEndpointEnabled = false,
            EnforceHttps = false,
            TlsSecurityPolicy = "string",
        },
        DomainName = "string",
        EbsOptions = new Aws.OpenSearch.Inputs.DomainEbsOptionsArgs
        {
            EbsEnabled = false,
            Iops = 0,
            Throughput = 0,
            VolumeSize = 0,
            VolumeType = "string",
        },
        EncryptAtRest = new Aws.OpenSearch.Inputs.DomainEncryptAtRestArgs
        {
            Enabled = false,
            KmsKeyId = "string",
        },
        EngineVersion = "string",
        IpAddressType = "string",
        LogPublishingOptions = new[]
        {
            new Aws.OpenSearch.Inputs.DomainLogPublishingOptionArgs
            {
                CloudwatchLogGroupArn = "string",
                LogType = "string",
                Enabled = false,
            },
        },
        NodeToNodeEncryption = new Aws.OpenSearch.Inputs.DomainNodeToNodeEncryptionArgs
        {
            Enabled = false,
        },
        OffPeakWindowOptions = new Aws.OpenSearch.Inputs.DomainOffPeakWindowOptionsArgs
        {
            Enabled = false,
            OffPeakWindow = new Aws.OpenSearch.Inputs.DomainOffPeakWindowOptionsOffPeakWindowArgs
            {
                WindowStartTime = new Aws.OpenSearch.Inputs.DomainOffPeakWindowOptionsOffPeakWindowWindowStartTimeArgs
                {
                    Hours = 0,
                    Minutes = 0,
                },
            },
        },
        SnapshotOptions = new Aws.OpenSearch.Inputs.DomainSnapshotOptionsArgs
        {
            AutomatedSnapshotStartHour = 0,
        },
        SoftwareUpdateOptions = new Aws.OpenSearch.Inputs.DomainSoftwareUpdateOptionsArgs
        {
            AutoSoftwareUpdateEnabled = false,
        },
        Tags = 
        {
            { "string", "string" },
        },
        VpcOptions = new Aws.OpenSearch.Inputs.DomainVpcOptionsArgs
        {
            AvailabilityZones = new[]
            {
                "string",
            },
            SecurityGroupIds = new[]
            {
                "string",
            },
            SubnetIds = new[]
            {
                "string",
            },
            VpcId = "string",
        },
    });
    
    example, err := opensearch.NewDomain(ctx, "exampledomainResourceResourceFromOpensearchdomain", &opensearch.DomainArgs{
    	AccessPolicies: pulumi.String("string"),
    	AdvancedOptions: pulumi.StringMap{
    		"string": pulumi.String("string"),
    	},
    	AdvancedSecurityOptions: &opensearch.DomainAdvancedSecurityOptionsArgs{
    		Enabled:                     pulumi.Bool(false),
    		AnonymousAuthEnabled:        pulumi.Bool(false),
    		InternalUserDatabaseEnabled: pulumi.Bool(false),
    		MasterUserOptions: &opensearch.DomainAdvancedSecurityOptionsMasterUserOptionsArgs{
    			MasterUserArn:      pulumi.String("string"),
    			MasterUserName:     pulumi.String("string"),
    			MasterUserPassword: pulumi.String("string"),
    		},
    	},
    	AutoTuneOptions: &opensearch.DomainAutoTuneOptionsArgs{
    		DesiredState: pulumi.String("string"),
    		MaintenanceSchedules: opensearch.DomainAutoTuneOptionsMaintenanceScheduleArray{
    			&opensearch.DomainAutoTuneOptionsMaintenanceScheduleArgs{
    				CronExpressionForRecurrence: pulumi.String("string"),
    				Duration: &opensearch.DomainAutoTuneOptionsMaintenanceScheduleDurationArgs{
    					Unit:  pulumi.String("string"),
    					Value: pulumi.Int(0),
    				},
    				StartAt: pulumi.String("string"),
    			},
    		},
    		RollbackOnDisable: pulumi.String("string"),
    		UseOffPeakWindow:  pulumi.Bool(false),
    	},
    	ClusterConfig: &opensearch.DomainClusterConfigArgs{
    		ColdStorageOptions: &opensearch.DomainClusterConfigColdStorageOptionsArgs{
    			Enabled: pulumi.Bool(false),
    		},
    		DedicatedMasterCount:      pulumi.Int(0),
    		DedicatedMasterEnabled:    pulumi.Bool(false),
    		DedicatedMasterType:       pulumi.String("string"),
    		InstanceCount:             pulumi.Int(0),
    		InstanceType:              pulumi.String("string"),
    		MultiAzWithStandbyEnabled: pulumi.Bool(false),
    		WarmCount:                 pulumi.Int(0),
    		WarmEnabled:               pulumi.Bool(false),
    		WarmType:                  pulumi.String("string"),
    		ZoneAwarenessConfig: &opensearch.DomainClusterConfigZoneAwarenessConfigArgs{
    			AvailabilityZoneCount: pulumi.Int(0),
    		},
    		ZoneAwarenessEnabled: pulumi.Bool(false),
    	},
    	CognitoOptions: &opensearch.DomainCognitoOptionsArgs{
    		IdentityPoolId: pulumi.String("string"),
    		RoleArn:        pulumi.String("string"),
    		UserPoolId:     pulumi.String("string"),
    		Enabled:        pulumi.Bool(false),
    	},
    	DomainEndpointOptions: &opensearch.DomainDomainEndpointOptionsArgs{
    		CustomEndpoint:               pulumi.String("string"),
    		CustomEndpointCertificateArn: pulumi.String("string"),
    		CustomEndpointEnabled:        pulumi.Bool(false),
    		EnforceHttps:                 pulumi.Bool(false),
    		TlsSecurityPolicy:            pulumi.String("string"),
    	},
    	DomainName: pulumi.String("string"),
    	EbsOptions: &opensearch.DomainEbsOptionsArgs{
    		EbsEnabled: pulumi.Bool(false),
    		Iops:       pulumi.Int(0),
    		Throughput: pulumi.Int(0),
    		VolumeSize: pulumi.Int(0),
    		VolumeType: pulumi.String("string"),
    	},
    	EncryptAtRest: &opensearch.DomainEncryptAtRestArgs{
    		Enabled:  pulumi.Bool(false),
    		KmsKeyId: pulumi.String("string"),
    	},
    	EngineVersion: pulumi.String("string"),
    	IpAddressType: pulumi.String("string"),
    	LogPublishingOptions: opensearch.DomainLogPublishingOptionArray{
    		&opensearch.DomainLogPublishingOptionArgs{
    			CloudwatchLogGroupArn: pulumi.String("string"),
    			LogType:               pulumi.String("string"),
    			Enabled:               pulumi.Bool(false),
    		},
    	},
    	NodeToNodeEncryption: &opensearch.DomainNodeToNodeEncryptionArgs{
    		Enabled: pulumi.Bool(false),
    	},
    	OffPeakWindowOptions: &opensearch.DomainOffPeakWindowOptionsArgs{
    		Enabled: pulumi.Bool(false),
    		OffPeakWindow: &opensearch.DomainOffPeakWindowOptionsOffPeakWindowArgs{
    			WindowStartTime: &opensearch.DomainOffPeakWindowOptionsOffPeakWindowWindowStartTimeArgs{
    				Hours:   pulumi.Int(0),
    				Minutes: pulumi.Int(0),
    			},
    		},
    	},
    	SnapshotOptions: &opensearch.DomainSnapshotOptionsArgs{
    		AutomatedSnapshotStartHour: pulumi.Int(0),
    	},
    	SoftwareUpdateOptions: &opensearch.DomainSoftwareUpdateOptionsArgs{
    		AutoSoftwareUpdateEnabled: pulumi.Bool(false),
    	},
    	Tags: pulumi.StringMap{
    		"string": pulumi.String("string"),
    	},
    	VpcOptions: &opensearch.DomainVpcOptionsArgs{
    		AvailabilityZones: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		SecurityGroupIds: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		SubnetIds: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		VpcId: pulumi.String("string"),
    	},
    })
    
    var exampledomainResourceResourceFromOpensearchdomain = new Domain("exampledomainResourceResourceFromOpensearchdomain", DomainArgs.builder()
        .accessPolicies("string")
        .advancedOptions(Map.of("string", "string"))
        .advancedSecurityOptions(DomainAdvancedSecurityOptionsArgs.builder()
            .enabled(false)
            .anonymousAuthEnabled(false)
            .internalUserDatabaseEnabled(false)
            .masterUserOptions(DomainAdvancedSecurityOptionsMasterUserOptionsArgs.builder()
                .masterUserArn("string")
                .masterUserName("string")
                .masterUserPassword("string")
                .build())
            .build())
        .autoTuneOptions(DomainAutoTuneOptionsArgs.builder()
            .desiredState("string")
            .maintenanceSchedules(DomainAutoTuneOptionsMaintenanceScheduleArgs.builder()
                .cronExpressionForRecurrence("string")
                .duration(DomainAutoTuneOptionsMaintenanceScheduleDurationArgs.builder()
                    .unit("string")
                    .value(0)
                    .build())
                .startAt("string")
                .build())
            .rollbackOnDisable("string")
            .useOffPeakWindow(false)
            .build())
        .clusterConfig(DomainClusterConfigArgs.builder()
            .coldStorageOptions(DomainClusterConfigColdStorageOptionsArgs.builder()
                .enabled(false)
                .build())
            .dedicatedMasterCount(0)
            .dedicatedMasterEnabled(false)
            .dedicatedMasterType("string")
            .instanceCount(0)
            .instanceType("string")
            .multiAzWithStandbyEnabled(false)
            .warmCount(0)
            .warmEnabled(false)
            .warmType("string")
            .zoneAwarenessConfig(DomainClusterConfigZoneAwarenessConfigArgs.builder()
                .availabilityZoneCount(0)
                .build())
            .zoneAwarenessEnabled(false)
            .build())
        .cognitoOptions(DomainCognitoOptionsArgs.builder()
            .identityPoolId("string")
            .roleArn("string")
            .userPoolId("string")
            .enabled(false)
            .build())
        .domainEndpointOptions(DomainDomainEndpointOptionsArgs.builder()
            .customEndpoint("string")
            .customEndpointCertificateArn("string")
            .customEndpointEnabled(false)
            .enforceHttps(false)
            .tlsSecurityPolicy("string")
            .build())
        .domainName("string")
        .ebsOptions(DomainEbsOptionsArgs.builder()
            .ebsEnabled(false)
            .iops(0)
            .throughput(0)
            .volumeSize(0)
            .volumeType("string")
            .build())
        .encryptAtRest(DomainEncryptAtRestArgs.builder()
            .enabled(false)
            .kmsKeyId("string")
            .build())
        .engineVersion("string")
        .ipAddressType("string")
        .logPublishingOptions(DomainLogPublishingOptionArgs.builder()
            .cloudwatchLogGroupArn("string")
            .logType("string")
            .enabled(false)
            .build())
        .nodeToNodeEncryption(DomainNodeToNodeEncryptionArgs.builder()
            .enabled(false)
            .build())
        .offPeakWindowOptions(DomainOffPeakWindowOptionsArgs.builder()
            .enabled(false)
            .offPeakWindow(DomainOffPeakWindowOptionsOffPeakWindowArgs.builder()
                .windowStartTime(DomainOffPeakWindowOptionsOffPeakWindowWindowStartTimeArgs.builder()
                    .hours(0)
                    .minutes(0)
                    .build())
                .build())
            .build())
        .snapshotOptions(DomainSnapshotOptionsArgs.builder()
            .automatedSnapshotStartHour(0)
            .build())
        .softwareUpdateOptions(DomainSoftwareUpdateOptionsArgs.builder()
            .autoSoftwareUpdateEnabled(false)
            .build())
        .tags(Map.of("string", "string"))
        .vpcOptions(DomainVpcOptionsArgs.builder()
            .availabilityZones("string")
            .securityGroupIds("string")
            .subnetIds("string")
            .vpcId("string")
            .build())
        .build());
    
    exampledomain_resource_resource_from_opensearchdomain = aws.opensearch.Domain("exampledomainResourceResourceFromOpensearchdomain",
        access_policies="string",
        advanced_options={
            "string": "string",
        },
        advanced_security_options={
            "enabled": False,
            "anonymousAuthEnabled": False,
            "internalUserDatabaseEnabled": False,
            "masterUserOptions": {
                "masterUserArn": "string",
                "masterUserName": "string",
                "masterUserPassword": "string",
            },
        },
        auto_tune_options={
            "desiredState": "string",
            "maintenanceSchedules": [{
                "cronExpressionForRecurrence": "string",
                "duration": {
                    "unit": "string",
                    "value": 0,
                },
                "startAt": "string",
            }],
            "rollbackOnDisable": "string",
            "useOffPeakWindow": False,
        },
        cluster_config={
            "coldStorageOptions": {
                "enabled": False,
            },
            "dedicatedMasterCount": 0,
            "dedicatedMasterEnabled": False,
            "dedicatedMasterType": "string",
            "instanceCount": 0,
            "instanceType": "string",
            "multiAzWithStandbyEnabled": False,
            "warmCount": 0,
            "warmEnabled": False,
            "warmType": "string",
            "zoneAwarenessConfig": {
                "availabilityZoneCount": 0,
            },
            "zoneAwarenessEnabled": False,
        },
        cognito_options={
            "identityPoolId": "string",
            "roleArn": "string",
            "userPoolId": "string",
            "enabled": False,
        },
        domain_endpoint_options={
            "customEndpoint": "string",
            "customEndpointCertificateArn": "string",
            "customEndpointEnabled": False,
            "enforceHttps": False,
            "tlsSecurityPolicy": "string",
        },
        domain_name="string",
        ebs_options={
            "ebsEnabled": False,
            "iops": 0,
            "throughput": 0,
            "volumeSize": 0,
            "volumeType": "string",
        },
        encrypt_at_rest={
            "enabled": False,
            "kmsKeyId": "string",
        },
        engine_version="string",
        ip_address_type="string",
        log_publishing_options=[{
            "cloudwatchLogGroupArn": "string",
            "logType": "string",
            "enabled": False,
        }],
        node_to_node_encryption={
            "enabled": False,
        },
        off_peak_window_options={
            "enabled": False,
            "offPeakWindow": {
                "windowStartTime": {
                    "hours": 0,
                    "minutes": 0,
                },
            },
        },
        snapshot_options={
            "automatedSnapshotStartHour": 0,
        },
        software_update_options={
            "autoSoftwareUpdateEnabled": False,
        },
        tags={
            "string": "string",
        },
        vpc_options={
            "availabilityZones": ["string"],
            "securityGroupIds": ["string"],
            "subnetIds": ["string"],
            "vpcId": "string",
        })
    
    const exampledomainResourceResourceFromOpensearchdomain = new aws.opensearch.Domain("exampledomainResourceResourceFromOpensearchdomain", {
        accessPolicies: "string",
        advancedOptions: {
            string: "string",
        },
        advancedSecurityOptions: {
            enabled: false,
            anonymousAuthEnabled: false,
            internalUserDatabaseEnabled: false,
            masterUserOptions: {
                masterUserArn: "string",
                masterUserName: "string",
                masterUserPassword: "string",
            },
        },
        autoTuneOptions: {
            desiredState: "string",
            maintenanceSchedules: [{
                cronExpressionForRecurrence: "string",
                duration: {
                    unit: "string",
                    value: 0,
                },
                startAt: "string",
            }],
            rollbackOnDisable: "string",
            useOffPeakWindow: false,
        },
        clusterConfig: {
            coldStorageOptions: {
                enabled: false,
            },
            dedicatedMasterCount: 0,
            dedicatedMasterEnabled: false,
            dedicatedMasterType: "string",
            instanceCount: 0,
            instanceType: "string",
            multiAzWithStandbyEnabled: false,
            warmCount: 0,
            warmEnabled: false,
            warmType: "string",
            zoneAwarenessConfig: {
                availabilityZoneCount: 0,
            },
            zoneAwarenessEnabled: false,
        },
        cognitoOptions: {
            identityPoolId: "string",
            roleArn: "string",
            userPoolId: "string",
            enabled: false,
        },
        domainEndpointOptions: {
            customEndpoint: "string",
            customEndpointCertificateArn: "string",
            customEndpointEnabled: false,
            enforceHttps: false,
            tlsSecurityPolicy: "string",
        },
        domainName: "string",
        ebsOptions: {
            ebsEnabled: false,
            iops: 0,
            throughput: 0,
            volumeSize: 0,
            volumeType: "string",
        },
        encryptAtRest: {
            enabled: false,
            kmsKeyId: "string",
        },
        engineVersion: "string",
        ipAddressType: "string",
        logPublishingOptions: [{
            cloudwatchLogGroupArn: "string",
            logType: "string",
            enabled: false,
        }],
        nodeToNodeEncryption: {
            enabled: false,
        },
        offPeakWindowOptions: {
            enabled: false,
            offPeakWindow: {
                windowStartTime: {
                    hours: 0,
                    minutes: 0,
                },
            },
        },
        snapshotOptions: {
            automatedSnapshotStartHour: 0,
        },
        softwareUpdateOptions: {
            autoSoftwareUpdateEnabled: false,
        },
        tags: {
            string: "string",
        },
        vpcOptions: {
            availabilityZones: ["string"],
            securityGroupIds: ["string"],
            subnetIds: ["string"],
            vpcId: "string",
        },
    });
    
    type: aws:opensearch:Domain
    properties:
        accessPolicies: string
        advancedOptions:
            string: string
        advancedSecurityOptions:
            anonymousAuthEnabled: false
            enabled: false
            internalUserDatabaseEnabled: false
            masterUserOptions:
                masterUserArn: string
                masterUserName: string
                masterUserPassword: string
        autoTuneOptions:
            desiredState: string
            maintenanceSchedules:
                - cronExpressionForRecurrence: string
                  duration:
                    unit: string
                    value: 0
                  startAt: string
            rollbackOnDisable: string
            useOffPeakWindow: false
        clusterConfig:
            coldStorageOptions:
                enabled: false
            dedicatedMasterCount: 0
            dedicatedMasterEnabled: false
            dedicatedMasterType: string
            instanceCount: 0
            instanceType: string
            multiAzWithStandbyEnabled: false
            warmCount: 0
            warmEnabled: false
            warmType: string
            zoneAwarenessConfig:
                availabilityZoneCount: 0
            zoneAwarenessEnabled: false
        cognitoOptions:
            enabled: false
            identityPoolId: string
            roleArn: string
            userPoolId: string
        domainEndpointOptions:
            customEndpoint: string
            customEndpointCertificateArn: string
            customEndpointEnabled: false
            enforceHttps: false
            tlsSecurityPolicy: string
        domainName: string
        ebsOptions:
            ebsEnabled: false
            iops: 0
            throughput: 0
            volumeSize: 0
            volumeType: string
        encryptAtRest:
            enabled: false
            kmsKeyId: string
        engineVersion: string
        ipAddressType: string
        logPublishingOptions:
            - cloudwatchLogGroupArn: string
              enabled: false
              logType: string
        nodeToNodeEncryption:
            enabled: false
        offPeakWindowOptions:
            enabled: false
            offPeakWindow:
                windowStartTime:
                    hours: 0
                    minutes: 0
        snapshotOptions:
            automatedSnapshotStartHour: 0
        softwareUpdateOptions:
            autoSoftwareUpdateEnabled: false
        tags:
            string: string
        vpcOptions:
            availabilityZones:
                - string
            securityGroupIds:
                - string
            subnetIds:
                - string
            vpcId: string
    

    Domain Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The Domain resource accepts the following input properties:

    AccessPolicies string
    IAM policy document specifying the access policies for the domain.
    AdvancedOptions Dictionary<string, string>
    Key-value string pairs to specify advanced configuration options. Note that the values for these configuration options must be strings (wrapped in quotes) or they may be wrong and cause a perpetual diff, causing the provider to want to recreate your OpenSearch domain on every apply.
    AdvancedSecurityOptions DomainAdvancedSecurityOptions
    Configuration block for fine-grained access control. Detailed below.
    AutoTuneOptions DomainAutoTuneOptions
    Configuration block for the Auto-Tune options of the domain. Detailed below.
    ClusterConfig DomainClusterConfig
    Configuration block for the cluster of the domain. Detailed below.
    CognitoOptions DomainCognitoOptions
    Configuration block for authenticating dashboard with Cognito. Detailed below.
    DomainEndpointOptions DomainDomainEndpointOptions
    Configuration block for domain endpoint HTTP(S) related options. Detailed below.
    DomainName string

    Name of the domain.

    The following arguments are optional:

    EbsOptions DomainEbsOptions
    Configuration block for EBS related options, may be required based on chosen instance size. Detailed below.
    EncryptAtRest DomainEncryptAtRest
    Configuration block for encrypt at rest options. Only available for certain instance types. Detailed below.
    EngineVersion string
    Either Elasticsearch_X.Y or OpenSearch_X.Y to specify the engine version for the Amazon OpenSearch Service domain. For example, OpenSearch_1.0 or Elasticsearch_7.9. See Creating and managing Amazon OpenSearch Service domains. Defaults to the lastest version of OpenSearch.
    IpAddressType string
    The IP address type for the endpoint. Valid values are ipv4 and dualstack.
    LogPublishingOptions List<DomainLogPublishingOption>
    Configuration block for publishing slow and application logs to CloudWatch Logs. This block can be declared multiple times, for each log_type, within the same resource. Detailed below.
    NodeToNodeEncryption DomainNodeToNodeEncryption
    Configuration block for node-to-node encryption options. Detailed below.
    OffPeakWindowOptions DomainOffPeakWindowOptions
    Configuration to add Off Peak update options. (documentation). Detailed below.
    SnapshotOptions DomainSnapshotOptions
    Configuration block for snapshot related options. Detailed below. DEPRECATED. For domains running OpenSearch 5.3 and later, Amazon OpenSearch takes hourly automated snapshots, making this setting irrelevant. For domains running earlier versions, OpenSearch takes daily automated snapshots.
    SoftwareUpdateOptions DomainSoftwareUpdateOptions
    Software update options for the domain. Detailed below.
    Tags Dictionary<string, string>
    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    VpcOptions DomainVpcOptions
    Configuration block for VPC related options. Adding or removing this configuration forces a new resource (documentation). Detailed below.
    AccessPolicies string
    IAM policy document specifying the access policies for the domain.
    AdvancedOptions map[string]string
    Key-value string pairs to specify advanced configuration options. Note that the values for these configuration options must be strings (wrapped in quotes) or they may be wrong and cause a perpetual diff, causing the provider to want to recreate your OpenSearch domain on every apply.
    AdvancedSecurityOptions DomainAdvancedSecurityOptionsArgs
    Configuration block for fine-grained access control. Detailed below.
    AutoTuneOptions DomainAutoTuneOptionsArgs
    Configuration block for the Auto-Tune options of the domain. Detailed below.
    ClusterConfig DomainClusterConfigArgs
    Configuration block for the cluster of the domain. Detailed below.
    CognitoOptions DomainCognitoOptionsArgs
    Configuration block for authenticating dashboard with Cognito. Detailed below.
    DomainEndpointOptions DomainDomainEndpointOptionsArgs
    Configuration block for domain endpoint HTTP(S) related options. Detailed below.
    DomainName string

    Name of the domain.

    The following arguments are optional:

    EbsOptions DomainEbsOptionsArgs
    Configuration block for EBS related options, may be required based on chosen instance size. Detailed below.
    EncryptAtRest DomainEncryptAtRestArgs
    Configuration block for encrypt at rest options. Only available for certain instance types. Detailed below.
    EngineVersion string
    Either Elasticsearch_X.Y or OpenSearch_X.Y to specify the engine version for the Amazon OpenSearch Service domain. For example, OpenSearch_1.0 or Elasticsearch_7.9. See Creating and managing Amazon OpenSearch Service domains. Defaults to the lastest version of OpenSearch.
    IpAddressType string
    The IP address type for the endpoint. Valid values are ipv4 and dualstack.
    LogPublishingOptions []DomainLogPublishingOptionArgs
    Configuration block for publishing slow and application logs to CloudWatch Logs. This block can be declared multiple times, for each log_type, within the same resource. Detailed below.
    NodeToNodeEncryption DomainNodeToNodeEncryptionArgs
    Configuration block for node-to-node encryption options. Detailed below.
    OffPeakWindowOptions DomainOffPeakWindowOptionsArgs
    Configuration to add Off Peak update options. (documentation). Detailed below.
    SnapshotOptions DomainSnapshotOptionsArgs
    Configuration block for snapshot related options. Detailed below. DEPRECATED. For domains running OpenSearch 5.3 and later, Amazon OpenSearch takes hourly automated snapshots, making this setting irrelevant. For domains running earlier versions, OpenSearch takes daily automated snapshots.
    SoftwareUpdateOptions DomainSoftwareUpdateOptionsArgs
    Software update options for the domain. Detailed below.
    Tags map[string]string
    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    VpcOptions DomainVpcOptionsArgs
    Configuration block for VPC related options. Adding or removing this configuration forces a new resource (documentation). Detailed below.
    accessPolicies String
    IAM policy document specifying the access policies for the domain.
    advancedOptions Map<String,String>
    Key-value string pairs to specify advanced configuration options. Note that the values for these configuration options must be strings (wrapped in quotes) or they may be wrong and cause a perpetual diff, causing the provider to want to recreate your OpenSearch domain on every apply.
    advancedSecurityOptions DomainAdvancedSecurityOptions
    Configuration block for fine-grained access control. Detailed below.
    autoTuneOptions DomainAutoTuneOptions
    Configuration block for the Auto-Tune options of the domain. Detailed below.
    clusterConfig DomainClusterConfig
    Configuration block for the cluster of the domain. Detailed below.
    cognitoOptions DomainCognitoOptions
    Configuration block for authenticating dashboard with Cognito. Detailed below.
    domainEndpointOptions DomainDomainEndpointOptions
    Configuration block for domain endpoint HTTP(S) related options. Detailed below.
    domainName String

    Name of the domain.

    The following arguments are optional:

    ebsOptions DomainEbsOptions
    Configuration block for EBS related options, may be required based on chosen instance size. Detailed below.
    encryptAtRest DomainEncryptAtRest
    Configuration block for encrypt at rest options. Only available for certain instance types. Detailed below.
    engineVersion String
    Either Elasticsearch_X.Y or OpenSearch_X.Y to specify the engine version for the Amazon OpenSearch Service domain. For example, OpenSearch_1.0 or Elasticsearch_7.9. See Creating and managing Amazon OpenSearch Service domains. Defaults to the lastest version of OpenSearch.
    ipAddressType String
    The IP address type for the endpoint. Valid values are ipv4 and dualstack.
    logPublishingOptions List<DomainLogPublishingOption>
    Configuration block for publishing slow and application logs to CloudWatch Logs. This block can be declared multiple times, for each log_type, within the same resource. Detailed below.
    nodeToNodeEncryption DomainNodeToNodeEncryption
    Configuration block for node-to-node encryption options. Detailed below.
    offPeakWindowOptions DomainOffPeakWindowOptions
    Configuration to add Off Peak update options. (documentation). Detailed below.
    snapshotOptions DomainSnapshotOptions
    Configuration block for snapshot related options. Detailed below. DEPRECATED. For domains running OpenSearch 5.3 and later, Amazon OpenSearch takes hourly automated snapshots, making this setting irrelevant. For domains running earlier versions, OpenSearch takes daily automated snapshots.
    softwareUpdateOptions DomainSoftwareUpdateOptions
    Software update options for the domain. Detailed below.
    tags Map<String,String>
    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    vpcOptions DomainVpcOptions
    Configuration block for VPC related options. Adding or removing this configuration forces a new resource (documentation). Detailed below.
    accessPolicies string
    IAM policy document specifying the access policies for the domain.
    advancedOptions {[key: string]: string}
    Key-value string pairs to specify advanced configuration options. Note that the values for these configuration options must be strings (wrapped in quotes) or they may be wrong and cause a perpetual diff, causing the provider to want to recreate your OpenSearch domain on every apply.
    advancedSecurityOptions DomainAdvancedSecurityOptions
    Configuration block for fine-grained access control. Detailed below.
    autoTuneOptions DomainAutoTuneOptions
    Configuration block for the Auto-Tune options of the domain. Detailed below.
    clusterConfig DomainClusterConfig
    Configuration block for the cluster of the domain. Detailed below.
    cognitoOptions DomainCognitoOptions
    Configuration block for authenticating dashboard with Cognito. Detailed below.
    domainEndpointOptions DomainDomainEndpointOptions
    Configuration block for domain endpoint HTTP(S) related options. Detailed below.
    domainName string

    Name of the domain.

    The following arguments are optional:

    ebsOptions DomainEbsOptions
    Configuration block for EBS related options, may be required based on chosen instance size. Detailed below.
    encryptAtRest DomainEncryptAtRest
    Configuration block for encrypt at rest options. Only available for certain instance types. Detailed below.
    engineVersion string
    Either Elasticsearch_X.Y or OpenSearch_X.Y to specify the engine version for the Amazon OpenSearch Service domain. For example, OpenSearch_1.0 or Elasticsearch_7.9. See Creating and managing Amazon OpenSearch Service domains. Defaults to the lastest version of OpenSearch.
    ipAddressType string
    The IP address type for the endpoint. Valid values are ipv4 and dualstack.
    logPublishingOptions DomainLogPublishingOption[]
    Configuration block for publishing slow and application logs to CloudWatch Logs. This block can be declared multiple times, for each log_type, within the same resource. Detailed below.
    nodeToNodeEncryption DomainNodeToNodeEncryption
    Configuration block for node-to-node encryption options. Detailed below.
    offPeakWindowOptions DomainOffPeakWindowOptions
    Configuration to add Off Peak update options. (documentation). Detailed below.
    snapshotOptions DomainSnapshotOptions
    Configuration block for snapshot related options. Detailed below. DEPRECATED. For domains running OpenSearch 5.3 and later, Amazon OpenSearch takes hourly automated snapshots, making this setting irrelevant. For domains running earlier versions, OpenSearch takes daily automated snapshots.
    softwareUpdateOptions DomainSoftwareUpdateOptions
    Software update options for the domain. Detailed below.
    tags {[key: string]: string}
    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    vpcOptions DomainVpcOptions
    Configuration block for VPC related options. Adding or removing this configuration forces a new resource (documentation). Detailed below.
    access_policies str
    IAM policy document specifying the access policies for the domain.
    advanced_options Mapping[str, str]
    Key-value string pairs to specify advanced configuration options. Note that the values for these configuration options must be strings (wrapped in quotes) or they may be wrong and cause a perpetual diff, causing the provider to want to recreate your OpenSearch domain on every apply.
    advanced_security_options DomainAdvancedSecurityOptionsArgs
    Configuration block for fine-grained access control. Detailed below.
    auto_tune_options DomainAutoTuneOptionsArgs
    Configuration block for the Auto-Tune options of the domain. Detailed below.
    cluster_config DomainClusterConfigArgs
    Configuration block for the cluster of the domain. Detailed below.
    cognito_options DomainCognitoOptionsArgs
    Configuration block for authenticating dashboard with Cognito. Detailed below.
    domain_endpoint_options DomainDomainEndpointOptionsArgs
    Configuration block for domain endpoint HTTP(S) related options. Detailed below.
    domain_name str

    Name of the domain.

    The following arguments are optional:

    ebs_options DomainEbsOptionsArgs
    Configuration block for EBS related options, may be required based on chosen instance size. Detailed below.
    encrypt_at_rest DomainEncryptAtRestArgs
    Configuration block for encrypt at rest options. Only available for certain instance types. Detailed below.
    engine_version str
    Either Elasticsearch_X.Y or OpenSearch_X.Y to specify the engine version for the Amazon OpenSearch Service domain. For example, OpenSearch_1.0 or Elasticsearch_7.9. See Creating and managing Amazon OpenSearch Service domains. Defaults to the lastest version of OpenSearch.
    ip_address_type str
    The IP address type for the endpoint. Valid values are ipv4 and dualstack.
    log_publishing_options Sequence[DomainLogPublishingOptionArgs]
    Configuration block for publishing slow and application logs to CloudWatch Logs. This block can be declared multiple times, for each log_type, within the same resource. Detailed below.
    node_to_node_encryption DomainNodeToNodeEncryptionArgs
    Configuration block for node-to-node encryption options. Detailed below.
    off_peak_window_options DomainOffPeakWindowOptionsArgs
    Configuration to add Off Peak update options. (documentation). Detailed below.
    snapshot_options DomainSnapshotOptionsArgs
    Configuration block for snapshot related options. Detailed below. DEPRECATED. For domains running OpenSearch 5.3 and later, Amazon OpenSearch takes hourly automated snapshots, making this setting irrelevant. For domains running earlier versions, OpenSearch takes daily automated snapshots.
    software_update_options DomainSoftwareUpdateOptionsArgs
    Software update options for the domain. Detailed below.
    tags Mapping[str, str]
    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    vpc_options DomainVpcOptionsArgs
    Configuration block for VPC related options. Adding or removing this configuration forces a new resource (documentation). Detailed below.
    accessPolicies String
    IAM policy document specifying the access policies for the domain.
    advancedOptions Map<String>
    Key-value string pairs to specify advanced configuration options. Note that the values for these configuration options must be strings (wrapped in quotes) or they may be wrong and cause a perpetual diff, causing the provider to want to recreate your OpenSearch domain on every apply.
    advancedSecurityOptions Property Map
    Configuration block for fine-grained access control. Detailed below.
    autoTuneOptions Property Map
    Configuration block for the Auto-Tune options of the domain. Detailed below.
    clusterConfig Property Map
    Configuration block for the cluster of the domain. Detailed below.
    cognitoOptions Property Map
    Configuration block for authenticating dashboard with Cognito. Detailed below.
    domainEndpointOptions Property Map
    Configuration block for domain endpoint HTTP(S) related options. Detailed below.
    domainName String

    Name of the domain.

    The following arguments are optional:

    ebsOptions Property Map
    Configuration block for EBS related options, may be required based on chosen instance size. Detailed below.
    encryptAtRest Property Map
    Configuration block for encrypt at rest options. Only available for certain instance types. Detailed below.
    engineVersion String
    Either Elasticsearch_X.Y or OpenSearch_X.Y to specify the engine version for the Amazon OpenSearch Service domain. For example, OpenSearch_1.0 or Elasticsearch_7.9. See Creating and managing Amazon OpenSearch Service domains. Defaults to the lastest version of OpenSearch.
    ipAddressType String
    The IP address type for the endpoint. Valid values are ipv4 and dualstack.
    logPublishingOptions List<Property Map>
    Configuration block for publishing slow and application logs to CloudWatch Logs. This block can be declared multiple times, for each log_type, within the same resource. Detailed below.
    nodeToNodeEncryption Property Map
    Configuration block for node-to-node encryption options. Detailed below.
    offPeakWindowOptions Property Map
    Configuration to add Off Peak update options. (documentation). Detailed below.
    snapshotOptions Property Map
    Configuration block for snapshot related options. Detailed below. DEPRECATED. For domains running OpenSearch 5.3 and later, Amazon OpenSearch takes hourly automated snapshots, making this setting irrelevant. For domains running earlier versions, OpenSearch takes daily automated snapshots.
    softwareUpdateOptions Property Map
    Software update options for the domain. Detailed below.
    tags Map<String>
    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    vpcOptions Property Map
    Configuration block for VPC related options. Adding or removing this configuration forces a new resource (documentation). Detailed below.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the Domain resource produces the following output properties:

    Arn string
    ARN of the domain.
    DashboardEndpoint string
    Domain-specific endpoint for Dashboard without https scheme.
    DashboardEndpointV2 string
    V2 domain endpoint for Dashboard that works with both IPv4 and IPv6 addresses, without https scheme.
    DomainEndpointV2HostedZoneId string
    Dual stack hosted zone ID for the domain.
    DomainId string
    Unique identifier for the domain.
    Endpoint string
    Domain-specific endpoint used to submit index, search, and data upload requests.
    EndpointV2 string
    V2 domain endpoint that works with both IPv4 and IPv6 addresses, used to submit index, search, and data upload requests.
    Id string
    The provider-assigned unique ID for this managed resource.
    KibanaEndpoint string
    (Deprecated) Domain-specific endpoint for kibana without https scheme. Use the dashboard_endpoint attribute instead.

    Deprecated: use 'dashboard_endpoint' attribute instead

    TagsAll Dictionary<string, string>
    Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    Arn string
    ARN of the domain.
    DashboardEndpoint string
    Domain-specific endpoint for Dashboard without https scheme.
    DashboardEndpointV2 string
    V2 domain endpoint for Dashboard that works with both IPv4 and IPv6 addresses, without https scheme.
    DomainEndpointV2HostedZoneId string
    Dual stack hosted zone ID for the domain.
    DomainId string
    Unique identifier for the domain.
    Endpoint string
    Domain-specific endpoint used to submit index, search, and data upload requests.
    EndpointV2 string
    V2 domain endpoint that works with both IPv4 and IPv6 addresses, used to submit index, search, and data upload requests.
    Id string
    The provider-assigned unique ID for this managed resource.
    KibanaEndpoint string
    (Deprecated) Domain-specific endpoint for kibana without https scheme. Use the dashboard_endpoint attribute instead.

    Deprecated: use 'dashboard_endpoint' attribute instead

    TagsAll map[string]string
    Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    arn String
    ARN of the domain.
    dashboardEndpoint String
    Domain-specific endpoint for Dashboard without https scheme.
    dashboardEndpointV2 String
    V2 domain endpoint for Dashboard that works with both IPv4 and IPv6 addresses, without https scheme.
    domainEndpointV2HostedZoneId String
    Dual stack hosted zone ID for the domain.
    domainId String
    Unique identifier for the domain.
    endpoint String
    Domain-specific endpoint used to submit index, search, and data upload requests.
    endpointV2 String
    V2 domain endpoint that works with both IPv4 and IPv6 addresses, used to submit index, search, and data upload requests.
    id String
    The provider-assigned unique ID for this managed resource.
    kibanaEndpoint String
    (Deprecated) Domain-specific endpoint for kibana without https scheme. Use the dashboard_endpoint attribute instead.

    Deprecated: use 'dashboard_endpoint' attribute instead

    tagsAll Map<String,String>
    Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    arn string
    ARN of the domain.
    dashboardEndpoint string
    Domain-specific endpoint for Dashboard without https scheme.
    dashboardEndpointV2 string
    V2 domain endpoint for Dashboard that works with both IPv4 and IPv6 addresses, without https scheme.
    domainEndpointV2HostedZoneId string
    Dual stack hosted zone ID for the domain.
    domainId string
    Unique identifier for the domain.
    endpoint string
    Domain-specific endpoint used to submit index, search, and data upload requests.
    endpointV2 string
    V2 domain endpoint that works with both IPv4 and IPv6 addresses, used to submit index, search, and data upload requests.
    id string
    The provider-assigned unique ID for this managed resource.
    kibanaEndpoint string
    (Deprecated) Domain-specific endpoint for kibana without https scheme. Use the dashboard_endpoint attribute instead.

    Deprecated: use 'dashboard_endpoint' attribute instead

    tagsAll {[key: string]: string}
    Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    arn str
    ARN of the domain.
    dashboard_endpoint str
    Domain-specific endpoint for Dashboard without https scheme.
    dashboard_endpoint_v2 str
    V2 domain endpoint for Dashboard that works with both IPv4 and IPv6 addresses, without https scheme.
    domain_endpoint_v2_hosted_zone_id str
    Dual stack hosted zone ID for the domain.
    domain_id str
    Unique identifier for the domain.
    endpoint str
    Domain-specific endpoint used to submit index, search, and data upload requests.
    endpoint_v2 str
    V2 domain endpoint that works with both IPv4 and IPv6 addresses, used to submit index, search, and data upload requests.
    id str
    The provider-assigned unique ID for this managed resource.
    kibana_endpoint str
    (Deprecated) Domain-specific endpoint for kibana without https scheme. Use the dashboard_endpoint attribute instead.

    Deprecated: use 'dashboard_endpoint' attribute instead

    tags_all Mapping[str, str]
    Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    arn String
    ARN of the domain.
    dashboardEndpoint String
    Domain-specific endpoint for Dashboard without https scheme.
    dashboardEndpointV2 String
    V2 domain endpoint for Dashboard that works with both IPv4 and IPv6 addresses, without https scheme.
    domainEndpointV2HostedZoneId String
    Dual stack hosted zone ID for the domain.
    domainId String
    Unique identifier for the domain.
    endpoint String
    Domain-specific endpoint used to submit index, search, and data upload requests.
    endpointV2 String
    V2 domain endpoint that works with both IPv4 and IPv6 addresses, used to submit index, search, and data upload requests.
    id String
    The provider-assigned unique ID for this managed resource.
    kibanaEndpoint String
    (Deprecated) Domain-specific endpoint for kibana without https scheme. Use the dashboard_endpoint attribute instead.

    Deprecated: use 'dashboard_endpoint' attribute instead

    tagsAll Map<String>
    Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    Look up Existing Domain Resource

    Get an existing Domain resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: DomainState, opts?: CustomResourceOptions): Domain
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            access_policies: Optional[str] = None,
            advanced_options: Optional[Mapping[str, str]] = None,
            advanced_security_options: Optional[DomainAdvancedSecurityOptionsArgs] = None,
            arn: Optional[str] = None,
            auto_tune_options: Optional[DomainAutoTuneOptionsArgs] = None,
            cluster_config: Optional[DomainClusterConfigArgs] = None,
            cognito_options: Optional[DomainCognitoOptionsArgs] = None,
            dashboard_endpoint: Optional[str] = None,
            dashboard_endpoint_v2: Optional[str] = None,
            domain_endpoint_options: Optional[DomainDomainEndpointOptionsArgs] = None,
            domain_endpoint_v2_hosted_zone_id: Optional[str] = None,
            domain_id: Optional[str] = None,
            domain_name: Optional[str] = None,
            ebs_options: Optional[DomainEbsOptionsArgs] = None,
            encrypt_at_rest: Optional[DomainEncryptAtRestArgs] = None,
            endpoint: Optional[str] = None,
            endpoint_v2: Optional[str] = None,
            engine_version: Optional[str] = None,
            ip_address_type: Optional[str] = None,
            kibana_endpoint: Optional[str] = None,
            log_publishing_options: Optional[Sequence[DomainLogPublishingOptionArgs]] = None,
            node_to_node_encryption: Optional[DomainNodeToNodeEncryptionArgs] = None,
            off_peak_window_options: Optional[DomainOffPeakWindowOptionsArgs] = None,
            snapshot_options: Optional[DomainSnapshotOptionsArgs] = None,
            software_update_options: Optional[DomainSoftwareUpdateOptionsArgs] = None,
            tags: Optional[Mapping[str, str]] = None,
            tags_all: Optional[Mapping[str, str]] = None,
            vpc_options: Optional[DomainVpcOptionsArgs] = None) -> Domain
    func GetDomain(ctx *Context, name string, id IDInput, state *DomainState, opts ...ResourceOption) (*Domain, error)
    public static Domain Get(string name, Input<string> id, DomainState? state, CustomResourceOptions? opts = null)
    public static Domain get(String name, Output<String> id, DomainState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AccessPolicies string
    IAM policy document specifying the access policies for the domain.
    AdvancedOptions Dictionary<string, string>
    Key-value string pairs to specify advanced configuration options. Note that the values for these configuration options must be strings (wrapped in quotes) or they may be wrong and cause a perpetual diff, causing the provider to want to recreate your OpenSearch domain on every apply.
    AdvancedSecurityOptions DomainAdvancedSecurityOptions
    Configuration block for fine-grained access control. Detailed below.
    Arn string
    ARN of the domain.
    AutoTuneOptions DomainAutoTuneOptions
    Configuration block for the Auto-Tune options of the domain. Detailed below.
    ClusterConfig DomainClusterConfig
    Configuration block for the cluster of the domain. Detailed below.
    CognitoOptions DomainCognitoOptions
    Configuration block for authenticating dashboard with Cognito. Detailed below.
    DashboardEndpoint string
    Domain-specific endpoint for Dashboard without https scheme.
    DashboardEndpointV2 string
    V2 domain endpoint for Dashboard that works with both IPv4 and IPv6 addresses, without https scheme.
    DomainEndpointOptions DomainDomainEndpointOptions
    Configuration block for domain endpoint HTTP(S) related options. Detailed below.
    DomainEndpointV2HostedZoneId string
    Dual stack hosted zone ID for the domain.
    DomainId string
    Unique identifier for the domain.
    DomainName string

    Name of the domain.

    The following arguments are optional:

    EbsOptions DomainEbsOptions
    Configuration block for EBS related options, may be required based on chosen instance size. Detailed below.
    EncryptAtRest DomainEncryptAtRest
    Configuration block for encrypt at rest options. Only available for certain instance types. Detailed below.
    Endpoint string
    Domain-specific endpoint used to submit index, search, and data upload requests.
    EndpointV2 string
    V2 domain endpoint that works with both IPv4 and IPv6 addresses, used to submit index, search, and data upload requests.
    EngineVersion string
    Either Elasticsearch_X.Y or OpenSearch_X.Y to specify the engine version for the Amazon OpenSearch Service domain. For example, OpenSearch_1.0 or Elasticsearch_7.9. See Creating and managing Amazon OpenSearch Service domains. Defaults to the lastest version of OpenSearch.
    IpAddressType string
    The IP address type for the endpoint. Valid values are ipv4 and dualstack.
    KibanaEndpoint string
    (Deprecated) Domain-specific endpoint for kibana without https scheme. Use the dashboard_endpoint attribute instead.

    Deprecated: use 'dashboard_endpoint' attribute instead

    LogPublishingOptions List<DomainLogPublishingOption>
    Configuration block for publishing slow and application logs to CloudWatch Logs. This block can be declared multiple times, for each log_type, within the same resource. Detailed below.
    NodeToNodeEncryption DomainNodeToNodeEncryption
    Configuration block for node-to-node encryption options. Detailed below.
    OffPeakWindowOptions DomainOffPeakWindowOptions
    Configuration to add Off Peak update options. (documentation). Detailed below.
    SnapshotOptions DomainSnapshotOptions
    Configuration block for snapshot related options. Detailed below. DEPRECATED. For domains running OpenSearch 5.3 and later, Amazon OpenSearch takes hourly automated snapshots, making this setting irrelevant. For domains running earlier versions, OpenSearch takes daily automated snapshots.
    SoftwareUpdateOptions DomainSoftwareUpdateOptions
    Software update options for the domain. Detailed below.
    Tags Dictionary<string, string>
    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    TagsAll Dictionary<string, string>
    Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    VpcOptions DomainVpcOptions
    Configuration block for VPC related options. Adding or removing this configuration forces a new resource (documentation). Detailed below.
    AccessPolicies string
    IAM policy document specifying the access policies for the domain.
    AdvancedOptions map[string]string
    Key-value string pairs to specify advanced configuration options. Note that the values for these configuration options must be strings (wrapped in quotes) or they may be wrong and cause a perpetual diff, causing the provider to want to recreate your OpenSearch domain on every apply.
    AdvancedSecurityOptions DomainAdvancedSecurityOptionsArgs
    Configuration block for fine-grained access control. Detailed below.
    Arn string
    ARN of the domain.
    AutoTuneOptions DomainAutoTuneOptionsArgs
    Configuration block for the Auto-Tune options of the domain. Detailed below.
    ClusterConfig DomainClusterConfigArgs
    Configuration block for the cluster of the domain. Detailed below.
    CognitoOptions DomainCognitoOptionsArgs
    Configuration block for authenticating dashboard with Cognito. Detailed below.
    DashboardEndpoint string
    Domain-specific endpoint for Dashboard without https scheme.
    DashboardEndpointV2 string
    V2 domain endpoint for Dashboard that works with both IPv4 and IPv6 addresses, without https scheme.
    DomainEndpointOptions DomainDomainEndpointOptionsArgs
    Configuration block for domain endpoint HTTP(S) related options. Detailed below.
    DomainEndpointV2HostedZoneId string
    Dual stack hosted zone ID for the domain.
    DomainId string
    Unique identifier for the domain.
    DomainName string

    Name of the domain.

    The following arguments are optional:

    EbsOptions DomainEbsOptionsArgs
    Configuration block for EBS related options, may be required based on chosen instance size. Detailed below.
    EncryptAtRest DomainEncryptAtRestArgs
    Configuration block for encrypt at rest options. Only available for certain instance types. Detailed below.
    Endpoint string
    Domain-specific endpoint used to submit index, search, and data upload requests.
    EndpointV2 string
    V2 domain endpoint that works with both IPv4 and IPv6 addresses, used to submit index, search, and data upload requests.
    EngineVersion string
    Either Elasticsearch_X.Y or OpenSearch_X.Y to specify the engine version for the Amazon OpenSearch Service domain. For example, OpenSearch_1.0 or Elasticsearch_7.9. See Creating and managing Amazon OpenSearch Service domains. Defaults to the lastest version of OpenSearch.
    IpAddressType string
    The IP address type for the endpoint. Valid values are ipv4 and dualstack.
    KibanaEndpoint string
    (Deprecated) Domain-specific endpoint for kibana without https scheme. Use the dashboard_endpoint attribute instead.

    Deprecated: use 'dashboard_endpoint' attribute instead

    LogPublishingOptions []DomainLogPublishingOptionArgs
    Configuration block for publishing slow and application logs to CloudWatch Logs. This block can be declared multiple times, for each log_type, within the same resource. Detailed below.
    NodeToNodeEncryption DomainNodeToNodeEncryptionArgs
    Configuration block for node-to-node encryption options. Detailed below.
    OffPeakWindowOptions DomainOffPeakWindowOptionsArgs
    Configuration to add Off Peak update options. (documentation). Detailed below.
    SnapshotOptions DomainSnapshotOptionsArgs
    Configuration block for snapshot related options. Detailed below. DEPRECATED. For domains running OpenSearch 5.3 and later, Amazon OpenSearch takes hourly automated snapshots, making this setting irrelevant. For domains running earlier versions, OpenSearch takes daily automated snapshots.
    SoftwareUpdateOptions DomainSoftwareUpdateOptionsArgs
    Software update options for the domain. Detailed below.
    Tags map[string]string
    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    TagsAll map[string]string
    Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    VpcOptions DomainVpcOptionsArgs
    Configuration block for VPC related options. Adding or removing this configuration forces a new resource (documentation). Detailed below.
    accessPolicies String
    IAM policy document specifying the access policies for the domain.
    advancedOptions Map<String,String>
    Key-value string pairs to specify advanced configuration options. Note that the values for these configuration options must be strings (wrapped in quotes) or they may be wrong and cause a perpetual diff, causing the provider to want to recreate your OpenSearch domain on every apply.
    advancedSecurityOptions DomainAdvancedSecurityOptions
    Configuration block for fine-grained access control. Detailed below.
    arn String
    ARN of the domain.
    autoTuneOptions DomainAutoTuneOptions
    Configuration block for the Auto-Tune options of the domain. Detailed below.
    clusterConfig DomainClusterConfig
    Configuration block for the cluster of the domain. Detailed below.
    cognitoOptions DomainCognitoOptions
    Configuration block for authenticating dashboard with Cognito. Detailed below.
    dashboardEndpoint String
    Domain-specific endpoint for Dashboard without https scheme.
    dashboardEndpointV2 String
    V2 domain endpoint for Dashboard that works with both IPv4 and IPv6 addresses, without https scheme.
    domainEndpointOptions DomainDomainEndpointOptions
    Configuration block for domain endpoint HTTP(S) related options. Detailed below.
    domainEndpointV2HostedZoneId String
    Dual stack hosted zone ID for the domain.
    domainId String
    Unique identifier for the domain.
    domainName String

    Name of the domain.

    The following arguments are optional:

    ebsOptions DomainEbsOptions
    Configuration block for EBS related options, may be required based on chosen instance size. Detailed below.
    encryptAtRest DomainEncryptAtRest
    Configuration block for encrypt at rest options. Only available for certain instance types. Detailed below.
    endpoint String
    Domain-specific endpoint used to submit index, search, and data upload requests.
    endpointV2 String
    V2 domain endpoint that works with both IPv4 and IPv6 addresses, used to submit index, search, and data upload requests.
    engineVersion String
    Either Elasticsearch_X.Y or OpenSearch_X.Y to specify the engine version for the Amazon OpenSearch Service domain. For example, OpenSearch_1.0 or Elasticsearch_7.9. See Creating and managing Amazon OpenSearch Service domains. Defaults to the lastest version of OpenSearch.
    ipAddressType String
    The IP address type for the endpoint. Valid values are ipv4 and dualstack.
    kibanaEndpoint String
    (Deprecated) Domain-specific endpoint for kibana without https scheme. Use the dashboard_endpoint attribute instead.

    Deprecated: use 'dashboard_endpoint' attribute instead

    logPublishingOptions List<DomainLogPublishingOption>
    Configuration block for publishing slow and application logs to CloudWatch Logs. This block can be declared multiple times, for each log_type, within the same resource. Detailed below.
    nodeToNodeEncryption DomainNodeToNodeEncryption
    Configuration block for node-to-node encryption options. Detailed below.
    offPeakWindowOptions DomainOffPeakWindowOptions
    Configuration to add Off Peak update options. (documentation). Detailed below.
    snapshotOptions DomainSnapshotOptions
    Configuration block for snapshot related options. Detailed below. DEPRECATED. For domains running OpenSearch 5.3 and later, Amazon OpenSearch takes hourly automated snapshots, making this setting irrelevant. For domains running earlier versions, OpenSearch takes daily automated snapshots.
    softwareUpdateOptions DomainSoftwareUpdateOptions
    Software update options for the domain. Detailed below.
    tags Map<String,String>
    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    tagsAll Map<String,String>
    Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    vpcOptions DomainVpcOptions
    Configuration block for VPC related options. Adding or removing this configuration forces a new resource (documentation). Detailed below.
    accessPolicies string
    IAM policy document specifying the access policies for the domain.
    advancedOptions {[key: string]: string}
    Key-value string pairs to specify advanced configuration options. Note that the values for these configuration options must be strings (wrapped in quotes) or they may be wrong and cause a perpetual diff, causing the provider to want to recreate your OpenSearch domain on every apply.
    advancedSecurityOptions DomainAdvancedSecurityOptions
    Configuration block for fine-grained access control. Detailed below.
    arn string
    ARN of the domain.
    autoTuneOptions DomainAutoTuneOptions
    Configuration block for the Auto-Tune options of the domain. Detailed below.
    clusterConfig DomainClusterConfig
    Configuration block for the cluster of the domain. Detailed below.
    cognitoOptions DomainCognitoOptions
    Configuration block for authenticating dashboard with Cognito. Detailed below.
    dashboardEndpoint string
    Domain-specific endpoint for Dashboard without https scheme.
    dashboardEndpointV2 string
    V2 domain endpoint for Dashboard that works with both IPv4 and IPv6 addresses, without https scheme.
    domainEndpointOptions DomainDomainEndpointOptions
    Configuration block for domain endpoint HTTP(S) related options. Detailed below.
    domainEndpointV2HostedZoneId string
    Dual stack hosted zone ID for the domain.
    domainId string
    Unique identifier for the domain.
    domainName string

    Name of the domain.

    The following arguments are optional:

    ebsOptions DomainEbsOptions
    Configuration block for EBS related options, may be required based on chosen instance size. Detailed below.
    encryptAtRest DomainEncryptAtRest
    Configuration block for encrypt at rest options. Only available for certain instance types. Detailed below.
    endpoint string
    Domain-specific endpoint used to submit index, search, and data upload requests.
    endpointV2 string
    V2 domain endpoint that works with both IPv4 and IPv6 addresses, used to submit index, search, and data upload requests.
    engineVersion string
    Either Elasticsearch_X.Y or OpenSearch_X.Y to specify the engine version for the Amazon OpenSearch Service domain. For example, OpenSearch_1.0 or Elasticsearch_7.9. See Creating and managing Amazon OpenSearch Service domains. Defaults to the lastest version of OpenSearch.
    ipAddressType string
    The IP address type for the endpoint. Valid values are ipv4 and dualstack.
    kibanaEndpoint string
    (Deprecated) Domain-specific endpoint for kibana without https scheme. Use the dashboard_endpoint attribute instead.

    Deprecated: use 'dashboard_endpoint' attribute instead

    logPublishingOptions DomainLogPublishingOption[]
    Configuration block for publishing slow and application logs to CloudWatch Logs. This block can be declared multiple times, for each log_type, within the same resource. Detailed below.
    nodeToNodeEncryption DomainNodeToNodeEncryption
    Configuration block for node-to-node encryption options. Detailed below.
    offPeakWindowOptions DomainOffPeakWindowOptions
    Configuration to add Off Peak update options. (documentation). Detailed below.
    snapshotOptions DomainSnapshotOptions
    Configuration block for snapshot related options. Detailed below. DEPRECATED. For domains running OpenSearch 5.3 and later, Amazon OpenSearch takes hourly automated snapshots, making this setting irrelevant. For domains running earlier versions, OpenSearch takes daily automated snapshots.
    softwareUpdateOptions DomainSoftwareUpdateOptions
    Software update options for the domain. Detailed below.
    tags {[key: string]: string}
    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    tagsAll {[key: string]: string}
    Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    vpcOptions DomainVpcOptions
    Configuration block for VPC related options. Adding or removing this configuration forces a new resource (documentation). Detailed below.
    access_policies str
    IAM policy document specifying the access policies for the domain.
    advanced_options Mapping[str, str]
    Key-value string pairs to specify advanced configuration options. Note that the values for these configuration options must be strings (wrapped in quotes) or they may be wrong and cause a perpetual diff, causing the provider to want to recreate your OpenSearch domain on every apply.
    advanced_security_options DomainAdvancedSecurityOptionsArgs
    Configuration block for fine-grained access control. Detailed below.
    arn str
    ARN of the domain.
    auto_tune_options DomainAutoTuneOptionsArgs
    Configuration block for the Auto-Tune options of the domain. Detailed below.
    cluster_config DomainClusterConfigArgs
    Configuration block for the cluster of the domain. Detailed below.
    cognito_options DomainCognitoOptionsArgs
    Configuration block for authenticating dashboard with Cognito. Detailed below.
    dashboard_endpoint str
    Domain-specific endpoint for Dashboard without https scheme.
    dashboard_endpoint_v2 str
    V2 domain endpoint for Dashboard that works with both IPv4 and IPv6 addresses, without https scheme.
    domain_endpoint_options DomainDomainEndpointOptionsArgs
    Configuration block for domain endpoint HTTP(S) related options. Detailed below.
    domain_endpoint_v2_hosted_zone_id str
    Dual stack hosted zone ID for the domain.
    domain_id str
    Unique identifier for the domain.
    domain_name str

    Name of the domain.

    The following arguments are optional:

    ebs_options DomainEbsOptionsArgs
    Configuration block for EBS related options, may be required based on chosen instance size. Detailed below.
    encrypt_at_rest DomainEncryptAtRestArgs
    Configuration block for encrypt at rest options. Only available for certain instance types. Detailed below.
    endpoint str
    Domain-specific endpoint used to submit index, search, and data upload requests.
    endpoint_v2 str
    V2 domain endpoint that works with both IPv4 and IPv6 addresses, used to submit index, search, and data upload requests.
    engine_version str
    Either Elasticsearch_X.Y or OpenSearch_X.Y to specify the engine version for the Amazon OpenSearch Service domain. For example, OpenSearch_1.0 or Elasticsearch_7.9. See Creating and managing Amazon OpenSearch Service domains. Defaults to the lastest version of OpenSearch.
    ip_address_type str
    The IP address type for the endpoint. Valid values are ipv4 and dualstack.
    kibana_endpoint str
    (Deprecated) Domain-specific endpoint for kibana without https scheme. Use the dashboard_endpoint attribute instead.

    Deprecated: use 'dashboard_endpoint' attribute instead

    log_publishing_options Sequence[DomainLogPublishingOptionArgs]
    Configuration block for publishing slow and application logs to CloudWatch Logs. This block can be declared multiple times, for each log_type, within the same resource. Detailed below.
    node_to_node_encryption DomainNodeToNodeEncryptionArgs
    Configuration block for node-to-node encryption options. Detailed below.
    off_peak_window_options DomainOffPeakWindowOptionsArgs
    Configuration to add Off Peak update options. (documentation). Detailed below.
    snapshot_options DomainSnapshotOptionsArgs
    Configuration block for snapshot related options. Detailed below. DEPRECATED. For domains running OpenSearch 5.3 and later, Amazon OpenSearch takes hourly automated snapshots, making this setting irrelevant. For domains running earlier versions, OpenSearch takes daily automated snapshots.
    software_update_options DomainSoftwareUpdateOptionsArgs
    Software update options for the domain. Detailed below.
    tags Mapping[str, str]
    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    tags_all Mapping[str, str]
    Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    vpc_options DomainVpcOptionsArgs
    Configuration block for VPC related options. Adding or removing this configuration forces a new resource (documentation). Detailed below.
    accessPolicies String
    IAM policy document specifying the access policies for the domain.
    advancedOptions Map<String>
    Key-value string pairs to specify advanced configuration options. Note that the values for these configuration options must be strings (wrapped in quotes) or they may be wrong and cause a perpetual diff, causing the provider to want to recreate your OpenSearch domain on every apply.
    advancedSecurityOptions Property Map
    Configuration block for fine-grained access control. Detailed below.
    arn String
    ARN of the domain.
    autoTuneOptions Property Map
    Configuration block for the Auto-Tune options of the domain. Detailed below.
    clusterConfig Property Map
    Configuration block for the cluster of the domain. Detailed below.
    cognitoOptions Property Map
    Configuration block for authenticating dashboard with Cognito. Detailed below.
    dashboardEndpoint String
    Domain-specific endpoint for Dashboard without https scheme.
    dashboardEndpointV2 String
    V2 domain endpoint for Dashboard that works with both IPv4 and IPv6 addresses, without https scheme.
    domainEndpointOptions Property Map
    Configuration block for domain endpoint HTTP(S) related options. Detailed below.
    domainEndpointV2HostedZoneId String
    Dual stack hosted zone ID for the domain.
    domainId String
    Unique identifier for the domain.
    domainName String

    Name of the domain.

    The following arguments are optional:

    ebsOptions Property Map
    Configuration block for EBS related options, may be required based on chosen instance size. Detailed below.
    encryptAtRest Property Map
    Configuration block for encrypt at rest options. Only available for certain instance types. Detailed below.
    endpoint String
    Domain-specific endpoint used to submit index, search, and data upload requests.
    endpointV2 String
    V2 domain endpoint that works with both IPv4 and IPv6 addresses, used to submit index, search, and data upload requests.
    engineVersion String
    Either Elasticsearch_X.Y or OpenSearch_X.Y to specify the engine version for the Amazon OpenSearch Service domain. For example, OpenSearch_1.0 or Elasticsearch_7.9. See Creating and managing Amazon OpenSearch Service domains. Defaults to the lastest version of OpenSearch.
    ipAddressType String
    The IP address type for the endpoint. Valid values are ipv4 and dualstack.
    kibanaEndpoint String
    (Deprecated) Domain-specific endpoint for kibana without https scheme. Use the dashboard_endpoint attribute instead.

    Deprecated: use 'dashboard_endpoint' attribute instead

    logPublishingOptions List<Property Map>
    Configuration block for publishing slow and application logs to CloudWatch Logs. This block can be declared multiple times, for each log_type, within the same resource. Detailed below.
    nodeToNodeEncryption Property Map
    Configuration block for node-to-node encryption options. Detailed below.
    offPeakWindowOptions Property Map
    Configuration to add Off Peak update options. (documentation). Detailed below.
    snapshotOptions Property Map
    Configuration block for snapshot related options. Detailed below. DEPRECATED. For domains running OpenSearch 5.3 and later, Amazon OpenSearch takes hourly automated snapshots, making this setting irrelevant. For domains running earlier versions, OpenSearch takes daily automated snapshots.
    softwareUpdateOptions Property Map
    Software update options for the domain. Detailed below.
    tags Map<String>
    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    tagsAll Map<String>
    Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    vpcOptions Property Map
    Configuration block for VPC related options. Adding or removing this configuration forces a new resource (documentation). Detailed below.

    Supporting Types

    DomainAdvancedSecurityOptions, DomainAdvancedSecurityOptionsArgs

    Enabled bool
    Whether advanced security is enabled.
    AnonymousAuthEnabled bool
    Whether Anonymous auth is enabled. Enables fine-grained access control on an existing domain. Ignored unless advanced_security_options are enabled. Can only be enabled on an existing domain.
    InternalUserDatabaseEnabled bool
    Whether the internal user database is enabled. Default is false.
    MasterUserOptions DomainAdvancedSecurityOptionsMasterUserOptions
    Configuration block for the main user. Detailed below.
    Enabled bool
    Whether advanced security is enabled.
    AnonymousAuthEnabled bool
    Whether Anonymous auth is enabled. Enables fine-grained access control on an existing domain. Ignored unless advanced_security_options are enabled. Can only be enabled on an existing domain.
    InternalUserDatabaseEnabled bool
    Whether the internal user database is enabled. Default is false.
    MasterUserOptions DomainAdvancedSecurityOptionsMasterUserOptions
    Configuration block for the main user. Detailed below.
    enabled Boolean
    Whether advanced security is enabled.
    anonymousAuthEnabled Boolean
    Whether Anonymous auth is enabled. Enables fine-grained access control on an existing domain. Ignored unless advanced_security_options are enabled. Can only be enabled on an existing domain.
    internalUserDatabaseEnabled Boolean
    Whether the internal user database is enabled. Default is false.
    masterUserOptions DomainAdvancedSecurityOptionsMasterUserOptions
    Configuration block for the main user. Detailed below.
    enabled boolean
    Whether advanced security is enabled.
    anonymousAuthEnabled boolean
    Whether Anonymous auth is enabled. Enables fine-grained access control on an existing domain. Ignored unless advanced_security_options are enabled. Can only be enabled on an existing domain.
    internalUserDatabaseEnabled boolean
    Whether the internal user database is enabled. Default is false.
    masterUserOptions DomainAdvancedSecurityOptionsMasterUserOptions
    Configuration block for the main user. Detailed below.
    enabled bool
    Whether advanced security is enabled.
    anonymous_auth_enabled bool
    Whether Anonymous auth is enabled. Enables fine-grained access control on an existing domain. Ignored unless advanced_security_options are enabled. Can only be enabled on an existing domain.
    internal_user_database_enabled bool
    Whether the internal user database is enabled. Default is false.
    master_user_options DomainAdvancedSecurityOptionsMasterUserOptions
    Configuration block for the main user. Detailed below.
    enabled Boolean
    Whether advanced security is enabled.
    anonymousAuthEnabled Boolean
    Whether Anonymous auth is enabled. Enables fine-grained access control on an existing domain. Ignored unless advanced_security_options are enabled. Can only be enabled on an existing domain.
    internalUserDatabaseEnabled Boolean
    Whether the internal user database is enabled. Default is false.
    masterUserOptions Property Map
    Configuration block for the main user. Detailed below.

    DomainAdvancedSecurityOptionsMasterUserOptions, DomainAdvancedSecurityOptionsMasterUserOptionsArgs

    MasterUserArn string
    ARN for the main user. Only specify if internal_user_database_enabled is not set or set to false.
    MasterUserName string
    Main user's username, which is stored in the Amazon OpenSearch Service domain's internal database. Only specify if internal_user_database_enabled is set to true.
    MasterUserPassword string
    Main user's password, which is stored in the Amazon OpenSearch Service domain's internal database. Only specify if internal_user_database_enabled is set to true.
    MasterUserArn string
    ARN for the main user. Only specify if internal_user_database_enabled is not set or set to false.
    MasterUserName string
    Main user's username, which is stored in the Amazon OpenSearch Service domain's internal database. Only specify if internal_user_database_enabled is set to true.
    MasterUserPassword string
    Main user's password, which is stored in the Amazon OpenSearch Service domain's internal database. Only specify if internal_user_database_enabled is set to true.
    masterUserArn String
    ARN for the main user. Only specify if internal_user_database_enabled is not set or set to false.
    masterUserName String
    Main user's username, which is stored in the Amazon OpenSearch Service domain's internal database. Only specify if internal_user_database_enabled is set to true.
    masterUserPassword String
    Main user's password, which is stored in the Amazon OpenSearch Service domain's internal database. Only specify if internal_user_database_enabled is set to true.
    masterUserArn string
    ARN for the main user. Only specify if internal_user_database_enabled is not set or set to false.
    masterUserName string
    Main user's username, which is stored in the Amazon OpenSearch Service domain's internal database. Only specify if internal_user_database_enabled is set to true.
    masterUserPassword string
    Main user's password, which is stored in the Amazon OpenSearch Service domain's internal database. Only specify if internal_user_database_enabled is set to true.
    master_user_arn str
    ARN for the main user. Only specify if internal_user_database_enabled is not set or set to false.
    master_user_name str
    Main user's username, which is stored in the Amazon OpenSearch Service domain's internal database. Only specify if internal_user_database_enabled is set to true.
    master_user_password str
    Main user's password, which is stored in the Amazon OpenSearch Service domain's internal database. Only specify if internal_user_database_enabled is set to true.
    masterUserArn String
    ARN for the main user. Only specify if internal_user_database_enabled is not set or set to false.
    masterUserName String
    Main user's username, which is stored in the Amazon OpenSearch Service domain's internal database. Only specify if internal_user_database_enabled is set to true.
    masterUserPassword String
    Main user's password, which is stored in the Amazon OpenSearch Service domain's internal database. Only specify if internal_user_database_enabled is set to true.

    DomainAutoTuneOptions, DomainAutoTuneOptionsArgs

    DesiredState string
    Auto-Tune desired state for the domain. Valid values: ENABLED or DISABLED.
    MaintenanceSchedules List<DomainAutoTuneOptionsMaintenanceSchedule>

    Configuration block for Auto-Tune maintenance windows. Can be specified multiple times for each maintenance window. Detailed below.

    NOTE: Maintenance windows are deprecated and have been replaced with off-peak windows. Consequently, maintenance_schedule configuration blocks cannot be specified when use_off_peak_window is set to true.

    RollbackOnDisable string
    Whether to roll back to default Auto-Tune settings when disabling Auto-Tune. Valid values: DEFAULT_ROLLBACK or NO_ROLLBACK.
    UseOffPeakWindow bool
    Whether to schedule Auto-Tune optimizations that require blue/green deployments during the domain's configured daily off-peak window. Defaults to false.
    DesiredState string
    Auto-Tune desired state for the domain. Valid values: ENABLED or DISABLED.
    MaintenanceSchedules []DomainAutoTuneOptionsMaintenanceSchedule

    Configuration block for Auto-Tune maintenance windows. Can be specified multiple times for each maintenance window. Detailed below.

    NOTE: Maintenance windows are deprecated and have been replaced with off-peak windows. Consequently, maintenance_schedule configuration blocks cannot be specified when use_off_peak_window is set to true.

    RollbackOnDisable string
    Whether to roll back to default Auto-Tune settings when disabling Auto-Tune. Valid values: DEFAULT_ROLLBACK or NO_ROLLBACK.
    UseOffPeakWindow bool
    Whether to schedule Auto-Tune optimizations that require blue/green deployments during the domain's configured daily off-peak window. Defaults to false.
    desiredState String
    Auto-Tune desired state for the domain. Valid values: ENABLED or DISABLED.
    maintenanceSchedules List<DomainAutoTuneOptionsMaintenanceSchedule>

    Configuration block for Auto-Tune maintenance windows. Can be specified multiple times for each maintenance window. Detailed below.

    NOTE: Maintenance windows are deprecated and have been replaced with off-peak windows. Consequently, maintenance_schedule configuration blocks cannot be specified when use_off_peak_window is set to true.

    rollbackOnDisable String
    Whether to roll back to default Auto-Tune settings when disabling Auto-Tune. Valid values: DEFAULT_ROLLBACK or NO_ROLLBACK.
    useOffPeakWindow Boolean
    Whether to schedule Auto-Tune optimizations that require blue/green deployments during the domain's configured daily off-peak window. Defaults to false.
    desiredState string
    Auto-Tune desired state for the domain. Valid values: ENABLED or DISABLED.
    maintenanceSchedules DomainAutoTuneOptionsMaintenanceSchedule[]

    Configuration block for Auto-Tune maintenance windows. Can be specified multiple times for each maintenance window. Detailed below.

    NOTE: Maintenance windows are deprecated and have been replaced with off-peak windows. Consequently, maintenance_schedule configuration blocks cannot be specified when use_off_peak_window is set to true.

    rollbackOnDisable string
    Whether to roll back to default Auto-Tune settings when disabling Auto-Tune. Valid values: DEFAULT_ROLLBACK or NO_ROLLBACK.
    useOffPeakWindow boolean
    Whether to schedule Auto-Tune optimizations that require blue/green deployments during the domain's configured daily off-peak window. Defaults to false.
    desired_state str
    Auto-Tune desired state for the domain. Valid values: ENABLED or DISABLED.
    maintenance_schedules Sequence[DomainAutoTuneOptionsMaintenanceSchedule]

    Configuration block for Auto-Tune maintenance windows. Can be specified multiple times for each maintenance window. Detailed below.

    NOTE: Maintenance windows are deprecated and have been replaced with off-peak windows. Consequently, maintenance_schedule configuration blocks cannot be specified when use_off_peak_window is set to true.

    rollback_on_disable str
    Whether to roll back to default Auto-Tune settings when disabling Auto-Tune. Valid values: DEFAULT_ROLLBACK or NO_ROLLBACK.
    use_off_peak_window bool
    Whether to schedule Auto-Tune optimizations that require blue/green deployments during the domain's configured daily off-peak window. Defaults to false.
    desiredState String
    Auto-Tune desired state for the domain. Valid values: ENABLED or DISABLED.
    maintenanceSchedules List<Property Map>

    Configuration block for Auto-Tune maintenance windows. Can be specified multiple times for each maintenance window. Detailed below.

    NOTE: Maintenance windows are deprecated and have been replaced with off-peak windows. Consequently, maintenance_schedule configuration blocks cannot be specified when use_off_peak_window is set to true.

    rollbackOnDisable String
    Whether to roll back to default Auto-Tune settings when disabling Auto-Tune. Valid values: DEFAULT_ROLLBACK or NO_ROLLBACK.
    useOffPeakWindow Boolean
    Whether to schedule Auto-Tune optimizations that require blue/green deployments during the domain's configured daily off-peak window. Defaults to false.

    DomainAutoTuneOptionsMaintenanceSchedule, DomainAutoTuneOptionsMaintenanceScheduleArgs

    CronExpressionForRecurrence string
    A cron expression specifying the recurrence pattern for an Auto-Tune maintenance schedule.
    Duration DomainAutoTuneOptionsMaintenanceScheduleDuration
    Configuration block for the duration of the Auto-Tune maintenance window. Detailed below.
    StartAt string
    Date and time at which to start the Auto-Tune maintenance schedule in RFC3339 format.
    CronExpressionForRecurrence string
    A cron expression specifying the recurrence pattern for an Auto-Tune maintenance schedule.
    Duration DomainAutoTuneOptionsMaintenanceScheduleDuration
    Configuration block for the duration of the Auto-Tune maintenance window. Detailed below.
    StartAt string
    Date and time at which to start the Auto-Tune maintenance schedule in RFC3339 format.
    cronExpressionForRecurrence String
    A cron expression specifying the recurrence pattern for an Auto-Tune maintenance schedule.
    duration DomainAutoTuneOptionsMaintenanceScheduleDuration
    Configuration block for the duration of the Auto-Tune maintenance window. Detailed below.
    startAt String
    Date and time at which to start the Auto-Tune maintenance schedule in RFC3339 format.
    cronExpressionForRecurrence string
    A cron expression specifying the recurrence pattern for an Auto-Tune maintenance schedule.
    duration DomainAutoTuneOptionsMaintenanceScheduleDuration
    Configuration block for the duration of the Auto-Tune maintenance window. Detailed below.
    startAt string
    Date and time at which to start the Auto-Tune maintenance schedule in RFC3339 format.
    cron_expression_for_recurrence str
    A cron expression specifying the recurrence pattern for an Auto-Tune maintenance schedule.
    duration DomainAutoTuneOptionsMaintenanceScheduleDuration
    Configuration block for the duration of the Auto-Tune maintenance window. Detailed below.
    start_at str
    Date and time at which to start the Auto-Tune maintenance schedule in RFC3339 format.
    cronExpressionForRecurrence String
    A cron expression specifying the recurrence pattern for an Auto-Tune maintenance schedule.
    duration Property Map
    Configuration block for the duration of the Auto-Tune maintenance window. Detailed below.
    startAt String
    Date and time at which to start the Auto-Tune maintenance schedule in RFC3339 format.

    DomainAutoTuneOptionsMaintenanceScheduleDuration, DomainAutoTuneOptionsMaintenanceScheduleDurationArgs

    Unit string
    Unit of time specifying the duration of an Auto-Tune maintenance window. Valid values: HOURS.
    Value int
    An integer specifying the value of the duration of an Auto-Tune maintenance window.
    Unit string
    Unit of time specifying the duration of an Auto-Tune maintenance window. Valid values: HOURS.
    Value int
    An integer specifying the value of the duration of an Auto-Tune maintenance window.
    unit String
    Unit of time specifying the duration of an Auto-Tune maintenance window. Valid values: HOURS.
    value Integer
    An integer specifying the value of the duration of an Auto-Tune maintenance window.
    unit string
    Unit of time specifying the duration of an Auto-Tune maintenance window. Valid values: HOURS.
    value number
    An integer specifying the value of the duration of an Auto-Tune maintenance window.
    unit str
    Unit of time specifying the duration of an Auto-Tune maintenance window. Valid values: HOURS.
    value int
    An integer specifying the value of the duration of an Auto-Tune maintenance window.
    unit String
    Unit of time specifying the duration of an Auto-Tune maintenance window. Valid values: HOURS.
    value Number
    An integer specifying the value of the duration of an Auto-Tune maintenance window.

    DomainClusterConfig, DomainClusterConfigArgs

    ColdStorageOptions DomainClusterConfigColdStorageOptions
    Configuration block containing cold storage configuration. Detailed below.
    DedicatedMasterCount int
    Number of dedicated main nodes in the cluster.
    DedicatedMasterEnabled bool
    Whether dedicated main nodes are enabled for the cluster.
    DedicatedMasterType string
    Instance type of the dedicated main nodes in the cluster.
    InstanceCount int
    Number of instances in the cluster.
    InstanceType string
    Instance type of data nodes in the cluster.
    MultiAzWithStandbyEnabled bool
    Whether a multi-AZ domain is turned on with a standby AZ. For more information, see Configuring a multi-AZ domain in Amazon OpenSearch Service.
    WarmCount int
    Number of warm nodes in the cluster. Valid values are between 2 and 150. warm_count can be only and must be set when warm_enabled is set to true.
    WarmEnabled bool
    Whether to enable warm storage.
    WarmType string
    Instance type for the OpenSearch cluster's warm nodes. Valid values are ultrawarm1.medium.search, ultrawarm1.large.search and ultrawarm1.xlarge.search. warm_type can be only and must be set when warm_enabled is set to true.
    ZoneAwarenessConfig DomainClusterConfigZoneAwarenessConfig
    Configuration block containing zone awareness settings. Detailed below.
    ZoneAwarenessEnabled bool
    Whether zone awareness is enabled, set to true for multi-az deployment. To enable awareness with three Availability Zones, the availability_zone_count within the zone_awareness_config must be set to 3.
    ColdStorageOptions DomainClusterConfigColdStorageOptions
    Configuration block containing cold storage configuration. Detailed below.
    DedicatedMasterCount int
    Number of dedicated main nodes in the cluster.
    DedicatedMasterEnabled bool
    Whether dedicated main nodes are enabled for the cluster.
    DedicatedMasterType string
    Instance type of the dedicated main nodes in the cluster.
    InstanceCount int
    Number of instances in the cluster.
    InstanceType string
    Instance type of data nodes in the cluster.
    MultiAzWithStandbyEnabled bool
    Whether a multi-AZ domain is turned on with a standby AZ. For more information, see Configuring a multi-AZ domain in Amazon OpenSearch Service.
    WarmCount int
    Number of warm nodes in the cluster. Valid values are between 2 and 150. warm_count can be only and must be set when warm_enabled is set to true.
    WarmEnabled bool
    Whether to enable warm storage.
    WarmType string
    Instance type for the OpenSearch cluster's warm nodes. Valid values are ultrawarm1.medium.search, ultrawarm1.large.search and ultrawarm1.xlarge.search. warm_type can be only and must be set when warm_enabled is set to true.
    ZoneAwarenessConfig DomainClusterConfigZoneAwarenessConfig
    Configuration block containing zone awareness settings. Detailed below.
    ZoneAwarenessEnabled bool
    Whether zone awareness is enabled, set to true for multi-az deployment. To enable awareness with three Availability Zones, the availability_zone_count within the zone_awareness_config must be set to 3.
    coldStorageOptions DomainClusterConfigColdStorageOptions
    Configuration block containing cold storage configuration. Detailed below.
    dedicatedMasterCount Integer
    Number of dedicated main nodes in the cluster.
    dedicatedMasterEnabled Boolean
    Whether dedicated main nodes are enabled for the cluster.
    dedicatedMasterType String
    Instance type of the dedicated main nodes in the cluster.
    instanceCount Integer
    Number of instances in the cluster.
    instanceType String
    Instance type of data nodes in the cluster.
    multiAzWithStandbyEnabled Boolean
    Whether a multi-AZ domain is turned on with a standby AZ. For more information, see Configuring a multi-AZ domain in Amazon OpenSearch Service.
    warmCount Integer
    Number of warm nodes in the cluster. Valid values are between 2 and 150. warm_count can be only and must be set when warm_enabled is set to true.
    warmEnabled Boolean
    Whether to enable warm storage.
    warmType String
    Instance type for the OpenSearch cluster's warm nodes. Valid values are ultrawarm1.medium.search, ultrawarm1.large.search and ultrawarm1.xlarge.search. warm_type can be only and must be set when warm_enabled is set to true.
    zoneAwarenessConfig DomainClusterConfigZoneAwarenessConfig
    Configuration block containing zone awareness settings. Detailed below.
    zoneAwarenessEnabled Boolean
    Whether zone awareness is enabled, set to true for multi-az deployment. To enable awareness with three Availability Zones, the availability_zone_count within the zone_awareness_config must be set to 3.
    coldStorageOptions DomainClusterConfigColdStorageOptions
    Configuration block containing cold storage configuration. Detailed below.
    dedicatedMasterCount number
    Number of dedicated main nodes in the cluster.
    dedicatedMasterEnabled boolean
    Whether dedicated main nodes are enabled for the cluster.
    dedicatedMasterType string
    Instance type of the dedicated main nodes in the cluster.
    instanceCount number
    Number of instances in the cluster.
    instanceType string
    Instance type of data nodes in the cluster.
    multiAzWithStandbyEnabled boolean
    Whether a multi-AZ domain is turned on with a standby AZ. For more information, see Configuring a multi-AZ domain in Amazon OpenSearch Service.
    warmCount number
    Number of warm nodes in the cluster. Valid values are between 2 and 150. warm_count can be only and must be set when warm_enabled is set to true.
    warmEnabled boolean
    Whether to enable warm storage.
    warmType string
    Instance type for the OpenSearch cluster's warm nodes. Valid values are ultrawarm1.medium.search, ultrawarm1.large.search and ultrawarm1.xlarge.search. warm_type can be only and must be set when warm_enabled is set to true.
    zoneAwarenessConfig DomainClusterConfigZoneAwarenessConfig
    Configuration block containing zone awareness settings. Detailed below.
    zoneAwarenessEnabled boolean
    Whether zone awareness is enabled, set to true for multi-az deployment. To enable awareness with three Availability Zones, the availability_zone_count within the zone_awareness_config must be set to 3.
    cold_storage_options DomainClusterConfigColdStorageOptions
    Configuration block containing cold storage configuration. Detailed below.
    dedicated_master_count int
    Number of dedicated main nodes in the cluster.
    dedicated_master_enabled bool
    Whether dedicated main nodes are enabled for the cluster.
    dedicated_master_type str
    Instance type of the dedicated main nodes in the cluster.
    instance_count int
    Number of instances in the cluster.
    instance_type str
    Instance type of data nodes in the cluster.
    multi_az_with_standby_enabled bool
    Whether a multi-AZ domain is turned on with a standby AZ. For more information, see Configuring a multi-AZ domain in Amazon OpenSearch Service.
    warm_count int
    Number of warm nodes in the cluster. Valid values are between 2 and 150. warm_count can be only and must be set when warm_enabled is set to true.
    warm_enabled bool
    Whether to enable warm storage.
    warm_type str
    Instance type for the OpenSearch cluster's warm nodes. Valid values are ultrawarm1.medium.search, ultrawarm1.large.search and ultrawarm1.xlarge.search. warm_type can be only and must be set when warm_enabled is set to true.
    zone_awareness_config DomainClusterConfigZoneAwarenessConfig
    Configuration block containing zone awareness settings. Detailed below.
    zone_awareness_enabled bool
    Whether zone awareness is enabled, set to true for multi-az deployment. To enable awareness with three Availability Zones, the availability_zone_count within the zone_awareness_config must be set to 3.
    coldStorageOptions Property Map
    Configuration block containing cold storage configuration. Detailed below.
    dedicatedMasterCount Number
    Number of dedicated main nodes in the cluster.
    dedicatedMasterEnabled Boolean
    Whether dedicated main nodes are enabled for the cluster.
    dedicatedMasterType String
    Instance type of the dedicated main nodes in the cluster.
    instanceCount Number
    Number of instances in the cluster.
    instanceType String
    Instance type of data nodes in the cluster.
    multiAzWithStandbyEnabled Boolean
    Whether a multi-AZ domain is turned on with a standby AZ. For more information, see Configuring a multi-AZ domain in Amazon OpenSearch Service.
    warmCount Number
    Number of warm nodes in the cluster. Valid values are between 2 and 150. warm_count can be only and must be set when warm_enabled is set to true.
    warmEnabled Boolean
    Whether to enable warm storage.
    warmType String
    Instance type for the OpenSearch cluster's warm nodes. Valid values are ultrawarm1.medium.search, ultrawarm1.large.search and ultrawarm1.xlarge.search. warm_type can be only and must be set when warm_enabled is set to true.
    zoneAwarenessConfig Property Map
    Configuration block containing zone awareness settings. Detailed below.
    zoneAwarenessEnabled Boolean
    Whether zone awareness is enabled, set to true for multi-az deployment. To enable awareness with three Availability Zones, the availability_zone_count within the zone_awareness_config must be set to 3.

    DomainClusterConfigColdStorageOptions, DomainClusterConfigColdStorageOptionsArgs

    Enabled bool
    Boolean to enable cold storage for an OpenSearch domain. Defaults to false. Master and ultrawarm nodes must be enabled for cold storage.
    Enabled bool
    Boolean to enable cold storage for an OpenSearch domain. Defaults to false. Master and ultrawarm nodes must be enabled for cold storage.
    enabled Boolean
    Boolean to enable cold storage for an OpenSearch domain. Defaults to false. Master and ultrawarm nodes must be enabled for cold storage.
    enabled boolean
    Boolean to enable cold storage for an OpenSearch domain. Defaults to false. Master and ultrawarm nodes must be enabled for cold storage.
    enabled bool
    Boolean to enable cold storage for an OpenSearch domain. Defaults to false. Master and ultrawarm nodes must be enabled for cold storage.
    enabled Boolean
    Boolean to enable cold storage for an OpenSearch domain. Defaults to false. Master and ultrawarm nodes must be enabled for cold storage.

    DomainClusterConfigZoneAwarenessConfig, DomainClusterConfigZoneAwarenessConfigArgs

    AvailabilityZoneCount int
    Number of Availability Zones for the domain to use with zone_awareness_enabled. Defaults to 2. Valid values: 2 or 3.
    AvailabilityZoneCount int
    Number of Availability Zones for the domain to use with zone_awareness_enabled. Defaults to 2. Valid values: 2 or 3.
    availabilityZoneCount Integer
    Number of Availability Zones for the domain to use with zone_awareness_enabled. Defaults to 2. Valid values: 2 or 3.
    availabilityZoneCount number
    Number of Availability Zones for the domain to use with zone_awareness_enabled. Defaults to 2. Valid values: 2 or 3.
    availability_zone_count int
    Number of Availability Zones for the domain to use with zone_awareness_enabled. Defaults to 2. Valid values: 2 or 3.
    availabilityZoneCount Number
    Number of Availability Zones for the domain to use with zone_awareness_enabled. Defaults to 2. Valid values: 2 or 3.

    DomainCognitoOptions, DomainCognitoOptionsArgs

    IdentityPoolId string
    ID of the Cognito Identity Pool to use.
    RoleArn string
    ARN of the IAM role that has the AmazonOpenSearchServiceCognitoAccess policy attached.
    UserPoolId string
    ID of the Cognito User Pool to use.
    Enabled bool
    Whether Amazon Cognito authentication with Dashboard is enabled or not. Default is false.
    IdentityPoolId string
    ID of the Cognito Identity Pool to use.
    RoleArn string
    ARN of the IAM role that has the AmazonOpenSearchServiceCognitoAccess policy attached.
    UserPoolId string
    ID of the Cognito User Pool to use.
    Enabled bool
    Whether Amazon Cognito authentication with Dashboard is enabled or not. Default is false.
    identityPoolId String
    ID of the Cognito Identity Pool to use.
    roleArn String
    ARN of the IAM role that has the AmazonOpenSearchServiceCognitoAccess policy attached.
    userPoolId String
    ID of the Cognito User Pool to use.
    enabled Boolean
    Whether Amazon Cognito authentication with Dashboard is enabled or not. Default is false.
    identityPoolId string
    ID of the Cognito Identity Pool to use.
    roleArn string
    ARN of the IAM role that has the AmazonOpenSearchServiceCognitoAccess policy attached.
    userPoolId string
    ID of the Cognito User Pool to use.
    enabled boolean
    Whether Amazon Cognito authentication with Dashboard is enabled or not. Default is false.
    identity_pool_id str
    ID of the Cognito Identity Pool to use.
    role_arn str
    ARN of the IAM role that has the AmazonOpenSearchServiceCognitoAccess policy attached.
    user_pool_id str
    ID of the Cognito User Pool to use.
    enabled bool
    Whether Amazon Cognito authentication with Dashboard is enabled or not. Default is false.
    identityPoolId String
    ID of the Cognito Identity Pool to use.
    roleArn String
    ARN of the IAM role that has the AmazonOpenSearchServiceCognitoAccess policy attached.
    userPoolId String
    ID of the Cognito User Pool to use.
    enabled Boolean
    Whether Amazon Cognito authentication with Dashboard is enabled or not. Default is false.

    DomainDomainEndpointOptions, DomainDomainEndpointOptionsArgs

    CustomEndpoint string
    Fully qualified domain for your custom endpoint.
    CustomEndpointCertificateArn string
    ACM certificate ARN for your custom endpoint.
    CustomEndpointEnabled bool
    Whether to enable custom endpoint for the OpenSearch domain.
    EnforceHttps bool
    Whether or not to require HTTPS. Defaults to true.
    TlsSecurityPolicy string
    Name of the TLS security policy that needs to be applied to the HTTPS endpoint. For valid values, refer to the AWS documentation. Pulumi will only perform drift detection if a configuration value is provided.
    CustomEndpoint string
    Fully qualified domain for your custom endpoint.
    CustomEndpointCertificateArn string
    ACM certificate ARN for your custom endpoint.
    CustomEndpointEnabled bool
    Whether to enable custom endpoint for the OpenSearch domain.
    EnforceHttps bool
    Whether or not to require HTTPS. Defaults to true.
    TlsSecurityPolicy string
    Name of the TLS security policy that needs to be applied to the HTTPS endpoint. For valid values, refer to the AWS documentation. Pulumi will only perform drift detection if a configuration value is provided.
    customEndpoint String
    Fully qualified domain for your custom endpoint.
    customEndpointCertificateArn String
    ACM certificate ARN for your custom endpoint.
    customEndpointEnabled Boolean
    Whether to enable custom endpoint for the OpenSearch domain.
    enforceHttps Boolean
    Whether or not to require HTTPS. Defaults to true.
    tlsSecurityPolicy String
    Name of the TLS security policy that needs to be applied to the HTTPS endpoint. For valid values, refer to the AWS documentation. Pulumi will only perform drift detection if a configuration value is provided.
    customEndpoint string
    Fully qualified domain for your custom endpoint.
    customEndpointCertificateArn string
    ACM certificate ARN for your custom endpoint.
    customEndpointEnabled boolean
    Whether to enable custom endpoint for the OpenSearch domain.
    enforceHttps boolean
    Whether or not to require HTTPS. Defaults to true.
    tlsSecurityPolicy string
    Name of the TLS security policy that needs to be applied to the HTTPS endpoint. For valid values, refer to the AWS documentation. Pulumi will only perform drift detection if a configuration value is provided.
    custom_endpoint str
    Fully qualified domain for your custom endpoint.
    custom_endpoint_certificate_arn str
    ACM certificate ARN for your custom endpoint.
    custom_endpoint_enabled bool
    Whether to enable custom endpoint for the OpenSearch domain.
    enforce_https bool
    Whether or not to require HTTPS. Defaults to true.
    tls_security_policy str
    Name of the TLS security policy that needs to be applied to the HTTPS endpoint. For valid values, refer to the AWS documentation. Pulumi will only perform drift detection if a configuration value is provided.
    customEndpoint String
    Fully qualified domain for your custom endpoint.
    customEndpointCertificateArn String
    ACM certificate ARN for your custom endpoint.
    customEndpointEnabled Boolean
    Whether to enable custom endpoint for the OpenSearch domain.
    enforceHttps Boolean
    Whether or not to require HTTPS. Defaults to true.
    tlsSecurityPolicy String
    Name of the TLS security policy that needs to be applied to the HTTPS endpoint. For valid values, refer to the AWS documentation. Pulumi will only perform drift detection if a configuration value is provided.

    DomainEbsOptions, DomainEbsOptionsArgs

    EbsEnabled bool
    Whether EBS volumes are attached to data nodes in the domain.
    Iops int
    Baseline input/output (I/O) performance of EBS volumes attached to data nodes. Applicable only for the GP3 and Provisioned IOPS EBS volume types.
    Throughput int
    Specifies the throughput (in MiB/s) of the EBS volumes attached to data nodes. Applicable only for the gp3 volume type.
    VolumeSize int
    Size of EBS volumes attached to data nodes (in GiB).
    VolumeType string
    Type of EBS volumes attached to data nodes.
    EbsEnabled bool
    Whether EBS volumes are attached to data nodes in the domain.
    Iops int
    Baseline input/output (I/O) performance of EBS volumes attached to data nodes. Applicable only for the GP3 and Provisioned IOPS EBS volume types.
    Throughput int
    Specifies the throughput (in MiB/s) of the EBS volumes attached to data nodes. Applicable only for the gp3 volume type.
    VolumeSize int
    Size of EBS volumes attached to data nodes (in GiB).
    VolumeType string
    Type of EBS volumes attached to data nodes.
    ebsEnabled Boolean
    Whether EBS volumes are attached to data nodes in the domain.
    iops Integer
    Baseline input/output (I/O) performance of EBS volumes attached to data nodes. Applicable only for the GP3 and Provisioned IOPS EBS volume types.
    throughput Integer
    Specifies the throughput (in MiB/s) of the EBS volumes attached to data nodes. Applicable only for the gp3 volume type.
    volumeSize Integer
    Size of EBS volumes attached to data nodes (in GiB).
    volumeType String
    Type of EBS volumes attached to data nodes.
    ebsEnabled boolean
    Whether EBS volumes are attached to data nodes in the domain.
    iops number
    Baseline input/output (I/O) performance of EBS volumes attached to data nodes. Applicable only for the GP3 and Provisioned IOPS EBS volume types.
    throughput number
    Specifies the throughput (in MiB/s) of the EBS volumes attached to data nodes. Applicable only for the gp3 volume type.
    volumeSize number
    Size of EBS volumes attached to data nodes (in GiB).
    volumeType string
    Type of EBS volumes attached to data nodes.
    ebs_enabled bool
    Whether EBS volumes are attached to data nodes in the domain.
    iops int
    Baseline input/output (I/O) performance of EBS volumes attached to data nodes. Applicable only for the GP3 and Provisioned IOPS EBS volume types.
    throughput int
    Specifies the throughput (in MiB/s) of the EBS volumes attached to data nodes. Applicable only for the gp3 volume type.
    volume_size int
    Size of EBS volumes attached to data nodes (in GiB).
    volume_type str
    Type of EBS volumes attached to data nodes.
    ebsEnabled Boolean
    Whether EBS volumes are attached to data nodes in the domain.
    iops Number
    Baseline input/output (I/O) performance of EBS volumes attached to data nodes. Applicable only for the GP3 and Provisioned IOPS EBS volume types.
    throughput Number
    Specifies the throughput (in MiB/s) of the EBS volumes attached to data nodes. Applicable only for the gp3 volume type.
    volumeSize Number
    Size of EBS volumes attached to data nodes (in GiB).
    volumeType String
    Type of EBS volumes attached to data nodes.

    DomainEncryptAtRest, DomainEncryptAtRestArgs

    Enabled bool
    Whether to enable encryption at rest. If the encrypt_at_rest block is not provided then this defaults to false. Enabling encryption on new domains requires an engine_version of OpenSearch_X.Y or Elasticsearch_5.1 or greater.
    KmsKeyId string
    KMS key ARN to encrypt the Elasticsearch domain with. If not specified then it defaults to using the aws/es service KMS key. Note that KMS will accept a KMS key ID but will return the key ARN. To prevent the provider detecting unwanted changes, use the key ARN instead.
    Enabled bool
    Whether to enable encryption at rest. If the encrypt_at_rest block is not provided then this defaults to false. Enabling encryption on new domains requires an engine_version of OpenSearch_X.Y or Elasticsearch_5.1 or greater.
    KmsKeyId string
    KMS key ARN to encrypt the Elasticsearch domain with. If not specified then it defaults to using the aws/es service KMS key. Note that KMS will accept a KMS key ID but will return the key ARN. To prevent the provider detecting unwanted changes, use the key ARN instead.
    enabled Boolean
    Whether to enable encryption at rest. If the encrypt_at_rest block is not provided then this defaults to false. Enabling encryption on new domains requires an engine_version of OpenSearch_X.Y or Elasticsearch_5.1 or greater.
    kmsKeyId String
    KMS key ARN to encrypt the Elasticsearch domain with. If not specified then it defaults to using the aws/es service KMS key. Note that KMS will accept a KMS key ID but will return the key ARN. To prevent the provider detecting unwanted changes, use the key ARN instead.
    enabled boolean
    Whether to enable encryption at rest. If the encrypt_at_rest block is not provided then this defaults to false. Enabling encryption on new domains requires an engine_version of OpenSearch_X.Y or Elasticsearch_5.1 or greater.
    kmsKeyId string
    KMS key ARN to encrypt the Elasticsearch domain with. If not specified then it defaults to using the aws/es service KMS key. Note that KMS will accept a KMS key ID but will return the key ARN. To prevent the provider detecting unwanted changes, use the key ARN instead.
    enabled bool
    Whether to enable encryption at rest. If the encrypt_at_rest block is not provided then this defaults to false. Enabling encryption on new domains requires an engine_version of OpenSearch_X.Y or Elasticsearch_5.1 or greater.
    kms_key_id str
    KMS key ARN to encrypt the Elasticsearch domain with. If not specified then it defaults to using the aws/es service KMS key. Note that KMS will accept a KMS key ID but will return the key ARN. To prevent the provider detecting unwanted changes, use the key ARN instead.
    enabled Boolean
    Whether to enable encryption at rest. If the encrypt_at_rest block is not provided then this defaults to false. Enabling encryption on new domains requires an engine_version of OpenSearch_X.Y or Elasticsearch_5.1 or greater.
    kmsKeyId String
    KMS key ARN to encrypt the Elasticsearch domain with. If not specified then it defaults to using the aws/es service KMS key. Note that KMS will accept a KMS key ID but will return the key ARN. To prevent the provider detecting unwanted changes, use the key ARN instead.

    DomainLogPublishingOption, DomainLogPublishingOptionArgs

    CloudwatchLogGroupArn string
    ARN of the Cloudwatch log group to which log needs to be published.
    LogType string
    Type of OpenSearch log. Valid values: INDEX_SLOW_LOGS, SEARCH_SLOW_LOGS, ES_APPLICATION_LOGS, AUDIT_LOGS.
    Enabled bool
    Whether given log publishing option is enabled or not.
    CloudwatchLogGroupArn string
    ARN of the Cloudwatch log group to which log needs to be published.
    LogType string
    Type of OpenSearch log. Valid values: INDEX_SLOW_LOGS, SEARCH_SLOW_LOGS, ES_APPLICATION_LOGS, AUDIT_LOGS.
    Enabled bool
    Whether given log publishing option is enabled or not.
    cloudwatchLogGroupArn String
    ARN of the Cloudwatch log group to which log needs to be published.
    logType String
    Type of OpenSearch log. Valid values: INDEX_SLOW_LOGS, SEARCH_SLOW_LOGS, ES_APPLICATION_LOGS, AUDIT_LOGS.
    enabled Boolean
    Whether given log publishing option is enabled or not.
    cloudwatchLogGroupArn string
    ARN of the Cloudwatch log group to which log needs to be published.
    logType string
    Type of OpenSearch log. Valid values: INDEX_SLOW_LOGS, SEARCH_SLOW_LOGS, ES_APPLICATION_LOGS, AUDIT_LOGS.
    enabled boolean
    Whether given log publishing option is enabled or not.
    cloudwatch_log_group_arn str
    ARN of the Cloudwatch log group to which log needs to be published.
    log_type str
    Type of OpenSearch log. Valid values: INDEX_SLOW_LOGS, SEARCH_SLOW_LOGS, ES_APPLICATION_LOGS, AUDIT_LOGS.
    enabled bool
    Whether given log publishing option is enabled or not.
    cloudwatchLogGroupArn String
    ARN of the Cloudwatch log group to which log needs to be published.
    logType String
    Type of OpenSearch log. Valid values: INDEX_SLOW_LOGS, SEARCH_SLOW_LOGS, ES_APPLICATION_LOGS, AUDIT_LOGS.
    enabled Boolean
    Whether given log publishing option is enabled or not.

    DomainNodeToNodeEncryption, DomainNodeToNodeEncryptionArgs

    Enabled bool
    Whether to enable node-to-node encryption. If the node_to_node_encryption block is not provided then this defaults to false. Enabling node-to-node encryption of a new domain requires an engine_version of OpenSearch_X.Y or Elasticsearch_6.0 or greater.
    Enabled bool
    Whether to enable node-to-node encryption. If the node_to_node_encryption block is not provided then this defaults to false. Enabling node-to-node encryption of a new domain requires an engine_version of OpenSearch_X.Y or Elasticsearch_6.0 or greater.
    enabled Boolean
    Whether to enable node-to-node encryption. If the node_to_node_encryption block is not provided then this defaults to false. Enabling node-to-node encryption of a new domain requires an engine_version of OpenSearch_X.Y or Elasticsearch_6.0 or greater.
    enabled boolean
    Whether to enable node-to-node encryption. If the node_to_node_encryption block is not provided then this defaults to false. Enabling node-to-node encryption of a new domain requires an engine_version of OpenSearch_X.Y or Elasticsearch_6.0 or greater.
    enabled bool
    Whether to enable node-to-node encryption. If the node_to_node_encryption block is not provided then this defaults to false. Enabling node-to-node encryption of a new domain requires an engine_version of OpenSearch_X.Y or Elasticsearch_6.0 or greater.
    enabled Boolean
    Whether to enable node-to-node encryption. If the node_to_node_encryption block is not provided then this defaults to false. Enabling node-to-node encryption of a new domain requires an engine_version of OpenSearch_X.Y or Elasticsearch_6.0 or greater.

    DomainOffPeakWindowOptions, DomainOffPeakWindowOptionsArgs

    Enabled bool
    Enabled disabled toggle for off-peak update window.
    OffPeakWindow DomainOffPeakWindowOptionsOffPeakWindow
    Enabled bool
    Enabled disabled toggle for off-peak update window.
    OffPeakWindow DomainOffPeakWindowOptionsOffPeakWindow
    enabled Boolean
    Enabled disabled toggle for off-peak update window.
    offPeakWindow DomainOffPeakWindowOptionsOffPeakWindow
    enabled boolean
    Enabled disabled toggle for off-peak update window.
    offPeakWindow DomainOffPeakWindowOptionsOffPeakWindow
    enabled bool
    Enabled disabled toggle for off-peak update window.
    off_peak_window DomainOffPeakWindowOptionsOffPeakWindow
    enabled Boolean
    Enabled disabled toggle for off-peak update window.
    offPeakWindow Property Map

    DomainOffPeakWindowOptionsOffPeakWindow, DomainOffPeakWindowOptionsOffPeakWindowArgs

    windowStartTime Property Map
    10h window for updates

    DomainOffPeakWindowOptionsOffPeakWindowWindowStartTime, DomainOffPeakWindowOptionsOffPeakWindowWindowStartTimeArgs

    Hours int
    Starting hour of the 10-hour window for updates
    Minutes int
    Starting minute of the 10-hour window for updates
    Hours int
    Starting hour of the 10-hour window for updates
    Minutes int
    Starting minute of the 10-hour window for updates
    hours Integer
    Starting hour of the 10-hour window for updates
    minutes Integer
    Starting minute of the 10-hour window for updates
    hours number
    Starting hour of the 10-hour window for updates
    minutes number
    Starting minute of the 10-hour window for updates
    hours int
    Starting hour of the 10-hour window for updates
    minutes int
    Starting minute of the 10-hour window for updates
    hours Number
    Starting hour of the 10-hour window for updates
    minutes Number
    Starting minute of the 10-hour window for updates

    DomainSnapshotOptions, DomainSnapshotOptionsArgs

    AutomatedSnapshotStartHour int
    Hour during which the service takes an automated daily snapshot of the indices in the domain.
    AutomatedSnapshotStartHour int
    Hour during which the service takes an automated daily snapshot of the indices in the domain.
    automatedSnapshotStartHour Integer
    Hour during which the service takes an automated daily snapshot of the indices in the domain.
    automatedSnapshotStartHour number
    Hour during which the service takes an automated daily snapshot of the indices in the domain.
    automated_snapshot_start_hour int
    Hour during which the service takes an automated daily snapshot of the indices in the domain.
    automatedSnapshotStartHour Number
    Hour during which the service takes an automated daily snapshot of the indices in the domain.

    DomainSoftwareUpdateOptions, DomainSoftwareUpdateOptionsArgs

    AutoSoftwareUpdateEnabled bool
    Whether automatic service software updates are enabled for the domain. Defaults to false.
    AutoSoftwareUpdateEnabled bool
    Whether automatic service software updates are enabled for the domain. Defaults to false.
    autoSoftwareUpdateEnabled Boolean
    Whether automatic service software updates are enabled for the domain. Defaults to false.
    autoSoftwareUpdateEnabled boolean
    Whether automatic service software updates are enabled for the domain. Defaults to false.
    auto_software_update_enabled bool
    Whether automatic service software updates are enabled for the domain. Defaults to false.
    autoSoftwareUpdateEnabled Boolean
    Whether automatic service software updates are enabled for the domain. Defaults to false.

    DomainVpcOptions, DomainVpcOptionsArgs

    AvailabilityZones List<string>
    If the domain was created inside a VPC, the names of the availability zones the configured subnet_ids were created inside.
    SecurityGroupIds List<string>
    List of VPC Security Group IDs to be applied to the OpenSearch domain endpoints. If omitted, the default Security Group for the VPC will be used.
    SubnetIds List<string>
    List of VPC Subnet IDs for the OpenSearch domain endpoints to be created in.
    VpcId string
    If the domain was created inside a VPC, the ID of the VPC.
    AvailabilityZones []string
    If the domain was created inside a VPC, the names of the availability zones the configured subnet_ids were created inside.
    SecurityGroupIds []string
    List of VPC Security Group IDs to be applied to the OpenSearch domain endpoints. If omitted, the default Security Group for the VPC will be used.
    SubnetIds []string
    List of VPC Subnet IDs for the OpenSearch domain endpoints to be created in.
    VpcId string
    If the domain was created inside a VPC, the ID of the VPC.
    availabilityZones List<String>
    If the domain was created inside a VPC, the names of the availability zones the configured subnet_ids were created inside.
    securityGroupIds List<String>
    List of VPC Security Group IDs to be applied to the OpenSearch domain endpoints. If omitted, the default Security Group for the VPC will be used.
    subnetIds List<String>
    List of VPC Subnet IDs for the OpenSearch domain endpoints to be created in.
    vpcId String
    If the domain was created inside a VPC, the ID of the VPC.
    availabilityZones string[]
    If the domain was created inside a VPC, the names of the availability zones the configured subnet_ids were created inside.
    securityGroupIds string[]
    List of VPC Security Group IDs to be applied to the OpenSearch domain endpoints. If omitted, the default Security Group for the VPC will be used.
    subnetIds string[]
    List of VPC Subnet IDs for the OpenSearch domain endpoints to be created in.
    vpcId string
    If the domain was created inside a VPC, the ID of the VPC.
    availability_zones Sequence[str]
    If the domain was created inside a VPC, the names of the availability zones the configured subnet_ids were created inside.
    security_group_ids Sequence[str]
    List of VPC Security Group IDs to be applied to the OpenSearch domain endpoints. If omitted, the default Security Group for the VPC will be used.
    subnet_ids Sequence[str]
    List of VPC Subnet IDs for the OpenSearch domain endpoints to be created in.
    vpc_id str
    If the domain was created inside a VPC, the ID of the VPC.
    availabilityZones List<String>
    If the domain was created inside a VPC, the names of the availability zones the configured subnet_ids were created inside.
    securityGroupIds List<String>
    List of VPC Security Group IDs to be applied to the OpenSearch domain endpoints. If omitted, the default Security Group for the VPC will be used.
    subnetIds List<String>
    List of VPC Subnet IDs for the OpenSearch domain endpoints to be created in.
    vpcId String
    If the domain was created inside a VPC, the ID of the VPC.

    Import

    Using pulumi import, import OpenSearch domains using the domain_name. For example:

    $ pulumi import aws:opensearch/domain:Domain example domain_name
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    AWS Classic pulumi/pulumi-aws
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the aws Terraform Provider.
    aws logo
    AWS v6.55.0 published on Monday, Oct 7, 2024 by Pulumi