aws.opensearch.Domain
Explore with Pulumi AI
Manages an Amazon OpenSearch Domain.
Elasticsearch vs. OpenSearch
Amazon OpenSearch Service is the successor to Amazon Elasticsearch Service and supports OpenSearch and legacy Elasticsearch OSS (up to 7.10, the final open source version of the software).
OpenSearch Domain configurations are similar in many ways to Elasticsearch Domain configurations. However, there are important differences including these:
- OpenSearch has
engine_version
while Elasticsearch haselasticsearch_version
- Versions are specified differently - e.g.,
Elasticsearch_7.10
with OpenSearch vs.7.10
for Elasticsearch. instance_type
argument values end insearch
for OpenSearch vs.elasticsearch
for Elasticsearch (e.g.,t2.micro.search
vs.t2.micro.elasticsearch
).- The AWS-managed service-linked role for OpenSearch is called
AWSServiceRoleForAmazonOpenSearchService
instead ofAWSServiceRoleForAmazonElasticsearchService
for Elasticsearch.
There are also some potentially unexpected similarities in configurations:
- ARNs for both are prefaced with
arn:aws:es:
. - Both OpenSearch and Elasticsearch use assume role policies that refer to the
Principal
Service
ases.amazonaws.com
. - IAM policy actions, such as those you will find in
access_policies
, are prefaced withes:
for both.
Example Usage
Basic Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.opensearch.Domain("example", {
domainName: "example",
engineVersion: "Elasticsearch_7.10",
clusterConfig: {
instanceType: "r4.large.search",
},
tags: {
Domain: "TestDomain",
},
});
import pulumi
import pulumi_aws as aws
example = aws.opensearch.Domain("example",
domain_name="example",
engine_version="Elasticsearch_7.10",
cluster_config={
"instance_type": "r4.large.search",
},
tags={
"Domain": "TestDomain",
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := opensearch.NewDomain(ctx, "example", &opensearch.DomainArgs{
DomainName: pulumi.String("example"),
EngineVersion: pulumi.String("Elasticsearch_7.10"),
ClusterConfig: &opensearch.DomainClusterConfigArgs{
InstanceType: pulumi.String("r4.large.search"),
},
Tags: pulumi.StringMap{
"Domain": pulumi.String("TestDomain"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.OpenSearch.Domain("example", new()
{
DomainName = "example",
EngineVersion = "Elasticsearch_7.10",
ClusterConfig = new Aws.OpenSearch.Inputs.DomainClusterConfigArgs
{
InstanceType = "r4.large.search",
},
Tags =
{
{ "Domain", "TestDomain" },
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.opensearch.Domain;
import com.pulumi.aws.opensearch.DomainArgs;
import com.pulumi.aws.opensearch.inputs.DomainClusterConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Domain("example", DomainArgs.builder()
.domainName("example")
.engineVersion("Elasticsearch_7.10")
.clusterConfig(DomainClusterConfigArgs.builder()
.instanceType("r4.large.search")
.build())
.tags(Map.of("Domain", "TestDomain"))
.build());
}
}
resources:
example:
type: aws:opensearch:Domain
properties:
domainName: example
engineVersion: Elasticsearch_7.10
clusterConfig:
instanceType: r4.large.search
tags:
Domain: TestDomain
Access Policy
See also:
aws.opensearch.DomainPolicy
resource
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const config = new pulumi.Config();
const domain = config.get("domain") || "tf-test";
const current = aws.getRegion({});
const currentGetCallerIdentity = aws.getCallerIdentity({});
const example = Promise.all([current, currentGetCallerIdentity]).then(([current, currentGetCallerIdentity]) => aws.iam.getPolicyDocument({
statements: [{
effect: "Allow",
principals: [{
type: "*",
identifiers: ["*"],
}],
actions: ["es:*"],
resources: [`arn:aws:es:${current.name}:${currentGetCallerIdentity.accountId}:domain/${domain}/*`],
conditions: [{
test: "IpAddress",
variable: "aws:SourceIp",
values: ["66.193.100.22/32"],
}],
}],
}));
const exampleDomain = new aws.opensearch.Domain("example", {
domainName: domain,
accessPolicies: example.then(example => example.json),
});
import pulumi
import pulumi_aws as aws
config = pulumi.Config()
domain = config.get("domain")
if domain is None:
domain = "tf-test"
current = aws.get_region()
current_get_caller_identity = aws.get_caller_identity()
example = aws.iam.get_policy_document(statements=[{
"effect": "Allow",
"principals": [{
"type": "*",
"identifiers": ["*"],
}],
"actions": ["es:*"],
"resources": [f"arn:aws:es:{current.name}:{current_get_caller_identity.account_id}:domain/{domain}/*"],
"conditions": [{
"test": "IpAddress",
"variable": "aws:SourceIp",
"values": ["66.193.100.22/32"],
}],
}])
example_domain = aws.opensearch.Domain("example",
domain_name=domain,
access_policies=example.json)
package main
import (
"fmt"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
cfg := config.New(ctx, "")
domain := "tf-test"
if param := cfg.Get("domain"); param != "" {
domain = param
}
current, err := aws.GetRegion(ctx, nil, nil)
if err != nil {
return err
}
currentGetCallerIdentity, err := aws.GetCallerIdentity(ctx, nil, nil)
if err != nil {
return err
}
example, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{
Statements: []iam.GetPolicyDocumentStatement{
{
Effect: pulumi.StringRef("Allow"),
Principals: []iam.GetPolicyDocumentStatementPrincipal{
{
Type: "*",
Identifiers: []string{
"*",
},
},
},
Actions: []string{
"es:*",
},
Resources: []string{
fmt.Sprintf("arn:aws:es:%v:%v:domain/%v/*", current.Name, currentGetCallerIdentity.AccountId, domain),
},
Conditions: []iam.GetPolicyDocumentStatementCondition{
{
Test: "IpAddress",
Variable: "aws:SourceIp",
Values: []string{
"66.193.100.22/32",
},
},
},
},
},
}, nil)
if err != nil {
return err
}
_, err = opensearch.NewDomain(ctx, "example", &opensearch.DomainArgs{
DomainName: pulumi.String(domain),
AccessPolicies: pulumi.String(example.Json),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var config = new Config();
var domain = config.Get("domain") ?? "tf-test";
var current = Aws.GetRegion.Invoke();
var currentGetCallerIdentity = Aws.GetCallerIdentity.Invoke();
var example = Aws.Iam.GetPolicyDocument.Invoke(new()
{
Statements = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
{
Effect = "Allow",
Principals = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs
{
Type = "*",
Identifiers = new[]
{
"*",
},
},
},
Actions = new[]
{
"es:*",
},
Resources = new[]
{
$"arn:aws:es:{current.Apply(getRegionResult => getRegionResult.Name)}:{currentGetCallerIdentity.Apply(getCallerIdentityResult => getCallerIdentityResult.AccountId)}:domain/{domain}/*",
},
Conditions = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs
{
Test = "IpAddress",
Variable = "aws:SourceIp",
Values = new[]
{
"66.193.100.22/32",
},
},
},
},
},
});
var exampleDomain = new Aws.OpenSearch.Domain("example", new()
{
DomainName = domain,
AccessPolicies = example.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.AwsFunctions;
import com.pulumi.aws.inputs.GetRegionArgs;
import com.pulumi.aws.inputs.GetCallerIdentityArgs;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.opensearch.Domain;
import com.pulumi.aws.opensearch.DomainArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var config = ctx.config();
final var domain = config.get("domain").orElse("tf-test");
final var current = AwsFunctions.getRegion();
final var currentGetCallerIdentity = AwsFunctions.getCallerIdentity();
final var example = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
.statements(GetPolicyDocumentStatementArgs.builder()
.effect("Allow")
.principals(GetPolicyDocumentStatementPrincipalArgs.builder()
.type("*")
.identifiers("*")
.build())
.actions("es:*")
.resources(String.format("arn:aws:es:%s:%s:domain/%s/*", current.applyValue(getRegionResult -> getRegionResult.name()),currentGetCallerIdentity.applyValue(getCallerIdentityResult -> getCallerIdentityResult.accountId()),domain))
.conditions(GetPolicyDocumentStatementConditionArgs.builder()
.test("IpAddress")
.variable("aws:SourceIp")
.values("66.193.100.22/32")
.build())
.build())
.build());
var exampleDomain = new Domain("exampleDomain", DomainArgs.builder()
.domainName(domain)
.accessPolicies(example.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json()))
.build());
}
}
configuration:
domain:
type: string
default: tf-test
resources:
exampleDomain:
type: aws:opensearch:Domain
name: example
properties:
domainName: ${domain}
accessPolicies: ${example.json}
variables:
current:
fn::invoke:
Function: aws:getRegion
Arguments: {}
currentGetCallerIdentity:
fn::invoke:
Function: aws:getCallerIdentity
Arguments: {}
example:
fn::invoke:
Function: aws:iam:getPolicyDocument
Arguments:
statements:
- effect: Allow
principals:
- type: '*'
identifiers:
- '*'
actions:
- es:*
resources:
- arn:aws:es:${current.name}:${currentGetCallerIdentity.accountId}:domain/${domain}/*
conditions:
- test: IpAddress
variable: aws:SourceIp
values:
- 66.193.100.22/32
Log publishing to CloudWatch Logs
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const exampleLogGroup = new aws.cloudwatch.LogGroup("example", {name: "example"});
const example = aws.iam.getPolicyDocument({
statements: [{
effect: "Allow",
principals: [{
type: "Service",
identifiers: ["es.amazonaws.com"],
}],
actions: [
"logs:PutLogEvents",
"logs:PutLogEventsBatch",
"logs:CreateLogStream",
],
resources: ["arn:aws:logs:*"],
}],
});
const exampleLogResourcePolicy = new aws.cloudwatch.LogResourcePolicy("example", {
policyName: "example",
policyDocument: example.then(example => example.json),
});
const exampleDomain = new aws.opensearch.Domain("example", {logPublishingOptions: [{
cloudwatchLogGroupArn: exampleLogGroup.arn,
logType: "INDEX_SLOW_LOGS",
}]});
import pulumi
import pulumi_aws as aws
example_log_group = aws.cloudwatch.LogGroup("example", name="example")
example = aws.iam.get_policy_document(statements=[{
"effect": "Allow",
"principals": [{
"type": "Service",
"identifiers": ["es.amazonaws.com"],
}],
"actions": [
"logs:PutLogEvents",
"logs:PutLogEventsBatch",
"logs:CreateLogStream",
],
"resources": ["arn:aws:logs:*"],
}])
example_log_resource_policy = aws.cloudwatch.LogResourcePolicy("example",
policy_name="example",
policy_document=example.json)
example_domain = aws.opensearch.Domain("example", log_publishing_options=[{
"cloudwatch_log_group_arn": example_log_group.arn,
"log_type": "INDEX_SLOW_LOGS",
}])
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
exampleLogGroup, err := cloudwatch.NewLogGroup(ctx, "example", &cloudwatch.LogGroupArgs{
Name: pulumi.String("example"),
})
if err != nil {
return err
}
example, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{
Statements: []iam.GetPolicyDocumentStatement{
{
Effect: pulumi.StringRef("Allow"),
Principals: []iam.GetPolicyDocumentStatementPrincipal{
{
Type: "Service",
Identifiers: []string{
"es.amazonaws.com",
},
},
},
Actions: []string{
"logs:PutLogEvents",
"logs:PutLogEventsBatch",
"logs:CreateLogStream",
},
Resources: []string{
"arn:aws:logs:*",
},
},
},
}, nil)
if err != nil {
return err
}
_, err = cloudwatch.NewLogResourcePolicy(ctx, "example", &cloudwatch.LogResourcePolicyArgs{
PolicyName: pulumi.String("example"),
PolicyDocument: pulumi.String(example.Json),
})
if err != nil {
return err
}
_, err = opensearch.NewDomain(ctx, "example", &opensearch.DomainArgs{
LogPublishingOptions: opensearch.DomainLogPublishingOptionArray{
&opensearch.DomainLogPublishingOptionArgs{
CloudwatchLogGroupArn: exampleLogGroup.Arn,
LogType: pulumi.String("INDEX_SLOW_LOGS"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var exampleLogGroup = new Aws.CloudWatch.LogGroup("example", new()
{
Name = "example",
});
var example = Aws.Iam.GetPolicyDocument.Invoke(new()
{
Statements = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
{
Effect = "Allow",
Principals = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs
{
Type = "Service",
Identifiers = new[]
{
"es.amazonaws.com",
},
},
},
Actions = new[]
{
"logs:PutLogEvents",
"logs:PutLogEventsBatch",
"logs:CreateLogStream",
},
Resources = new[]
{
"arn:aws:logs:*",
},
},
},
});
var exampleLogResourcePolicy = new Aws.CloudWatch.LogResourcePolicy("example", new()
{
PolicyName = "example",
PolicyDocument = example.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
});
var exampleDomain = new Aws.OpenSearch.Domain("example", new()
{
LogPublishingOptions = new[]
{
new Aws.OpenSearch.Inputs.DomainLogPublishingOptionArgs
{
CloudwatchLogGroupArn = exampleLogGroup.Arn,
LogType = "INDEX_SLOW_LOGS",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.cloudwatch.LogGroup;
import com.pulumi.aws.cloudwatch.LogGroupArgs;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.cloudwatch.LogResourcePolicy;
import com.pulumi.aws.cloudwatch.LogResourcePolicyArgs;
import com.pulumi.aws.opensearch.Domain;
import com.pulumi.aws.opensearch.DomainArgs;
import com.pulumi.aws.opensearch.inputs.DomainLogPublishingOptionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var exampleLogGroup = new LogGroup("exampleLogGroup", LogGroupArgs.builder()
.name("example")
.build());
final var example = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
.statements(GetPolicyDocumentStatementArgs.builder()
.effect("Allow")
.principals(GetPolicyDocumentStatementPrincipalArgs.builder()
.type("Service")
.identifiers("es.amazonaws.com")
.build())
.actions(
"logs:PutLogEvents",
"logs:PutLogEventsBatch",
"logs:CreateLogStream")
.resources("arn:aws:logs:*")
.build())
.build());
var exampleLogResourcePolicy = new LogResourcePolicy("exampleLogResourcePolicy", LogResourcePolicyArgs.builder()
.policyName("example")
.policyDocument(example.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json()))
.build());
var exampleDomain = new Domain("exampleDomain", DomainArgs.builder()
.logPublishingOptions(DomainLogPublishingOptionArgs.builder()
.cloudwatchLogGroupArn(exampleLogGroup.arn())
.logType("INDEX_SLOW_LOGS")
.build())
.build());
}
}
resources:
exampleLogGroup:
type: aws:cloudwatch:LogGroup
name: example
properties:
name: example
exampleLogResourcePolicy:
type: aws:cloudwatch:LogResourcePolicy
name: example
properties:
policyName: example
policyDocument: ${example.json}
exampleDomain:
type: aws:opensearch:Domain
name: example
properties:
logPublishingOptions:
- cloudwatchLogGroupArn: ${exampleLogGroup.arn}
logType: INDEX_SLOW_LOGS
variables:
example:
fn::invoke:
Function: aws:iam:getPolicyDocument
Arguments:
statements:
- effect: Allow
principals:
- type: Service
identifiers:
- es.amazonaws.com
actions:
- logs:PutLogEvents
- logs:PutLogEventsBatch
- logs:CreateLogStream
resources:
- arn:aws:logs:*
VPC based OpenSearch
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const config = new pulumi.Config();
const vpc = config.requireObject("vpc");
const domain = config.get("domain") || "tf-test";
const example = aws.ec2.getVpc({
tags: {
Name: vpc,
},
});
const exampleGetSubnets = example.then(example => aws.ec2.getSubnets({
filters: [{
name: "vpc-id",
values: [example.id],
}],
tags: {
Tier: "private",
},
}));
const current = aws.getRegion({});
const currentGetCallerIdentity = aws.getCallerIdentity({});
const exampleSecurityGroup = new aws.ec2.SecurityGroup("example", {
name: `${vpc}-opensearch-${domain}`,
description: "Managed by Pulumi",
vpcId: example.then(example => example.id),
ingress: [{
fromPort: 443,
toPort: 443,
protocol: "tcp",
cidrBlocks: [example.then(example => example.cidrBlock)],
}],
});
const exampleServiceLinkedRole = new aws.iam.ServiceLinkedRole("example", {awsServiceName: "opensearchservice.amazonaws.com"});
const exampleGetPolicyDocument = Promise.all([current, currentGetCallerIdentity]).then(([current, currentGetCallerIdentity]) => aws.iam.getPolicyDocument({
statements: [{
effect: "Allow",
principals: [{
type: "*",
identifiers: ["*"],
}],
actions: ["es:*"],
resources: [`arn:aws:es:${current.name}:${currentGetCallerIdentity.accountId}:domain/${domain}/*`],
}],
}));
const exampleDomain = new aws.opensearch.Domain("example", {
domainName: domain,
engineVersion: "OpenSearch_1.0",
clusterConfig: {
instanceType: "m4.large.search",
zoneAwarenessEnabled: true,
},
vpcOptions: {
subnetIds: [
exampleGetSubnets.then(exampleGetSubnets => exampleGetSubnets.ids?.[0]),
exampleGetSubnets.then(exampleGetSubnets => exampleGetSubnets.ids?.[1]),
],
securityGroupIds: [exampleSecurityGroup.id],
},
advancedOptions: {
"rest.action.multi.allow_explicit_index": "true",
},
accessPolicies: exampleGetPolicyDocument.then(exampleGetPolicyDocument => exampleGetPolicyDocument.json),
tags: {
Domain: "TestDomain",
},
}, {
dependsOn: [exampleServiceLinkedRole],
});
import pulumi
import pulumi_aws as aws
config = pulumi.Config()
vpc = config.require_object("vpc")
domain = config.get("domain")
if domain is None:
domain = "tf-test"
example = aws.ec2.get_vpc(tags={
"Name": vpc,
})
example_get_subnets = aws.ec2.get_subnets(filters=[{
"name": "vpc-id",
"values": [example.id],
}],
tags={
"Tier": "private",
})
current = aws.get_region()
current_get_caller_identity = aws.get_caller_identity()
example_security_group = aws.ec2.SecurityGroup("example",
name=f"{vpc}-opensearch-{domain}",
description="Managed by Pulumi",
vpc_id=example.id,
ingress=[{
"from_port": 443,
"to_port": 443,
"protocol": "tcp",
"cidr_blocks": [example.cidr_block],
}])
example_service_linked_role = aws.iam.ServiceLinkedRole("example", aws_service_name="opensearchservice.amazonaws.com")
example_get_policy_document = aws.iam.get_policy_document(statements=[{
"effect": "Allow",
"principals": [{
"type": "*",
"identifiers": ["*"],
}],
"actions": ["es:*"],
"resources": [f"arn:aws:es:{current.name}:{current_get_caller_identity.account_id}:domain/{domain}/*"],
}])
example_domain = aws.opensearch.Domain("example",
domain_name=domain,
engine_version="OpenSearch_1.0",
cluster_config={
"instance_type": "m4.large.search",
"zone_awareness_enabled": True,
},
vpc_options={
"subnet_ids": [
example_get_subnets.ids[0],
example_get_subnets.ids[1],
],
"security_group_ids": [example_security_group.id],
},
advanced_options={
"rest.action.multi.allow_explicit_index": "true",
},
access_policies=example_get_policy_document.json,
tags={
"Domain": "TestDomain",
},
opts = pulumi.ResourceOptions(depends_on=[example_service_linked_role]))
package main
import (
"fmt"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
cfg := config.New(ctx, "")
vpc := cfg.RequireObject("vpc")
domain := "tf-test";
if param := cfg.Get("domain"); param != ""{
domain = param
}
example, err := ec2.LookupVpc(ctx, &ec2.LookupVpcArgs{
Tags: pulumi.StringMap{
"Name": vpc,
},
}, nil);
if err != nil {
return err
}
exampleGetSubnets, err := ec2.GetSubnets(ctx, &ec2.GetSubnetsArgs{
Filters: []ec2.GetSubnetsFilter{
{
Name: "vpc-id",
Values: interface{}{
example.Id,
},
},
},
Tags: map[string]interface{}{
"Tier": "private",
},
}, nil);
if err != nil {
return err
}
current, err := aws.GetRegion(ctx, nil, nil);
if err != nil {
return err
}
currentGetCallerIdentity, err := aws.GetCallerIdentity(ctx, nil, nil);
if err != nil {
return err
}
exampleSecurityGroup, err := ec2.NewSecurityGroup(ctx, "example", &ec2.SecurityGroupArgs{
Name: pulumi.Sprintf("%v-opensearch-%v", vpc, domain),
Description: pulumi.String("Managed by Pulumi"),
VpcId: pulumi.String(example.Id),
Ingress: ec2.SecurityGroupIngressArray{
&ec2.SecurityGroupIngressArgs{
FromPort: pulumi.Int(443),
ToPort: pulumi.Int(443),
Protocol: pulumi.String("tcp"),
CidrBlocks: pulumi.StringArray{
pulumi.String(example.CidrBlock),
},
},
},
})
if err != nil {
return err
}
exampleServiceLinkedRole, err := iam.NewServiceLinkedRole(ctx, "example", &iam.ServiceLinkedRoleArgs{
AwsServiceName: pulumi.String("opensearchservice.amazonaws.com"),
})
if err != nil {
return err
}
exampleGetPolicyDocument, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{
Statements: []iam.GetPolicyDocumentStatement{
{
Effect: pulumi.StringRef("Allow"),
Principals: []iam.GetPolicyDocumentStatementPrincipal{
{
Type: "*",
Identifiers: []string{
"*",
},
},
},
Actions: []string{
"es:*",
},
Resources: []string{
fmt.Sprintf("arn:aws:es:%v:%v:domain/%v/*", current.Name, currentGetCallerIdentity.AccountId, domain),
},
},
},
}, nil);
if err != nil {
return err
}
_, err = opensearch.NewDomain(ctx, "example", &opensearch.DomainArgs{
DomainName: pulumi.String(domain),
EngineVersion: pulumi.String("OpenSearch_1.0"),
ClusterConfig: &opensearch.DomainClusterConfigArgs{
InstanceType: pulumi.String("m4.large.search"),
ZoneAwarenessEnabled: pulumi.Bool(true),
},
VpcOptions: &opensearch.DomainVpcOptionsArgs{
SubnetIds: pulumi.StringArray{
pulumi.String(exampleGetSubnets.Ids[0]),
pulumi.String(exampleGetSubnets.Ids[1]),
},
SecurityGroupIds: pulumi.StringArray{
exampleSecurityGroup.ID(),
},
},
AdvancedOptions: pulumi.StringMap{
"rest.action.multi.allow_explicit_index": pulumi.String("true"),
},
AccessPolicies: pulumi.String(exampleGetPolicyDocument.Json),
Tags: pulumi.StringMap{
"Domain": pulumi.String("TestDomain"),
},
}, pulumi.DependsOn([]pulumi.Resource{
exampleServiceLinkedRole,
}))
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var config = new Config();
var vpc = config.RequireObject<dynamic>("vpc");
var domain = config.Get("domain") ?? "tf-test";
var example = Aws.Ec2.GetVpc.Invoke(new()
{
Tags =
{
{ "Name", vpc },
},
});
var exampleGetSubnets = Aws.Ec2.GetSubnets.Invoke(new()
{
Filters = new[]
{
new Aws.Ec2.Inputs.GetSubnetsFilterInputArgs
{
Name = "vpc-id",
Values = new[]
{
example.Apply(getVpcResult => getVpcResult.Id),
},
},
},
Tags =
{
{ "Tier", "private" },
},
});
var current = Aws.GetRegion.Invoke();
var currentGetCallerIdentity = Aws.GetCallerIdentity.Invoke();
var exampleSecurityGroup = new Aws.Ec2.SecurityGroup("example", new()
{
Name = $"{vpc}-opensearch-{domain}",
Description = "Managed by Pulumi",
VpcId = example.Apply(getVpcResult => getVpcResult.Id),
Ingress = new[]
{
new Aws.Ec2.Inputs.SecurityGroupIngressArgs
{
FromPort = 443,
ToPort = 443,
Protocol = "tcp",
CidrBlocks = new[]
{
example.Apply(getVpcResult => getVpcResult.CidrBlock),
},
},
},
});
var exampleServiceLinkedRole = new Aws.Iam.ServiceLinkedRole("example", new()
{
AwsServiceName = "opensearchservice.amazonaws.com",
});
var exampleGetPolicyDocument = Aws.Iam.GetPolicyDocument.Invoke(new()
{
Statements = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
{
Effect = "Allow",
Principals = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs
{
Type = "*",
Identifiers = new[]
{
"*",
},
},
},
Actions = new[]
{
"es:*",
},
Resources = new[]
{
$"arn:aws:es:{current.Apply(getRegionResult => getRegionResult.Name)}:{currentGetCallerIdentity.Apply(getCallerIdentityResult => getCallerIdentityResult.AccountId)}:domain/{domain}/*",
},
},
},
});
var exampleDomain = new Aws.OpenSearch.Domain("example", new()
{
DomainName = domain,
EngineVersion = "OpenSearch_1.0",
ClusterConfig = new Aws.OpenSearch.Inputs.DomainClusterConfigArgs
{
InstanceType = "m4.large.search",
ZoneAwarenessEnabled = true,
},
VpcOptions = new Aws.OpenSearch.Inputs.DomainVpcOptionsArgs
{
SubnetIds = new[]
{
exampleGetSubnets.Apply(getSubnetsResult => getSubnetsResult.Ids[0]),
exampleGetSubnets.Apply(getSubnetsResult => getSubnetsResult.Ids[1]),
},
SecurityGroupIds = new[]
{
exampleSecurityGroup.Id,
},
},
AdvancedOptions =
{
{ "rest.action.multi.allow_explicit_index", "true" },
},
AccessPolicies = exampleGetPolicyDocument.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
Tags =
{
{ "Domain", "TestDomain" },
},
}, new CustomResourceOptions
{
DependsOn =
{
exampleServiceLinkedRole,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ec2.Ec2Functions;
import com.pulumi.aws.ec2.inputs.GetVpcArgs;
import com.pulumi.aws.ec2.inputs.GetSubnetsArgs;
import com.pulumi.aws.AwsFunctions;
import com.pulumi.aws.inputs.GetRegionArgs;
import com.pulumi.aws.inputs.GetCallerIdentityArgs;
import com.pulumi.aws.ec2.SecurityGroup;
import com.pulumi.aws.ec2.SecurityGroupArgs;
import com.pulumi.aws.ec2.inputs.SecurityGroupIngressArgs;
import com.pulumi.aws.iam.ServiceLinkedRole;
import com.pulumi.aws.iam.ServiceLinkedRoleArgs;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.opensearch.Domain;
import com.pulumi.aws.opensearch.DomainArgs;
import com.pulumi.aws.opensearch.inputs.DomainClusterConfigArgs;
import com.pulumi.aws.opensearch.inputs.DomainVpcOptionsArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var config = ctx.config();
final var vpc = config.get("vpc");
final var domain = config.get("domain").orElse("tf-test");
final var example = Ec2Functions.getVpc(GetVpcArgs.builder()
.tags(Map.of("Name", vpc))
.build());
final var exampleGetSubnets = Ec2Functions.getSubnets(GetSubnetsArgs.builder()
.filters(GetSubnetsFilterArgs.builder()
.name("vpc-id")
.values(example.applyValue(getVpcResult -> getVpcResult.id()))
.build())
.tags(Map.of("Tier", "private"))
.build());
final var current = AwsFunctions.getRegion();
final var currentGetCallerIdentity = AwsFunctions.getCallerIdentity();
var exampleSecurityGroup = new SecurityGroup("exampleSecurityGroup", SecurityGroupArgs.builder()
.name(String.format("%s-opensearch-%s", vpc,domain))
.description("Managed by Pulumi")
.vpcId(example.applyValue(getVpcResult -> getVpcResult.id()))
.ingress(SecurityGroupIngressArgs.builder()
.fromPort(443)
.toPort(443)
.protocol("tcp")
.cidrBlocks(example.applyValue(getVpcResult -> getVpcResult.cidrBlock()))
.build())
.build());
var exampleServiceLinkedRole = new ServiceLinkedRole("exampleServiceLinkedRole", ServiceLinkedRoleArgs.builder()
.awsServiceName("opensearchservice.amazonaws.com")
.build());
final var exampleGetPolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
.statements(GetPolicyDocumentStatementArgs.builder()
.effect("Allow")
.principals(GetPolicyDocumentStatementPrincipalArgs.builder()
.type("*")
.identifiers("*")
.build())
.actions("es:*")
.resources(String.format("arn:aws:es:%s:%s:domain/%s/*", current.applyValue(getRegionResult -> getRegionResult.name()),currentGetCallerIdentity.applyValue(getCallerIdentityResult -> getCallerIdentityResult.accountId()),domain))
.build())
.build());
var exampleDomain = new Domain("exampleDomain", DomainArgs.builder()
.domainName(domain)
.engineVersion("OpenSearch_1.0")
.clusterConfig(DomainClusterConfigArgs.builder()
.instanceType("m4.large.search")
.zoneAwarenessEnabled(true)
.build())
.vpcOptions(DomainVpcOptionsArgs.builder()
.subnetIds(
exampleGetSubnets.applyValue(getSubnetsResult -> getSubnetsResult.ids()[0]),
exampleGetSubnets.applyValue(getSubnetsResult -> getSubnetsResult.ids()[1]))
.securityGroupIds(exampleSecurityGroup.id())
.build())
.advancedOptions(Map.of("rest.action.multi.allow_explicit_index", "true"))
.accessPolicies(exampleGetPolicyDocument.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json()))
.tags(Map.of("Domain", "TestDomain"))
.build(), CustomResourceOptions.builder()
.dependsOn(exampleServiceLinkedRole)
.build());
}
}
configuration:
vpc:
type: dynamic
domain:
type: string
default: tf-test
resources:
exampleSecurityGroup:
type: aws:ec2:SecurityGroup
name: example
properties:
name: ${vpc}-opensearch-${domain}
description: Managed by Pulumi
vpcId: ${example.id}
ingress:
- fromPort: 443
toPort: 443
protocol: tcp
cidrBlocks:
- ${example.cidrBlock}
exampleServiceLinkedRole:
type: aws:iam:ServiceLinkedRole
name: example
properties:
awsServiceName: opensearchservice.amazonaws.com
exampleDomain:
type: aws:opensearch:Domain
name: example
properties:
domainName: ${domain}
engineVersion: OpenSearch_1.0
clusterConfig:
instanceType: m4.large.search
zoneAwarenessEnabled: true
vpcOptions:
subnetIds:
- ${exampleGetSubnets.ids[0]}
- ${exampleGetSubnets.ids[1]}
securityGroupIds:
- ${exampleSecurityGroup.id}
advancedOptions:
rest.action.multi.allow_explicit_index: 'true'
accessPolicies: ${exampleGetPolicyDocument.json}
tags:
Domain: TestDomain
options:
dependson:
- ${exampleServiceLinkedRole}
variables:
example:
fn::invoke:
Function: aws:ec2:getVpc
Arguments:
tags:
Name: ${vpc}
exampleGetSubnets:
fn::invoke:
Function: aws:ec2:getSubnets
Arguments:
filters:
- name: vpc-id
values:
- ${example.id}
tags:
Tier: private
current:
fn::invoke:
Function: aws:getRegion
Arguments: {}
currentGetCallerIdentity:
fn::invoke:
Function: aws:getCallerIdentity
Arguments: {}
exampleGetPolicyDocument:
fn::invoke:
Function: aws:iam:getPolicyDocument
Arguments:
statements:
- effect: Allow
principals:
- type: '*'
identifiers:
- '*'
actions:
- es:*
resources:
- arn:aws:es:${current.name}:${currentGetCallerIdentity.accountId}:domain/${domain}/*
Enabling fine-grained access control on an existing domain
This example shows two configurations: one to create a domain without fine-grained access control and the second to modify the domain to enable fine-grained access control. For more information, see Enabling fine-grained access control.
First apply
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.opensearch.Domain("example", {
domainName: "ggkitty",
engineVersion: "Elasticsearch_7.1",
clusterConfig: {
instanceType: "r5.large.search",
},
advancedSecurityOptions: {
enabled: false,
anonymousAuthEnabled: true,
internalUserDatabaseEnabled: true,
masterUserOptions: {
masterUserName: "example",
masterUserPassword: "Barbarbarbar1!",
},
},
encryptAtRest: {
enabled: true,
},
domainEndpointOptions: {
enforceHttps: true,
tlsSecurityPolicy: "Policy-Min-TLS-1-2-2019-07",
},
nodeToNodeEncryption: {
enabled: true,
},
ebsOptions: {
ebsEnabled: true,
volumeSize: 10,
},
});
import pulumi
import pulumi_aws as aws
example = aws.opensearch.Domain("example",
domain_name="ggkitty",
engine_version="Elasticsearch_7.1",
cluster_config={
"instance_type": "r5.large.search",
},
advanced_security_options={
"enabled": False,
"anonymous_auth_enabled": True,
"internal_user_database_enabled": True,
"master_user_options": {
"master_user_name": "example",
"master_user_password": "Barbarbarbar1!",
},
},
encrypt_at_rest={
"enabled": True,
},
domain_endpoint_options={
"enforce_https": True,
"tls_security_policy": "Policy-Min-TLS-1-2-2019-07",
},
node_to_node_encryption={
"enabled": True,
},
ebs_options={
"ebs_enabled": True,
"volume_size": 10,
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := opensearch.NewDomain(ctx, "example", &opensearch.DomainArgs{
DomainName: pulumi.String("ggkitty"),
EngineVersion: pulumi.String("Elasticsearch_7.1"),
ClusterConfig: &opensearch.DomainClusterConfigArgs{
InstanceType: pulumi.String("r5.large.search"),
},
AdvancedSecurityOptions: &opensearch.DomainAdvancedSecurityOptionsArgs{
Enabled: pulumi.Bool(false),
AnonymousAuthEnabled: pulumi.Bool(true),
InternalUserDatabaseEnabled: pulumi.Bool(true),
MasterUserOptions: &opensearch.DomainAdvancedSecurityOptionsMasterUserOptionsArgs{
MasterUserName: pulumi.String("example"),
MasterUserPassword: pulumi.String("Barbarbarbar1!"),
},
},
EncryptAtRest: &opensearch.DomainEncryptAtRestArgs{
Enabled: pulumi.Bool(true),
},
DomainEndpointOptions: &opensearch.DomainDomainEndpointOptionsArgs{
EnforceHttps: pulumi.Bool(true),
TlsSecurityPolicy: pulumi.String("Policy-Min-TLS-1-2-2019-07"),
},
NodeToNodeEncryption: &opensearch.DomainNodeToNodeEncryptionArgs{
Enabled: pulumi.Bool(true),
},
EbsOptions: &opensearch.DomainEbsOptionsArgs{
EbsEnabled: pulumi.Bool(true),
VolumeSize: pulumi.Int(10),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.OpenSearch.Domain("example", new()
{
DomainName = "ggkitty",
EngineVersion = "Elasticsearch_7.1",
ClusterConfig = new Aws.OpenSearch.Inputs.DomainClusterConfigArgs
{
InstanceType = "r5.large.search",
},
AdvancedSecurityOptions = new Aws.OpenSearch.Inputs.DomainAdvancedSecurityOptionsArgs
{
Enabled = false,
AnonymousAuthEnabled = true,
InternalUserDatabaseEnabled = true,
MasterUserOptions = new Aws.OpenSearch.Inputs.DomainAdvancedSecurityOptionsMasterUserOptionsArgs
{
MasterUserName = "example",
MasterUserPassword = "Barbarbarbar1!",
},
},
EncryptAtRest = new Aws.OpenSearch.Inputs.DomainEncryptAtRestArgs
{
Enabled = true,
},
DomainEndpointOptions = new Aws.OpenSearch.Inputs.DomainDomainEndpointOptionsArgs
{
EnforceHttps = true,
TlsSecurityPolicy = "Policy-Min-TLS-1-2-2019-07",
},
NodeToNodeEncryption = new Aws.OpenSearch.Inputs.DomainNodeToNodeEncryptionArgs
{
Enabled = true,
},
EbsOptions = new Aws.OpenSearch.Inputs.DomainEbsOptionsArgs
{
EbsEnabled = true,
VolumeSize = 10,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.opensearch.Domain;
import com.pulumi.aws.opensearch.DomainArgs;
import com.pulumi.aws.opensearch.inputs.DomainClusterConfigArgs;
import com.pulumi.aws.opensearch.inputs.DomainAdvancedSecurityOptionsArgs;
import com.pulumi.aws.opensearch.inputs.DomainAdvancedSecurityOptionsMasterUserOptionsArgs;
import com.pulumi.aws.opensearch.inputs.DomainEncryptAtRestArgs;
import com.pulumi.aws.opensearch.inputs.DomainDomainEndpointOptionsArgs;
import com.pulumi.aws.opensearch.inputs.DomainNodeToNodeEncryptionArgs;
import com.pulumi.aws.opensearch.inputs.DomainEbsOptionsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Domain("example", DomainArgs.builder()
.domainName("ggkitty")
.engineVersion("Elasticsearch_7.1")
.clusterConfig(DomainClusterConfigArgs.builder()
.instanceType("r5.large.search")
.build())
.advancedSecurityOptions(DomainAdvancedSecurityOptionsArgs.builder()
.enabled(false)
.anonymousAuthEnabled(true)
.internalUserDatabaseEnabled(true)
.masterUserOptions(DomainAdvancedSecurityOptionsMasterUserOptionsArgs.builder()
.masterUserName("example")
.masterUserPassword("Barbarbarbar1!")
.build())
.build())
.encryptAtRest(DomainEncryptAtRestArgs.builder()
.enabled(true)
.build())
.domainEndpointOptions(DomainDomainEndpointOptionsArgs.builder()
.enforceHttps(true)
.tlsSecurityPolicy("Policy-Min-TLS-1-2-2019-07")
.build())
.nodeToNodeEncryption(DomainNodeToNodeEncryptionArgs.builder()
.enabled(true)
.build())
.ebsOptions(DomainEbsOptionsArgs.builder()
.ebsEnabled(true)
.volumeSize(10)
.build())
.build());
}
}
resources:
example:
type: aws:opensearch:Domain
properties:
domainName: ggkitty
engineVersion: Elasticsearch_7.1
clusterConfig:
instanceType: r5.large.search
advancedSecurityOptions:
enabled: false
anonymousAuthEnabled: true
internalUserDatabaseEnabled: true
masterUserOptions:
masterUserName: example
masterUserPassword: Barbarbarbar1!
encryptAtRest:
enabled: true
domainEndpointOptions:
enforceHttps: true
tlsSecurityPolicy: Policy-Min-TLS-1-2-2019-07
nodeToNodeEncryption:
enabled: true
ebsOptions:
ebsEnabled: true
volumeSize: 10
Second apply
Notice that the only change is advanced_security_options.0.enabled
is now set to true
.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.opensearch.Domain("example", {
domainName: "ggkitty",
engineVersion: "Elasticsearch_7.1",
clusterConfig: {
instanceType: "r5.large.search",
},
advancedSecurityOptions: {
enabled: true,
anonymousAuthEnabled: true,
internalUserDatabaseEnabled: true,
masterUserOptions: {
masterUserName: "example",
masterUserPassword: "Barbarbarbar1!",
},
},
encryptAtRest: {
enabled: true,
},
domainEndpointOptions: {
enforceHttps: true,
tlsSecurityPolicy: "Policy-Min-TLS-1-2-2019-07",
},
nodeToNodeEncryption: {
enabled: true,
},
ebsOptions: {
ebsEnabled: true,
volumeSize: 10,
},
});
import pulumi
import pulumi_aws as aws
example = aws.opensearch.Domain("example",
domain_name="ggkitty",
engine_version="Elasticsearch_7.1",
cluster_config={
"instance_type": "r5.large.search",
},
advanced_security_options={
"enabled": True,
"anonymous_auth_enabled": True,
"internal_user_database_enabled": True,
"master_user_options": {
"master_user_name": "example",
"master_user_password": "Barbarbarbar1!",
},
},
encrypt_at_rest={
"enabled": True,
},
domain_endpoint_options={
"enforce_https": True,
"tls_security_policy": "Policy-Min-TLS-1-2-2019-07",
},
node_to_node_encryption={
"enabled": True,
},
ebs_options={
"ebs_enabled": True,
"volume_size": 10,
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := opensearch.NewDomain(ctx, "example", &opensearch.DomainArgs{
DomainName: pulumi.String("ggkitty"),
EngineVersion: pulumi.String("Elasticsearch_7.1"),
ClusterConfig: &opensearch.DomainClusterConfigArgs{
InstanceType: pulumi.String("r5.large.search"),
},
AdvancedSecurityOptions: &opensearch.DomainAdvancedSecurityOptionsArgs{
Enabled: pulumi.Bool(true),
AnonymousAuthEnabled: pulumi.Bool(true),
InternalUserDatabaseEnabled: pulumi.Bool(true),
MasterUserOptions: &opensearch.DomainAdvancedSecurityOptionsMasterUserOptionsArgs{
MasterUserName: pulumi.String("example"),
MasterUserPassword: pulumi.String("Barbarbarbar1!"),
},
},
EncryptAtRest: &opensearch.DomainEncryptAtRestArgs{
Enabled: pulumi.Bool(true),
},
DomainEndpointOptions: &opensearch.DomainDomainEndpointOptionsArgs{
EnforceHttps: pulumi.Bool(true),
TlsSecurityPolicy: pulumi.String("Policy-Min-TLS-1-2-2019-07"),
},
NodeToNodeEncryption: &opensearch.DomainNodeToNodeEncryptionArgs{
Enabled: pulumi.Bool(true),
},
EbsOptions: &opensearch.DomainEbsOptionsArgs{
EbsEnabled: pulumi.Bool(true),
VolumeSize: pulumi.Int(10),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.OpenSearch.Domain("example", new()
{
DomainName = "ggkitty",
EngineVersion = "Elasticsearch_7.1",
ClusterConfig = new Aws.OpenSearch.Inputs.DomainClusterConfigArgs
{
InstanceType = "r5.large.search",
},
AdvancedSecurityOptions = new Aws.OpenSearch.Inputs.DomainAdvancedSecurityOptionsArgs
{
Enabled = true,
AnonymousAuthEnabled = true,
InternalUserDatabaseEnabled = true,
MasterUserOptions = new Aws.OpenSearch.Inputs.DomainAdvancedSecurityOptionsMasterUserOptionsArgs
{
MasterUserName = "example",
MasterUserPassword = "Barbarbarbar1!",
},
},
EncryptAtRest = new Aws.OpenSearch.Inputs.DomainEncryptAtRestArgs
{
Enabled = true,
},
DomainEndpointOptions = new Aws.OpenSearch.Inputs.DomainDomainEndpointOptionsArgs
{
EnforceHttps = true,
TlsSecurityPolicy = "Policy-Min-TLS-1-2-2019-07",
},
NodeToNodeEncryption = new Aws.OpenSearch.Inputs.DomainNodeToNodeEncryptionArgs
{
Enabled = true,
},
EbsOptions = new Aws.OpenSearch.Inputs.DomainEbsOptionsArgs
{
EbsEnabled = true,
VolumeSize = 10,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.opensearch.Domain;
import com.pulumi.aws.opensearch.DomainArgs;
import com.pulumi.aws.opensearch.inputs.DomainClusterConfigArgs;
import com.pulumi.aws.opensearch.inputs.DomainAdvancedSecurityOptionsArgs;
import com.pulumi.aws.opensearch.inputs.DomainAdvancedSecurityOptionsMasterUserOptionsArgs;
import com.pulumi.aws.opensearch.inputs.DomainEncryptAtRestArgs;
import com.pulumi.aws.opensearch.inputs.DomainDomainEndpointOptionsArgs;
import com.pulumi.aws.opensearch.inputs.DomainNodeToNodeEncryptionArgs;
import com.pulumi.aws.opensearch.inputs.DomainEbsOptionsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Domain("example", DomainArgs.builder()
.domainName("ggkitty")
.engineVersion("Elasticsearch_7.1")
.clusterConfig(DomainClusterConfigArgs.builder()
.instanceType("r5.large.search")
.build())
.advancedSecurityOptions(DomainAdvancedSecurityOptionsArgs.builder()
.enabled(true)
.anonymousAuthEnabled(true)
.internalUserDatabaseEnabled(true)
.masterUserOptions(DomainAdvancedSecurityOptionsMasterUserOptionsArgs.builder()
.masterUserName("example")
.masterUserPassword("Barbarbarbar1!")
.build())
.build())
.encryptAtRest(DomainEncryptAtRestArgs.builder()
.enabled(true)
.build())
.domainEndpointOptions(DomainDomainEndpointOptionsArgs.builder()
.enforceHttps(true)
.tlsSecurityPolicy("Policy-Min-TLS-1-2-2019-07")
.build())
.nodeToNodeEncryption(DomainNodeToNodeEncryptionArgs.builder()
.enabled(true)
.build())
.ebsOptions(DomainEbsOptionsArgs.builder()
.ebsEnabled(true)
.volumeSize(10)
.build())
.build());
}
}
resources:
example:
type: aws:opensearch:Domain
properties:
domainName: ggkitty
engineVersion: Elasticsearch_7.1
clusterConfig:
instanceType: r5.large.search
advancedSecurityOptions:
enabled: true
anonymousAuthEnabled: true
internalUserDatabaseEnabled: true
masterUserOptions:
masterUserName: example
masterUserPassword: Barbarbarbar1!
encryptAtRest:
enabled: true
domainEndpointOptions:
enforceHttps: true
tlsSecurityPolicy: Policy-Min-TLS-1-2-2019-07
nodeToNodeEncryption:
enabled: true
ebsOptions:
ebsEnabled: true
volumeSize: 10
Create Domain Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Domain(name: string, args?: DomainArgs, opts?: CustomResourceOptions);
@overload
def Domain(resource_name: str,
args: Optional[DomainArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def Domain(resource_name: str,
opts: Optional[ResourceOptions] = None,
access_policies: Optional[str] = None,
advanced_options: Optional[Mapping[str, str]] = None,
advanced_security_options: Optional[DomainAdvancedSecurityOptionsArgs] = None,
auto_tune_options: Optional[DomainAutoTuneOptionsArgs] = None,
cluster_config: Optional[DomainClusterConfigArgs] = None,
cognito_options: Optional[DomainCognitoOptionsArgs] = None,
domain_endpoint_options: Optional[DomainDomainEndpointOptionsArgs] = None,
domain_name: Optional[str] = None,
ebs_options: Optional[DomainEbsOptionsArgs] = None,
encrypt_at_rest: Optional[DomainEncryptAtRestArgs] = None,
engine_version: Optional[str] = None,
ip_address_type: Optional[str] = None,
log_publishing_options: Optional[Sequence[DomainLogPublishingOptionArgs]] = None,
node_to_node_encryption: Optional[DomainNodeToNodeEncryptionArgs] = None,
off_peak_window_options: Optional[DomainOffPeakWindowOptionsArgs] = None,
snapshot_options: Optional[DomainSnapshotOptionsArgs] = None,
software_update_options: Optional[DomainSoftwareUpdateOptionsArgs] = None,
tags: Optional[Mapping[str, str]] = None,
vpc_options: Optional[DomainVpcOptionsArgs] = None)
func NewDomain(ctx *Context, name string, args *DomainArgs, opts ...ResourceOption) (*Domain, error)
public Domain(string name, DomainArgs? args = null, CustomResourceOptions? opts = null)
public Domain(String name, DomainArgs args)
public Domain(String name, DomainArgs args, CustomResourceOptions options)
type: aws:opensearch:Domain
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args DomainArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args DomainArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args DomainArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args DomainArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args DomainArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var exampledomainResourceResourceFromOpensearchdomain = new Aws.OpenSearch.Domain("exampledomainResourceResourceFromOpensearchdomain", new()
{
AccessPolicies = "string",
AdvancedOptions =
{
{ "string", "string" },
},
AdvancedSecurityOptions = new Aws.OpenSearch.Inputs.DomainAdvancedSecurityOptionsArgs
{
Enabled = false,
AnonymousAuthEnabled = false,
InternalUserDatabaseEnabled = false,
MasterUserOptions = new Aws.OpenSearch.Inputs.DomainAdvancedSecurityOptionsMasterUserOptionsArgs
{
MasterUserArn = "string",
MasterUserName = "string",
MasterUserPassword = "string",
},
},
AutoTuneOptions = new Aws.OpenSearch.Inputs.DomainAutoTuneOptionsArgs
{
DesiredState = "string",
MaintenanceSchedules = new[]
{
new Aws.OpenSearch.Inputs.DomainAutoTuneOptionsMaintenanceScheduleArgs
{
CronExpressionForRecurrence = "string",
Duration = new Aws.OpenSearch.Inputs.DomainAutoTuneOptionsMaintenanceScheduleDurationArgs
{
Unit = "string",
Value = 0,
},
StartAt = "string",
},
},
RollbackOnDisable = "string",
UseOffPeakWindow = false,
},
ClusterConfig = new Aws.OpenSearch.Inputs.DomainClusterConfigArgs
{
ColdStorageOptions = new Aws.OpenSearch.Inputs.DomainClusterConfigColdStorageOptionsArgs
{
Enabled = false,
},
DedicatedMasterCount = 0,
DedicatedMasterEnabled = false,
DedicatedMasterType = "string",
InstanceCount = 0,
InstanceType = "string",
MultiAzWithStandbyEnabled = false,
WarmCount = 0,
WarmEnabled = false,
WarmType = "string",
ZoneAwarenessConfig = new Aws.OpenSearch.Inputs.DomainClusterConfigZoneAwarenessConfigArgs
{
AvailabilityZoneCount = 0,
},
ZoneAwarenessEnabled = false,
},
CognitoOptions = new Aws.OpenSearch.Inputs.DomainCognitoOptionsArgs
{
IdentityPoolId = "string",
RoleArn = "string",
UserPoolId = "string",
Enabled = false,
},
DomainEndpointOptions = new Aws.OpenSearch.Inputs.DomainDomainEndpointOptionsArgs
{
CustomEndpoint = "string",
CustomEndpointCertificateArn = "string",
CustomEndpointEnabled = false,
EnforceHttps = false,
TlsSecurityPolicy = "string",
},
DomainName = "string",
EbsOptions = new Aws.OpenSearch.Inputs.DomainEbsOptionsArgs
{
EbsEnabled = false,
Iops = 0,
Throughput = 0,
VolumeSize = 0,
VolumeType = "string",
},
EncryptAtRest = new Aws.OpenSearch.Inputs.DomainEncryptAtRestArgs
{
Enabled = false,
KmsKeyId = "string",
},
EngineVersion = "string",
IpAddressType = "string",
LogPublishingOptions = new[]
{
new Aws.OpenSearch.Inputs.DomainLogPublishingOptionArgs
{
CloudwatchLogGroupArn = "string",
LogType = "string",
Enabled = false,
},
},
NodeToNodeEncryption = new Aws.OpenSearch.Inputs.DomainNodeToNodeEncryptionArgs
{
Enabled = false,
},
OffPeakWindowOptions = new Aws.OpenSearch.Inputs.DomainOffPeakWindowOptionsArgs
{
Enabled = false,
OffPeakWindow = new Aws.OpenSearch.Inputs.DomainOffPeakWindowOptionsOffPeakWindowArgs
{
WindowStartTime = new Aws.OpenSearch.Inputs.DomainOffPeakWindowOptionsOffPeakWindowWindowStartTimeArgs
{
Hours = 0,
Minutes = 0,
},
},
},
SnapshotOptions = new Aws.OpenSearch.Inputs.DomainSnapshotOptionsArgs
{
AutomatedSnapshotStartHour = 0,
},
SoftwareUpdateOptions = new Aws.OpenSearch.Inputs.DomainSoftwareUpdateOptionsArgs
{
AutoSoftwareUpdateEnabled = false,
},
Tags =
{
{ "string", "string" },
},
VpcOptions = new Aws.OpenSearch.Inputs.DomainVpcOptionsArgs
{
AvailabilityZones = new[]
{
"string",
},
SecurityGroupIds = new[]
{
"string",
},
SubnetIds = new[]
{
"string",
},
VpcId = "string",
},
});
example, err := opensearch.NewDomain(ctx, "exampledomainResourceResourceFromOpensearchdomain", &opensearch.DomainArgs{
AccessPolicies: pulumi.String("string"),
AdvancedOptions: pulumi.StringMap{
"string": pulumi.String("string"),
},
AdvancedSecurityOptions: &opensearch.DomainAdvancedSecurityOptionsArgs{
Enabled: pulumi.Bool(false),
AnonymousAuthEnabled: pulumi.Bool(false),
InternalUserDatabaseEnabled: pulumi.Bool(false),
MasterUserOptions: &opensearch.DomainAdvancedSecurityOptionsMasterUserOptionsArgs{
MasterUserArn: pulumi.String("string"),
MasterUserName: pulumi.String("string"),
MasterUserPassword: pulumi.String("string"),
},
},
AutoTuneOptions: &opensearch.DomainAutoTuneOptionsArgs{
DesiredState: pulumi.String("string"),
MaintenanceSchedules: opensearch.DomainAutoTuneOptionsMaintenanceScheduleArray{
&opensearch.DomainAutoTuneOptionsMaintenanceScheduleArgs{
CronExpressionForRecurrence: pulumi.String("string"),
Duration: &opensearch.DomainAutoTuneOptionsMaintenanceScheduleDurationArgs{
Unit: pulumi.String("string"),
Value: pulumi.Int(0),
},
StartAt: pulumi.String("string"),
},
},
RollbackOnDisable: pulumi.String("string"),
UseOffPeakWindow: pulumi.Bool(false),
},
ClusterConfig: &opensearch.DomainClusterConfigArgs{
ColdStorageOptions: &opensearch.DomainClusterConfigColdStorageOptionsArgs{
Enabled: pulumi.Bool(false),
},
DedicatedMasterCount: pulumi.Int(0),
DedicatedMasterEnabled: pulumi.Bool(false),
DedicatedMasterType: pulumi.String("string"),
InstanceCount: pulumi.Int(0),
InstanceType: pulumi.String("string"),
MultiAzWithStandbyEnabled: pulumi.Bool(false),
WarmCount: pulumi.Int(0),
WarmEnabled: pulumi.Bool(false),
WarmType: pulumi.String("string"),
ZoneAwarenessConfig: &opensearch.DomainClusterConfigZoneAwarenessConfigArgs{
AvailabilityZoneCount: pulumi.Int(0),
},
ZoneAwarenessEnabled: pulumi.Bool(false),
},
CognitoOptions: &opensearch.DomainCognitoOptionsArgs{
IdentityPoolId: pulumi.String("string"),
RoleArn: pulumi.String("string"),
UserPoolId: pulumi.String("string"),
Enabled: pulumi.Bool(false),
},
DomainEndpointOptions: &opensearch.DomainDomainEndpointOptionsArgs{
CustomEndpoint: pulumi.String("string"),
CustomEndpointCertificateArn: pulumi.String("string"),
CustomEndpointEnabled: pulumi.Bool(false),
EnforceHttps: pulumi.Bool(false),
TlsSecurityPolicy: pulumi.String("string"),
},
DomainName: pulumi.String("string"),
EbsOptions: &opensearch.DomainEbsOptionsArgs{
EbsEnabled: pulumi.Bool(false),
Iops: pulumi.Int(0),
Throughput: pulumi.Int(0),
VolumeSize: pulumi.Int(0),
VolumeType: pulumi.String("string"),
},
EncryptAtRest: &opensearch.DomainEncryptAtRestArgs{
Enabled: pulumi.Bool(false),
KmsKeyId: pulumi.String("string"),
},
EngineVersion: pulumi.String("string"),
IpAddressType: pulumi.String("string"),
LogPublishingOptions: opensearch.DomainLogPublishingOptionArray{
&opensearch.DomainLogPublishingOptionArgs{
CloudwatchLogGroupArn: pulumi.String("string"),
LogType: pulumi.String("string"),
Enabled: pulumi.Bool(false),
},
},
NodeToNodeEncryption: &opensearch.DomainNodeToNodeEncryptionArgs{
Enabled: pulumi.Bool(false),
},
OffPeakWindowOptions: &opensearch.DomainOffPeakWindowOptionsArgs{
Enabled: pulumi.Bool(false),
OffPeakWindow: &opensearch.DomainOffPeakWindowOptionsOffPeakWindowArgs{
WindowStartTime: &opensearch.DomainOffPeakWindowOptionsOffPeakWindowWindowStartTimeArgs{
Hours: pulumi.Int(0),
Minutes: pulumi.Int(0),
},
},
},
SnapshotOptions: &opensearch.DomainSnapshotOptionsArgs{
AutomatedSnapshotStartHour: pulumi.Int(0),
},
SoftwareUpdateOptions: &opensearch.DomainSoftwareUpdateOptionsArgs{
AutoSoftwareUpdateEnabled: pulumi.Bool(false),
},
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
VpcOptions: &opensearch.DomainVpcOptionsArgs{
AvailabilityZones: pulumi.StringArray{
pulumi.String("string"),
},
SecurityGroupIds: pulumi.StringArray{
pulumi.String("string"),
},
SubnetIds: pulumi.StringArray{
pulumi.String("string"),
},
VpcId: pulumi.String("string"),
},
})
var exampledomainResourceResourceFromOpensearchdomain = new Domain("exampledomainResourceResourceFromOpensearchdomain", DomainArgs.builder()
.accessPolicies("string")
.advancedOptions(Map.of("string", "string"))
.advancedSecurityOptions(DomainAdvancedSecurityOptionsArgs.builder()
.enabled(false)
.anonymousAuthEnabled(false)
.internalUserDatabaseEnabled(false)
.masterUserOptions(DomainAdvancedSecurityOptionsMasterUserOptionsArgs.builder()
.masterUserArn("string")
.masterUserName("string")
.masterUserPassword("string")
.build())
.build())
.autoTuneOptions(DomainAutoTuneOptionsArgs.builder()
.desiredState("string")
.maintenanceSchedules(DomainAutoTuneOptionsMaintenanceScheduleArgs.builder()
.cronExpressionForRecurrence("string")
.duration(DomainAutoTuneOptionsMaintenanceScheduleDurationArgs.builder()
.unit("string")
.value(0)
.build())
.startAt("string")
.build())
.rollbackOnDisable("string")
.useOffPeakWindow(false)
.build())
.clusterConfig(DomainClusterConfigArgs.builder()
.coldStorageOptions(DomainClusterConfigColdStorageOptionsArgs.builder()
.enabled(false)
.build())
.dedicatedMasterCount(0)
.dedicatedMasterEnabled(false)
.dedicatedMasterType("string")
.instanceCount(0)
.instanceType("string")
.multiAzWithStandbyEnabled(false)
.warmCount(0)
.warmEnabled(false)
.warmType("string")
.zoneAwarenessConfig(DomainClusterConfigZoneAwarenessConfigArgs.builder()
.availabilityZoneCount(0)
.build())
.zoneAwarenessEnabled(false)
.build())
.cognitoOptions(DomainCognitoOptionsArgs.builder()
.identityPoolId("string")
.roleArn("string")
.userPoolId("string")
.enabled(false)
.build())
.domainEndpointOptions(DomainDomainEndpointOptionsArgs.builder()
.customEndpoint("string")
.customEndpointCertificateArn("string")
.customEndpointEnabled(false)
.enforceHttps(false)
.tlsSecurityPolicy("string")
.build())
.domainName("string")
.ebsOptions(DomainEbsOptionsArgs.builder()
.ebsEnabled(false)
.iops(0)
.throughput(0)
.volumeSize(0)
.volumeType("string")
.build())
.encryptAtRest(DomainEncryptAtRestArgs.builder()
.enabled(false)
.kmsKeyId("string")
.build())
.engineVersion("string")
.ipAddressType("string")
.logPublishingOptions(DomainLogPublishingOptionArgs.builder()
.cloudwatchLogGroupArn("string")
.logType("string")
.enabled(false)
.build())
.nodeToNodeEncryption(DomainNodeToNodeEncryptionArgs.builder()
.enabled(false)
.build())
.offPeakWindowOptions(DomainOffPeakWindowOptionsArgs.builder()
.enabled(false)
.offPeakWindow(DomainOffPeakWindowOptionsOffPeakWindowArgs.builder()
.windowStartTime(DomainOffPeakWindowOptionsOffPeakWindowWindowStartTimeArgs.builder()
.hours(0)
.minutes(0)
.build())
.build())
.build())
.snapshotOptions(DomainSnapshotOptionsArgs.builder()
.automatedSnapshotStartHour(0)
.build())
.softwareUpdateOptions(DomainSoftwareUpdateOptionsArgs.builder()
.autoSoftwareUpdateEnabled(false)
.build())
.tags(Map.of("string", "string"))
.vpcOptions(DomainVpcOptionsArgs.builder()
.availabilityZones("string")
.securityGroupIds("string")
.subnetIds("string")
.vpcId("string")
.build())
.build());
exampledomain_resource_resource_from_opensearchdomain = aws.opensearch.Domain("exampledomainResourceResourceFromOpensearchdomain",
access_policies="string",
advanced_options={
"string": "string",
},
advanced_security_options={
"enabled": False,
"anonymousAuthEnabled": False,
"internalUserDatabaseEnabled": False,
"masterUserOptions": {
"masterUserArn": "string",
"masterUserName": "string",
"masterUserPassword": "string",
},
},
auto_tune_options={
"desiredState": "string",
"maintenanceSchedules": [{
"cronExpressionForRecurrence": "string",
"duration": {
"unit": "string",
"value": 0,
},
"startAt": "string",
}],
"rollbackOnDisable": "string",
"useOffPeakWindow": False,
},
cluster_config={
"coldStorageOptions": {
"enabled": False,
},
"dedicatedMasterCount": 0,
"dedicatedMasterEnabled": False,
"dedicatedMasterType": "string",
"instanceCount": 0,
"instanceType": "string",
"multiAzWithStandbyEnabled": False,
"warmCount": 0,
"warmEnabled": False,
"warmType": "string",
"zoneAwarenessConfig": {
"availabilityZoneCount": 0,
},
"zoneAwarenessEnabled": False,
},
cognito_options={
"identityPoolId": "string",
"roleArn": "string",
"userPoolId": "string",
"enabled": False,
},
domain_endpoint_options={
"customEndpoint": "string",
"customEndpointCertificateArn": "string",
"customEndpointEnabled": False,
"enforceHttps": False,
"tlsSecurityPolicy": "string",
},
domain_name="string",
ebs_options={
"ebsEnabled": False,
"iops": 0,
"throughput": 0,
"volumeSize": 0,
"volumeType": "string",
},
encrypt_at_rest={
"enabled": False,
"kmsKeyId": "string",
},
engine_version="string",
ip_address_type="string",
log_publishing_options=[{
"cloudwatchLogGroupArn": "string",
"logType": "string",
"enabled": False,
}],
node_to_node_encryption={
"enabled": False,
},
off_peak_window_options={
"enabled": False,
"offPeakWindow": {
"windowStartTime": {
"hours": 0,
"minutes": 0,
},
},
},
snapshot_options={
"automatedSnapshotStartHour": 0,
},
software_update_options={
"autoSoftwareUpdateEnabled": False,
},
tags={
"string": "string",
},
vpc_options={
"availabilityZones": ["string"],
"securityGroupIds": ["string"],
"subnetIds": ["string"],
"vpcId": "string",
})
const exampledomainResourceResourceFromOpensearchdomain = new aws.opensearch.Domain("exampledomainResourceResourceFromOpensearchdomain", {
accessPolicies: "string",
advancedOptions: {
string: "string",
},
advancedSecurityOptions: {
enabled: false,
anonymousAuthEnabled: false,
internalUserDatabaseEnabled: false,
masterUserOptions: {
masterUserArn: "string",
masterUserName: "string",
masterUserPassword: "string",
},
},
autoTuneOptions: {
desiredState: "string",
maintenanceSchedules: [{
cronExpressionForRecurrence: "string",
duration: {
unit: "string",
value: 0,
},
startAt: "string",
}],
rollbackOnDisable: "string",
useOffPeakWindow: false,
},
clusterConfig: {
coldStorageOptions: {
enabled: false,
},
dedicatedMasterCount: 0,
dedicatedMasterEnabled: false,
dedicatedMasterType: "string",
instanceCount: 0,
instanceType: "string",
multiAzWithStandbyEnabled: false,
warmCount: 0,
warmEnabled: false,
warmType: "string",
zoneAwarenessConfig: {
availabilityZoneCount: 0,
},
zoneAwarenessEnabled: false,
},
cognitoOptions: {
identityPoolId: "string",
roleArn: "string",
userPoolId: "string",
enabled: false,
},
domainEndpointOptions: {
customEndpoint: "string",
customEndpointCertificateArn: "string",
customEndpointEnabled: false,
enforceHttps: false,
tlsSecurityPolicy: "string",
},
domainName: "string",
ebsOptions: {
ebsEnabled: false,
iops: 0,
throughput: 0,
volumeSize: 0,
volumeType: "string",
},
encryptAtRest: {
enabled: false,
kmsKeyId: "string",
},
engineVersion: "string",
ipAddressType: "string",
logPublishingOptions: [{
cloudwatchLogGroupArn: "string",
logType: "string",
enabled: false,
}],
nodeToNodeEncryption: {
enabled: false,
},
offPeakWindowOptions: {
enabled: false,
offPeakWindow: {
windowStartTime: {
hours: 0,
minutes: 0,
},
},
},
snapshotOptions: {
automatedSnapshotStartHour: 0,
},
softwareUpdateOptions: {
autoSoftwareUpdateEnabled: false,
},
tags: {
string: "string",
},
vpcOptions: {
availabilityZones: ["string"],
securityGroupIds: ["string"],
subnetIds: ["string"],
vpcId: "string",
},
});
type: aws:opensearch:Domain
properties:
accessPolicies: string
advancedOptions:
string: string
advancedSecurityOptions:
anonymousAuthEnabled: false
enabled: false
internalUserDatabaseEnabled: false
masterUserOptions:
masterUserArn: string
masterUserName: string
masterUserPassword: string
autoTuneOptions:
desiredState: string
maintenanceSchedules:
- cronExpressionForRecurrence: string
duration:
unit: string
value: 0
startAt: string
rollbackOnDisable: string
useOffPeakWindow: false
clusterConfig:
coldStorageOptions:
enabled: false
dedicatedMasterCount: 0
dedicatedMasterEnabled: false
dedicatedMasterType: string
instanceCount: 0
instanceType: string
multiAzWithStandbyEnabled: false
warmCount: 0
warmEnabled: false
warmType: string
zoneAwarenessConfig:
availabilityZoneCount: 0
zoneAwarenessEnabled: false
cognitoOptions:
enabled: false
identityPoolId: string
roleArn: string
userPoolId: string
domainEndpointOptions:
customEndpoint: string
customEndpointCertificateArn: string
customEndpointEnabled: false
enforceHttps: false
tlsSecurityPolicy: string
domainName: string
ebsOptions:
ebsEnabled: false
iops: 0
throughput: 0
volumeSize: 0
volumeType: string
encryptAtRest:
enabled: false
kmsKeyId: string
engineVersion: string
ipAddressType: string
logPublishingOptions:
- cloudwatchLogGroupArn: string
enabled: false
logType: string
nodeToNodeEncryption:
enabled: false
offPeakWindowOptions:
enabled: false
offPeakWindow:
windowStartTime:
hours: 0
minutes: 0
snapshotOptions:
automatedSnapshotStartHour: 0
softwareUpdateOptions:
autoSoftwareUpdateEnabled: false
tags:
string: string
vpcOptions:
availabilityZones:
- string
securityGroupIds:
- string
subnetIds:
- string
vpcId: string
Domain Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The Domain resource accepts the following input properties:
- Access
Policies string - IAM policy document specifying the access policies for the domain.
- Advanced
Options Dictionary<string, string> - Key-value string pairs to specify advanced configuration options. Note that the values for these configuration options must be strings (wrapped in quotes) or they may be wrong and cause a perpetual diff, causing the provider to want to recreate your OpenSearch domain on every apply.
- Advanced
Security DomainOptions Advanced Security Options - Configuration block for fine-grained access control. Detailed below.
- Auto
Tune DomainOptions Auto Tune Options - Configuration block for the Auto-Tune options of the domain. Detailed below.
- Cluster
Config DomainCluster Config - Configuration block for the cluster of the domain. Detailed below.
- Cognito
Options DomainCognito Options - Configuration block for authenticating dashboard with Cognito. Detailed below.
- Domain
Endpoint DomainOptions Domain Endpoint Options - Configuration block for domain endpoint HTTP(S) related options. Detailed below.
- Domain
Name string Name of the domain.
The following arguments are optional:
- Ebs
Options DomainEbs Options - Configuration block for EBS related options, may be required based on chosen instance size. Detailed below.
- Encrypt
At DomainRest Encrypt At Rest - Configuration block for encrypt at rest options. Only available for certain instance types. Detailed below.
- Engine
Version string - Either
Elasticsearch_X.Y
orOpenSearch_X.Y
to specify the engine version for the Amazon OpenSearch Service domain. For example,OpenSearch_1.0
orElasticsearch_7.9
. See Creating and managing Amazon OpenSearch Service domains. Defaults to the lastest version of OpenSearch. - Ip
Address stringType - The IP address type for the endpoint. Valid values are
ipv4
anddualstack
. - Log
Publishing List<DomainOptions Log Publishing Option> - Configuration block for publishing slow and application logs to CloudWatch Logs. This block can be declared multiple times, for each log_type, within the same resource. Detailed below.
- Node
To DomainNode Encryption Node To Node Encryption - Configuration block for node-to-node encryption options. Detailed below.
- Off
Peak DomainWindow Options Off Peak Window Options - Configuration to add Off Peak update options. (documentation). Detailed below.
- Snapshot
Options DomainSnapshot Options - Configuration block for snapshot related options. Detailed below. DEPRECATED. For domains running OpenSearch 5.3 and later, Amazon OpenSearch takes hourly automated snapshots, making this setting irrelevant. For domains running earlier versions, OpenSearch takes daily automated snapshots.
- Software
Update DomainOptions Software Update Options - Software update options for the domain. Detailed below.
- Dictionary<string, string>
- Map of tags to assign to the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - Vpc
Options DomainVpc Options - Configuration block for VPC related options. Adding or removing this configuration forces a new resource (documentation). Detailed below.
- Access
Policies string - IAM policy document specifying the access policies for the domain.
- Advanced
Options map[string]string - Key-value string pairs to specify advanced configuration options. Note that the values for these configuration options must be strings (wrapped in quotes) or they may be wrong and cause a perpetual diff, causing the provider to want to recreate your OpenSearch domain on every apply.
- Advanced
Security DomainOptions Advanced Security Options Args - Configuration block for fine-grained access control. Detailed below.
- Auto
Tune DomainOptions Auto Tune Options Args - Configuration block for the Auto-Tune options of the domain. Detailed below.
- Cluster
Config DomainCluster Config Args - Configuration block for the cluster of the domain. Detailed below.
- Cognito
Options DomainCognito Options Args - Configuration block for authenticating dashboard with Cognito. Detailed below.
- Domain
Endpoint DomainOptions Domain Endpoint Options Args - Configuration block for domain endpoint HTTP(S) related options. Detailed below.
- Domain
Name string Name of the domain.
The following arguments are optional:
- Ebs
Options DomainEbs Options Args - Configuration block for EBS related options, may be required based on chosen instance size. Detailed below.
- Encrypt
At DomainRest Encrypt At Rest Args - Configuration block for encrypt at rest options. Only available for certain instance types. Detailed below.
- Engine
Version string - Either
Elasticsearch_X.Y
orOpenSearch_X.Y
to specify the engine version for the Amazon OpenSearch Service domain. For example,OpenSearch_1.0
orElasticsearch_7.9
. See Creating and managing Amazon OpenSearch Service domains. Defaults to the lastest version of OpenSearch. - Ip
Address stringType - The IP address type for the endpoint. Valid values are
ipv4
anddualstack
. - Log
Publishing []DomainOptions Log Publishing Option Args - Configuration block for publishing slow and application logs to CloudWatch Logs. This block can be declared multiple times, for each log_type, within the same resource. Detailed below.
- Node
To DomainNode Encryption Node To Node Encryption Args - Configuration block for node-to-node encryption options. Detailed below.
- Off
Peak DomainWindow Options Off Peak Window Options Args - Configuration to add Off Peak update options. (documentation). Detailed below.
- Snapshot
Options DomainSnapshot Options Args - Configuration block for snapshot related options. Detailed below. DEPRECATED. For domains running OpenSearch 5.3 and later, Amazon OpenSearch takes hourly automated snapshots, making this setting irrelevant. For domains running earlier versions, OpenSearch takes daily automated snapshots.
- Software
Update DomainOptions Software Update Options Args - Software update options for the domain. Detailed below.
- map[string]string
- Map of tags to assign to the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - Vpc
Options DomainVpc Options Args - Configuration block for VPC related options. Adding or removing this configuration forces a new resource (documentation). Detailed below.
- access
Policies String - IAM policy document specifying the access policies for the domain.
- advanced
Options Map<String,String> - Key-value string pairs to specify advanced configuration options. Note that the values for these configuration options must be strings (wrapped in quotes) or they may be wrong and cause a perpetual diff, causing the provider to want to recreate your OpenSearch domain on every apply.
- advanced
Security DomainOptions Advanced Security Options - Configuration block for fine-grained access control. Detailed below.
- auto
Tune DomainOptions Auto Tune Options - Configuration block for the Auto-Tune options of the domain. Detailed below.
- cluster
Config DomainCluster Config - Configuration block for the cluster of the domain. Detailed below.
- cognito
Options DomainCognito Options - Configuration block for authenticating dashboard with Cognito. Detailed below.
- domain
Endpoint DomainOptions Domain Endpoint Options - Configuration block for domain endpoint HTTP(S) related options. Detailed below.
- domain
Name String Name of the domain.
The following arguments are optional:
- ebs
Options DomainEbs Options - Configuration block for EBS related options, may be required based on chosen instance size. Detailed below.
- encrypt
At DomainRest Encrypt At Rest - Configuration block for encrypt at rest options. Only available for certain instance types. Detailed below.
- engine
Version String - Either
Elasticsearch_X.Y
orOpenSearch_X.Y
to specify the engine version for the Amazon OpenSearch Service domain. For example,OpenSearch_1.0
orElasticsearch_7.9
. See Creating and managing Amazon OpenSearch Service domains. Defaults to the lastest version of OpenSearch. - ip
Address StringType - The IP address type for the endpoint. Valid values are
ipv4
anddualstack
. - log
Publishing List<DomainOptions Log Publishing Option> - Configuration block for publishing slow and application logs to CloudWatch Logs. This block can be declared multiple times, for each log_type, within the same resource. Detailed below.
- node
To DomainNode Encryption Node To Node Encryption - Configuration block for node-to-node encryption options. Detailed below.
- off
Peak DomainWindow Options Off Peak Window Options - Configuration to add Off Peak update options. (documentation). Detailed below.
- snapshot
Options DomainSnapshot Options - Configuration block for snapshot related options. Detailed below. DEPRECATED. For domains running OpenSearch 5.3 and later, Amazon OpenSearch takes hourly automated snapshots, making this setting irrelevant. For domains running earlier versions, OpenSearch takes daily automated snapshots.
- software
Update DomainOptions Software Update Options - Software update options for the domain. Detailed below.
- Map<String,String>
- Map of tags to assign to the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - vpc
Options DomainVpc Options - Configuration block for VPC related options. Adding or removing this configuration forces a new resource (documentation). Detailed below.
- access
Policies string - IAM policy document specifying the access policies for the domain.
- advanced
Options {[key: string]: string} - Key-value string pairs to specify advanced configuration options. Note that the values for these configuration options must be strings (wrapped in quotes) or they may be wrong and cause a perpetual diff, causing the provider to want to recreate your OpenSearch domain on every apply.
- advanced
Security DomainOptions Advanced Security Options - Configuration block for fine-grained access control. Detailed below.
- auto
Tune DomainOptions Auto Tune Options - Configuration block for the Auto-Tune options of the domain. Detailed below.
- cluster
Config DomainCluster Config - Configuration block for the cluster of the domain. Detailed below.
- cognito
Options DomainCognito Options - Configuration block for authenticating dashboard with Cognito. Detailed below.
- domain
Endpoint DomainOptions Domain Endpoint Options - Configuration block for domain endpoint HTTP(S) related options. Detailed below.
- domain
Name string Name of the domain.
The following arguments are optional:
- ebs
Options DomainEbs Options - Configuration block for EBS related options, may be required based on chosen instance size. Detailed below.
- encrypt
At DomainRest Encrypt At Rest - Configuration block for encrypt at rest options. Only available for certain instance types. Detailed below.
- engine
Version string - Either
Elasticsearch_X.Y
orOpenSearch_X.Y
to specify the engine version for the Amazon OpenSearch Service domain. For example,OpenSearch_1.0
orElasticsearch_7.9
. See Creating and managing Amazon OpenSearch Service domains. Defaults to the lastest version of OpenSearch. - ip
Address stringType - The IP address type for the endpoint. Valid values are
ipv4
anddualstack
. - log
Publishing DomainOptions Log Publishing Option[] - Configuration block for publishing slow and application logs to CloudWatch Logs. This block can be declared multiple times, for each log_type, within the same resource. Detailed below.
- node
To DomainNode Encryption Node To Node Encryption - Configuration block for node-to-node encryption options. Detailed below.
- off
Peak DomainWindow Options Off Peak Window Options - Configuration to add Off Peak update options. (documentation). Detailed below.
- snapshot
Options DomainSnapshot Options - Configuration block for snapshot related options. Detailed below. DEPRECATED. For domains running OpenSearch 5.3 and later, Amazon OpenSearch takes hourly automated snapshots, making this setting irrelevant. For domains running earlier versions, OpenSearch takes daily automated snapshots.
- software
Update DomainOptions Software Update Options - Software update options for the domain. Detailed below.
- {[key: string]: string}
- Map of tags to assign to the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - vpc
Options DomainVpc Options - Configuration block for VPC related options. Adding or removing this configuration forces a new resource (documentation). Detailed below.
- access_
policies str - IAM policy document specifying the access policies for the domain.
- advanced_
options Mapping[str, str] - Key-value string pairs to specify advanced configuration options. Note that the values for these configuration options must be strings (wrapped in quotes) or they may be wrong and cause a perpetual diff, causing the provider to want to recreate your OpenSearch domain on every apply.
- advanced_
security_ Domainoptions Advanced Security Options Args - Configuration block for fine-grained access control. Detailed below.
- auto_
tune_ Domainoptions Auto Tune Options Args - Configuration block for the Auto-Tune options of the domain. Detailed below.
- cluster_
config DomainCluster Config Args - Configuration block for the cluster of the domain. Detailed below.
- cognito_
options DomainCognito Options Args - Configuration block for authenticating dashboard with Cognito. Detailed below.
- domain_
endpoint_ Domainoptions Domain Endpoint Options Args - Configuration block for domain endpoint HTTP(S) related options. Detailed below.
- domain_
name str Name of the domain.
The following arguments are optional:
- ebs_
options DomainEbs Options Args - Configuration block for EBS related options, may be required based on chosen instance size. Detailed below.
- encrypt_
at_ Domainrest Encrypt At Rest Args - Configuration block for encrypt at rest options. Only available for certain instance types. Detailed below.
- engine_
version str - Either
Elasticsearch_X.Y
orOpenSearch_X.Y
to specify the engine version for the Amazon OpenSearch Service domain. For example,OpenSearch_1.0
orElasticsearch_7.9
. See Creating and managing Amazon OpenSearch Service domains. Defaults to the lastest version of OpenSearch. - ip_
address_ strtype - The IP address type for the endpoint. Valid values are
ipv4
anddualstack
. - log_
publishing_ Sequence[Domainoptions Log Publishing Option Args] - Configuration block for publishing slow and application logs to CloudWatch Logs. This block can be declared multiple times, for each log_type, within the same resource. Detailed below.
- node_
to_ Domainnode_ encryption Node To Node Encryption Args - Configuration block for node-to-node encryption options. Detailed below.
- off_
peak_ Domainwindow_ options Off Peak Window Options Args - Configuration to add Off Peak update options. (documentation). Detailed below.
- snapshot_
options DomainSnapshot Options Args - Configuration block for snapshot related options. Detailed below. DEPRECATED. For domains running OpenSearch 5.3 and later, Amazon OpenSearch takes hourly automated snapshots, making this setting irrelevant. For domains running earlier versions, OpenSearch takes daily automated snapshots.
- software_
update_ Domainoptions Software Update Options Args - Software update options for the domain. Detailed below.
- Mapping[str, str]
- Map of tags to assign to the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - vpc_
options DomainVpc Options Args - Configuration block for VPC related options. Adding or removing this configuration forces a new resource (documentation). Detailed below.
- access
Policies String - IAM policy document specifying the access policies for the domain.
- advanced
Options Map<String> - Key-value string pairs to specify advanced configuration options. Note that the values for these configuration options must be strings (wrapped in quotes) or they may be wrong and cause a perpetual diff, causing the provider to want to recreate your OpenSearch domain on every apply.
- advanced
Security Property MapOptions - Configuration block for fine-grained access control. Detailed below.
- auto
Tune Property MapOptions - Configuration block for the Auto-Tune options of the domain. Detailed below.
- cluster
Config Property Map - Configuration block for the cluster of the domain. Detailed below.
- cognito
Options Property Map - Configuration block for authenticating dashboard with Cognito. Detailed below.
- domain
Endpoint Property MapOptions - Configuration block for domain endpoint HTTP(S) related options. Detailed below.
- domain
Name String Name of the domain.
The following arguments are optional:
- ebs
Options Property Map - Configuration block for EBS related options, may be required based on chosen instance size. Detailed below.
- encrypt
At Property MapRest - Configuration block for encrypt at rest options. Only available for certain instance types. Detailed below.
- engine
Version String - Either
Elasticsearch_X.Y
orOpenSearch_X.Y
to specify the engine version for the Amazon OpenSearch Service domain. For example,OpenSearch_1.0
orElasticsearch_7.9
. See Creating and managing Amazon OpenSearch Service domains. Defaults to the lastest version of OpenSearch. - ip
Address StringType - The IP address type for the endpoint. Valid values are
ipv4
anddualstack
. - log
Publishing List<Property Map>Options - Configuration block for publishing slow and application logs to CloudWatch Logs. This block can be declared multiple times, for each log_type, within the same resource. Detailed below.
- node
To Property MapNode Encryption - Configuration block for node-to-node encryption options. Detailed below.
- off
Peak Property MapWindow Options - Configuration to add Off Peak update options. (documentation). Detailed below.
- snapshot
Options Property Map - Configuration block for snapshot related options. Detailed below. DEPRECATED. For domains running OpenSearch 5.3 and later, Amazon OpenSearch takes hourly automated snapshots, making this setting irrelevant. For domains running earlier versions, OpenSearch takes daily automated snapshots.
- software
Update Property MapOptions - Software update options for the domain. Detailed below.
- Map<String>
- Map of tags to assign to the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - vpc
Options Property Map - Configuration block for VPC related options. Adding or removing this configuration forces a new resource (documentation). Detailed below.
Outputs
All input properties are implicitly available as output properties. Additionally, the Domain resource produces the following output properties:
- Arn string
- ARN of the domain.
- Dashboard
Endpoint string - Domain-specific endpoint for Dashboard without https scheme.
- Dashboard
Endpoint stringV2 - V2 domain endpoint for Dashboard that works with both IPv4 and IPv6 addresses, without https scheme.
- Domain
Endpoint stringV2Hosted Zone Id - Dual stack hosted zone ID for the domain.
- Domain
Id string - Unique identifier for the domain.
- Endpoint string
- Domain-specific endpoint used to submit index, search, and data upload requests.
- Endpoint
V2 string - V2 domain endpoint that works with both IPv4 and IPv6 addresses, used to submit index, search, and data upload requests.
- Id string
- The provider-assigned unique ID for this managed resource.
- Kibana
Endpoint string - (Deprecated) Domain-specific endpoint for kibana without https scheme. Use the
dashboard_endpoint
attribute instead. - Dictionary<string, string>
- Map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
- Arn string
- ARN of the domain.
- Dashboard
Endpoint string - Domain-specific endpoint for Dashboard without https scheme.
- Dashboard
Endpoint stringV2 - V2 domain endpoint for Dashboard that works with both IPv4 and IPv6 addresses, without https scheme.
- Domain
Endpoint stringV2Hosted Zone Id - Dual stack hosted zone ID for the domain.
- Domain
Id string - Unique identifier for the domain.
- Endpoint string
- Domain-specific endpoint used to submit index, search, and data upload requests.
- Endpoint
V2 string - V2 domain endpoint that works with both IPv4 and IPv6 addresses, used to submit index, search, and data upload requests.
- Id string
- The provider-assigned unique ID for this managed resource.
- Kibana
Endpoint string - (Deprecated) Domain-specific endpoint for kibana without https scheme. Use the
dashboard_endpoint
attribute instead. - map[string]string
- Map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
- arn String
- ARN of the domain.
- dashboard
Endpoint String - Domain-specific endpoint for Dashboard without https scheme.
- dashboard
Endpoint StringV2 - V2 domain endpoint for Dashboard that works with both IPv4 and IPv6 addresses, without https scheme.
- domain
Endpoint StringV2Hosted Zone Id - Dual stack hosted zone ID for the domain.
- domain
Id String - Unique identifier for the domain.
- endpoint String
- Domain-specific endpoint used to submit index, search, and data upload requests.
- endpoint
V2 String - V2 domain endpoint that works with both IPv4 and IPv6 addresses, used to submit index, search, and data upload requests.
- id String
- The provider-assigned unique ID for this managed resource.
- kibana
Endpoint String - (Deprecated) Domain-specific endpoint for kibana without https scheme. Use the
dashboard_endpoint
attribute instead. - Map<String,String>
- Map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
- arn string
- ARN of the domain.
- dashboard
Endpoint string - Domain-specific endpoint for Dashboard without https scheme.
- dashboard
Endpoint stringV2 - V2 domain endpoint for Dashboard that works with both IPv4 and IPv6 addresses, without https scheme.
- domain
Endpoint stringV2Hosted Zone Id - Dual stack hosted zone ID for the domain.
- domain
Id string - Unique identifier for the domain.
- endpoint string
- Domain-specific endpoint used to submit index, search, and data upload requests.
- endpoint
V2 string - V2 domain endpoint that works with both IPv4 and IPv6 addresses, used to submit index, search, and data upload requests.
- id string
- The provider-assigned unique ID for this managed resource.
- kibana
Endpoint string - (Deprecated) Domain-specific endpoint for kibana without https scheme. Use the
dashboard_endpoint
attribute instead. - {[key: string]: string}
- Map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
- arn str
- ARN of the domain.
- dashboard_
endpoint str - Domain-specific endpoint for Dashboard without https scheme.
- dashboard_
endpoint_ strv2 - V2 domain endpoint for Dashboard that works with both IPv4 and IPv6 addresses, without https scheme.
- domain_
endpoint_ strv2_ hosted_ zone_ id - Dual stack hosted zone ID for the domain.
- domain_
id str - Unique identifier for the domain.
- endpoint str
- Domain-specific endpoint used to submit index, search, and data upload requests.
- endpoint_
v2 str - V2 domain endpoint that works with both IPv4 and IPv6 addresses, used to submit index, search, and data upload requests.
- id str
- The provider-assigned unique ID for this managed resource.
- kibana_
endpoint str - (Deprecated) Domain-specific endpoint for kibana without https scheme. Use the
dashboard_endpoint
attribute instead. - Mapping[str, str]
- Map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
- arn String
- ARN of the domain.
- dashboard
Endpoint String - Domain-specific endpoint for Dashboard without https scheme.
- dashboard
Endpoint StringV2 - V2 domain endpoint for Dashboard that works with both IPv4 and IPv6 addresses, without https scheme.
- domain
Endpoint StringV2Hosted Zone Id - Dual stack hosted zone ID for the domain.
- domain
Id String - Unique identifier for the domain.
- endpoint String
- Domain-specific endpoint used to submit index, search, and data upload requests.
- endpoint
V2 String - V2 domain endpoint that works with both IPv4 and IPv6 addresses, used to submit index, search, and data upload requests.
- id String
- The provider-assigned unique ID for this managed resource.
- kibana
Endpoint String - (Deprecated) Domain-specific endpoint for kibana without https scheme. Use the
dashboard_endpoint
attribute instead. - Map<String>
- Map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
Look up Existing Domain Resource
Get an existing Domain resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: DomainState, opts?: CustomResourceOptions): Domain
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
access_policies: Optional[str] = None,
advanced_options: Optional[Mapping[str, str]] = None,
advanced_security_options: Optional[DomainAdvancedSecurityOptionsArgs] = None,
arn: Optional[str] = None,
auto_tune_options: Optional[DomainAutoTuneOptionsArgs] = None,
cluster_config: Optional[DomainClusterConfigArgs] = None,
cognito_options: Optional[DomainCognitoOptionsArgs] = None,
dashboard_endpoint: Optional[str] = None,
dashboard_endpoint_v2: Optional[str] = None,
domain_endpoint_options: Optional[DomainDomainEndpointOptionsArgs] = None,
domain_endpoint_v2_hosted_zone_id: Optional[str] = None,
domain_id: Optional[str] = None,
domain_name: Optional[str] = None,
ebs_options: Optional[DomainEbsOptionsArgs] = None,
encrypt_at_rest: Optional[DomainEncryptAtRestArgs] = None,
endpoint: Optional[str] = None,
endpoint_v2: Optional[str] = None,
engine_version: Optional[str] = None,
ip_address_type: Optional[str] = None,
kibana_endpoint: Optional[str] = None,
log_publishing_options: Optional[Sequence[DomainLogPublishingOptionArgs]] = None,
node_to_node_encryption: Optional[DomainNodeToNodeEncryptionArgs] = None,
off_peak_window_options: Optional[DomainOffPeakWindowOptionsArgs] = None,
snapshot_options: Optional[DomainSnapshotOptionsArgs] = None,
software_update_options: Optional[DomainSoftwareUpdateOptionsArgs] = None,
tags: Optional[Mapping[str, str]] = None,
tags_all: Optional[Mapping[str, str]] = None,
vpc_options: Optional[DomainVpcOptionsArgs] = None) -> Domain
func GetDomain(ctx *Context, name string, id IDInput, state *DomainState, opts ...ResourceOption) (*Domain, error)
public static Domain Get(string name, Input<string> id, DomainState? state, CustomResourceOptions? opts = null)
public static Domain get(String name, Output<String> id, DomainState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Access
Policies string - IAM policy document specifying the access policies for the domain.
- Advanced
Options Dictionary<string, string> - Key-value string pairs to specify advanced configuration options. Note that the values for these configuration options must be strings (wrapped in quotes) or they may be wrong and cause a perpetual diff, causing the provider to want to recreate your OpenSearch domain on every apply.
- Advanced
Security DomainOptions Advanced Security Options - Configuration block for fine-grained access control. Detailed below.
- Arn string
- ARN of the domain.
- Auto
Tune DomainOptions Auto Tune Options - Configuration block for the Auto-Tune options of the domain. Detailed below.
- Cluster
Config DomainCluster Config - Configuration block for the cluster of the domain. Detailed below.
- Cognito
Options DomainCognito Options - Configuration block for authenticating dashboard with Cognito. Detailed below.
- Dashboard
Endpoint string - Domain-specific endpoint for Dashboard without https scheme.
- Dashboard
Endpoint stringV2 - V2 domain endpoint for Dashboard that works with both IPv4 and IPv6 addresses, without https scheme.
- Domain
Endpoint DomainOptions Domain Endpoint Options - Configuration block for domain endpoint HTTP(S) related options. Detailed below.
- Domain
Endpoint stringV2Hosted Zone Id - Dual stack hosted zone ID for the domain.
- Domain
Id string - Unique identifier for the domain.
- Domain
Name string Name of the domain.
The following arguments are optional:
- Ebs
Options DomainEbs Options - Configuration block for EBS related options, may be required based on chosen instance size. Detailed below.
- Encrypt
At DomainRest Encrypt At Rest - Configuration block for encrypt at rest options. Only available for certain instance types. Detailed below.
- Endpoint string
- Domain-specific endpoint used to submit index, search, and data upload requests.
- Endpoint
V2 string - V2 domain endpoint that works with both IPv4 and IPv6 addresses, used to submit index, search, and data upload requests.
- Engine
Version string - Either
Elasticsearch_X.Y
orOpenSearch_X.Y
to specify the engine version for the Amazon OpenSearch Service domain. For example,OpenSearch_1.0
orElasticsearch_7.9
. See Creating and managing Amazon OpenSearch Service domains. Defaults to the lastest version of OpenSearch. - Ip
Address stringType - The IP address type for the endpoint. Valid values are
ipv4
anddualstack
. - Kibana
Endpoint string - (Deprecated) Domain-specific endpoint for kibana without https scheme. Use the
dashboard_endpoint
attribute instead. - Log
Publishing List<DomainOptions Log Publishing Option> - Configuration block for publishing slow and application logs to CloudWatch Logs. This block can be declared multiple times, for each log_type, within the same resource. Detailed below.
- Node
To DomainNode Encryption Node To Node Encryption - Configuration block for node-to-node encryption options. Detailed below.
- Off
Peak DomainWindow Options Off Peak Window Options - Configuration to add Off Peak update options. (documentation). Detailed below.
- Snapshot
Options DomainSnapshot Options - Configuration block for snapshot related options. Detailed below. DEPRECATED. For domains running OpenSearch 5.3 and later, Amazon OpenSearch takes hourly automated snapshots, making this setting irrelevant. For domains running earlier versions, OpenSearch takes daily automated snapshots.
- Software
Update DomainOptions Software Update Options - Software update options for the domain. Detailed below.
- Dictionary<string, string>
- Map of tags to assign to the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - Dictionary<string, string>
- Map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block. - Vpc
Options DomainVpc Options - Configuration block for VPC related options. Adding or removing this configuration forces a new resource (documentation). Detailed below.
- Access
Policies string - IAM policy document specifying the access policies for the domain.
- Advanced
Options map[string]string - Key-value string pairs to specify advanced configuration options. Note that the values for these configuration options must be strings (wrapped in quotes) or they may be wrong and cause a perpetual diff, causing the provider to want to recreate your OpenSearch domain on every apply.
- Advanced
Security DomainOptions Advanced Security Options Args - Configuration block for fine-grained access control. Detailed below.
- Arn string
- ARN of the domain.
- Auto
Tune DomainOptions Auto Tune Options Args - Configuration block for the Auto-Tune options of the domain. Detailed below.
- Cluster
Config DomainCluster Config Args - Configuration block for the cluster of the domain. Detailed below.
- Cognito
Options DomainCognito Options Args - Configuration block for authenticating dashboard with Cognito. Detailed below.
- Dashboard
Endpoint string - Domain-specific endpoint for Dashboard without https scheme.
- Dashboard
Endpoint stringV2 - V2 domain endpoint for Dashboard that works with both IPv4 and IPv6 addresses, without https scheme.
- Domain
Endpoint DomainOptions Domain Endpoint Options Args - Configuration block for domain endpoint HTTP(S) related options. Detailed below.
- Domain
Endpoint stringV2Hosted Zone Id - Dual stack hosted zone ID for the domain.
- Domain
Id string - Unique identifier for the domain.
- Domain
Name string Name of the domain.
The following arguments are optional:
- Ebs
Options DomainEbs Options Args - Configuration block for EBS related options, may be required based on chosen instance size. Detailed below.
- Encrypt
At DomainRest Encrypt At Rest Args - Configuration block for encrypt at rest options. Only available for certain instance types. Detailed below.
- Endpoint string
- Domain-specific endpoint used to submit index, search, and data upload requests.
- Endpoint
V2 string - V2 domain endpoint that works with both IPv4 and IPv6 addresses, used to submit index, search, and data upload requests.
- Engine
Version string - Either
Elasticsearch_X.Y
orOpenSearch_X.Y
to specify the engine version for the Amazon OpenSearch Service domain. For example,OpenSearch_1.0
orElasticsearch_7.9
. See Creating and managing Amazon OpenSearch Service domains. Defaults to the lastest version of OpenSearch. - Ip
Address stringType - The IP address type for the endpoint. Valid values are
ipv4
anddualstack
. - Kibana
Endpoint string - (Deprecated) Domain-specific endpoint for kibana without https scheme. Use the
dashboard_endpoint
attribute instead. - Log
Publishing []DomainOptions Log Publishing Option Args - Configuration block for publishing slow and application logs to CloudWatch Logs. This block can be declared multiple times, for each log_type, within the same resource. Detailed below.
- Node
To DomainNode Encryption Node To Node Encryption Args - Configuration block for node-to-node encryption options. Detailed below.
- Off
Peak DomainWindow Options Off Peak Window Options Args - Configuration to add Off Peak update options. (documentation). Detailed below.
- Snapshot
Options DomainSnapshot Options Args - Configuration block for snapshot related options. Detailed below. DEPRECATED. For domains running OpenSearch 5.3 and later, Amazon OpenSearch takes hourly automated snapshots, making this setting irrelevant. For domains running earlier versions, OpenSearch takes daily automated snapshots.
- Software
Update DomainOptions Software Update Options Args - Software update options for the domain. Detailed below.
- map[string]string
- Map of tags to assign to the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - map[string]string
- Map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block. - Vpc
Options DomainVpc Options Args - Configuration block for VPC related options. Adding or removing this configuration forces a new resource (documentation). Detailed below.
- access
Policies String - IAM policy document specifying the access policies for the domain.
- advanced
Options Map<String,String> - Key-value string pairs to specify advanced configuration options. Note that the values for these configuration options must be strings (wrapped in quotes) or they may be wrong and cause a perpetual diff, causing the provider to want to recreate your OpenSearch domain on every apply.
- advanced
Security DomainOptions Advanced Security Options - Configuration block for fine-grained access control. Detailed below.
- arn String
- ARN of the domain.
- auto
Tune DomainOptions Auto Tune Options - Configuration block for the Auto-Tune options of the domain. Detailed below.
- cluster
Config DomainCluster Config - Configuration block for the cluster of the domain. Detailed below.
- cognito
Options DomainCognito Options - Configuration block for authenticating dashboard with Cognito. Detailed below.
- dashboard
Endpoint String - Domain-specific endpoint for Dashboard without https scheme.
- dashboard
Endpoint StringV2 - V2 domain endpoint for Dashboard that works with both IPv4 and IPv6 addresses, without https scheme.
- domain
Endpoint DomainOptions Domain Endpoint Options - Configuration block for domain endpoint HTTP(S) related options. Detailed below.
- domain
Endpoint StringV2Hosted Zone Id - Dual stack hosted zone ID for the domain.
- domain
Id String - Unique identifier for the domain.
- domain
Name String Name of the domain.
The following arguments are optional:
- ebs
Options DomainEbs Options - Configuration block for EBS related options, may be required based on chosen instance size. Detailed below.
- encrypt
At DomainRest Encrypt At Rest - Configuration block for encrypt at rest options. Only available for certain instance types. Detailed below.
- endpoint String
- Domain-specific endpoint used to submit index, search, and data upload requests.
- endpoint
V2 String - V2 domain endpoint that works with both IPv4 and IPv6 addresses, used to submit index, search, and data upload requests.
- engine
Version String - Either
Elasticsearch_X.Y
orOpenSearch_X.Y
to specify the engine version for the Amazon OpenSearch Service domain. For example,OpenSearch_1.0
orElasticsearch_7.9
. See Creating and managing Amazon OpenSearch Service domains. Defaults to the lastest version of OpenSearch. - ip
Address StringType - The IP address type for the endpoint. Valid values are
ipv4
anddualstack
. - kibana
Endpoint String - (Deprecated) Domain-specific endpoint for kibana without https scheme. Use the
dashboard_endpoint
attribute instead. - log
Publishing List<DomainOptions Log Publishing Option> - Configuration block for publishing slow and application logs to CloudWatch Logs. This block can be declared multiple times, for each log_type, within the same resource. Detailed below.
- node
To DomainNode Encryption Node To Node Encryption - Configuration block for node-to-node encryption options. Detailed below.
- off
Peak DomainWindow Options Off Peak Window Options - Configuration to add Off Peak update options. (documentation). Detailed below.
- snapshot
Options DomainSnapshot Options - Configuration block for snapshot related options. Detailed below. DEPRECATED. For domains running OpenSearch 5.3 and later, Amazon OpenSearch takes hourly automated snapshots, making this setting irrelevant. For domains running earlier versions, OpenSearch takes daily automated snapshots.
- software
Update DomainOptions Software Update Options - Software update options for the domain. Detailed below.
- Map<String,String>
- Map of tags to assign to the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - Map<String,String>
- Map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block. - vpc
Options DomainVpc Options - Configuration block for VPC related options. Adding or removing this configuration forces a new resource (documentation). Detailed below.
- access
Policies string - IAM policy document specifying the access policies for the domain.
- advanced
Options {[key: string]: string} - Key-value string pairs to specify advanced configuration options. Note that the values for these configuration options must be strings (wrapped in quotes) or they may be wrong and cause a perpetual diff, causing the provider to want to recreate your OpenSearch domain on every apply.
- advanced
Security DomainOptions Advanced Security Options - Configuration block for fine-grained access control. Detailed below.
- arn string
- ARN of the domain.
- auto
Tune DomainOptions Auto Tune Options - Configuration block for the Auto-Tune options of the domain. Detailed below.
- cluster
Config DomainCluster Config - Configuration block for the cluster of the domain. Detailed below.
- cognito
Options DomainCognito Options - Configuration block for authenticating dashboard with Cognito. Detailed below.
- dashboard
Endpoint string - Domain-specific endpoint for Dashboard without https scheme.
- dashboard
Endpoint stringV2 - V2 domain endpoint for Dashboard that works with both IPv4 and IPv6 addresses, without https scheme.
- domain
Endpoint DomainOptions Domain Endpoint Options - Configuration block for domain endpoint HTTP(S) related options. Detailed below.
- domain
Endpoint stringV2Hosted Zone Id - Dual stack hosted zone ID for the domain.
- domain
Id string - Unique identifier for the domain.
- domain
Name string Name of the domain.
The following arguments are optional:
- ebs
Options DomainEbs Options - Configuration block for EBS related options, may be required based on chosen instance size. Detailed below.
- encrypt
At DomainRest Encrypt At Rest - Configuration block for encrypt at rest options. Only available for certain instance types. Detailed below.
- endpoint string
- Domain-specific endpoint used to submit index, search, and data upload requests.
- endpoint
V2 string - V2 domain endpoint that works with both IPv4 and IPv6 addresses, used to submit index, search, and data upload requests.
- engine
Version string - Either
Elasticsearch_X.Y
orOpenSearch_X.Y
to specify the engine version for the Amazon OpenSearch Service domain. For example,OpenSearch_1.0
orElasticsearch_7.9
. See Creating and managing Amazon OpenSearch Service domains. Defaults to the lastest version of OpenSearch. - ip
Address stringType - The IP address type for the endpoint. Valid values are
ipv4
anddualstack
. - kibana
Endpoint string - (Deprecated) Domain-specific endpoint for kibana without https scheme. Use the
dashboard_endpoint
attribute instead. - log
Publishing DomainOptions Log Publishing Option[] - Configuration block for publishing slow and application logs to CloudWatch Logs. This block can be declared multiple times, for each log_type, within the same resource. Detailed below.
- node
To DomainNode Encryption Node To Node Encryption - Configuration block for node-to-node encryption options. Detailed below.
- off
Peak DomainWindow Options Off Peak Window Options - Configuration to add Off Peak update options. (documentation). Detailed below.
- snapshot
Options DomainSnapshot Options - Configuration block for snapshot related options. Detailed below. DEPRECATED. For domains running OpenSearch 5.3 and later, Amazon OpenSearch takes hourly automated snapshots, making this setting irrelevant. For domains running earlier versions, OpenSearch takes daily automated snapshots.
- software
Update DomainOptions Software Update Options - Software update options for the domain. Detailed below.
- {[key: string]: string}
- Map of tags to assign to the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - {[key: string]: string}
- Map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block. - vpc
Options DomainVpc Options - Configuration block for VPC related options. Adding or removing this configuration forces a new resource (documentation). Detailed below.
- access_
policies str - IAM policy document specifying the access policies for the domain.
- advanced_
options Mapping[str, str] - Key-value string pairs to specify advanced configuration options. Note that the values for these configuration options must be strings (wrapped in quotes) or they may be wrong and cause a perpetual diff, causing the provider to want to recreate your OpenSearch domain on every apply.
- advanced_
security_ Domainoptions Advanced Security Options Args - Configuration block for fine-grained access control. Detailed below.
- arn str
- ARN of the domain.
- auto_
tune_ Domainoptions Auto Tune Options Args - Configuration block for the Auto-Tune options of the domain. Detailed below.
- cluster_
config DomainCluster Config Args - Configuration block for the cluster of the domain. Detailed below.
- cognito_
options DomainCognito Options Args - Configuration block for authenticating dashboard with Cognito. Detailed below.
- dashboard_
endpoint str - Domain-specific endpoint for Dashboard without https scheme.
- dashboard_
endpoint_ strv2 - V2 domain endpoint for Dashboard that works with both IPv4 and IPv6 addresses, without https scheme.
- domain_
endpoint_ Domainoptions Domain Endpoint Options Args - Configuration block for domain endpoint HTTP(S) related options. Detailed below.
- domain_
endpoint_ strv2_ hosted_ zone_ id - Dual stack hosted zone ID for the domain.
- domain_
id str - Unique identifier for the domain.
- domain_
name str Name of the domain.
The following arguments are optional:
- ebs_
options DomainEbs Options Args - Configuration block for EBS related options, may be required based on chosen instance size. Detailed below.
- encrypt_
at_ Domainrest Encrypt At Rest Args - Configuration block for encrypt at rest options. Only available for certain instance types. Detailed below.
- endpoint str
- Domain-specific endpoint used to submit index, search, and data upload requests.
- endpoint_
v2 str - V2 domain endpoint that works with both IPv4 and IPv6 addresses, used to submit index, search, and data upload requests.
- engine_
version str - Either
Elasticsearch_X.Y
orOpenSearch_X.Y
to specify the engine version for the Amazon OpenSearch Service domain. For example,OpenSearch_1.0
orElasticsearch_7.9
. See Creating and managing Amazon OpenSearch Service domains. Defaults to the lastest version of OpenSearch. - ip_
address_ strtype - The IP address type for the endpoint. Valid values are
ipv4
anddualstack
. - kibana_
endpoint str - (Deprecated) Domain-specific endpoint for kibana without https scheme. Use the
dashboard_endpoint
attribute instead. - log_
publishing_ Sequence[Domainoptions Log Publishing Option Args] - Configuration block for publishing slow and application logs to CloudWatch Logs. This block can be declared multiple times, for each log_type, within the same resource. Detailed below.
- node_
to_ Domainnode_ encryption Node To Node Encryption Args - Configuration block for node-to-node encryption options. Detailed below.
- off_
peak_ Domainwindow_ options Off Peak Window Options Args - Configuration to add Off Peak update options. (documentation). Detailed below.
- snapshot_
options DomainSnapshot Options Args - Configuration block for snapshot related options. Detailed below. DEPRECATED. For domains running OpenSearch 5.3 and later, Amazon OpenSearch takes hourly automated snapshots, making this setting irrelevant. For domains running earlier versions, OpenSearch takes daily automated snapshots.
- software_
update_ Domainoptions Software Update Options Args - Software update options for the domain. Detailed below.
- Mapping[str, str]
- Map of tags to assign to the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - Mapping[str, str]
- Map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block. - vpc_
options DomainVpc Options Args - Configuration block for VPC related options. Adding or removing this configuration forces a new resource (documentation). Detailed below.
- access
Policies String - IAM policy document specifying the access policies for the domain.
- advanced
Options Map<String> - Key-value string pairs to specify advanced configuration options. Note that the values for these configuration options must be strings (wrapped in quotes) or they may be wrong and cause a perpetual diff, causing the provider to want to recreate your OpenSearch domain on every apply.
- advanced
Security Property MapOptions - Configuration block for fine-grained access control. Detailed below.
- arn String
- ARN of the domain.
- auto
Tune Property MapOptions - Configuration block for the Auto-Tune options of the domain. Detailed below.
- cluster
Config Property Map - Configuration block for the cluster of the domain. Detailed below.
- cognito
Options Property Map - Configuration block for authenticating dashboard with Cognito. Detailed below.
- dashboard
Endpoint String - Domain-specific endpoint for Dashboard without https scheme.
- dashboard
Endpoint StringV2 - V2 domain endpoint for Dashboard that works with both IPv4 and IPv6 addresses, without https scheme.
- domain
Endpoint Property MapOptions - Configuration block for domain endpoint HTTP(S) related options. Detailed below.
- domain
Endpoint StringV2Hosted Zone Id - Dual stack hosted zone ID for the domain.
- domain
Id String - Unique identifier for the domain.
- domain
Name String Name of the domain.
The following arguments are optional:
- ebs
Options Property Map - Configuration block for EBS related options, may be required based on chosen instance size. Detailed below.
- encrypt
At Property MapRest - Configuration block for encrypt at rest options. Only available for certain instance types. Detailed below.
- endpoint String
- Domain-specific endpoint used to submit index, search, and data upload requests.
- endpoint
V2 String - V2 domain endpoint that works with both IPv4 and IPv6 addresses, used to submit index, search, and data upload requests.
- engine
Version String - Either
Elasticsearch_X.Y
orOpenSearch_X.Y
to specify the engine version for the Amazon OpenSearch Service domain. For example,OpenSearch_1.0
orElasticsearch_7.9
. See Creating and managing Amazon OpenSearch Service domains. Defaults to the lastest version of OpenSearch. - ip
Address StringType - The IP address type for the endpoint. Valid values are
ipv4
anddualstack
. - kibana
Endpoint String - (Deprecated) Domain-specific endpoint for kibana without https scheme. Use the
dashboard_endpoint
attribute instead. - log
Publishing List<Property Map>Options - Configuration block for publishing slow and application logs to CloudWatch Logs. This block can be declared multiple times, for each log_type, within the same resource. Detailed below.
- node
To Property MapNode Encryption - Configuration block for node-to-node encryption options. Detailed below.
- off
Peak Property MapWindow Options - Configuration to add Off Peak update options. (documentation). Detailed below.
- snapshot
Options Property Map - Configuration block for snapshot related options. Detailed below. DEPRECATED. For domains running OpenSearch 5.3 and later, Amazon OpenSearch takes hourly automated snapshots, making this setting irrelevant. For domains running earlier versions, OpenSearch takes daily automated snapshots.
- software
Update Property MapOptions - Software update options for the domain. Detailed below.
- Map<String>
- Map of tags to assign to the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - Map<String>
- Map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block. - vpc
Options Property Map - Configuration block for VPC related options. Adding or removing this configuration forces a new resource (documentation). Detailed below.
Supporting Types
DomainAdvancedSecurityOptions, DomainAdvancedSecurityOptionsArgs
- Enabled bool
- Whether advanced security is enabled.
- Anonymous
Auth boolEnabled - Whether Anonymous auth is enabled. Enables fine-grained access control on an existing domain. Ignored unless
advanced_security_options
are enabled. Can only be enabled on an existing domain. - Internal
User boolDatabase Enabled - Whether the internal user database is enabled. Default is
false
. - Master
User DomainOptions Advanced Security Options Master User Options - Configuration block for the main user. Detailed below.
- Enabled bool
- Whether advanced security is enabled.
- Anonymous
Auth boolEnabled - Whether Anonymous auth is enabled. Enables fine-grained access control on an existing domain. Ignored unless
advanced_security_options
are enabled. Can only be enabled on an existing domain. - Internal
User boolDatabase Enabled - Whether the internal user database is enabled. Default is
false
. - Master
User DomainOptions Advanced Security Options Master User Options - Configuration block for the main user. Detailed below.
- enabled Boolean
- Whether advanced security is enabled.
- anonymous
Auth BooleanEnabled - Whether Anonymous auth is enabled. Enables fine-grained access control on an existing domain. Ignored unless
advanced_security_options
are enabled. Can only be enabled on an existing domain. - internal
User BooleanDatabase Enabled - Whether the internal user database is enabled. Default is
false
. - master
User DomainOptions Advanced Security Options Master User Options - Configuration block for the main user. Detailed below.
- enabled boolean
- Whether advanced security is enabled.
- anonymous
Auth booleanEnabled - Whether Anonymous auth is enabled. Enables fine-grained access control on an existing domain. Ignored unless
advanced_security_options
are enabled. Can only be enabled on an existing domain. - internal
User booleanDatabase Enabled - Whether the internal user database is enabled. Default is
false
. - master
User DomainOptions Advanced Security Options Master User Options - Configuration block for the main user. Detailed below.
- enabled bool
- Whether advanced security is enabled.
- anonymous_
auth_ boolenabled - Whether Anonymous auth is enabled. Enables fine-grained access control on an existing domain. Ignored unless
advanced_security_options
are enabled. Can only be enabled on an existing domain. - internal_
user_ booldatabase_ enabled - Whether the internal user database is enabled. Default is
false
. - master_
user_ Domainoptions Advanced Security Options Master User Options - Configuration block for the main user. Detailed below.
- enabled Boolean
- Whether advanced security is enabled.
- anonymous
Auth BooleanEnabled - Whether Anonymous auth is enabled. Enables fine-grained access control on an existing domain. Ignored unless
advanced_security_options
are enabled. Can only be enabled on an existing domain. - internal
User BooleanDatabase Enabled - Whether the internal user database is enabled. Default is
false
. - master
User Property MapOptions - Configuration block for the main user. Detailed below.
DomainAdvancedSecurityOptionsMasterUserOptions, DomainAdvancedSecurityOptionsMasterUserOptionsArgs
- Master
User stringArn - ARN for the main user. Only specify if
internal_user_database_enabled
is not set or set tofalse
. - Master
User stringName - Main user's username, which is stored in the Amazon OpenSearch Service domain's internal database. Only specify if
internal_user_database_enabled
is set totrue
. - Master
User stringPassword - Main user's password, which is stored in the Amazon OpenSearch Service domain's internal database. Only specify if
internal_user_database_enabled
is set totrue
.
- Master
User stringArn - ARN for the main user. Only specify if
internal_user_database_enabled
is not set or set tofalse
. - Master
User stringName - Main user's username, which is stored in the Amazon OpenSearch Service domain's internal database. Only specify if
internal_user_database_enabled
is set totrue
. - Master
User stringPassword - Main user's password, which is stored in the Amazon OpenSearch Service domain's internal database. Only specify if
internal_user_database_enabled
is set totrue
.
- master
User StringArn - ARN for the main user. Only specify if
internal_user_database_enabled
is not set or set tofalse
. - master
User StringName - Main user's username, which is stored in the Amazon OpenSearch Service domain's internal database. Only specify if
internal_user_database_enabled
is set totrue
. - master
User StringPassword - Main user's password, which is stored in the Amazon OpenSearch Service domain's internal database. Only specify if
internal_user_database_enabled
is set totrue
.
- master
User stringArn - ARN for the main user. Only specify if
internal_user_database_enabled
is not set or set tofalse
. - master
User stringName - Main user's username, which is stored in the Amazon OpenSearch Service domain's internal database. Only specify if
internal_user_database_enabled
is set totrue
. - master
User stringPassword - Main user's password, which is stored in the Amazon OpenSearch Service domain's internal database. Only specify if
internal_user_database_enabled
is set totrue
.
- master_
user_ strarn - ARN for the main user. Only specify if
internal_user_database_enabled
is not set or set tofalse
. - master_
user_ strname - Main user's username, which is stored in the Amazon OpenSearch Service domain's internal database. Only specify if
internal_user_database_enabled
is set totrue
. - master_
user_ strpassword - Main user's password, which is stored in the Amazon OpenSearch Service domain's internal database. Only specify if
internal_user_database_enabled
is set totrue
.
- master
User StringArn - ARN for the main user. Only specify if
internal_user_database_enabled
is not set or set tofalse
. - master
User StringName - Main user's username, which is stored in the Amazon OpenSearch Service domain's internal database. Only specify if
internal_user_database_enabled
is set totrue
. - master
User StringPassword - Main user's password, which is stored in the Amazon OpenSearch Service domain's internal database. Only specify if
internal_user_database_enabled
is set totrue
.
DomainAutoTuneOptions, DomainAutoTuneOptionsArgs
- Desired
State string - Auto-Tune desired state for the domain. Valid values:
ENABLED
orDISABLED
. - Maintenance
Schedules List<DomainAuto Tune Options Maintenance Schedule> Configuration block for Auto-Tune maintenance windows. Can be specified multiple times for each maintenance window. Detailed below.
NOTE: Maintenance windows are deprecated and have been replaced with off-peak windows. Consequently,
maintenance_schedule
configuration blocks cannot be specified whenuse_off_peak_window
is set totrue
.- Rollback
On stringDisable - Whether to roll back to default Auto-Tune settings when disabling Auto-Tune. Valid values:
DEFAULT_ROLLBACK
orNO_ROLLBACK
. - Use
Off boolPeak Window - Whether to schedule Auto-Tune optimizations that require blue/green deployments during the domain's configured daily off-peak window. Defaults to
false
.
- Desired
State string - Auto-Tune desired state for the domain. Valid values:
ENABLED
orDISABLED
. - Maintenance
Schedules []DomainAuto Tune Options Maintenance Schedule Configuration block for Auto-Tune maintenance windows. Can be specified multiple times for each maintenance window. Detailed below.
NOTE: Maintenance windows are deprecated and have been replaced with off-peak windows. Consequently,
maintenance_schedule
configuration blocks cannot be specified whenuse_off_peak_window
is set totrue
.- Rollback
On stringDisable - Whether to roll back to default Auto-Tune settings when disabling Auto-Tune. Valid values:
DEFAULT_ROLLBACK
orNO_ROLLBACK
. - Use
Off boolPeak Window - Whether to schedule Auto-Tune optimizations that require blue/green deployments during the domain's configured daily off-peak window. Defaults to
false
.
- desired
State String - Auto-Tune desired state for the domain. Valid values:
ENABLED
orDISABLED
. - maintenance
Schedules List<DomainAuto Tune Options Maintenance Schedule> Configuration block for Auto-Tune maintenance windows. Can be specified multiple times for each maintenance window. Detailed below.
NOTE: Maintenance windows are deprecated and have been replaced with off-peak windows. Consequently,
maintenance_schedule
configuration blocks cannot be specified whenuse_off_peak_window
is set totrue
.- rollback
On StringDisable - Whether to roll back to default Auto-Tune settings when disabling Auto-Tune. Valid values:
DEFAULT_ROLLBACK
orNO_ROLLBACK
. - use
Off BooleanPeak Window - Whether to schedule Auto-Tune optimizations that require blue/green deployments during the domain's configured daily off-peak window. Defaults to
false
.
- desired
State string - Auto-Tune desired state for the domain. Valid values:
ENABLED
orDISABLED
. - maintenance
Schedules DomainAuto Tune Options Maintenance Schedule[] Configuration block for Auto-Tune maintenance windows. Can be specified multiple times for each maintenance window. Detailed below.
NOTE: Maintenance windows are deprecated and have been replaced with off-peak windows. Consequently,
maintenance_schedule
configuration blocks cannot be specified whenuse_off_peak_window
is set totrue
.- rollback
On stringDisable - Whether to roll back to default Auto-Tune settings when disabling Auto-Tune. Valid values:
DEFAULT_ROLLBACK
orNO_ROLLBACK
. - use
Off booleanPeak Window - Whether to schedule Auto-Tune optimizations that require blue/green deployments during the domain's configured daily off-peak window. Defaults to
false
.
- desired_
state str - Auto-Tune desired state for the domain. Valid values:
ENABLED
orDISABLED
. - maintenance_
schedules Sequence[DomainAuto Tune Options Maintenance Schedule] Configuration block for Auto-Tune maintenance windows. Can be specified multiple times for each maintenance window. Detailed below.
NOTE: Maintenance windows are deprecated and have been replaced with off-peak windows. Consequently,
maintenance_schedule
configuration blocks cannot be specified whenuse_off_peak_window
is set totrue
.- rollback_
on_ strdisable - Whether to roll back to default Auto-Tune settings when disabling Auto-Tune. Valid values:
DEFAULT_ROLLBACK
orNO_ROLLBACK
. - use_
off_ boolpeak_ window - Whether to schedule Auto-Tune optimizations that require blue/green deployments during the domain's configured daily off-peak window. Defaults to
false
.
- desired
State String - Auto-Tune desired state for the domain. Valid values:
ENABLED
orDISABLED
. - maintenance
Schedules List<Property Map> Configuration block for Auto-Tune maintenance windows. Can be specified multiple times for each maintenance window. Detailed below.
NOTE: Maintenance windows are deprecated and have been replaced with off-peak windows. Consequently,
maintenance_schedule
configuration blocks cannot be specified whenuse_off_peak_window
is set totrue
.- rollback
On StringDisable - Whether to roll back to default Auto-Tune settings when disabling Auto-Tune. Valid values:
DEFAULT_ROLLBACK
orNO_ROLLBACK
. - use
Off BooleanPeak Window - Whether to schedule Auto-Tune optimizations that require blue/green deployments during the domain's configured daily off-peak window. Defaults to
false
.
DomainAutoTuneOptionsMaintenanceSchedule, DomainAutoTuneOptionsMaintenanceScheduleArgs
- Cron
Expression stringFor Recurrence - A cron expression specifying the recurrence pattern for an Auto-Tune maintenance schedule.
- Duration
Domain
Auto Tune Options Maintenance Schedule Duration - Configuration block for the duration of the Auto-Tune maintenance window. Detailed below.
- Start
At string - Date and time at which to start the Auto-Tune maintenance schedule in RFC3339 format.
- Cron
Expression stringFor Recurrence - A cron expression specifying the recurrence pattern for an Auto-Tune maintenance schedule.
- Duration
Domain
Auto Tune Options Maintenance Schedule Duration - Configuration block for the duration of the Auto-Tune maintenance window. Detailed below.
- Start
At string - Date and time at which to start the Auto-Tune maintenance schedule in RFC3339 format.
- cron
Expression StringFor Recurrence - A cron expression specifying the recurrence pattern for an Auto-Tune maintenance schedule.
- duration
Domain
Auto Tune Options Maintenance Schedule Duration - Configuration block for the duration of the Auto-Tune maintenance window. Detailed below.
- start
At String - Date and time at which to start the Auto-Tune maintenance schedule in RFC3339 format.
- cron
Expression stringFor Recurrence - A cron expression specifying the recurrence pattern for an Auto-Tune maintenance schedule.
- duration
Domain
Auto Tune Options Maintenance Schedule Duration - Configuration block for the duration of the Auto-Tune maintenance window. Detailed below.
- start
At string - Date and time at which to start the Auto-Tune maintenance schedule in RFC3339 format.
- cron_
expression_ strfor_ recurrence - A cron expression specifying the recurrence pattern for an Auto-Tune maintenance schedule.
- duration
Domain
Auto Tune Options Maintenance Schedule Duration - Configuration block for the duration of the Auto-Tune maintenance window. Detailed below.
- start_
at str - Date and time at which to start the Auto-Tune maintenance schedule in RFC3339 format.
- cron
Expression StringFor Recurrence - A cron expression specifying the recurrence pattern for an Auto-Tune maintenance schedule.
- duration Property Map
- Configuration block for the duration of the Auto-Tune maintenance window. Detailed below.
- start
At String - Date and time at which to start the Auto-Tune maintenance schedule in RFC3339 format.
DomainAutoTuneOptionsMaintenanceScheduleDuration, DomainAutoTuneOptionsMaintenanceScheduleDurationArgs
DomainClusterConfig, DomainClusterConfigArgs
- Cold
Storage DomainOptions Cluster Config Cold Storage Options - Configuration block containing cold storage configuration. Detailed below.
- Dedicated
Master intCount - Number of dedicated main nodes in the cluster.
- Dedicated
Master boolEnabled - Whether dedicated main nodes are enabled for the cluster.
- Dedicated
Master stringType - Instance type of the dedicated main nodes in the cluster.
- Instance
Count int - Number of instances in the cluster.
- Instance
Type string - Instance type of data nodes in the cluster.
- Multi
Az boolWith Standby Enabled - Whether a multi-AZ domain is turned on with a standby AZ. For more information, see Configuring a multi-AZ domain in Amazon OpenSearch Service.
- Warm
Count int - Number of warm nodes in the cluster. Valid values are between
2
and150
.warm_count
can be only and must be set whenwarm_enabled
is set totrue
. - Warm
Enabled bool - Whether to enable warm storage.
- Warm
Type string - Instance type for the OpenSearch cluster's warm nodes. Valid values are
ultrawarm1.medium.search
,ultrawarm1.large.search
andultrawarm1.xlarge.search
.warm_type
can be only and must be set whenwarm_enabled
is set totrue
. - Zone
Awareness DomainConfig Cluster Config Zone Awareness Config - Configuration block containing zone awareness settings. Detailed below.
- Zone
Awareness boolEnabled - Whether zone awareness is enabled, set to
true
for multi-az deployment. To enable awareness with three Availability Zones, theavailability_zone_count
within thezone_awareness_config
must be set to3
.
- Cold
Storage DomainOptions Cluster Config Cold Storage Options - Configuration block containing cold storage configuration. Detailed below.
- Dedicated
Master intCount - Number of dedicated main nodes in the cluster.
- Dedicated
Master boolEnabled - Whether dedicated main nodes are enabled for the cluster.
- Dedicated
Master stringType - Instance type of the dedicated main nodes in the cluster.
- Instance
Count int - Number of instances in the cluster.
- Instance
Type string - Instance type of data nodes in the cluster.
- Multi
Az boolWith Standby Enabled - Whether a multi-AZ domain is turned on with a standby AZ. For more information, see Configuring a multi-AZ domain in Amazon OpenSearch Service.
- Warm
Count int - Number of warm nodes in the cluster. Valid values are between
2
and150
.warm_count
can be only and must be set whenwarm_enabled
is set totrue
. - Warm
Enabled bool - Whether to enable warm storage.
- Warm
Type string - Instance type for the OpenSearch cluster's warm nodes. Valid values are
ultrawarm1.medium.search
,ultrawarm1.large.search
andultrawarm1.xlarge.search
.warm_type
can be only and must be set whenwarm_enabled
is set totrue
. - Zone
Awareness DomainConfig Cluster Config Zone Awareness Config - Configuration block containing zone awareness settings. Detailed below.
- Zone
Awareness boolEnabled - Whether zone awareness is enabled, set to
true
for multi-az deployment. To enable awareness with three Availability Zones, theavailability_zone_count
within thezone_awareness_config
must be set to3
.
- cold
Storage DomainOptions Cluster Config Cold Storage Options - Configuration block containing cold storage configuration. Detailed below.
- dedicated
Master IntegerCount - Number of dedicated main nodes in the cluster.
- dedicated
Master BooleanEnabled - Whether dedicated main nodes are enabled for the cluster.
- dedicated
Master StringType - Instance type of the dedicated main nodes in the cluster.
- instance
Count Integer - Number of instances in the cluster.
- instance
Type String - Instance type of data nodes in the cluster.
- multi
Az BooleanWith Standby Enabled - Whether a multi-AZ domain is turned on with a standby AZ. For more information, see Configuring a multi-AZ domain in Amazon OpenSearch Service.
- warm
Count Integer - Number of warm nodes in the cluster. Valid values are between
2
and150
.warm_count
can be only and must be set whenwarm_enabled
is set totrue
. - warm
Enabled Boolean - Whether to enable warm storage.
- warm
Type String - Instance type for the OpenSearch cluster's warm nodes. Valid values are
ultrawarm1.medium.search
,ultrawarm1.large.search
andultrawarm1.xlarge.search
.warm_type
can be only and must be set whenwarm_enabled
is set totrue
. - zone
Awareness DomainConfig Cluster Config Zone Awareness Config - Configuration block containing zone awareness settings. Detailed below.
- zone
Awareness BooleanEnabled - Whether zone awareness is enabled, set to
true
for multi-az deployment. To enable awareness with three Availability Zones, theavailability_zone_count
within thezone_awareness_config
must be set to3
.
- cold
Storage DomainOptions Cluster Config Cold Storage Options - Configuration block containing cold storage configuration. Detailed below.
- dedicated
Master numberCount - Number of dedicated main nodes in the cluster.
- dedicated
Master booleanEnabled - Whether dedicated main nodes are enabled for the cluster.
- dedicated
Master stringType - Instance type of the dedicated main nodes in the cluster.
- instance
Count number - Number of instances in the cluster.
- instance
Type string - Instance type of data nodes in the cluster.
- multi
Az booleanWith Standby Enabled - Whether a multi-AZ domain is turned on with a standby AZ. For more information, see Configuring a multi-AZ domain in Amazon OpenSearch Service.
- warm
Count number - Number of warm nodes in the cluster. Valid values are between
2
and150
.warm_count
can be only and must be set whenwarm_enabled
is set totrue
. - warm
Enabled boolean - Whether to enable warm storage.
- warm
Type string - Instance type for the OpenSearch cluster's warm nodes. Valid values are
ultrawarm1.medium.search
,ultrawarm1.large.search
andultrawarm1.xlarge.search
.warm_type
can be only and must be set whenwarm_enabled
is set totrue
. - zone
Awareness DomainConfig Cluster Config Zone Awareness Config - Configuration block containing zone awareness settings. Detailed below.
- zone
Awareness booleanEnabled - Whether zone awareness is enabled, set to
true
for multi-az deployment. To enable awareness with three Availability Zones, theavailability_zone_count
within thezone_awareness_config
must be set to3
.
- cold_
storage_ Domainoptions Cluster Config Cold Storage Options - Configuration block containing cold storage configuration. Detailed below.
- dedicated_
master_ intcount - Number of dedicated main nodes in the cluster.
- dedicated_
master_ boolenabled - Whether dedicated main nodes are enabled for the cluster.
- dedicated_
master_ strtype - Instance type of the dedicated main nodes in the cluster.
- instance_
count int - Number of instances in the cluster.
- instance_
type str - Instance type of data nodes in the cluster.
- multi_
az_ boolwith_ standby_ enabled - Whether a multi-AZ domain is turned on with a standby AZ. For more information, see Configuring a multi-AZ domain in Amazon OpenSearch Service.
- warm_
count int - Number of warm nodes in the cluster. Valid values are between
2
and150
.warm_count
can be only and must be set whenwarm_enabled
is set totrue
. - warm_
enabled bool - Whether to enable warm storage.
- warm_
type str - Instance type for the OpenSearch cluster's warm nodes. Valid values are
ultrawarm1.medium.search
,ultrawarm1.large.search
andultrawarm1.xlarge.search
.warm_type
can be only and must be set whenwarm_enabled
is set totrue
. - zone_
awareness_ Domainconfig Cluster Config Zone Awareness Config - Configuration block containing zone awareness settings. Detailed below.
- zone_
awareness_ boolenabled - Whether zone awareness is enabled, set to
true
for multi-az deployment. To enable awareness with three Availability Zones, theavailability_zone_count
within thezone_awareness_config
must be set to3
.
- cold
Storage Property MapOptions - Configuration block containing cold storage configuration. Detailed below.
- dedicated
Master NumberCount - Number of dedicated main nodes in the cluster.
- dedicated
Master BooleanEnabled - Whether dedicated main nodes are enabled for the cluster.
- dedicated
Master StringType - Instance type of the dedicated main nodes in the cluster.
- instance
Count Number - Number of instances in the cluster.
- instance
Type String - Instance type of data nodes in the cluster.
- multi
Az BooleanWith Standby Enabled - Whether a multi-AZ domain is turned on with a standby AZ. For more information, see Configuring a multi-AZ domain in Amazon OpenSearch Service.
- warm
Count Number - Number of warm nodes in the cluster. Valid values are between
2
and150
.warm_count
can be only and must be set whenwarm_enabled
is set totrue
. - warm
Enabled Boolean - Whether to enable warm storage.
- warm
Type String - Instance type for the OpenSearch cluster's warm nodes. Valid values are
ultrawarm1.medium.search
,ultrawarm1.large.search
andultrawarm1.xlarge.search
.warm_type
can be only and must be set whenwarm_enabled
is set totrue
. - zone
Awareness Property MapConfig - Configuration block containing zone awareness settings. Detailed below.
- zone
Awareness BooleanEnabled - Whether zone awareness is enabled, set to
true
for multi-az deployment. To enable awareness with three Availability Zones, theavailability_zone_count
within thezone_awareness_config
must be set to3
.
DomainClusterConfigColdStorageOptions, DomainClusterConfigColdStorageOptionsArgs
- Enabled bool
- Boolean to enable cold storage for an OpenSearch domain. Defaults to
false
. Master and ultrawarm nodes must be enabled for cold storage.
- Enabled bool
- Boolean to enable cold storage for an OpenSearch domain. Defaults to
false
. Master and ultrawarm nodes must be enabled for cold storage.
- enabled Boolean
- Boolean to enable cold storage for an OpenSearch domain. Defaults to
false
. Master and ultrawarm nodes must be enabled for cold storage.
- enabled boolean
- Boolean to enable cold storage for an OpenSearch domain. Defaults to
false
. Master and ultrawarm nodes must be enabled for cold storage.
- enabled bool
- Boolean to enable cold storage for an OpenSearch domain. Defaults to
false
. Master and ultrawarm nodes must be enabled for cold storage.
- enabled Boolean
- Boolean to enable cold storage for an OpenSearch domain. Defaults to
false
. Master and ultrawarm nodes must be enabled for cold storage.
DomainClusterConfigZoneAwarenessConfig, DomainClusterConfigZoneAwarenessConfigArgs
- Availability
Zone intCount - Number of Availability Zones for the domain to use with
zone_awareness_enabled
. Defaults to2
. Valid values:2
or3
.
- Availability
Zone intCount - Number of Availability Zones for the domain to use with
zone_awareness_enabled
. Defaults to2
. Valid values:2
or3
.
- availability
Zone IntegerCount - Number of Availability Zones for the domain to use with
zone_awareness_enabled
. Defaults to2
. Valid values:2
or3
.
- availability
Zone numberCount - Number of Availability Zones for the domain to use with
zone_awareness_enabled
. Defaults to2
. Valid values:2
or3
.
- availability_
zone_ intcount - Number of Availability Zones for the domain to use with
zone_awareness_enabled
. Defaults to2
. Valid values:2
or3
.
- availability
Zone NumberCount - Number of Availability Zones for the domain to use with
zone_awareness_enabled
. Defaults to2
. Valid values:2
or3
.
DomainCognitoOptions, DomainCognitoOptionsArgs
- Identity
Pool stringId - ID of the Cognito Identity Pool to use.
- Role
Arn string - ARN of the IAM role that has the AmazonOpenSearchServiceCognitoAccess policy attached.
- User
Pool stringId - ID of the Cognito User Pool to use.
- Enabled bool
- Whether Amazon Cognito authentication with Dashboard is enabled or not. Default is
false
.
- Identity
Pool stringId - ID of the Cognito Identity Pool to use.
- Role
Arn string - ARN of the IAM role that has the AmazonOpenSearchServiceCognitoAccess policy attached.
- User
Pool stringId - ID of the Cognito User Pool to use.
- Enabled bool
- Whether Amazon Cognito authentication with Dashboard is enabled or not. Default is
false
.
- identity
Pool StringId - ID of the Cognito Identity Pool to use.
- role
Arn String - ARN of the IAM role that has the AmazonOpenSearchServiceCognitoAccess policy attached.
- user
Pool StringId - ID of the Cognito User Pool to use.
- enabled Boolean
- Whether Amazon Cognito authentication with Dashboard is enabled or not. Default is
false
.
- identity
Pool stringId - ID of the Cognito Identity Pool to use.
- role
Arn string - ARN of the IAM role that has the AmazonOpenSearchServiceCognitoAccess policy attached.
- user
Pool stringId - ID of the Cognito User Pool to use.
- enabled boolean
- Whether Amazon Cognito authentication with Dashboard is enabled or not. Default is
false
.
- identity_
pool_ strid - ID of the Cognito Identity Pool to use.
- role_
arn str - ARN of the IAM role that has the AmazonOpenSearchServiceCognitoAccess policy attached.
- user_
pool_ strid - ID of the Cognito User Pool to use.
- enabled bool
- Whether Amazon Cognito authentication with Dashboard is enabled or not. Default is
false
.
- identity
Pool StringId - ID of the Cognito Identity Pool to use.
- role
Arn String - ARN of the IAM role that has the AmazonOpenSearchServiceCognitoAccess policy attached.
- user
Pool StringId - ID of the Cognito User Pool to use.
- enabled Boolean
- Whether Amazon Cognito authentication with Dashboard is enabled or not. Default is
false
.
DomainDomainEndpointOptions, DomainDomainEndpointOptionsArgs
- Custom
Endpoint string - Fully qualified domain for your custom endpoint.
- Custom
Endpoint stringCertificate Arn - ACM certificate ARN for your custom endpoint.
- Custom
Endpoint boolEnabled - Whether to enable custom endpoint for the OpenSearch domain.
- Enforce
Https bool - Whether or not to require HTTPS. Defaults to
true
. - Tls
Security stringPolicy - Name of the TLS security policy that needs to be applied to the HTTPS endpoint. For valid values, refer to the AWS documentation. Pulumi will only perform drift detection if a configuration value is provided.
- Custom
Endpoint string - Fully qualified domain for your custom endpoint.
- Custom
Endpoint stringCertificate Arn - ACM certificate ARN for your custom endpoint.
- Custom
Endpoint boolEnabled - Whether to enable custom endpoint for the OpenSearch domain.
- Enforce
Https bool - Whether or not to require HTTPS. Defaults to
true
. - Tls
Security stringPolicy - Name of the TLS security policy that needs to be applied to the HTTPS endpoint. For valid values, refer to the AWS documentation. Pulumi will only perform drift detection if a configuration value is provided.
- custom
Endpoint String - Fully qualified domain for your custom endpoint.
- custom
Endpoint StringCertificate Arn - ACM certificate ARN for your custom endpoint.
- custom
Endpoint BooleanEnabled - Whether to enable custom endpoint for the OpenSearch domain.
- enforce
Https Boolean - Whether or not to require HTTPS. Defaults to
true
. - tls
Security StringPolicy - Name of the TLS security policy that needs to be applied to the HTTPS endpoint. For valid values, refer to the AWS documentation. Pulumi will only perform drift detection if a configuration value is provided.
- custom
Endpoint string - Fully qualified domain for your custom endpoint.
- custom
Endpoint stringCertificate Arn - ACM certificate ARN for your custom endpoint.
- custom
Endpoint booleanEnabled - Whether to enable custom endpoint for the OpenSearch domain.
- enforce
Https boolean - Whether or not to require HTTPS. Defaults to
true
. - tls
Security stringPolicy - Name of the TLS security policy that needs to be applied to the HTTPS endpoint. For valid values, refer to the AWS documentation. Pulumi will only perform drift detection if a configuration value is provided.
- custom_
endpoint str - Fully qualified domain for your custom endpoint.
- custom_
endpoint_ strcertificate_ arn - ACM certificate ARN for your custom endpoint.
- custom_
endpoint_ boolenabled - Whether to enable custom endpoint for the OpenSearch domain.
- enforce_
https bool - Whether or not to require HTTPS. Defaults to
true
. - tls_
security_ strpolicy - Name of the TLS security policy that needs to be applied to the HTTPS endpoint. For valid values, refer to the AWS documentation. Pulumi will only perform drift detection if a configuration value is provided.
- custom
Endpoint String - Fully qualified domain for your custom endpoint.
- custom
Endpoint StringCertificate Arn - ACM certificate ARN for your custom endpoint.
- custom
Endpoint BooleanEnabled - Whether to enable custom endpoint for the OpenSearch domain.
- enforce
Https Boolean - Whether or not to require HTTPS. Defaults to
true
. - tls
Security StringPolicy - Name of the TLS security policy that needs to be applied to the HTTPS endpoint. For valid values, refer to the AWS documentation. Pulumi will only perform drift detection if a configuration value is provided.
DomainEbsOptions, DomainEbsOptionsArgs
- Ebs
Enabled bool - Whether EBS volumes are attached to data nodes in the domain.
- Iops int
- Baseline input/output (I/O) performance of EBS volumes attached to data nodes. Applicable only for the GP3 and Provisioned IOPS EBS volume types.
- Throughput int
- Specifies the throughput (in MiB/s) of the EBS volumes attached to data nodes. Applicable only for the gp3 volume type.
- Volume
Size int - Size of EBS volumes attached to data nodes (in GiB).
- Volume
Type string - Type of EBS volumes attached to data nodes.
- Ebs
Enabled bool - Whether EBS volumes are attached to data nodes in the domain.
- Iops int
- Baseline input/output (I/O) performance of EBS volumes attached to data nodes. Applicable only for the GP3 and Provisioned IOPS EBS volume types.
- Throughput int
- Specifies the throughput (in MiB/s) of the EBS volumes attached to data nodes. Applicable only for the gp3 volume type.
- Volume
Size int - Size of EBS volumes attached to data nodes (in GiB).
- Volume
Type string - Type of EBS volumes attached to data nodes.
- ebs
Enabled Boolean - Whether EBS volumes are attached to data nodes in the domain.
- iops Integer
- Baseline input/output (I/O) performance of EBS volumes attached to data nodes. Applicable only for the GP3 and Provisioned IOPS EBS volume types.
- throughput Integer
- Specifies the throughput (in MiB/s) of the EBS volumes attached to data nodes. Applicable only for the gp3 volume type.
- volume
Size Integer - Size of EBS volumes attached to data nodes (in GiB).
- volume
Type String - Type of EBS volumes attached to data nodes.
- ebs
Enabled boolean - Whether EBS volumes are attached to data nodes in the domain.
- iops number
- Baseline input/output (I/O) performance of EBS volumes attached to data nodes. Applicable only for the GP3 and Provisioned IOPS EBS volume types.
- throughput number
- Specifies the throughput (in MiB/s) of the EBS volumes attached to data nodes. Applicable only for the gp3 volume type.
- volume
Size number - Size of EBS volumes attached to data nodes (in GiB).
- volume
Type string - Type of EBS volumes attached to data nodes.
- ebs_
enabled bool - Whether EBS volumes are attached to data nodes in the domain.
- iops int
- Baseline input/output (I/O) performance of EBS volumes attached to data nodes. Applicable only for the GP3 and Provisioned IOPS EBS volume types.
- throughput int
- Specifies the throughput (in MiB/s) of the EBS volumes attached to data nodes. Applicable only for the gp3 volume type.
- volume_
size int - Size of EBS volumes attached to data nodes (in GiB).
- volume_
type str - Type of EBS volumes attached to data nodes.
- ebs
Enabled Boolean - Whether EBS volumes are attached to data nodes in the domain.
- iops Number
- Baseline input/output (I/O) performance of EBS volumes attached to data nodes. Applicable only for the GP3 and Provisioned IOPS EBS volume types.
- throughput Number
- Specifies the throughput (in MiB/s) of the EBS volumes attached to data nodes. Applicable only for the gp3 volume type.
- volume
Size Number - Size of EBS volumes attached to data nodes (in GiB).
- volume
Type String - Type of EBS volumes attached to data nodes.
DomainEncryptAtRest, DomainEncryptAtRestArgs
- Enabled bool
- Whether to enable encryption at rest. If the
encrypt_at_rest
block is not provided then this defaults tofalse
. Enabling encryption on new domains requires anengine_version
ofOpenSearch_X.Y
orElasticsearch_5.1
or greater. - Kms
Key stringId - KMS key ARN to encrypt the Elasticsearch domain with. If not specified then it defaults to using the
aws/es
service KMS key. Note that KMS will accept a KMS key ID but will return the key ARN. To prevent the provider detecting unwanted changes, use the key ARN instead.
- Enabled bool
- Whether to enable encryption at rest. If the
encrypt_at_rest
block is not provided then this defaults tofalse
. Enabling encryption on new domains requires anengine_version
ofOpenSearch_X.Y
orElasticsearch_5.1
or greater. - Kms
Key stringId - KMS key ARN to encrypt the Elasticsearch domain with. If not specified then it defaults to using the
aws/es
service KMS key. Note that KMS will accept a KMS key ID but will return the key ARN. To prevent the provider detecting unwanted changes, use the key ARN instead.
- enabled Boolean
- Whether to enable encryption at rest. If the
encrypt_at_rest
block is not provided then this defaults tofalse
. Enabling encryption on new domains requires anengine_version
ofOpenSearch_X.Y
orElasticsearch_5.1
or greater. - kms
Key StringId - KMS key ARN to encrypt the Elasticsearch domain with. If not specified then it defaults to using the
aws/es
service KMS key. Note that KMS will accept a KMS key ID but will return the key ARN. To prevent the provider detecting unwanted changes, use the key ARN instead.
- enabled boolean
- Whether to enable encryption at rest. If the
encrypt_at_rest
block is not provided then this defaults tofalse
. Enabling encryption on new domains requires anengine_version
ofOpenSearch_X.Y
orElasticsearch_5.1
or greater. - kms
Key stringId - KMS key ARN to encrypt the Elasticsearch domain with. If not specified then it defaults to using the
aws/es
service KMS key. Note that KMS will accept a KMS key ID but will return the key ARN. To prevent the provider detecting unwanted changes, use the key ARN instead.
- enabled bool
- Whether to enable encryption at rest. If the
encrypt_at_rest
block is not provided then this defaults tofalse
. Enabling encryption on new domains requires anengine_version
ofOpenSearch_X.Y
orElasticsearch_5.1
or greater. - kms_
key_ strid - KMS key ARN to encrypt the Elasticsearch domain with. If not specified then it defaults to using the
aws/es
service KMS key. Note that KMS will accept a KMS key ID but will return the key ARN. To prevent the provider detecting unwanted changes, use the key ARN instead.
- enabled Boolean
- Whether to enable encryption at rest. If the
encrypt_at_rest
block is not provided then this defaults tofalse
. Enabling encryption on new domains requires anengine_version
ofOpenSearch_X.Y
orElasticsearch_5.1
or greater. - kms
Key StringId - KMS key ARN to encrypt the Elasticsearch domain with. If not specified then it defaults to using the
aws/es
service KMS key. Note that KMS will accept a KMS key ID but will return the key ARN. To prevent the provider detecting unwanted changes, use the key ARN instead.
DomainLogPublishingOption, DomainLogPublishingOptionArgs
- Cloudwatch
Log stringGroup Arn - ARN of the Cloudwatch log group to which log needs to be published.
- Log
Type string - Type of OpenSearch log. Valid values:
INDEX_SLOW_LOGS
,SEARCH_SLOW_LOGS
,ES_APPLICATION_LOGS
,AUDIT_LOGS
. - Enabled bool
- Whether given log publishing option is enabled or not.
- Cloudwatch
Log stringGroup Arn - ARN of the Cloudwatch log group to which log needs to be published.
- Log
Type string - Type of OpenSearch log. Valid values:
INDEX_SLOW_LOGS
,SEARCH_SLOW_LOGS
,ES_APPLICATION_LOGS
,AUDIT_LOGS
. - Enabled bool
- Whether given log publishing option is enabled or not.
- cloudwatch
Log StringGroup Arn - ARN of the Cloudwatch log group to which log needs to be published.
- log
Type String - Type of OpenSearch log. Valid values:
INDEX_SLOW_LOGS
,SEARCH_SLOW_LOGS
,ES_APPLICATION_LOGS
,AUDIT_LOGS
. - enabled Boolean
- Whether given log publishing option is enabled or not.
- cloudwatch
Log stringGroup Arn - ARN of the Cloudwatch log group to which log needs to be published.
- log
Type string - Type of OpenSearch log. Valid values:
INDEX_SLOW_LOGS
,SEARCH_SLOW_LOGS
,ES_APPLICATION_LOGS
,AUDIT_LOGS
. - enabled boolean
- Whether given log publishing option is enabled or not.
- cloudwatch_
log_ strgroup_ arn - ARN of the Cloudwatch log group to which log needs to be published.
- log_
type str - Type of OpenSearch log. Valid values:
INDEX_SLOW_LOGS
,SEARCH_SLOW_LOGS
,ES_APPLICATION_LOGS
,AUDIT_LOGS
. - enabled bool
- Whether given log publishing option is enabled or not.
- cloudwatch
Log StringGroup Arn - ARN of the Cloudwatch log group to which log needs to be published.
- log
Type String - Type of OpenSearch log. Valid values:
INDEX_SLOW_LOGS
,SEARCH_SLOW_LOGS
,ES_APPLICATION_LOGS
,AUDIT_LOGS
. - enabled Boolean
- Whether given log publishing option is enabled or not.
DomainNodeToNodeEncryption, DomainNodeToNodeEncryptionArgs
- Enabled bool
- Whether to enable node-to-node encryption. If the
node_to_node_encryption
block is not provided then this defaults tofalse
. Enabling node-to-node encryption of a new domain requires anengine_version
ofOpenSearch_X.Y
orElasticsearch_6.0
or greater.
- Enabled bool
- Whether to enable node-to-node encryption. If the
node_to_node_encryption
block is not provided then this defaults tofalse
. Enabling node-to-node encryption of a new domain requires anengine_version
ofOpenSearch_X.Y
orElasticsearch_6.0
or greater.
- enabled Boolean
- Whether to enable node-to-node encryption. If the
node_to_node_encryption
block is not provided then this defaults tofalse
. Enabling node-to-node encryption of a new domain requires anengine_version
ofOpenSearch_X.Y
orElasticsearch_6.0
or greater.
- enabled boolean
- Whether to enable node-to-node encryption. If the
node_to_node_encryption
block is not provided then this defaults tofalse
. Enabling node-to-node encryption of a new domain requires anengine_version
ofOpenSearch_X.Y
orElasticsearch_6.0
or greater.
- enabled bool
- Whether to enable node-to-node encryption. If the
node_to_node_encryption
block is not provided then this defaults tofalse
. Enabling node-to-node encryption of a new domain requires anengine_version
ofOpenSearch_X.Y
orElasticsearch_6.0
or greater.
- enabled Boolean
- Whether to enable node-to-node encryption. If the
node_to_node_encryption
block is not provided then this defaults tofalse
. Enabling node-to-node encryption of a new domain requires anengine_version
ofOpenSearch_X.Y
orElasticsearch_6.0
or greater.
DomainOffPeakWindowOptions, DomainOffPeakWindowOptionsArgs
- Enabled bool
- Enabled disabled toggle for off-peak update window.
- Off
Peak DomainWindow Off Peak Window Options Off Peak Window
- Enabled bool
- Enabled disabled toggle for off-peak update window.
- Off
Peak DomainWindow Off Peak Window Options Off Peak Window
- enabled Boolean
- Enabled disabled toggle for off-peak update window.
- off
Peak DomainWindow Off Peak Window Options Off Peak Window
- enabled boolean
- Enabled disabled toggle for off-peak update window.
- off
Peak DomainWindow Off Peak Window Options Off Peak Window
- enabled bool
- Enabled disabled toggle for off-peak update window.
- off_
peak_ Domainwindow Off Peak Window Options Off Peak Window
- enabled Boolean
- Enabled disabled toggle for off-peak update window.
- off
Peak Property MapWindow
DomainOffPeakWindowOptionsOffPeakWindow, DomainOffPeakWindowOptionsOffPeakWindowArgs
- Window
Start DomainTime Off Peak Window Options Off Peak Window Window Start Time - 10h window for updates
- Window
Start DomainTime Off Peak Window Options Off Peak Window Window Start Time - 10h window for updates
- window
Start DomainTime Off Peak Window Options Off Peak Window Window Start Time - 10h window for updates
- window
Start DomainTime Off Peak Window Options Off Peak Window Window Start Time - 10h window for updates
- window_
start_ Domaintime Off Peak Window Options Off Peak Window Window Start Time - 10h window for updates
- window
Start Property MapTime - 10h window for updates
DomainOffPeakWindowOptionsOffPeakWindowWindowStartTime, DomainOffPeakWindowOptionsOffPeakWindowWindowStartTimeArgs
DomainSnapshotOptions, DomainSnapshotOptionsArgs
- Automated
Snapshot intStart Hour - Hour during which the service takes an automated daily snapshot of the indices in the domain.
- Automated
Snapshot intStart Hour - Hour during which the service takes an automated daily snapshot of the indices in the domain.
- automated
Snapshot IntegerStart Hour - Hour during which the service takes an automated daily snapshot of the indices in the domain.
- automated
Snapshot numberStart Hour - Hour during which the service takes an automated daily snapshot of the indices in the domain.
- automated_
snapshot_ intstart_ hour - Hour during which the service takes an automated daily snapshot of the indices in the domain.
- automated
Snapshot NumberStart Hour - Hour during which the service takes an automated daily snapshot of the indices in the domain.
DomainSoftwareUpdateOptions, DomainSoftwareUpdateOptionsArgs
- Auto
Software boolUpdate Enabled - Whether automatic service software updates are enabled for the domain. Defaults to
false
.
- Auto
Software boolUpdate Enabled - Whether automatic service software updates are enabled for the domain. Defaults to
false
.
- auto
Software BooleanUpdate Enabled - Whether automatic service software updates are enabled for the domain. Defaults to
false
.
- auto
Software booleanUpdate Enabled - Whether automatic service software updates are enabled for the domain. Defaults to
false
.
- auto_
software_ boolupdate_ enabled - Whether automatic service software updates are enabled for the domain. Defaults to
false
.
- auto
Software BooleanUpdate Enabled - Whether automatic service software updates are enabled for the domain. Defaults to
false
.
DomainVpcOptions, DomainVpcOptionsArgs
- Availability
Zones List<string> - If the domain was created inside a VPC, the names of the availability zones the configured
subnet_ids
were created inside. - Security
Group List<string>Ids - List of VPC Security Group IDs to be applied to the OpenSearch domain endpoints. If omitted, the default Security Group for the VPC will be used.
- Subnet
Ids List<string> - List of VPC Subnet IDs for the OpenSearch domain endpoints to be created in.
- Vpc
Id string - If the domain was created inside a VPC, the ID of the VPC.
- Availability
Zones []string - If the domain was created inside a VPC, the names of the availability zones the configured
subnet_ids
were created inside. - Security
Group []stringIds - List of VPC Security Group IDs to be applied to the OpenSearch domain endpoints. If omitted, the default Security Group for the VPC will be used.
- Subnet
Ids []string - List of VPC Subnet IDs for the OpenSearch domain endpoints to be created in.
- Vpc
Id string - If the domain was created inside a VPC, the ID of the VPC.
- availability
Zones List<String> - If the domain was created inside a VPC, the names of the availability zones the configured
subnet_ids
were created inside. - security
Group List<String>Ids - List of VPC Security Group IDs to be applied to the OpenSearch domain endpoints. If omitted, the default Security Group for the VPC will be used.
- subnet
Ids List<String> - List of VPC Subnet IDs for the OpenSearch domain endpoints to be created in.
- vpc
Id String - If the domain was created inside a VPC, the ID of the VPC.
- availability
Zones string[] - If the domain was created inside a VPC, the names of the availability zones the configured
subnet_ids
were created inside. - security
Group string[]Ids - List of VPC Security Group IDs to be applied to the OpenSearch domain endpoints. If omitted, the default Security Group for the VPC will be used.
- subnet
Ids string[] - List of VPC Subnet IDs for the OpenSearch domain endpoints to be created in.
- vpc
Id string - If the domain was created inside a VPC, the ID of the VPC.
- availability_
zones Sequence[str] - If the domain was created inside a VPC, the names of the availability zones the configured
subnet_ids
were created inside. - security_
group_ Sequence[str]ids - List of VPC Security Group IDs to be applied to the OpenSearch domain endpoints. If omitted, the default Security Group for the VPC will be used.
- subnet_
ids Sequence[str] - List of VPC Subnet IDs for the OpenSearch domain endpoints to be created in.
- vpc_
id str - If the domain was created inside a VPC, the ID of the VPC.
- availability
Zones List<String> - If the domain was created inside a VPC, the names of the availability zones the configured
subnet_ids
were created inside. - security
Group List<String>Ids - List of VPC Security Group IDs to be applied to the OpenSearch domain endpoints. If omitted, the default Security Group for the VPC will be used.
- subnet
Ids List<String> - List of VPC Subnet IDs for the OpenSearch domain endpoints to be created in.
- vpc
Id String - If the domain was created inside a VPC, the ID of the VPC.
Import
Using pulumi import
, import OpenSearch domains using the domain_name
. For example:
$ pulumi import aws:opensearch/domain:Domain example domain_name
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
aws
Terraform Provider.