AWS Classic

Pulumi Official
Package maintained by Pulumi
v5.10.0 published on Monday, Jul 11, 2022 by Pulumi

Domain

Manages an Amazon OpenSearch Domain.

Elasticsearch vs. OpenSearch

Amazon OpenSearch Service is the successor to Amazon Elasticsearch Service and supports OpenSearch and legacy Elasticsearch OSS (up to 7.10, the final open source version of the software).

OpenSearch Domain configurations are similar in many ways to Elasticsearch Domain configurations. However, there are important differences including these:

  • OpenSearch has engine_version while Elasticsearch has elasticsearch_version
  • Versions are specified differently - e.g., Elasticsearch_7.10 with OpenSearch vs. 7.10 for Elasticsearch.
  • instance_type argument values end in search for OpenSearch vs. elasticsearch for Elasticsearch (e.g., t2.micro.search vs. t2.micro.elasticsearch).
  • The AWS-managed service-linked role for OpenSearch is called AWSServiceRoleForAmazonOpenSearchService instead of AWSServiceRoleForAmazonElasticsearchService for Elasticsearch.

There are also some potentially unexpected similarities in configurations:

  • ARNs for both are prefaced with arn:aws:es:.
  • Both OpenSearch and Elasticsearch use assume role policies that refer to the Principal Service as es.amazonaws.com.
  • IAM policy actions, such as those you will find in access_policies, are prefaced with es: for both.

Example Usage

Basic Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
    public MyStack()
    {
        var example = new Aws.OpenSearch.Domain("example", new Aws.OpenSearch.DomainArgs
        {
            ClusterConfig = new Aws.OpenSearch.Inputs.DomainClusterConfigArgs
            {
                InstanceType = "r4.large.search",
            },
            EngineVersion = "Elasticsearch_7.10",
            Tags = 
            {
                { "Domain", "TestDomain" },
            },
        });
    }

}
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/opensearch"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := opensearch.NewDomain(ctx, "example", &opensearch.DomainArgs{
			ClusterConfig: &opensearch.DomainClusterConfigArgs{
				InstanceType: pulumi.String("r4.large.search"),
			},
			EngineVersion: pulumi.String("Elasticsearch_7.10"),
			Tags: pulumi.StringMap{
				"Domain": pulumi.String("TestDomain"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import java.util.*;
import java.io.*;
import java.nio.*;
import com.pulumi.*;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new Domain("example", DomainArgs.builder()        
            .clusterConfig(DomainClusterConfigArgs.builder()
                .instanceType("r4.large.search")
                .build())
            .engineVersion("Elasticsearch_7.10")
            .tags(Map.of("Domain", "TestDomain"))
            .build());

    }
}
import pulumi
import pulumi_aws as aws

example = aws.opensearch.Domain("example",
    cluster_config=aws.opensearch.DomainClusterConfigArgs(
        instance_type="r4.large.search",
    ),
    engine_version="Elasticsearch_7.10",
    tags={
        "Domain": "TestDomain",
    })
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.opensearch.Domain("example", {
    clusterConfig: {
        instanceType: "r4.large.search",
    },
    engineVersion: "Elasticsearch_7.10",
    tags: {
        Domain: "TestDomain",
    },
});
resources:
  example:
    type: aws:opensearch:Domain
    properties:
      clusterConfig:
        instanceType: r4.large.search
      engineVersion: Elasticsearch_7.10
      tags:
        Domain: TestDomain

Access Policy

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
    public MyStack()
    {
        var config = new Config();
        var domain = config.Get("domain") ?? "tf-test";
        var currentRegion = Output.Create(Aws.GetRegion.InvokeAsync());
        var currentCallerIdentity = Output.Create(Aws.GetCallerIdentity.InvokeAsync());
        var example = new Aws.OpenSearch.Domain("example", new Aws.OpenSearch.DomainArgs
        {
            AccessPolicies = Output.Tuple(currentRegion, currentCallerIdentity).Apply(values =>
            {
                var currentRegion = values.Item1;
                var currentCallerIdentity = values.Item2;
                return @$"{{
  ""Version"": ""2012-10-17"",
  ""Statement"": [
    {{
      ""Action"": ""es:*"",
      ""Principal"": ""*"",
      ""Effect"": ""Allow"",
      ""Resource"": ""arn:aws:es:{currentRegion.Name}:{currentCallerIdentity.AccountId}:domain/{domain}/*"",
      ""Condition"": {{
        ""IpAddress"": {{""aws:SourceIp"": [""66.193.100.22/32""]}}
      }}
    }}
  ]
}}
";
            }),
        });
    }

}
package main

import (
	"fmt"

	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws"
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/opensearch"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		cfg := config.New(ctx, "")
		domain := "tf-test"
		if param := cfg.Get("domain"); param != "" {
			domain = param
		}
		currentRegion, err := aws.GetRegion(ctx, nil, nil)
		if err != nil {
			return err
		}
		currentCallerIdentity, err := aws.GetCallerIdentity(ctx, nil, nil)
		if err != nil {
			return err
		}
		_, err = opensearch.NewDomain(ctx, "example", &opensearch.DomainArgs{
			AccessPolicies: pulumi.String(fmt.Sprintf("%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v", "{\n", "  \"Version\": \"2012-10-17\",\n", "  \"Statement\": [\n", "    {\n", "      \"Action\": \"es:*\",\n", "      \"Principal\": \"*\",\n", "      \"Effect\": \"Allow\",\n", "      \"Resource\": \"arn:aws:es:", currentRegion.Name, ":", currentCallerIdentity.AccountId, ":domain/", domain, "/*\",\n", "      \"Condition\": {\n", "        \"IpAddress\": {\"aws:SourceIp\": [\"66.193.100.22/32\"]}\n", "      }\n", "    }\n", "  ]\n", "}\n")),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import java.util.*;
import java.io.*;
import java.nio.*;
import com.pulumi.*;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var config = ctx.config();
        final var domain = config.get("domain").orElse("tf-test");
        final var currentRegion = Output.of(AwsFunctions.getRegion());

        final var currentCallerIdentity = Output.of(AwsFunctions.getCallerIdentity());

        var example = new Domain("example", DomainArgs.builder()        
            .accessPolicies("""
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "es:*",
      "Principal": "*",
      "Effect": "Allow",
      "Resource": "arn:aws:es:%s:%s:domain/%s/*",
      "Condition": {
        "IpAddress": {"aws:SourceIp": ["66.193.100.22/32"]}
      }
    }
  ]
}
", currentRegion.apply(getRegionResult -> getRegionResult.name()),currentCallerIdentity.apply(getCallerIdentityResult -> getCallerIdentityResult.accountId()),domain))
            .build());

    }
}
import pulumi
import pulumi_aws as aws

config = pulumi.Config()
domain = config.get("domain")
if domain is None:
    domain = "tf-test"
current_region = aws.get_region()
current_caller_identity = aws.get_caller_identity()
example = aws.opensearch.Domain("example", access_policies=f"""{{
  "Version": "2012-10-17",
  "Statement": [
    {{
      "Action": "es:*",
      "Principal": "*",
      "Effect": "Allow",
      "Resource": "arn:aws:es:{current_region.name}:{current_caller_identity.account_id}:domain/{domain}/*",
      "Condition": {{
        "IpAddress": {{"aws:SourceIp": ["66.193.100.22/32"]}}
      }}
    }}
  ]
}}
""")
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const config = new pulumi.Config();
const domain = config.get("domain") || "tf-test";
const currentRegion = aws.getRegion({});
const currentCallerIdentity = aws.getCallerIdentity({});
const example = new aws.opensearch.Domain("example", {accessPolicies: Promise.all([currentRegion, currentCallerIdentity]).then(([currentRegion, currentCallerIdentity]) => `{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "es:*",
      "Principal": "*",
      "Effect": "Allow",
      "Resource": "arn:aws:es:${currentRegion.name}:${currentCallerIdentity.accountId}:domain/${domain}/*",
      "Condition": {
        "IpAddress": {"aws:SourceIp": ["66.193.100.22/32"]}
      }
    }
  ]
}
`)});
configuration:
  domain:
    type: string
    default: tf-test
resources:
  example:
    type: aws:opensearch:Domain
    properties:
      accessPolicies: |
        {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Action": "es:*",
              "Principal": "*",
              "Effect": "Allow",
              "Resource": "arn:aws:es:${currentRegion.name}:${currentCallerIdentity.accountId}:domain/${domain}/*",
              "Condition": {
                "IpAddress": {"aws:SourceIp": ["66.193.100.22/32"]}
              }
            }
          ]
        }        
variables:
  currentRegion:
    Fn::Invoke:
      Function: aws:getRegion
      Arguments: {}
  currentCallerIdentity:
    Fn::Invoke:
      Function: aws:getCallerIdentity
      Arguments: {}

Log Publishing to CloudWatch Logs

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
    public MyStack()
    {
        var exampleLogGroup = new Aws.CloudWatch.LogGroup("exampleLogGroup", new Aws.CloudWatch.LogGroupArgs
        {
        });
        var exampleLogResourcePolicy = new Aws.CloudWatch.LogResourcePolicy("exampleLogResourcePolicy", new Aws.CloudWatch.LogResourcePolicyArgs
        {
            PolicyName = "example",
            PolicyDocument = @"{
  ""Version"": ""2012-10-17"",
  ""Statement"": [
    {
      ""Effect"": ""Allow"",
      ""Principal"": {
        ""Service"": ""es.amazonaws.com""
      },
      ""Action"": [
        ""logs:PutLogEvents"",
        ""logs:PutLogEventsBatch"",
        ""logs:CreateLogStream""
      ],
      ""Resource"": ""arn:aws:logs:*""
    }
  ]
}
",
        });
        // .. other configuration ...
        var exampleDomain = new Aws.OpenSearch.Domain("exampleDomain", new Aws.OpenSearch.DomainArgs
        {
            LogPublishingOptions = 
            {
                new Aws.OpenSearch.Inputs.DomainLogPublishingOptionArgs
                {
                    CloudwatchLogGroupArn = exampleLogGroup.Arn,
                    LogType = "INDEX_SLOW_LOGS",
                },
            },
        });
    }

}
package main

import (
	"fmt"

	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/cloudwatch"
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/opensearch"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleLogGroup, err := cloudwatch.NewLogGroup(ctx, "exampleLogGroup", nil)
		if err != nil {
			return err
		}
		_, err = cloudwatch.NewLogResourcePolicy(ctx, "exampleLogResourcePolicy", &cloudwatch.LogResourcePolicyArgs{
			PolicyName:     pulumi.String("example"),
			PolicyDocument: pulumi.String(fmt.Sprintf("%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v", "{\n", "  \"Version\": \"2012-10-17\",\n", "  \"Statement\": [\n", "    {\n", "      \"Effect\": \"Allow\",\n", "      \"Principal\": {\n", "        \"Service\": \"es.amazonaws.com\"\n", "      },\n", "      \"Action\": [\n", "        \"logs:PutLogEvents\",\n", "        \"logs:PutLogEventsBatch\",\n", "        \"logs:CreateLogStream\"\n", "      ],\n", "      \"Resource\": \"arn:aws:logs:*\"\n", "    }\n", "  ]\n", "}\n")),
		})
		if err != nil {
			return err
		}
		_, err = opensearch.NewDomain(ctx, "exampleDomain", &opensearch.DomainArgs{
			LogPublishingOptions: opensearch.DomainLogPublishingOptionArray{
				&opensearch.DomainLogPublishingOptionArgs{
					CloudwatchLogGroupArn: exampleLogGroup.Arn,
					LogType:               pulumi.String("INDEX_SLOW_LOGS"),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import java.util.*;
import java.io.*;
import java.nio.*;
import com.pulumi.*;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var exampleLogGroup = new LogGroup("exampleLogGroup");

        var exampleLogResourcePolicy = new LogResourcePolicy("exampleLogResourcePolicy", LogResourcePolicyArgs.builder()        
            .policyName("example")
            .policyDocument("""
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "es.amazonaws.com"
      },
      "Action": [
        "logs:PutLogEvents",
        "logs:PutLogEventsBatch",
        "logs:CreateLogStream"
      ],
      "Resource": "arn:aws:logs:*"
    }
  ]
}
            """)
            .build());

        var exampleDomain = new Domain("exampleDomain", DomainArgs.builder()        
            .logPublishingOptions(DomainLogPublishingOptionArgs.builder()
                .cloudwatchLogGroupArn(exampleLogGroup.arn())
                .logType("INDEX_SLOW_LOGS")
                .build())
            .build());

    }
}
import pulumi
import pulumi_aws as aws

example_log_group = aws.cloudwatch.LogGroup("exampleLogGroup")
example_log_resource_policy = aws.cloudwatch.LogResourcePolicy("exampleLogResourcePolicy",
    policy_name="example",
    policy_document="""{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "es.amazonaws.com"
      },
      "Action": [
        "logs:PutLogEvents",
        "logs:PutLogEventsBatch",
        "logs:CreateLogStream"
      ],
      "Resource": "arn:aws:logs:*"
    }
  ]
}
""")
# .. other configuration ...
example_domain = aws.opensearch.Domain("exampleDomain", log_publishing_options=[aws.opensearch.DomainLogPublishingOptionArgs(
    cloudwatch_log_group_arn=example_log_group.arn,
    log_type="INDEX_SLOW_LOGS",
)])
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const exampleLogGroup = new aws.cloudwatch.LogGroup("exampleLogGroup", {});
const exampleLogResourcePolicy = new aws.cloudwatch.LogResourcePolicy("exampleLogResourcePolicy", {
    policyName: "example",
    policyDocument: `{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "es.amazonaws.com"
      },
      "Action": [
        "logs:PutLogEvents",
        "logs:PutLogEventsBatch",
        "logs:CreateLogStream"
      ],
      "Resource": "arn:aws:logs:*"
    }
  ]
}
`,
});
// .. other configuration ...
const exampleDomain = new aws.opensearch.Domain("exampleDomain", {logPublishingOptions: [{
    cloudwatchLogGroupArn: exampleLogGroup.arn,
    logType: "INDEX_SLOW_LOGS",
}]});
resources:
  exampleLogGroup:
    type: aws:cloudwatch:LogGroup
  exampleLogResourcePolicy:
    type: aws:cloudwatch:LogResourcePolicy
    properties:
      policyName: example
      policyDocument: |
        {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Effect": "Allow",
              "Principal": {
                "Service": "es.amazonaws.com"
              },
              "Action": [
                "logs:PutLogEvents",
                "logs:PutLogEventsBatch",
                "logs:CreateLogStream"
              ],
              "Resource": "arn:aws:logs:*"
            }
          ]
        }        
  exampleDomain:
    type: aws:opensearch:Domain
    properties:
      logPublishingOptions:
        - cloudwatchLogGroupArn: ${exampleLogGroup.arn}
          logType: INDEX_SLOW_LOGS

VPC based OpenSearch

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
    public MyStack()
    {
        var config = new Config();
        var vpc = config.RequireObject<dynamic>("vpc");
        var domain = config.Get("domain") ?? "tf-test";
        var exampleVpc = Output.Create(Aws.Ec2.GetVpc.InvokeAsync(new Aws.Ec2.GetVpcArgs
        {
            Tags = 
            {
                { "Name", vpc },
            },
        }));
        var exampleSubnetIds = exampleVpc.Apply(exampleVpc => Output.Create(Aws.Ec2.GetSubnetIds.InvokeAsync(new Aws.Ec2.GetSubnetIdsArgs
        {
            VpcId = exampleVpc.Id,
            Tags = 
            {
                { "Tier", "private" },
            },
        })));
        var currentRegion = Output.Create(Aws.GetRegion.InvokeAsync());
        var currentCallerIdentity = Output.Create(Aws.GetCallerIdentity.InvokeAsync());
        var exampleSecurityGroup = new Aws.Ec2.SecurityGroup("exampleSecurityGroup", new Aws.Ec2.SecurityGroupArgs
        {
            Description = "Managed by Terraform",
            VpcId = exampleVpc.Apply(exampleVpc => exampleVpc.Id),
            Ingress = 
            {
                new Aws.Ec2.Inputs.SecurityGroupIngressArgs
                {
                    FromPort = 443,
                    ToPort = 443,
                    Protocol = "tcp",
                    CidrBlocks = 
                    {
                        exampleVpc.Apply(exampleVpc => exampleVpc.CidrBlock),
                    },
                },
            },
        });
        var exampleServiceLinkedRole = new Aws.Iam.ServiceLinkedRole("exampleServiceLinkedRole", new Aws.Iam.ServiceLinkedRoleArgs
        {
            AwsServiceName = "opensearchservice.amazonaws.com",
        });
        var exampleDomain = new Aws.OpenSearch.Domain("exampleDomain", new Aws.OpenSearch.DomainArgs
        {
            EngineVersion = "OpenSearch_1.0",
            ClusterConfig = new Aws.OpenSearch.Inputs.DomainClusterConfigArgs
            {
                InstanceType = "m4.large.search",
                ZoneAwarenessEnabled = true,
            },
            VpcOptions = new Aws.OpenSearch.Inputs.DomainVpcOptionsArgs
            {
                SubnetIds = 
                {
                    exampleSubnetIds.Apply(exampleSubnetIds => exampleSubnetIds.Ids?[0]),
                    exampleSubnetIds.Apply(exampleSubnetIds => exampleSubnetIds.Ids?[1]),
                },
                SecurityGroupIds = 
                {
                    exampleSecurityGroup.Id,
                },
            },
            AdvancedOptions = 
            {
                { "rest.action.multi.allow_explicit_index", "true" },
            },
            AccessPolicies = Output.Tuple(currentRegion, currentCallerIdentity).Apply(values =>
            {
                var currentRegion = values.Item1;
                var currentCallerIdentity = values.Item2;
                return @$"{{
	""Version"": ""2012-10-17"",
	""Statement"": [
		{{
			""Action"": ""es:*"",
			""Principal"": ""*"",
			""Effect"": ""Allow"",
			""Resource"": ""arn:aws:es:{currentRegion.Name}:{currentCallerIdentity.AccountId}:domain/{domain}/*""
		}}
	]
}}
";
            }),
            Tags = 
            {
                { "Domain", "TestDomain" },
            },
        }, new CustomResourceOptions
        {
            DependsOn = 
            {
                exampleServiceLinkedRole,
            },
        });
    }

}

Coming soon!

package generated_program;

import java.util.*;
import java.io.*;
import java.nio.*;
import com.pulumi.*;
import com.pulumi.resources.CustomResourceOptions;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var config = ctx.config();
        final var vpc = config.get("vpc");
        final var domain = config.get("domain").orElse("tf-test");
        final var exampleVpc = Output.of(Ec2Functions.getVpc(GetVpcArgs.builder()
            .tags(Map.of("Name", vpc))
            .build()));

        final var exampleSubnetIds = Output.of(Ec2Functions.getSubnetIds(GetSubnetIdsArgs.builder()
            .vpcId(exampleVpc.apply(getVpcResult -> getVpcResult.id()))
            .tags(Map.of("Tier", "private"))
            .build()));

        final var currentRegion = Output.of(AwsFunctions.getRegion());

        final var currentCallerIdentity = Output.of(AwsFunctions.getCallerIdentity());

        var exampleSecurityGroup = new SecurityGroup("exampleSecurityGroup", SecurityGroupArgs.builder()        
            .description("Managed by Terraform")
            .vpcId(exampleVpc.apply(getVpcResult -> getVpcResult.id()))
            .ingress(SecurityGroupIngressArgs.builder()
                .fromPort(443)
                .toPort(443)
                .protocol("tcp")
                .cidrBlocks(exampleVpc.apply(getVpcResult -> getVpcResult.cidrBlock()))
                .build())
            .build());

        var exampleServiceLinkedRole = new ServiceLinkedRole("exampleServiceLinkedRole", ServiceLinkedRoleArgs.builder()        
            .awsServiceName("opensearchservice.amazonaws.com")
            .build());

        var exampleDomain = new Domain("exampleDomain", DomainArgs.builder()        
            .engineVersion("OpenSearch_1.0")
            .clusterConfig(DomainClusterConfigArgs.builder()
                .instanceType("m4.large.search")
                .zoneAwarenessEnabled(true)
                .build())
            .vpcOptions(DomainVpcOptionsArgs.builder()
                .subnetIds(                
                    exampleSubnetIds.apply(getSubnetIdsResult -> getSubnetIdsResult.ids()[0]),
                    exampleSubnetIds.apply(getSubnetIdsResult -> getSubnetIdsResult.ids()[1]))
                .securityGroupIds(exampleSecurityGroup.id())
                .build())
            .advancedOptions(Map.of("rest.action.multi.allow_explicit_index", "true"))
            .accessPolicies("""
{
	"Version": "2012-10-17",
	"Statement": [
		{
			"Action": "es:*",
			"Principal": "*",
			"Effect": "Allow",
			"Resource": "arn:aws:es:%s:%s:domain/%s/*"
		}
	]
}
", currentRegion.apply(getRegionResult -> getRegionResult.name()),currentCallerIdentity.apply(getCallerIdentityResult -> getCallerIdentityResult.accountId()),domain))
            .tags(Map.of("Domain", "TestDomain"))
            .build(), CustomResourceOptions.builder()
                .dependsOn(exampleServiceLinkedRole)
                .build());

    }
}
import pulumi
import pulumi_aws as aws

config = pulumi.Config()
vpc = config.require_object("vpc")
domain = config.get("domain")
if domain is None:
    domain = "tf-test"
example_vpc = aws.ec2.get_vpc(tags={
    "Name": vpc,
})
example_subnet_ids = aws.ec2.get_subnet_ids(vpc_id=example_vpc.id,
    tags={
        "Tier": "private",
    })
current_region = aws.get_region()
current_caller_identity = aws.get_caller_identity()
example_security_group = aws.ec2.SecurityGroup("exampleSecurityGroup",
    description="Managed by Terraform",
    vpc_id=example_vpc.id,
    ingress=[aws.ec2.SecurityGroupIngressArgs(
        from_port=443,
        to_port=443,
        protocol="tcp",
        cidr_blocks=[example_vpc.cidr_block],
    )])
example_service_linked_role = aws.iam.ServiceLinkedRole("exampleServiceLinkedRole", aws_service_name="opensearchservice.amazonaws.com")
example_domain = aws.opensearch.Domain("exampleDomain",
    engine_version="OpenSearch_1.0",
    cluster_config=aws.opensearch.DomainClusterConfigArgs(
        instance_type="m4.large.search",
        zone_awareness_enabled=True,
    ),
    vpc_options=aws.opensearch.DomainVpcOptionsArgs(
        subnet_ids=[
            example_subnet_ids.ids[0],
            example_subnet_ids.ids[1],
        ],
        security_group_ids=[example_security_group.id],
    ),
    advanced_options={
        "rest.action.multi.allow_explicit_index": "true",
    },
    access_policies=f"""{{
	"Version": "2012-10-17",
	"Statement": [
		{{
			"Action": "es:*",
			"Principal": "*",
			"Effect": "Allow",
			"Resource": "arn:aws:es:{current_region.name}:{current_caller_identity.account_id}:domain/{domain}/*"
		}}
	]
}}
""",
    tags={
        "Domain": "TestDomain",
    },
    opts=pulumi.ResourceOptions(depends_on=[example_service_linked_role]))
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const config = new pulumi.Config();
const vpc = config.requireObject("vpc");
const domain = config.get("domain") || "tf-test";
const exampleVpc = aws.ec2.getVpc({
    tags: {
        Name: vpc,
    },
});
const exampleSubnetIds = exampleVpc.then(exampleVpc => aws.ec2.getSubnetIds({
    vpcId: exampleVpc.id,
    tags: {
        Tier: "private",
    },
}));
const currentRegion = aws.getRegion({});
const currentCallerIdentity = aws.getCallerIdentity({});
const exampleSecurityGroup = new aws.ec2.SecurityGroup("exampleSecurityGroup", {
    description: "Managed by Terraform",
    vpcId: exampleVpc.then(exampleVpc => exampleVpc.id),
    ingress: [{
        fromPort: 443,
        toPort: 443,
        protocol: "tcp",
        cidrBlocks: [exampleVpc.then(exampleVpc => exampleVpc.cidrBlock)],
    }],
});
const exampleServiceLinkedRole = new aws.iam.ServiceLinkedRole("exampleServiceLinkedRole", {awsServiceName: "opensearchservice.amazonaws.com"});
const exampleDomain = new aws.opensearch.Domain("exampleDomain", {
    engineVersion: "OpenSearch_1.0",
    clusterConfig: {
        instanceType: "m4.large.search",
        zoneAwarenessEnabled: true,
    },
    vpcOptions: {
        subnetIds: [
            exampleSubnetIds.then(exampleSubnetIds => exampleSubnetIds.ids?[0]),
            exampleSubnetIds.then(exampleSubnetIds => exampleSubnetIds.ids?[1]),
        ],
        securityGroupIds: [exampleSecurityGroup.id],
    },
    advancedOptions: {
        "rest.action.multi.allow_explicit_index": "true",
    },
    accessPolicies: Promise.all([currentRegion, currentCallerIdentity]).then(([currentRegion, currentCallerIdentity]) => `{
	"Version": "2012-10-17",
	"Statement": [
		{
			"Action": "es:*",
			"Principal": "*",
			"Effect": "Allow",
			"Resource": "arn:aws:es:${currentRegion.name}:${currentCallerIdentity.accountId}:domain/${domain}/*"
		}
	]
}
`),
    tags: {
        Domain: "TestDomain",
    },
}, {
    dependsOn: [exampleServiceLinkedRole],
});
configuration:
  vpc:
    type: dynamic
  domain:
    type: string
    default: tf-test
resources:
  exampleSecurityGroup:
    type: aws:ec2:SecurityGroup
    properties:
      description: Managed by Terraform
      vpcId: ${exampleVpc.id}
      ingress:
        - fromPort: 443
          toPort: 443
          protocol: tcp
          cidrBlocks:
            - ${exampleVpc.cidrBlock}
  exampleServiceLinkedRole:
    type: aws:iam:ServiceLinkedRole
    properties:
      awsServiceName: opensearchservice.amazonaws.com
  exampleDomain:
    type: aws:opensearch:Domain
    properties:
      engineVersion: OpenSearch_1.0
      clusterConfig:
        instanceType: m4.large.search
        zoneAwarenessEnabled: true
      vpcOptions:
        subnetIds:
          - ${exampleSubnetIds.ids[0]}
          - ${exampleSubnetIds.ids[1]}
        securityGroupIds:
          - ${exampleSecurityGroup.id}
      advancedOptions:
        rest.action.multi.allow_explicit_index: true
      accessPolicies: |
        {
        	"Version": "2012-10-17",
        	"Statement": [
        		{
        			"Action": "es:*",
        			"Principal": "*",
        			"Effect": "Allow",
        			"Resource": "arn:aws:es:${currentRegion.name}:${currentCallerIdentity.accountId}:domain/${domain}/*"
        		}
        	]
        }        
      tags:
        Domain: TestDomain
    options:
      dependson:
        - ${exampleServiceLinkedRole}
variables:
  exampleVpc:
    Fn::Invoke:
      Function: aws:ec2:getVpc
      Arguments:
        tags:
          Name: ${vpc}
  exampleSubnetIds:
    Fn::Invoke:
      Function: aws:ec2:getSubnetIds
      Arguments:
        vpcId: ${exampleVpc.id}
        tags:
          Tier: private
  currentRegion:
    Fn::Invoke:
      Function: aws:getRegion
      Arguments: {}
  currentCallerIdentity:
    Fn::Invoke:
      Function: aws:getCallerIdentity
      Arguments: {}

Create a Domain Resource

new Domain(name: string, args?: DomainArgs, opts?: CustomResourceOptions);
@overload
def Domain(resource_name: str,
           opts: Optional[ResourceOptions] = None,
           access_policies: Optional[str] = None,
           advanced_options: Optional[Mapping[str, str]] = None,
           advanced_security_options: Optional[DomainAdvancedSecurityOptionsArgs] = None,
           auto_tune_options: Optional[DomainAutoTuneOptionsArgs] = None,
           cluster_config: Optional[DomainClusterConfigArgs] = None,
           cognito_options: Optional[DomainCognitoOptionsArgs] = None,
           domain_endpoint_options: Optional[DomainDomainEndpointOptionsArgs] = None,
           domain_name: Optional[str] = None,
           ebs_options: Optional[DomainEbsOptionsArgs] = None,
           encrypt_at_rest: Optional[DomainEncryptAtRestArgs] = None,
           engine_version: Optional[str] = None,
           log_publishing_options: Optional[Sequence[DomainLogPublishingOptionArgs]] = None,
           node_to_node_encryption: Optional[DomainNodeToNodeEncryptionArgs] = None,
           snapshot_options: Optional[DomainSnapshotOptionsArgs] = None,
           tags: Optional[Mapping[str, str]] = None,
           vpc_options: Optional[DomainVpcOptionsArgs] = None)
@overload
def Domain(resource_name: str,
           args: Optional[DomainArgs] = None,
           opts: Optional[ResourceOptions] = None)
func NewDomain(ctx *Context, name string, args *DomainArgs, opts ...ResourceOption) (*Domain, error)
public Domain(string name, DomainArgs? args = null, CustomResourceOptions? opts = null)
public Domain(String name, DomainArgs args)
public Domain(String name, DomainArgs args, CustomResourceOptions options)
type: aws:opensearch:Domain
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args DomainArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args DomainArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args DomainArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args DomainArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args DomainArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Domain Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The Domain resource accepts the following input properties:

AccessPolicies string

IAM policy document specifying the access policies for the domain.

AdvancedOptions Dictionary<string, string>
AdvancedSecurityOptions DomainAdvancedSecurityOptionsArgs

Configuration block for fine-grained access control. Detailed below.

AutoTuneOptions DomainAutoTuneOptionsArgs

Configuration block for the Auto-Tune options of the domain. Detailed below.

ClusterConfig DomainClusterConfigArgs

Configuration block for the cluster of the domain. Detailed below.

CognitoOptions DomainCognitoOptionsArgs

Configuration block for authenticating Kibana with Cognito. Detailed below.

DomainEndpointOptions DomainDomainEndpointOptionsArgs

Configuration block for domain endpoint HTTP(S) related options. Detailed below.

DomainName string

Name of the domain.

EbsOptions DomainEbsOptionsArgs

Configuration block for EBS related options, may be required based on chosen instance size. Detailed below.

EncryptAtRest DomainEncryptAtRestArgs

Configuration block for encrypt at rest options. Only available for certain instance types. Detailed below.

EngineVersion string

Either Elasticsearch_X.Y or OpenSearch_X.Y to specify the engine version for the Amazon OpenSearch Service domain. For example, OpenSearch_1.0 or Elasticsearch_7.9. See Creating and managing Amazon OpenSearch Service domains. Defaults to OpenSearch_1.1.

LogPublishingOptions List<DomainLogPublishingOptionArgs>

Configuration block for publishing slow and application logs to CloudWatch Logs. This block can be declared multiple times, for each log_type, within the same resource. Detailed below.

NodeToNodeEncryption DomainNodeToNodeEncryptionArgs

Configuration block for node-to-node encryption options. Detailed below.

SnapshotOptions DomainSnapshotOptionsArgs

Configuration block for snapshot related options. Detailed below. DEPRECATED. For domains running OpenSearch 5.3 and later, Amazon OpenSearch takes hourly automated snapshots, making this setting irrelevant. For domains running earlier versions, OpenSearch takes daily automated snapshots.

Tags Dictionary<string, string>
VpcOptions DomainVpcOptionsArgs

Configuration block for VPC related options. Adding or removing this configuration forces a new resource (documentation). Detailed below.

AccessPolicies string

IAM policy document specifying the access policies for the domain.

AdvancedOptions map[string]string
AdvancedSecurityOptions DomainAdvancedSecurityOptionsArgs

Configuration block for fine-grained access control. Detailed below.

AutoTuneOptions DomainAutoTuneOptionsArgs

Configuration block for the Auto-Tune options of the domain. Detailed below.

ClusterConfig DomainClusterConfigArgs

Configuration block for the cluster of the domain. Detailed below.

CognitoOptions DomainCognitoOptionsArgs

Configuration block for authenticating Kibana with Cognito. Detailed below.

DomainEndpointOptions DomainDomainEndpointOptionsArgs

Configuration block for domain endpoint HTTP(S) related options. Detailed below.

DomainName string

Name of the domain.

EbsOptions DomainEbsOptionsArgs

Configuration block for EBS related options, may be required based on chosen instance size. Detailed below.

EncryptAtRest DomainEncryptAtRestArgs

Configuration block for encrypt at rest options. Only available for certain instance types. Detailed below.

EngineVersion string

Either Elasticsearch_X.Y or OpenSearch_X.Y to specify the engine version for the Amazon OpenSearch Service domain. For example, OpenSearch_1.0 or Elasticsearch_7.9. See Creating and managing Amazon OpenSearch Service domains. Defaults to OpenSearch_1.1.

LogPublishingOptions []DomainLogPublishingOptionArgs

Configuration block for publishing slow and application logs to CloudWatch Logs. This block can be declared multiple times, for each log_type, within the same resource. Detailed below.

NodeToNodeEncryption DomainNodeToNodeEncryptionArgs

Configuration block for node-to-node encryption options. Detailed below.

SnapshotOptions DomainSnapshotOptionsArgs

Configuration block for snapshot related options. Detailed below. DEPRECATED. For domains running OpenSearch 5.3 and later, Amazon OpenSearch takes hourly automated snapshots, making this setting irrelevant. For domains running earlier versions, OpenSearch takes daily automated snapshots.

Tags map[string]string
VpcOptions DomainVpcOptionsArgs

Configuration block for VPC related options. Adding or removing this configuration forces a new resource (documentation). Detailed below.

accessPolicies String

IAM policy document specifying the access policies for the domain.

advancedOptions Map<String,String>
advancedSecurityOptions DomainAdvancedSecurityOptionsArgs

Configuration block for fine-grained access control. Detailed below.

autoTuneOptions DomainAutoTuneOptionsArgs

Configuration block for the Auto-Tune options of the domain. Detailed below.

clusterConfig DomainClusterConfigArgs

Configuration block for the cluster of the domain. Detailed below.

cognitoOptions DomainCognitoOptionsArgs

Configuration block for authenticating Kibana with Cognito. Detailed below.

domainEndpointOptions DomainDomainEndpointOptionsArgs

Configuration block for domain endpoint HTTP(S) related options. Detailed below.

domainName String

Name of the domain.

ebsOptions DomainEbsOptionsArgs

Configuration block for EBS related options, may be required based on chosen instance size. Detailed below.

encryptAtRest DomainEncryptAtRestArgs

Configuration block for encrypt at rest options. Only available for certain instance types. Detailed below.

engineVersion String

Either Elasticsearch_X.Y or OpenSearch_X.Y to specify the engine version for the Amazon OpenSearch Service domain. For example, OpenSearch_1.0 or Elasticsearch_7.9. See Creating and managing Amazon OpenSearch Service domains. Defaults to OpenSearch_1.1.

logPublishingOptions List<DomainLogPublishingOptionArgs>

Configuration block for publishing slow and application logs to CloudWatch Logs. This block can be declared multiple times, for each log_type, within the same resource. Detailed below.

nodeToNodeEncryption DomainNodeToNodeEncryptionArgs

Configuration block for node-to-node encryption options. Detailed below.

snapshotOptions DomainSnapshotOptionsArgs

Configuration block for snapshot related options. Detailed below. DEPRECATED. For domains running OpenSearch 5.3 and later, Amazon OpenSearch takes hourly automated snapshots, making this setting irrelevant. For domains running earlier versions, OpenSearch takes daily automated snapshots.

tags Map<String,String>
vpcOptions DomainVpcOptionsArgs

Configuration block for VPC related options. Adding or removing this configuration forces a new resource (documentation). Detailed below.

accessPolicies string

IAM policy document specifying the access policies for the domain.

advancedOptions {[key: string]: string}
advancedSecurityOptions DomainAdvancedSecurityOptionsArgs

Configuration block for fine-grained access control. Detailed below.

autoTuneOptions DomainAutoTuneOptionsArgs

Configuration block for the Auto-Tune options of the domain. Detailed below.

clusterConfig DomainClusterConfigArgs

Configuration block for the cluster of the domain. Detailed below.

cognitoOptions DomainCognitoOptionsArgs

Configuration block for authenticating Kibana with Cognito. Detailed below.

domainEndpointOptions DomainDomainEndpointOptionsArgs

Configuration block for domain endpoint HTTP(S) related options. Detailed below.

domainName string

Name of the domain.

ebsOptions DomainEbsOptionsArgs

Configuration block for EBS related options, may be required based on chosen instance size. Detailed below.

encryptAtRest DomainEncryptAtRestArgs

Configuration block for encrypt at rest options. Only available for certain instance types. Detailed below.

engineVersion string

Either Elasticsearch_X.Y or OpenSearch_X.Y to specify the engine version for the Amazon OpenSearch Service domain. For example, OpenSearch_1.0 or Elasticsearch_7.9. See Creating and managing Amazon OpenSearch Service domains. Defaults to OpenSearch_1.1.

logPublishingOptions DomainLogPublishingOptionArgs[]

Configuration block for publishing slow and application logs to CloudWatch Logs. This block can be declared multiple times, for each log_type, within the same resource. Detailed below.

nodeToNodeEncryption DomainNodeToNodeEncryptionArgs

Configuration block for node-to-node encryption options. Detailed below.

snapshotOptions DomainSnapshotOptionsArgs

Configuration block for snapshot related options. Detailed below. DEPRECATED. For domains running OpenSearch 5.3 and later, Amazon OpenSearch takes hourly automated snapshots, making this setting irrelevant. For domains running earlier versions, OpenSearch takes daily automated snapshots.

tags {[key: string]: string}
vpcOptions DomainVpcOptionsArgs

Configuration block for VPC related options. Adding or removing this configuration forces a new resource (documentation). Detailed below.

access_policies str

IAM policy document specifying the access policies for the domain.

advanced_options Mapping[str, str]
advanced_security_options DomainAdvancedSecurityOptionsArgs

Configuration block for fine-grained access control. Detailed below.

auto_tune_options DomainAutoTuneOptionsArgs

Configuration block for the Auto-Tune options of the domain. Detailed below.

cluster_config DomainClusterConfigArgs

Configuration block for the cluster of the domain. Detailed below.

cognito_options DomainCognitoOptionsArgs

Configuration block for authenticating Kibana with Cognito. Detailed below.

domain_endpoint_options DomainDomainEndpointOptionsArgs

Configuration block for domain endpoint HTTP(S) related options. Detailed below.

domain_name str

Name of the domain.

ebs_options DomainEbsOptionsArgs

Configuration block for EBS related options, may be required based on chosen instance size. Detailed below.

encrypt_at_rest DomainEncryptAtRestArgs

Configuration block for encrypt at rest options. Only available for certain instance types. Detailed below.

engine_version str

Either Elasticsearch_X.Y or OpenSearch_X.Y to specify the engine version for the Amazon OpenSearch Service domain. For example, OpenSearch_1.0 or Elasticsearch_7.9. See Creating and managing Amazon OpenSearch Service domains. Defaults to OpenSearch_1.1.

log_publishing_options Sequence[DomainLogPublishingOptionArgs]

Configuration block for publishing slow and application logs to CloudWatch Logs. This block can be declared multiple times, for each log_type, within the same resource. Detailed below.

node_to_node_encryption DomainNodeToNodeEncryptionArgs

Configuration block for node-to-node encryption options. Detailed below.

snapshot_options DomainSnapshotOptionsArgs

Configuration block for snapshot related options. Detailed below. DEPRECATED. For domains running OpenSearch 5.3 and later, Amazon OpenSearch takes hourly automated snapshots, making this setting irrelevant. For domains running earlier versions, OpenSearch takes daily automated snapshots.

tags Mapping[str, str]
vpc_options DomainVpcOptionsArgs

Configuration block for VPC related options. Adding or removing this configuration forces a new resource (documentation). Detailed below.

accessPolicies String

IAM policy document specifying the access policies for the domain.

advancedOptions Map<String>
advancedSecurityOptions Property Map

Configuration block for fine-grained access control. Detailed below.

autoTuneOptions Property Map

Configuration block for the Auto-Tune options of the domain. Detailed below.

clusterConfig Property Map

Configuration block for the cluster of the domain. Detailed below.

cognitoOptions Property Map

Configuration block for authenticating Kibana with Cognito. Detailed below.

domainEndpointOptions Property Map

Configuration block for domain endpoint HTTP(S) related options. Detailed below.

domainName String

Name of the domain.

ebsOptions Property Map

Configuration block for EBS related options, may be required based on chosen instance size. Detailed below.

encryptAtRest Property Map

Configuration block for encrypt at rest options. Only available for certain instance types. Detailed below.

engineVersion String

Either Elasticsearch_X.Y or OpenSearch_X.Y to specify the engine version for the Amazon OpenSearch Service domain. For example, OpenSearch_1.0 or Elasticsearch_7.9. See Creating and managing Amazon OpenSearch Service domains. Defaults to OpenSearch_1.1.

logPublishingOptions List<Property Map>

Configuration block for publishing slow and application logs to CloudWatch Logs. This block can be declared multiple times, for each log_type, within the same resource. Detailed below.

nodeToNodeEncryption Property Map

Configuration block for node-to-node encryption options. Detailed below.

snapshotOptions Property Map

Configuration block for snapshot related options. Detailed below. DEPRECATED. For domains running OpenSearch 5.3 and later, Amazon OpenSearch takes hourly automated snapshots, making this setting irrelevant. For domains running earlier versions, OpenSearch takes daily automated snapshots.

tags Map<String>
vpcOptions Property Map

Configuration block for VPC related options. Adding or removing this configuration forces a new resource (documentation). Detailed below.

Outputs

All input properties are implicitly available as output properties. Additionally, the Domain resource produces the following output properties:

Arn string

ARN of the domain.

DomainId string

Unique identifier for the domain.

Endpoint string

Domain-specific endpoint used to submit index, search, and data upload requests.

Id string

The provider-assigned unique ID for this managed resource.

KibanaEndpoint string

Domain-specific endpoint for kibana without https scheme.

TagsAll Dictionary<string, string>
Arn string

ARN of the domain.

DomainId string

Unique identifier for the domain.

Endpoint string

Domain-specific endpoint used to submit index, search, and data upload requests.

Id string

The provider-assigned unique ID for this managed resource.

KibanaEndpoint string

Domain-specific endpoint for kibana without https scheme.

TagsAll map[string]string
arn String

ARN of the domain.

domainId String

Unique identifier for the domain.

endpoint String

Domain-specific endpoint used to submit index, search, and data upload requests.

id String

The provider-assigned unique ID for this managed resource.

kibanaEndpoint String

Domain-specific endpoint for kibana without https scheme.

tagsAll Map<String,String>
arn string

ARN of the domain.

domainId string

Unique identifier for the domain.

endpoint string

Domain-specific endpoint used to submit index, search, and data upload requests.

id string

The provider-assigned unique ID for this managed resource.

kibanaEndpoint string

Domain-specific endpoint for kibana without https scheme.

tagsAll {[key: string]: string}
arn str

ARN of the domain.

domain_id str

Unique identifier for the domain.

endpoint str

Domain-specific endpoint used to submit index, search, and data upload requests.

id str

The provider-assigned unique ID for this managed resource.

kibana_endpoint str

Domain-specific endpoint for kibana without https scheme.

tags_all Mapping[str, str]
arn String

ARN of the domain.

domainId String

Unique identifier for the domain.

endpoint String

Domain-specific endpoint used to submit index, search, and data upload requests.

id String

The provider-assigned unique ID for this managed resource.

kibanaEndpoint String

Domain-specific endpoint for kibana without https scheme.

tagsAll Map<String>

Look up an Existing Domain Resource

Get an existing Domain resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: DomainState, opts?: CustomResourceOptions): Domain
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        access_policies: Optional[str] = None,
        advanced_options: Optional[Mapping[str, str]] = None,
        advanced_security_options: Optional[DomainAdvancedSecurityOptionsArgs] = None,
        arn: Optional[str] = None,
        auto_tune_options: Optional[DomainAutoTuneOptionsArgs] = None,
        cluster_config: Optional[DomainClusterConfigArgs] = None,
        cognito_options: Optional[DomainCognitoOptionsArgs] = None,
        domain_endpoint_options: Optional[DomainDomainEndpointOptionsArgs] = None,
        domain_id: Optional[str] = None,
        domain_name: Optional[str] = None,
        ebs_options: Optional[DomainEbsOptionsArgs] = None,
        encrypt_at_rest: Optional[DomainEncryptAtRestArgs] = None,
        endpoint: Optional[str] = None,
        engine_version: Optional[str] = None,
        kibana_endpoint: Optional[str] = None,
        log_publishing_options: Optional[Sequence[DomainLogPublishingOptionArgs]] = None,
        node_to_node_encryption: Optional[DomainNodeToNodeEncryptionArgs] = None,
        snapshot_options: Optional[DomainSnapshotOptionsArgs] = None,
        tags: Optional[Mapping[str, str]] = None,
        tags_all: Optional[Mapping[str, str]] = None,
        vpc_options: Optional[DomainVpcOptionsArgs] = None) -> Domain
func GetDomain(ctx *Context, name string, id IDInput, state *DomainState, opts ...ResourceOption) (*Domain, error)
public static Domain Get(string name, Input<string> id, DomainState? state, CustomResourceOptions? opts = null)
public static Domain get(String name, Output<String> id, DomainState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
AccessPolicies string

IAM policy document specifying the access policies for the domain.

AdvancedOptions Dictionary<string, string>
AdvancedSecurityOptions DomainAdvancedSecurityOptionsArgs

Configuration block for fine-grained access control. Detailed below.

Arn string

ARN of the domain.

AutoTuneOptions DomainAutoTuneOptionsArgs

Configuration block for the Auto-Tune options of the domain. Detailed below.

ClusterConfig DomainClusterConfigArgs

Configuration block for the cluster of the domain. Detailed below.

CognitoOptions DomainCognitoOptionsArgs

Configuration block for authenticating Kibana with Cognito. Detailed below.

DomainEndpointOptions DomainDomainEndpointOptionsArgs

Configuration block for domain endpoint HTTP(S) related options. Detailed below.

DomainId string

Unique identifier for the domain.

DomainName string

Name of the domain.

EbsOptions DomainEbsOptionsArgs

Configuration block for EBS related options, may be required based on chosen instance size. Detailed below.

EncryptAtRest DomainEncryptAtRestArgs

Configuration block for encrypt at rest options. Only available for certain instance types. Detailed below.

Endpoint string

Domain-specific endpoint used to submit index, search, and data upload requests.

EngineVersion string

Either Elasticsearch_X.Y or OpenSearch_X.Y to specify the engine version for the Amazon OpenSearch Service domain. For example, OpenSearch_1.0 or Elasticsearch_7.9. See Creating and managing Amazon OpenSearch Service domains. Defaults to OpenSearch_1.1.

KibanaEndpoint string

Domain-specific endpoint for kibana without https scheme.

LogPublishingOptions List<DomainLogPublishingOptionArgs>

Configuration block for publishing slow and application logs to CloudWatch Logs. This block can be declared multiple times, for each log_type, within the same resource. Detailed below.

NodeToNodeEncryption DomainNodeToNodeEncryptionArgs

Configuration block for node-to-node encryption options. Detailed below.

SnapshotOptions DomainSnapshotOptionsArgs

Configuration block for snapshot related options. Detailed below. DEPRECATED. For domains running OpenSearch 5.3 and later, Amazon OpenSearch takes hourly automated snapshots, making this setting irrelevant. For domains running earlier versions, OpenSearch takes daily automated snapshots.

Tags Dictionary<string, string>
TagsAll Dictionary<string, string>
VpcOptions DomainVpcOptionsArgs

Configuration block for VPC related options. Adding or removing this configuration forces a new resource (documentation). Detailed below.

AccessPolicies string

IAM policy document specifying the access policies for the domain.

AdvancedOptions map[string]string
AdvancedSecurityOptions DomainAdvancedSecurityOptionsArgs

Configuration block for fine-grained access control. Detailed below.

Arn string

ARN of the domain.

AutoTuneOptions DomainAutoTuneOptionsArgs

Configuration block for the Auto-Tune options of the domain. Detailed below.

ClusterConfig DomainClusterConfigArgs

Configuration block for the cluster of the domain. Detailed below.

CognitoOptions DomainCognitoOptionsArgs

Configuration block for authenticating Kibana with Cognito. Detailed below.

DomainEndpointOptions DomainDomainEndpointOptionsArgs

Configuration block for domain endpoint HTTP(S) related options. Detailed below.

DomainId string

Unique identifier for the domain.

DomainName string

Name of the domain.

EbsOptions DomainEbsOptionsArgs

Configuration block for EBS related options, may be required based on chosen instance size. Detailed below.

EncryptAtRest DomainEncryptAtRestArgs

Configuration block for encrypt at rest options. Only available for certain instance types. Detailed below.

Endpoint string

Domain-specific endpoint used to submit index, search, and data upload requests.

EngineVersion string

Either Elasticsearch_X.Y or OpenSearch_X.Y to specify the engine version for the Amazon OpenSearch Service domain. For example, OpenSearch_1.0 or Elasticsearch_7.9. See Creating and managing Amazon OpenSearch Service domains. Defaults to OpenSearch_1.1.

KibanaEndpoint string

Domain-specific endpoint for kibana without https scheme.

LogPublishingOptions []DomainLogPublishingOptionArgs

Configuration block for publishing slow and application logs to CloudWatch Logs. This block can be declared multiple times, for each log_type, within the same resource. Detailed below.

NodeToNodeEncryption DomainNodeToNodeEncryptionArgs

Configuration block for node-to-node encryption options. Detailed below.

SnapshotOptions DomainSnapshotOptionsArgs

Configuration block for snapshot related options. Detailed below. DEPRECATED. For domains running OpenSearch 5.3 and later, Amazon OpenSearch takes hourly automated snapshots, making this setting irrelevant. For domains running earlier versions, OpenSearch takes daily automated snapshots.

Tags map[string]string
TagsAll map[string]string
VpcOptions DomainVpcOptionsArgs

Configuration block for VPC related options. Adding or removing this configuration forces a new resource (documentation). Detailed below.

accessPolicies String

IAM policy document specifying the access policies for the domain.

advancedOptions Map<String,String>
advancedSecurityOptions DomainAdvancedSecurityOptionsArgs

Configuration block for fine-grained access control. Detailed below.

arn String

ARN of the domain.

autoTuneOptions DomainAutoTuneOptionsArgs

Configuration block for the Auto-Tune options of the domain. Detailed below.

clusterConfig DomainClusterConfigArgs

Configuration block for the cluster of the domain. Detailed below.

cognitoOptions DomainCognitoOptionsArgs

Configuration block for authenticating Kibana with Cognito. Detailed below.

domainEndpointOptions DomainDomainEndpointOptionsArgs

Configuration block for domain endpoint HTTP(S) related options. Detailed below.

domainId String

Unique identifier for the domain.

domainName String

Name of the domain.

ebsOptions DomainEbsOptionsArgs

Configuration block for EBS related options, may be required based on chosen instance size. Detailed below.

encryptAtRest DomainEncryptAtRestArgs

Configuration block for encrypt at rest options. Only available for certain instance types. Detailed below.

endpoint String

Domain-specific endpoint used to submit index, search, and data upload requests.

engineVersion String

Either Elasticsearch_X.Y or OpenSearch_X.Y to specify the engine version for the Amazon OpenSearch Service domain. For example, OpenSearch_1.0 or Elasticsearch_7.9. See Creating and managing Amazon OpenSearch Service domains. Defaults to OpenSearch_1.1.

kibanaEndpoint String

Domain-specific endpoint for kibana without https scheme.

logPublishingOptions List<DomainLogPublishingOptionArgs>

Configuration block for publishing slow and application logs to CloudWatch Logs. This block can be declared multiple times, for each log_type, within the same resource. Detailed below.

nodeToNodeEncryption DomainNodeToNodeEncryptionArgs

Configuration block for node-to-node encryption options. Detailed below.

snapshotOptions DomainSnapshotOptionsArgs

Configuration block for snapshot related options. Detailed below. DEPRECATED. For domains running OpenSearch 5.3 and later, Amazon OpenSearch takes hourly automated snapshots, making this setting irrelevant. For domains running earlier versions, OpenSearch takes daily automated snapshots.

tags Map<String,String>
tagsAll Map<String,String>
vpcOptions DomainVpcOptionsArgs

Configuration block for VPC related options. Adding or removing this configuration forces a new resource (documentation). Detailed below.

accessPolicies string

IAM policy document specifying the access policies for the domain.

advancedOptions {[key: string]: string}
advancedSecurityOptions DomainAdvancedSecurityOptionsArgs

Configuration block for fine-grained access control. Detailed below.

arn string

ARN of the domain.

autoTuneOptions DomainAutoTuneOptionsArgs

Configuration block for the Auto-Tune options of the domain. Detailed below.

clusterConfig DomainClusterConfigArgs

Configuration block for the cluster of the domain. Detailed below.

cognitoOptions DomainCognitoOptionsArgs

Configuration block for authenticating Kibana with Cognito. Detailed below.

domainEndpointOptions DomainDomainEndpointOptionsArgs

Configuration block for domain endpoint HTTP(S) related options. Detailed below.

domainId string

Unique identifier for the domain.

domainName string

Name of the domain.

ebsOptions DomainEbsOptionsArgs

Configuration block for EBS related options, may be required based on chosen instance size. Detailed below.

encryptAtRest DomainEncryptAtRestArgs

Configuration block for encrypt at rest options. Only available for certain instance types. Detailed below.

endpoint string

Domain-specific endpoint used to submit index, search, and data upload requests.

engineVersion string

Either Elasticsearch_X.Y or OpenSearch_X.Y to specify the engine version for the Amazon OpenSearch Service domain. For example, OpenSearch_1.0 or Elasticsearch_7.9. See Creating and managing Amazon OpenSearch Service domains. Defaults to OpenSearch_1.1.

kibanaEndpoint string

Domain-specific endpoint for kibana without https scheme.

logPublishingOptions DomainLogPublishingOptionArgs[]

Configuration block for publishing slow and application logs to CloudWatch Logs. This block can be declared multiple times, for each log_type, within the same resource. Detailed below.

nodeToNodeEncryption DomainNodeToNodeEncryptionArgs

Configuration block for node-to-node encryption options. Detailed below.

snapshotOptions DomainSnapshotOptionsArgs

Configuration block for snapshot related options. Detailed below. DEPRECATED. For domains running OpenSearch 5.3 and later, Amazon OpenSearch takes hourly automated snapshots, making this setting irrelevant. For domains running earlier versions, OpenSearch takes daily automated snapshots.

tags {[key: string]: string}
tagsAll {[key: string]: string}
vpcOptions DomainVpcOptionsArgs

Configuration block for VPC related options. Adding or removing this configuration forces a new resource (documentation). Detailed below.

access_policies str

IAM policy document specifying the access policies for the domain.

advanced_options Mapping[str, str]
advanced_security_options DomainAdvancedSecurityOptionsArgs

Configuration block for fine-grained access control. Detailed below.

arn str

ARN of the domain.

auto_tune_options DomainAutoTuneOptionsArgs

Configuration block for the Auto-Tune options of the domain. Detailed below.

cluster_config DomainClusterConfigArgs

Configuration block for the cluster of the domain. Detailed below.

cognito_options DomainCognitoOptionsArgs

Configuration block for authenticating Kibana with Cognito. Detailed below.

domain_endpoint_options DomainDomainEndpointOptionsArgs

Configuration block for domain endpoint HTTP(S) related options. Detailed below.

domain_id str

Unique identifier for the domain.

domain_name str

Name of the domain.

ebs_options DomainEbsOptionsArgs

Configuration block for EBS related options, may be required based on chosen instance size. Detailed below.

encrypt_at_rest DomainEncryptAtRestArgs

Configuration block for encrypt at rest options. Only available for certain instance types. Detailed below.

endpoint str

Domain-specific endpoint used to submit index, search, and data upload requests.

engine_version str

Either Elasticsearch_X.Y or OpenSearch_X.Y to specify the engine version for the Amazon OpenSearch Service domain. For example, OpenSearch_1.0 or Elasticsearch_7.9. See Creating and managing Amazon OpenSearch Service domains. Defaults to OpenSearch_1.1.

kibana_endpoint str

Domain-specific endpoint for kibana without https scheme.

log_publishing_options Sequence[DomainLogPublishingOptionArgs]

Configuration block for publishing slow and application logs to CloudWatch Logs. This block can be declared multiple times, for each log_type, within the same resource. Detailed below.

node_to_node_encryption DomainNodeToNodeEncryptionArgs

Configuration block for node-to-node encryption options. Detailed below.

snapshot_options DomainSnapshotOptionsArgs

Configuration block for snapshot related options. Detailed below. DEPRECATED. For domains running OpenSearch 5.3 and later, Amazon OpenSearch takes hourly automated snapshots, making this setting irrelevant. For domains running earlier versions, OpenSearch takes daily automated snapshots.

tags Mapping[str, str]
tags_all Mapping[str, str]
vpc_options DomainVpcOptionsArgs

Configuration block for VPC related options. Adding or removing this configuration forces a new resource (documentation). Detailed below.

accessPolicies String

IAM policy document specifying the access policies for the domain.

advancedOptions Map<String>
advancedSecurityOptions Property Map

Configuration block for fine-grained access control. Detailed below.

arn String

ARN of the domain.

autoTuneOptions Property Map

Configuration block for the Auto-Tune options of the domain. Detailed below.

clusterConfig Property Map

Configuration block for the cluster of the domain. Detailed below.

cognitoOptions Property Map

Configuration block for authenticating Kibana with Cognito. Detailed below.

domainEndpointOptions Property Map

Configuration block for domain endpoint HTTP(S) related options. Detailed below.

domainId String

Unique identifier for the domain.

domainName String

Name of the domain.

ebsOptions Property Map

Configuration block for EBS related options, may be required based on chosen instance size. Detailed below.

encryptAtRest Property Map

Configuration block for encrypt at rest options. Only available for certain instance types. Detailed below.

endpoint String

Domain-specific endpoint used to submit index, search, and data upload requests.

engineVersion String

Either Elasticsearch_X.Y or OpenSearch_X.Y to specify the engine version for the Amazon OpenSearch Service domain. For example, OpenSearch_1.0 or Elasticsearch_7.9. See Creating and managing Amazon OpenSearch Service domains. Defaults to OpenSearch_1.1.

kibanaEndpoint String

Domain-specific endpoint for kibana without https scheme.

logPublishingOptions List<Property Map>

Configuration block for publishing slow and application logs to CloudWatch Logs. This block can be declared multiple times, for each log_type, within the same resource. Detailed below.

nodeToNodeEncryption Property Map

Configuration block for node-to-node encryption options. Detailed below.

snapshotOptions Property Map

Configuration block for snapshot related options. Detailed below. DEPRECATED. For domains running OpenSearch 5.3 and later, Amazon OpenSearch takes hourly automated snapshots, making this setting irrelevant. For domains running earlier versions, OpenSearch takes daily automated snapshots.

tags Map<String>
tagsAll Map<String>
vpcOptions Property Map

Configuration block for VPC related options. Adding or removing this configuration forces a new resource (documentation). Detailed below.

Supporting Types

DomainAdvancedSecurityOptions

Enabled bool

Whether to enable node-to-node encryption. If the node_to_node_encryption block is not provided then this defaults to false. Enabling node-to-node encryption of a new domain requires an engine_version of OpenSearch_X.Y or Elasticsearch_6.0 or greater.

InternalUserDatabaseEnabled bool

Whether the internal user database is enabled. Default is false.

MasterUserOptions DomainAdvancedSecurityOptionsMasterUserOptions

Configuration block for the main user. Detailed below.

Enabled bool

Whether to enable node-to-node encryption. If the node_to_node_encryption block is not provided then this defaults to false. Enabling node-to-node encryption of a new domain requires an engine_version of OpenSearch_X.Y or Elasticsearch_6.0 or greater.

InternalUserDatabaseEnabled bool

Whether the internal user database is enabled. Default is false.

MasterUserOptions DomainAdvancedSecurityOptionsMasterUserOptions

Configuration block for the main user. Detailed below.

enabled Boolean

Whether to enable node-to-node encryption. If the node_to_node_encryption block is not provided then this defaults to false. Enabling node-to-node encryption of a new domain requires an engine_version of OpenSearch_X.Y or Elasticsearch_6.0 or greater.

internalUserDatabaseEnabled Boolean

Whether the internal user database is enabled. Default is false.

masterUserOptions DomainAdvancedSecurityOptionsMasterUserOptions

Configuration block for the main user. Detailed below.

enabled boolean

Whether to enable node-to-node encryption. If the node_to_node_encryption block is not provided then this defaults to false. Enabling node-to-node encryption of a new domain requires an engine_version of OpenSearch_X.Y or Elasticsearch_6.0 or greater.

internalUserDatabaseEnabled boolean

Whether the internal user database is enabled. Default is false.

masterUserOptions DomainAdvancedSecurityOptionsMasterUserOptions

Configuration block for the main user. Detailed below.

enabled bool

Whether to enable node-to-node encryption. If the node_to_node_encryption block is not provided then this defaults to false. Enabling node-to-node encryption of a new domain requires an engine_version of OpenSearch_X.Y or Elasticsearch_6.0 or greater.

internal_user_database_enabled bool

Whether the internal user database is enabled. Default is false.

master_user_options DomainAdvancedSecurityOptionsMasterUserOptions

Configuration block for the main user. Detailed below.

enabled Boolean

Whether to enable node-to-node encryption. If the node_to_node_encryption block is not provided then this defaults to false. Enabling node-to-node encryption of a new domain requires an engine_version of OpenSearch_X.Y or Elasticsearch_6.0 or greater.

internalUserDatabaseEnabled Boolean

Whether the internal user database is enabled. Default is false.

masterUserOptions Property Map

Configuration block for the main user. Detailed below.

DomainAdvancedSecurityOptionsMasterUserOptions

MasterUserArn string

ARN for the main user. Only specify if internal_user_database_enabled is not set or set to false.

MasterUserName string

Main user's username, which is stored in the Amazon OpenSearch Service domain's internal database. Only specify if internal_user_database_enabled is set to true.

MasterUserPassword string

Main user's password, which is stored in the Amazon OpenSearch Service domain's internal database. Only specify if internal_user_database_enabled is set to true.

MasterUserArn string

ARN for the main user. Only specify if internal_user_database_enabled is not set or set to false.

MasterUserName string

Main user's username, which is stored in the Amazon OpenSearch Service domain's internal database. Only specify if internal_user_database_enabled is set to true.

MasterUserPassword string

Main user's password, which is stored in the Amazon OpenSearch Service domain's internal database. Only specify if internal_user_database_enabled is set to true.

masterUserArn String

ARN for the main user. Only specify if internal_user_database_enabled is not set or set to false.

masterUserName String

Main user's username, which is stored in the Amazon OpenSearch Service domain's internal database. Only specify if internal_user_database_enabled is set to true.

masterUserPassword String

Main user's password, which is stored in the Amazon OpenSearch Service domain's internal database. Only specify if internal_user_database_enabled is set to true.

masterUserArn string

ARN for the main user. Only specify if internal_user_database_enabled is not set or set to false.

masterUserName string

Main user's username, which is stored in the Amazon OpenSearch Service domain's internal database. Only specify if internal_user_database_enabled is set to true.

masterUserPassword string

Main user's password, which is stored in the Amazon OpenSearch Service domain's internal database. Only specify if internal_user_database_enabled is set to true.

master_user_arn str

ARN for the main user. Only specify if internal_user_database_enabled is not set or set to false.

master_user_name str

Main user's username, which is stored in the Amazon OpenSearch Service domain's internal database. Only specify if internal_user_database_enabled is set to true.

master_user_password str

Main user's password, which is stored in the Amazon OpenSearch Service domain's internal database. Only specify if internal_user_database_enabled is set to true.

masterUserArn String

ARN for the main user. Only specify if internal_user_database_enabled is not set or set to false.

masterUserName String

Main user's username, which is stored in the Amazon OpenSearch Service domain's internal database. Only specify if internal_user_database_enabled is set to true.

masterUserPassword String

Main user's password, which is stored in the Amazon OpenSearch Service domain's internal database. Only specify if internal_user_database_enabled is set to true.

DomainAutoTuneOptions

DesiredState string

Auto-Tune desired state for the domain. Valid values: ENABLED or DISABLED.

MaintenanceSchedules List<DomainAutoTuneOptionsMaintenanceSchedule>

Configuration block for Auto-Tune maintenance windows. Can be specified multiple times for each maintenance window. Detailed below.

RollbackOnDisable string

Whether to roll back to default Auto-Tune settings when disabling Auto-Tune. Valid values: DEFAULT_ROLLBACK or NO_ROLLBACK.

DesiredState string

Auto-Tune desired state for the domain. Valid values: ENABLED or DISABLED.

MaintenanceSchedules []DomainAutoTuneOptionsMaintenanceSchedule

Configuration block for Auto-Tune maintenance windows. Can be specified multiple times for each maintenance window. Detailed below.

RollbackOnDisable string

Whether to roll back to default Auto-Tune settings when disabling Auto-Tune. Valid values: DEFAULT_ROLLBACK or NO_ROLLBACK.

desiredState String

Auto-Tune desired state for the domain. Valid values: ENABLED or DISABLED.

maintenanceSchedules List<DomainAutoTuneOptionsMaintenanceSchedule>

Configuration block for Auto-Tune maintenance windows. Can be specified multiple times for each maintenance window. Detailed below.

rollbackOnDisable String

Whether to roll back to default Auto-Tune settings when disabling Auto-Tune. Valid values: DEFAULT_ROLLBACK or NO_ROLLBACK.

desiredState string

Auto-Tune desired state for the domain. Valid values: ENABLED or DISABLED.

maintenanceSchedules DomainAutoTuneOptionsMaintenanceSchedule[]

Configuration block for Auto-Tune maintenance windows. Can be specified multiple times for each maintenance window. Detailed below.

rollbackOnDisable string

Whether to roll back to default Auto-Tune settings when disabling Auto-Tune. Valid values: DEFAULT_ROLLBACK or NO_ROLLBACK.

desired_state str

Auto-Tune desired state for the domain. Valid values: ENABLED or DISABLED.

maintenance_schedules Sequence[DomainAutoTuneOptionsMaintenanceSchedule]

Configuration block for Auto-Tune maintenance windows. Can be specified multiple times for each maintenance window. Detailed below.

rollback_on_disable str

Whether to roll back to default Auto-Tune settings when disabling Auto-Tune. Valid values: DEFAULT_ROLLBACK or NO_ROLLBACK.

desiredState String

Auto-Tune desired state for the domain. Valid values: ENABLED or DISABLED.

maintenanceSchedules List<Property Map>

Configuration block for Auto-Tune maintenance windows. Can be specified multiple times for each maintenance window. Detailed below.

rollbackOnDisable String

Whether to roll back to default Auto-Tune settings when disabling Auto-Tune. Valid values: DEFAULT_ROLLBACK or NO_ROLLBACK.

DomainAutoTuneOptionsMaintenanceSchedule

CronExpressionForRecurrence string

A cron expression specifying the recurrence pattern for an Auto-Tune maintenance schedule.

Duration DomainAutoTuneOptionsMaintenanceScheduleDuration

Configuration block for the duration of the Auto-Tune maintenance window. Detailed below.

StartAt string

Date and time at which to start the Auto-Tune maintenance schedule in RFC3339 format.

CronExpressionForRecurrence string

A cron expression specifying the recurrence pattern for an Auto-Tune maintenance schedule.

Duration DomainAutoTuneOptionsMaintenanceScheduleDuration

Configuration block for the duration of the Auto-Tune maintenance window. Detailed below.

StartAt string

Date and time at which to start the Auto-Tune maintenance schedule in RFC3339 format.

cronExpressionForRecurrence String

A cron expression specifying the recurrence pattern for an Auto-Tune maintenance schedule.

duration DomainAutoTuneOptionsMaintenanceScheduleDuration

Configuration block for the duration of the Auto-Tune maintenance window. Detailed below.

startAt String

Date and time at which to start the Auto-Tune maintenance schedule in RFC3339 format.

cronExpressionForRecurrence string

A cron expression specifying the recurrence pattern for an Auto-Tune maintenance schedule.

duration DomainAutoTuneOptionsMaintenanceScheduleDuration

Configuration block for the duration of the Auto-Tune maintenance window. Detailed below.

startAt string

Date and time at which to start the Auto-Tune maintenance schedule in RFC3339 format.

cron_expression_for_recurrence str

A cron expression specifying the recurrence pattern for an Auto-Tune maintenance schedule.

duration DomainAutoTuneOptionsMaintenanceScheduleDuration

Configuration block for the duration of the Auto-Tune maintenance window. Detailed below.

start_at str

Date and time at which to start the Auto-Tune maintenance schedule in RFC3339 format.

cronExpressionForRecurrence String

A cron expression specifying the recurrence pattern for an Auto-Tune maintenance schedule.

duration Property Map

Configuration block for the duration of the Auto-Tune maintenance window. Detailed below.

startAt String

Date and time at which to start the Auto-Tune maintenance schedule in RFC3339 format.

DomainAutoTuneOptionsMaintenanceScheduleDuration

Unit string

Unit of time specifying the duration of an Auto-Tune maintenance window. Valid values: HOURS.

Value int

An integer specifying the value of the duration of an Auto-Tune maintenance window.

Unit string

Unit of time specifying the duration of an Auto-Tune maintenance window. Valid values: HOURS.

Value int

An integer specifying the value of the duration of an Auto-Tune maintenance window.

unit String

Unit of time specifying the duration of an Auto-Tune maintenance window. Valid values: HOURS.

value Integer

An integer specifying the value of the duration of an Auto-Tune maintenance window.

unit string

Unit of time specifying the duration of an Auto-Tune maintenance window. Valid values: HOURS.

value number

An integer specifying the value of the duration of an Auto-Tune maintenance window.

unit str

Unit of time specifying the duration of an Auto-Tune maintenance window. Valid values: HOURS.

value int

An integer specifying the value of the duration of an Auto-Tune maintenance window.

unit String

Unit of time specifying the duration of an Auto-Tune maintenance window. Valid values: HOURS.

value Number

An integer specifying the value of the duration of an Auto-Tune maintenance window.

DomainClusterConfig

ColdStorageOptions DomainClusterConfigColdStorageOptions

Configuration block containing cold storage configuration. Detailed below.

DedicatedMasterCount int

Number of dedicated main nodes in the cluster.

DedicatedMasterEnabled bool

Whether dedicated main nodes are enabled for the cluster.

DedicatedMasterType string

Instance type of the dedicated main nodes in the cluster.

InstanceCount int

Number of instances in the cluster.

InstanceType string

Instance type of data nodes in the cluster.

WarmCount int

Number of warm nodes in the cluster. Valid values are between 2 and 150. warm_count can be only and must be set when warm_enabled is set to true.

WarmEnabled bool

Whether to enable warm storage.

WarmType string

Instance type for the OpenSearch cluster's warm nodes. Valid values are ultrawarm1.medium.search, ultrawarm1.large.search and ultrawarm1.xlarge.search. warm_type can be only and must be set when warm_enabled is set to true.

ZoneAwarenessConfig DomainClusterConfigZoneAwarenessConfig

Configuration block containing zone awareness settings. Detailed below.

ZoneAwarenessEnabled bool

Whether zone awareness is enabled, set to true for multi-az deployment. To enable awareness with three Availability Zones, the availability_zone_count within the zone_awareness_config must be set to 3.

ColdStorageOptions DomainClusterConfigColdStorageOptions

Configuration block containing cold storage configuration. Detailed below.

DedicatedMasterCount int

Number of dedicated main nodes in the cluster.

DedicatedMasterEnabled bool

Whether dedicated main nodes are enabled for the cluster.

DedicatedMasterType string

Instance type of the dedicated main nodes in the cluster.

InstanceCount int

Number of instances in the cluster.

InstanceType string

Instance type of data nodes in the cluster.

WarmCount int

Number of warm nodes in the cluster. Valid values are between 2 and 150. warm_count can be only and must be set when warm_enabled is set to true.

WarmEnabled bool

Whether to enable warm storage.

WarmType string

Instance type for the OpenSearch cluster's warm nodes. Valid values are ultrawarm1.medium.search, ultrawarm1.large.search and ultrawarm1.xlarge.search. warm_type can be only and must be set when warm_enabled is set to true.

ZoneAwarenessConfig DomainClusterConfigZoneAwarenessConfig

Configuration block containing zone awareness settings. Detailed below.

ZoneAwarenessEnabled bool

Whether zone awareness is enabled, set to true for multi-az deployment. To enable awareness with three Availability Zones, the availability_zone_count within the zone_awareness_config must be set to 3.

coldStorageOptions DomainClusterConfigColdStorageOptions

Configuration block containing cold storage configuration. Detailed below.

dedicatedMasterCount Integer

Number of dedicated main nodes in the cluster.

dedicatedMasterEnabled Boolean

Whether dedicated main nodes are enabled for the cluster.

dedicatedMasterType String

Instance type of the dedicated main nodes in the cluster.

instanceCount Integer

Number of instances in the cluster.

instanceType String

Instance type of data nodes in the cluster.

warmCount Integer

Number of warm nodes in the cluster. Valid values are between 2 and 150. warm_count can be only and must be set when warm_enabled is set to true.

warmEnabled Boolean

Whether to enable warm storage.

warmType String

Instance type for the OpenSearch cluster's warm nodes. Valid values are ultrawarm1.medium.search, ultrawarm1.large.search and ultrawarm1.xlarge.search. warm_type can be only and must be set when warm_enabled is set to true.

zoneAwarenessConfig DomainClusterConfigZoneAwarenessConfig

Configuration block containing zone awareness settings. Detailed below.

zoneAwarenessEnabled Boolean

Whether zone awareness is enabled, set to true for multi-az deployment. To enable awareness with three Availability Zones, the availability_zone_count within the zone_awareness_config must be set to 3.

coldStorageOptions DomainClusterConfigColdStorageOptions

Configuration block containing cold storage configuration. Detailed below.

dedicatedMasterCount number

Number of dedicated main nodes in the cluster.

dedicatedMasterEnabled boolean

Whether dedicated main nodes are enabled for the cluster.

dedicatedMasterType string

Instance type of the dedicated main nodes in the cluster.

instanceCount number

Number of instances in the cluster.

instanceType string

Instance type of data nodes in the cluster.

warmCount number

Number of warm nodes in the cluster. Valid values are between 2 and 150. warm_count can be only and must be set when warm_enabled is set to true.

warmEnabled boolean

Whether to enable warm storage.

warmType string

Instance type for the OpenSearch cluster's warm nodes. Valid values are ultrawarm1.medium.search, ultrawarm1.large.search and ultrawarm1.xlarge.search. warm_type can be only and must be set when warm_enabled is set to true.

zoneAwarenessConfig DomainClusterConfigZoneAwarenessConfig

Configuration block containing zone awareness settings. Detailed below.

zoneAwarenessEnabled boolean

Whether zone awareness is enabled, set to true for multi-az deployment. To enable awareness with three Availability Zones, the availability_zone_count within the zone_awareness_config must be set to 3.

cold_storage_options DomainClusterConfigColdStorageOptions

Configuration block containing cold storage configuration. Detailed below.

dedicated_master_count int

Number of dedicated main nodes in the cluster.

dedicated_master_enabled bool

Whether dedicated main nodes are enabled for the cluster.

dedicated_master_type str

Instance type of the dedicated main nodes in the cluster.

instance_count int

Number of instances in the cluster.

instance_type str

Instance type of data nodes in the cluster.

warm_count int

Number of warm nodes in the cluster. Valid values are between 2 and 150. warm_count can be only and must be set when warm_enabled is set to true.

warm_enabled bool

Whether to enable warm storage.

warm_type str

Instance type for the OpenSearch cluster's warm nodes. Valid values are ultrawarm1.medium.search, ultrawarm1.large.search and ultrawarm1.xlarge.search. warm_type can be only and must be set when warm_enabled is set to true.

zone_awareness_config DomainClusterConfigZoneAwarenessConfig

Configuration block containing zone awareness settings. Detailed below.

zone_awareness_enabled bool

Whether zone awareness is enabled, set to true for multi-az deployment. To enable awareness with three Availability Zones, the availability_zone_count within the zone_awareness_config must be set to 3.

coldStorageOptions Property Map

Configuration block containing cold storage configuration. Detailed below.

dedicatedMasterCount Number

Number of dedicated main nodes in the cluster.

dedicatedMasterEnabled Boolean

Whether dedicated main nodes are enabled for the cluster.

dedicatedMasterType String

Instance type of the dedicated main nodes in the cluster.

instanceCount Number

Number of instances in the cluster.

instanceType String

Instance type of data nodes in the cluster.

warmCount Number

Number of warm nodes in the cluster. Valid values are between 2 and 150. warm_count can be only and must be set when warm_enabled is set to true.

warmEnabled Boolean

Whether to enable warm storage.

warmType String

Instance type for the OpenSearch cluster's warm nodes. Valid values are ultrawarm1.medium.search, ultrawarm1.large.search and ultrawarm1.xlarge.search. warm_type can be only and must be set when warm_enabled is set to true.

zoneAwarenessConfig Property Map

Configuration block containing zone awareness settings. Detailed below.

zoneAwarenessEnabled Boolean

Whether zone awareness is enabled, set to true for multi-az deployment. To enable awareness with three Availability Zones, the availability_zone_count within the zone_awareness_config must be set to 3.

DomainClusterConfigColdStorageOptions

Enabled bool

Whether to enable node-to-node encryption. If the node_to_node_encryption block is not provided then this defaults to false. Enabling node-to-node encryption of a new domain requires an engine_version of OpenSearch_X.Y or Elasticsearch_6.0 or greater.

Enabled bool

Whether to enable node-to-node encryption. If the node_to_node_encryption block is not provided then this defaults to false. Enabling node-to-node encryption of a new domain requires an engine_version of OpenSearch_X.Y or Elasticsearch_6.0 or greater.

enabled Boolean

Whether to enable node-to-node encryption. If the node_to_node_encryption block is not provided then this defaults to false. Enabling node-to-node encryption of a new domain requires an engine_version of OpenSearch_X.Y or Elasticsearch_6.0 or greater.

enabled boolean

Whether to enable node-to-node encryption. If the node_to_node_encryption block is not provided then this defaults to false. Enabling node-to-node encryption of a new domain requires an engine_version of OpenSearch_X.Y or Elasticsearch_6.0 or greater.

enabled bool

Whether to enable node-to-node encryption. If the node_to_node_encryption block is not provided then this defaults to false. Enabling node-to-node encryption of a new domain requires an engine_version of OpenSearch_X.Y or Elasticsearch_6.0 or greater.

enabled Boolean

Whether to enable node-to-node encryption. If the node_to_node_encryption block is not provided then this defaults to false. Enabling node-to-node encryption of a new domain requires an engine_version of OpenSearch_X.Y or Elasticsearch_6.0 or greater.

DomainClusterConfigZoneAwarenessConfig

AvailabilityZoneCount int

Number of Availability Zones for the domain to use with zone_awareness_enabled. Defaults to 2. Valid values: 2 or 3.

AvailabilityZoneCount int

Number of Availability Zones for the domain to use with zone_awareness_enabled. Defaults to 2. Valid values: 2 or 3.

availabilityZoneCount Integer

Number of Availability Zones for the domain to use with zone_awareness_enabled. Defaults to 2. Valid values: 2 or 3.

availabilityZoneCount number

Number of Availability Zones for the domain to use with zone_awareness_enabled. Defaults to 2. Valid values: 2 or 3.

availability_zone_count int

Number of Availability Zones for the domain to use with zone_awareness_enabled. Defaults to 2. Valid values: 2 or 3.

availabilityZoneCount Number

Number of Availability Zones for the domain to use with zone_awareness_enabled. Defaults to 2. Valid values: 2 or 3.

DomainCognitoOptions

IdentityPoolId string

ID of the Cognito Identity Pool to use.

RoleArn string

ARN of the IAM role that has the AmazonOpenSearchServiceCognitoAccess policy attached.

UserPoolId string

ID of the Cognito User Pool to use.

Enabled bool

Whether to enable node-to-node encryption. If the node_to_node_encryption block is not provided then this defaults to false. Enabling node-to-node encryption of a new domain requires an engine_version of OpenSearch_X.Y or Elasticsearch_6.0 or greater.

IdentityPoolId string

ID of the Cognito Identity Pool to use.

RoleArn string

ARN of the IAM role that has the AmazonOpenSearchServiceCognitoAccess policy attached.

UserPoolId string

ID of the Cognito User Pool to use.

Enabled bool

Whether to enable node-to-node encryption. If the node_to_node_encryption block is not provided then this defaults to false. Enabling node-to-node encryption of a new domain requires an engine_version of OpenSearch_X.Y or Elasticsearch_6.0 or greater.

identityPoolId String

ID of the Cognito Identity Pool to use.

roleArn String

ARN of the IAM role that has the AmazonOpenSearchServiceCognitoAccess policy attached.

userPoolId String

ID of the Cognito User Pool to use.

enabled Boolean

Whether to enable node-to-node encryption. If the node_to_node_encryption block is not provided then this defaults to false. Enabling node-to-node encryption of a new domain requires an engine_version of OpenSearch_X.Y or Elasticsearch_6.0 or greater.

identityPoolId string

ID of the Cognito Identity Pool to use.

roleArn string

ARN of the IAM role that has the AmazonOpenSearchServiceCognitoAccess policy attached.

userPoolId string

ID of the Cognito User Pool to use.

enabled boolean

Whether to enable node-to-node encryption. If the node_to_node_encryption block is not provided then this defaults to false. Enabling node-to-node encryption of a new domain requires an engine_version of OpenSearch_X.Y or Elasticsearch_6.0 or greater.

identity_pool_id str

ID of the Cognito Identity Pool to use.

role_arn str

ARN of the IAM role that has the AmazonOpenSearchServiceCognitoAccess policy attached.

user_pool_id str

ID of the Cognito User Pool to use.

enabled bool

Whether to enable node-to-node encryption. If the node_to_node_encryption block is not provided then this defaults to false. Enabling node-to-node encryption of a new domain requires an engine_version of OpenSearch_X.Y or Elasticsearch_6.0 or greater.

identityPoolId String

ID of the Cognito Identity Pool to use.

roleArn String

ARN of the IAM role that has the AmazonOpenSearchServiceCognitoAccess policy attached.

userPoolId String

ID of the Cognito User Pool to use.

enabled Boolean

Whether to enable node-to-node encryption. If the node_to_node_encryption block is not provided then this defaults to false. Enabling node-to-node encryption of a new domain requires an engine_version of OpenSearch_X.Y or Elasticsearch_6.0 or greater.

DomainDomainEndpointOptions

CustomEndpoint string

Fully qualified domain for your custom endpoint.

CustomEndpointCertificateArn string

ACM certificate ARN for your custom endpoint.

CustomEndpointEnabled bool

Whether to enable custom endpoint for the OpenSearch domain.

EnforceHttps bool

Whether or not to require HTTPS. Defaults to true.

TlsSecurityPolicy string
CustomEndpoint string

Fully qualified domain for your custom endpoint.

CustomEndpointCertificateArn string

ACM certificate ARN for your custom endpoint.

CustomEndpointEnabled bool

Whether to enable custom endpoint for the OpenSearch domain.

EnforceHttps bool

Whether or not to require HTTPS. Defaults to true.

TlsSecurityPolicy string
customEndpoint String

Fully qualified domain for your custom endpoint.

customEndpointCertificateArn String

ACM certificate ARN for your custom endpoint.

customEndpointEnabled Boolean

Whether to enable custom endpoint for the OpenSearch domain.

enforceHttps Boolean

Whether or not to require HTTPS. Defaults to true.

tlsSecurityPolicy String
customEndpoint string

Fully qualified domain for your custom endpoint.

customEndpointCertificateArn string

ACM certificate ARN for your custom endpoint.

customEndpointEnabled boolean

Whether to enable custom endpoint for the OpenSearch domain.

enforceHttps boolean

Whether or not to require HTTPS. Defaults to true.

tlsSecurityPolicy string
custom_endpoint str

Fully qualified domain for your custom endpoint.

custom_endpoint_certificate_arn str

ACM certificate ARN for your custom endpoint.

custom_endpoint_enabled bool

Whether to enable custom endpoint for the OpenSearch domain.

enforce_https bool

Whether or not to require HTTPS. Defaults to true.

tls_security_policy str
customEndpoint String

Fully qualified domain for your custom endpoint.

customEndpointCertificateArn String

ACM certificate ARN for your custom endpoint.

customEndpointEnabled Boolean

Whether to enable custom endpoint for the OpenSearch domain.

enforceHttps Boolean

Whether or not to require HTTPS. Defaults to true.

tlsSecurityPolicy String

DomainEbsOptions

EbsEnabled bool

Whether EBS volumes are attached to data nodes in the domain.

Iops int

Baseline input/output (I/O) performance of EBS volumes attached to data nodes. Applicable only for the Provisioned IOPS EBS volume type.

VolumeSize int

Size of EBS volumes attached to data nodes (in GiB).

VolumeType string

Type of EBS volumes attached to data nodes.

EbsEnabled bool

Whether EBS volumes are attached to data nodes in the domain.

Iops int

Baseline input/output (I/O) performance of EBS volumes attached to data nodes. Applicable only for the Provisioned IOPS EBS volume type.

VolumeSize int

Size of EBS volumes attached to data nodes (in GiB).

VolumeType string

Type of EBS volumes attached to data nodes.

ebsEnabled Boolean

Whether EBS volumes are attached to data nodes in the domain.

iops Integer

Baseline input/output (I/O) performance of EBS volumes attached to data nodes. Applicable only for the Provisioned IOPS EBS volume type.

volumeSize Integer

Size of EBS volumes attached to data nodes (in GiB).

volumeType String

Type of EBS volumes attached to data nodes.

ebsEnabled boolean

Whether EBS volumes are attached to data nodes in the domain.

iops number

Baseline input/output (I/O) performance of EBS volumes attached to data nodes. Applicable only for the Provisioned IOPS EBS volume type.

volumeSize number

Size of EBS volumes attached to data nodes (in GiB).

volumeType string

Type of EBS volumes attached to data nodes.

ebs_enabled bool

Whether EBS volumes are attached to data nodes in the domain.

iops int

Baseline input/output (I/O) performance of EBS volumes attached to data nodes. Applicable only for the Provisioned IOPS EBS volume type.

volume_size int

Size of EBS volumes attached to data nodes (in GiB).

volume_type str

Type of EBS volumes attached to data nodes.

ebsEnabled Boolean

Whether EBS volumes are attached to data nodes in the domain.

iops Number

Baseline input/output (I/O) performance of EBS volumes attached to data nodes. Applicable only for the Provisioned IOPS EBS volume type.

volumeSize Number

Size of EBS volumes attached to data nodes (in GiB).

volumeType String

Type of EBS volumes attached to data nodes.

DomainEncryptAtRest

Enabled bool

Whether to enable node-to-node encryption. If the node_to_node_encryption block is not provided then this defaults to false. Enabling node-to-node encryption of a new domain requires an engine_version of OpenSearch_X.Y or Elasticsearch_6.0 or greater.

KmsKeyId string
Enabled bool

Whether to enable node-to-node encryption. If the node_to_node_encryption block is not provided then this defaults to false. Enabling node-to-node encryption of a new domain requires an engine_version of OpenSearch_X.Y or Elasticsearch_6.0 or greater.

KmsKeyId string
enabled Boolean

Whether to enable node-to-node encryption. If the node_to_node_encryption block is not provided then this defaults to false. Enabling node-to-node encryption of a new domain requires an engine_version of OpenSearch_X.Y or Elasticsearch_6.0 or greater.

kmsKeyId String
enabled boolean

Whether to enable node-to-node encryption. If the node_to_node_encryption block is not provided then this defaults to false. Enabling node-to-node encryption of a new domain requires an engine_version of OpenSearch_X.Y or Elasticsearch_6.0 or greater.

kmsKeyId string
enabled bool

Whether to enable node-to-node encryption. If the node_to_node_encryption block is not provided then this defaults to false. Enabling node-to-node encryption of a new domain requires an engine_version of OpenSearch_X.Y or Elasticsearch_6.0 or greater.

kms_key_id str
enabled Boolean

Whether to enable node-to-node encryption. If the node_to_node_encryption block is not provided then this defaults to false. Enabling node-to-node encryption of a new domain requires an engine_version of OpenSearch_X.Y or Elasticsearch_6.0 or greater.

kmsKeyId String

DomainLogPublishingOption

CloudwatchLogGroupArn string

ARN of the Cloudwatch log group to which log needs to be published.

LogType string

Type of OpenSearch log. Valid values: INDEX_SLOW_LOGS, SEARCH_SLOW_LOGS, ES_APPLICATION_LOGS, AUDIT_LOGS.

Enabled bool

Whether to enable node-to-node encryption. If the node_to_node_encryption block is not provided then this defaults to false. Enabling node-to-node encryption of a new domain requires an engine_version of OpenSearch_X.Y or Elasticsearch_6.0 or greater.

CloudwatchLogGroupArn string

ARN of the Cloudwatch log group to which log needs to be published.

LogType string

Type of OpenSearch log. Valid values: INDEX_SLOW_LOGS, SEARCH_SLOW_LOGS, ES_APPLICATION_LOGS, AUDIT_LOGS.

Enabled bool

Whether to enable node-to-node encryption. If the node_to_node_encryption block is not provided then this defaults to false. Enabling node-to-node encryption of a new domain requires an engine_version of OpenSearch_X.Y or Elasticsearch_6.0 or greater.

cloudwatchLogGroupArn String

ARN of the Cloudwatch log group to which log needs to be published.

logType String

Type of OpenSearch log. Valid values: INDEX_SLOW_LOGS, SEARCH_SLOW_LOGS, ES_APPLICATION_LOGS, AUDIT_LOGS.

enabled Boolean

Whether to enable node-to-node encryption. If the node_to_node_encryption block is not provided then this defaults to false. Enabling node-to-node encryption of a new domain requires an engine_version of OpenSearch_X.Y or Elasticsearch_6.0 or greater.

cloudwatchLogGroupArn string

ARN of the Cloudwatch log group to which log needs to be published.

logType string

Type of OpenSearch log. Valid values: INDEX_SLOW_LOGS, SEARCH_SLOW_LOGS, ES_APPLICATION_LOGS, AUDIT_LOGS.

enabled boolean

Whether to enable node-to-node encryption. If the node_to_node_encryption block is not provided then this defaults to false. Enabling node-to-node encryption of a new domain requires an engine_version of OpenSearch_X.Y or Elasticsearch_6.0 or greater.

cloudwatch_log_group_arn str

ARN of the Cloudwatch log group to which log needs to be published.

log_type str

Type of OpenSearch log. Valid values: INDEX_SLOW_LOGS, SEARCH_SLOW_LOGS, ES_APPLICATION_LOGS, AUDIT_LOGS.

enabled bool

Whether to enable node-to-node encryption. If the node_to_node_encryption block is not provided then this defaults to false. Enabling node-to-node encryption of a new domain requires an engine_version of OpenSearch_X.Y or Elasticsearch_6.0 or greater.

cloudwatchLogGroupArn String

ARN of the Cloudwatch log group to which log needs to be published.

logType String

Type of OpenSearch log. Valid values: INDEX_SLOW_LOGS, SEARCH_SLOW_LOGS, ES_APPLICATION_LOGS, AUDIT_LOGS.

enabled Boolean

Whether to enable node-to-node encryption. If the node_to_node_encryption block is not provided then this defaults to false. Enabling node-to-node encryption of a new domain requires an engine_version of OpenSearch_X.Y or Elasticsearch_6.0 or greater.

DomainNodeToNodeEncryption

Enabled bool

Whether to enable node-to-node encryption. If the node_to_node_encryption block is not provided then this defaults to false. Enabling node-to-node encryption of a new domain requires an engine_version of OpenSearch_X.Y or Elasticsearch_6.0 or greater.

Enabled bool

Whether to enable node-to-node encryption. If the node_to_node_encryption block is not provided then this defaults to false. Enabling node-to-node encryption of a new domain requires an engine_version of OpenSearch_X.Y or Elasticsearch_6.0 or greater.

enabled Boolean

Whether to enable node-to-node encryption. If the node_to_node_encryption block is not provided then this defaults to false. Enabling node-to-node encryption of a new domain requires an engine_version of OpenSearch_X.Y or Elasticsearch_6.0 or greater.

enabled boolean

Whether to enable node-to-node encryption. If the node_to_node_encryption block is not provided then this defaults to false. Enabling node-to-node encryption of a new domain requires an engine_version of OpenSearch_X.Y or Elasticsearch_6.0 or greater.

enabled bool

Whether to enable node-to-node encryption. If the node_to_node_encryption block is not provided then this defaults to false. Enabling node-to-node encryption of a new domain requires an engine_version of OpenSearch_X.Y or Elasticsearch_6.0 or greater.

enabled Boolean

Whether to enable node-to-node encryption. If the node_to_node_encryption block is not provided then this defaults to false. Enabling node-to-node encryption of a new domain requires an engine_version of OpenSearch_X.Y or Elasticsearch_6.0 or greater.

DomainSnapshotOptions

AutomatedSnapshotStartHour int

Hour during which the service takes an automated daily snapshot of the indices in the domain.

AutomatedSnapshotStartHour int

Hour during which the service takes an automated daily snapshot of the indices in the domain.

automatedSnapshotStartHour Integer

Hour during which the service takes an automated daily snapshot of the indices in the domain.

automatedSnapshotStartHour number

Hour during which the service takes an automated daily snapshot of the indices in the domain.

automated_snapshot_start_hour int

Hour during which the service takes an automated daily snapshot of the indices in the domain.

automatedSnapshotStartHour Number

Hour during which the service takes an automated daily snapshot of the indices in the domain.

DomainVpcOptions

AvailabilityZones List<string>
SecurityGroupIds List<string>

List of VPC Security Group IDs to be applied to the OpenSearch domain endpoints. If omitted, the default Security Group for the VPC will be used.

SubnetIds List<string>

List of VPC Subnet IDs for the OpenSearch domain endpoints to be created in.

VpcId string
AvailabilityZones []string
SecurityGroupIds []string

List of VPC Security Group IDs to be applied to the OpenSearch domain endpoints. If omitted, the default Security Group for the VPC will be used.

SubnetIds []string

List of VPC Subnet IDs for the OpenSearch domain endpoints to be created in.

VpcId string
availabilityZones List<String>
securityGroupIds List<String>

List of VPC Security Group IDs to be applied to the OpenSearch domain endpoints. If omitted, the default Security Group for the VPC will be used.

subnetIds List<String>

List of VPC Subnet IDs for the OpenSearch domain endpoints to be created in.

vpcId String
availabilityZones string[]
securityGroupIds string[]

List of VPC Security Group IDs to be applied to the OpenSearch domain endpoints. If omitted, the default Security Group for the VPC will be used.

subnetIds string[]

List of VPC Subnet IDs for the OpenSearch domain endpoints to be created in.

vpcId string
availability_zones Sequence[str]
security_group_ids Sequence[str]

List of VPC Security Group IDs to be applied to the OpenSearch domain endpoints. If omitted, the default Security Group for the VPC will be used.

subnet_ids Sequence[str]

List of VPC Subnet IDs for the OpenSearch domain endpoints to be created in.

vpc_id str
availabilityZones List<String>
securityGroupIds List<String>

List of VPC Security Group IDs to be applied to the OpenSearch domain endpoints. If omitted, the default Security Group for the VPC will be used.

subnetIds List<String>

List of VPC Subnet IDs for the OpenSearch domain endpoints to be created in.

vpcId String

Import

OpenSearch domains can be imported using the domain_name, e.g.,

 $ pulumi import aws:opensearch/domain:Domain example domain_name

Package Details

Repository
https://github.com/pulumi/pulumi-aws
License
Apache-2.0
Notes

This Pulumi package is based on the aws Terraform Provider.