AWS Classic v6.2.1, Sep 22 23

Try AWS Native preview for resources not in the classic version.

AWS Classic v6.2.1 published on Friday, Sep 22, 2023 by Pulumi

pulumi/pulumi-aws

aws.opensearch.Domain

Explore with Pulumi AI

Try AWS Native preview for resources not in the classic version.

AWS Classic v6.2.1 published on Friday, Sep 22, 2023 by Pulumi

pulumi/pulumi-aws

Elasticsearch vs. OpenSearch

Amazon OpenSearch Service is the successor to Amazon Elasticsearch Service and supports OpenSearch and legacy Elasticsearch OSS (up to 7.10, the final open source version of the software).

OpenSearch Domain configurations are similar in many ways to Elasticsearch Domain configurations. However, there are important differences including these:

OpenSearch has engine_version while Elasticsearch has elasticsearch_version
Versions are specified differently - e.g., Elasticsearch_7.10 with OpenSearch vs. 7.10 for Elasticsearch.
instance_type argument values end in search for OpenSearch vs. elasticsearch for Elasticsearch (e.g., t2.micro.search vs. t2.micro.elasticsearch).
The AWS-managed service-linked role for OpenSearch is called AWSServiceRoleForAmazonOpenSearchService instead of AWSServiceRoleForAmazonElasticsearchService for Elasticsearch.

There are also some potentially unexpected similarities in configurations:

ARNs for both are prefaced with arn:aws:es:.
Both OpenSearch and Elasticsearch use assume role policies that refer to the Principal Service as es.amazonaws.com.
IAM policy actions, such as those you will find in access_policies, are prefaced with es: for both.

Example Usage

Basic Usage

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var example = new Aws.OpenSearch.Domain("example", new()
    {
        ClusterConfig = new Aws.OpenSearch.Inputs.DomainClusterConfigArgs
        {
            InstanceType = "r4.large.search",
        },
        EngineVersion = "Elasticsearch_7.10",
        Tags = 
        {
            { "Domain", "TestDomain" },
        },
    });

});

package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := opensearch.NewDomain(ctx, "example", &opensearch.DomainArgs{
			ClusterConfig: &opensearch.DomainClusterConfigArgs{
				InstanceType: pulumi.String("r4.large.search"),
			},
			EngineVersion: pulumi.String("Elasticsearch_7.10"),
			Tags: pulumi.StringMap{
				"Domain": pulumi.String("TestDomain"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.opensearch.Domain;
import com.pulumi.aws.opensearch.DomainArgs;
import com.pulumi.aws.opensearch.inputs.DomainClusterConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new Domain("example", DomainArgs.builder()        
            .clusterConfig(DomainClusterConfigArgs.builder()
                .instanceType("r4.large.search")
                .build())
            .engineVersion("Elasticsearch_7.10")
            .tags(Map.of("Domain", "TestDomain"))
            .build());

    }
}

import pulumi
import pulumi_aws as aws

example = aws.opensearch.Domain("example",
    cluster_config=aws.opensearch.DomainClusterConfigArgs(
        instance_type="r4.large.search",
    ),
    engine_version="Elasticsearch_7.10",
    tags={
        "Domain": "TestDomain",
    })

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.opensearch.Domain("example", {
    clusterConfig: {
        instanceType: "r4.large.search",
    },
    engineVersion: "Elasticsearch_7.10",
    tags: {
        Domain: "TestDomain",
    },
});

resources:
  example:
    type: aws:opensearch:Domain
    properties:
      clusterConfig:
        instanceType: r4.large.search
      engineVersion: Elasticsearch_7.10
      tags:
        Domain: TestDomain

Access Policy

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var config = new Config();
    var domain = config.Get("domain") ?? "tf-test";
    var currentRegion = Aws.GetRegion.Invoke();

    var currentCallerIdentity = Aws.GetCallerIdentity.Invoke();

    var examplePolicyDocument = Aws.Iam.GetPolicyDocument.Invoke(new()
    {
        Statements = new[]
        {
            new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
            {
                Effect = "Allow",
                Principals = new[]
                {
                    new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs
                    {
                        Type = "*",
                        Identifiers = new[]
                        {
                            "*",
                        },
                    },
                },
                Actions = new[]
                {
                    "es:*",
                },
                Resources = new[]
                {
                    $"arn:aws:es:{currentRegion.Apply(getRegionResult => getRegionResult.Name)}:{currentCallerIdentity.Apply(getCallerIdentityResult => getCallerIdentityResult.AccountId)}:domain/{domain}/*",
                },
                Conditions = new[]
                {
                    new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs
                    {
                        Test = "IpAddress",
                        Variable = "aws:SourceIp",
                        Values = new[]
                        {
                            "66.193.100.22/32",
                        },
                    },
                },
            },
        },
    });

    var exampleDomain = new Aws.OpenSearch.Domain("exampleDomain", new()
    {
        AccessPolicies = examplePolicyDocument.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
    });

});

package main

import (
	"fmt"

	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws"
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		cfg := config.New(ctx, "")
		domain := "tf-test"
		if param := cfg.Get("domain"); param != "" {
			domain = param
		}
		currentRegion, err := aws.GetRegion(ctx, nil, nil)
		if err != nil {
			return err
		}
		currentCallerIdentity, err := aws.GetCallerIdentity(ctx, nil, nil)
		if err != nil {
			return err
		}
		examplePolicyDocument, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{
			Statements: []iam.GetPolicyDocumentStatement{
				{
					Effect: pulumi.StringRef("Allow"),
					Principals: []iam.GetPolicyDocumentStatementPrincipal{
						{
							Type: "*",
							Identifiers: []string{
								"*",
							},
						},
					},
					Actions: []string{
						"es:*",
					},
					Resources: []string{
						fmt.Sprintf("arn:aws:es:%v:%v:domain/%v/*", currentRegion.Name, currentCallerIdentity.AccountId, domain),
					},
					Conditions: []iam.GetPolicyDocumentStatementCondition{
						{
							Test:     "IpAddress",
							Variable: "aws:SourceIp",
							Values: []string{
								"66.193.100.22/32",
							},
						},
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = opensearch.NewDomain(ctx, "exampleDomain", &opensearch.DomainArgs{
			AccessPolicies: *pulumi.String(examplePolicyDocument.Json),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.AwsFunctions;
import com.pulumi.aws.inputs.GetRegionArgs;
import com.pulumi.aws.inputs.GetCallerIdentityArgs;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.opensearch.Domain;
import com.pulumi.aws.opensearch.DomainArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var config = ctx.config();
        final var domain = config.get("domain").orElse("tf-test");
        final var currentRegion = AwsFunctions.getRegion();

        final var currentCallerIdentity = AwsFunctions.getCallerIdentity();

        final var examplePolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
            .statements(GetPolicyDocumentStatementArgs.builder()
                .effect("Allow")
                .principals(GetPolicyDocumentStatementPrincipalArgs.builder()
                    .type("*")
                    .identifiers("*")
                    .build())
                .actions("es:*")
                .resources(String.format("arn:aws:es:%s:%s:domain/%s/*", currentRegion.applyValue(getRegionResult -> getRegionResult.name()),currentCallerIdentity.applyValue(getCallerIdentityResult -> getCallerIdentityResult.accountId()),domain))
                .conditions(GetPolicyDocumentStatementConditionArgs.builder()
                    .test("IpAddress")
                    .variable("aws:SourceIp")
                    .values("66.193.100.22/32")
                    .build())
                .build())
            .build());

        var exampleDomain = new Domain("exampleDomain", DomainArgs.builder()        
            .accessPolicies(examplePolicyDocument.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json()))
            .build());

    }
}

import pulumi
import pulumi_aws as aws

config = pulumi.Config()
domain = config.get("domain")
if domain is None:
    domain = "tf-test"
current_region = aws.get_region()
current_caller_identity = aws.get_caller_identity()
example_policy_document = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(
    effect="Allow",
    principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(
        type="*",
        identifiers=["*"],
    )],
    actions=["es:*"],
    resources=[f"arn:aws:es:{current_region.name}:{current_caller_identity.account_id}:domain/{domain}/*"],
    conditions=[aws.iam.GetPolicyDocumentStatementConditionArgs(
        test="IpAddress",
        variable="aws:SourceIp",
        values=["66.193.100.22/32"],
    )],
)])
example_domain = aws.opensearch.Domain("exampleDomain", access_policies=example_policy_document.json)

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const config = new pulumi.Config();
const domain = config.get("domain") || "tf-test";
const currentRegion = aws.getRegion({});
const currentCallerIdentity = aws.getCallerIdentity({});
const examplePolicyDocument = Promise.all([currentRegion, currentCallerIdentity]).then(([currentRegion, currentCallerIdentity]) => aws.iam.getPolicyDocument({
    statements: [{
        effect: "Allow",
        principals: [{
            type: "*",
            identifiers: ["*"],
        }],
        actions: ["es:*"],
        resources: [`arn:aws:es:${currentRegion.name}:${currentCallerIdentity.accountId}:domain/${domain}/*`],
        conditions: [{
            test: "IpAddress",
            variable: "aws:SourceIp",
            values: ["66.193.100.22/32"],
        }],
    }],
}));
const exampleDomain = new aws.opensearch.Domain("exampleDomain", {accessPolicies: examplePolicyDocument.then(examplePolicyDocument => examplePolicyDocument.json)});

configuration:
  domain:
    type: string
    default: tf-test
resources:
  exampleDomain:
    type: aws:opensearch:Domain
    properties:
      accessPolicies: ${examplePolicyDocument.json}
variables:
  currentRegion:
    fn::invoke:
      Function: aws:getRegion
      Arguments: {}
  currentCallerIdentity:
    fn::invoke:
      Function: aws:getCallerIdentity
      Arguments: {}
  examplePolicyDocument:
    fn::invoke:
      Function: aws:iam:getPolicyDocument
      Arguments:
        statements:
          - effect: Allow
            principals:
              - type: '*'
                identifiers:
                  - '*'
            actions:
              - es:*
            resources:
              - arn:aws:es:${currentRegion.name}:${currentCallerIdentity.accountId}:domain/${domain}/*
            conditions:
              - test: IpAddress
                variable: aws:SourceIp
                values:
                  - 66.193.100.22/32

Log publishing to CloudWatch Logs

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var exampleLogGroup = new Aws.CloudWatch.LogGroup("exampleLogGroup");

    var examplePolicyDocument = Aws.Iam.GetPolicyDocument.Invoke(new()
    {
        Statements = new[]
        {
            new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
            {
                Effect = "Allow",
                Principals = new[]
                {
                    new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs
                    {
                        Type = "Service",
                        Identifiers = new[]
                        {
                            "es.amazonaws.com",
                        },
                    },
                },
                Actions = new[]
                {
                    "logs:PutLogEvents",
                    "logs:PutLogEventsBatch",
                    "logs:CreateLogStream",
                },
                Resources = new[]
                {
                    "arn:aws:logs:*",
                },
            },
        },
    });

    var exampleLogResourcePolicy = new Aws.CloudWatch.LogResourcePolicy("exampleLogResourcePolicy", new()
    {
        PolicyName = "example",
        PolicyDocument = examplePolicyDocument.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
    });

    // .. other configuration ...
    var exampleDomain = new Aws.OpenSearch.Domain("exampleDomain", new()
    {
        LogPublishingOptions = new[]
        {
            new Aws.OpenSearch.Inputs.DomainLogPublishingOptionArgs
            {
                CloudwatchLogGroupArn = exampleLogGroup.Arn,
                LogType = "INDEX_SLOW_LOGS",
            },
        },
    });

});

package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch"
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleLogGroup, err := cloudwatch.NewLogGroup(ctx, "exampleLogGroup", nil)
		if err != nil {
			return err
		}
		examplePolicyDocument, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{
			Statements: []iam.GetPolicyDocumentStatement{
				{
					Effect: pulumi.StringRef("Allow"),
					Principals: []iam.GetPolicyDocumentStatementPrincipal{
						{
							Type: "Service",
							Identifiers: []string{
								"es.amazonaws.com",
							},
						},
					},
					Actions: []string{
						"logs:PutLogEvents",
						"logs:PutLogEventsBatch",
						"logs:CreateLogStream",
					},
					Resources: []string{
						"arn:aws:logs:*",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = cloudwatch.NewLogResourcePolicy(ctx, "exampleLogResourcePolicy", &cloudwatch.LogResourcePolicyArgs{
			PolicyName:     pulumi.String("example"),
			PolicyDocument: *pulumi.String(examplePolicyDocument.Json),
		})
		if err != nil {
			return err
		}
		_, err = opensearch.NewDomain(ctx, "exampleDomain", &opensearch.DomainArgs{
			LogPublishingOptions: opensearch.DomainLogPublishingOptionArray{
				&opensearch.DomainLogPublishingOptionArgs{
					CloudwatchLogGroupArn: exampleLogGroup.Arn,
					LogType:               pulumi.String("INDEX_SLOW_LOGS"),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.cloudwatch.LogGroup;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.cloudwatch.LogResourcePolicy;
import com.pulumi.aws.cloudwatch.LogResourcePolicyArgs;
import com.pulumi.aws.opensearch.Domain;
import com.pulumi.aws.opensearch.DomainArgs;
import com.pulumi.aws.opensearch.inputs.DomainLogPublishingOptionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var exampleLogGroup = new LogGroup("exampleLogGroup");

        final var examplePolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
            .statements(GetPolicyDocumentStatementArgs.builder()
                .effect("Allow")
                .principals(GetPolicyDocumentStatementPrincipalArgs.builder()
                    .type("Service")
                    .identifiers("es.amazonaws.com")
                    .build())
                .actions(                
                    "logs:PutLogEvents",
                    "logs:PutLogEventsBatch",
                    "logs:CreateLogStream")
                .resources("arn:aws:logs:*")
                .build())
            .build());

        var exampleLogResourcePolicy = new LogResourcePolicy("exampleLogResourcePolicy", LogResourcePolicyArgs.builder()        
            .policyName("example")
            .policyDocument(examplePolicyDocument.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json()))
            .build());

        var exampleDomain = new Domain("exampleDomain", DomainArgs.builder()        
            .logPublishingOptions(DomainLogPublishingOptionArgs.builder()
                .cloudwatchLogGroupArn(exampleLogGroup.arn())
                .logType("INDEX_SLOW_LOGS")
                .build())
            .build());

    }
}

import pulumi
import pulumi_aws as aws

example_log_group = aws.cloudwatch.LogGroup("exampleLogGroup")
example_policy_document = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(
    effect="Allow",
    principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(
        type="Service",
        identifiers=["es.amazonaws.com"],
    )],
    actions=[
        "logs:PutLogEvents",
        "logs:PutLogEventsBatch",
        "logs:CreateLogStream",
    ],
    resources=["arn:aws:logs:*"],
)])
example_log_resource_policy = aws.cloudwatch.LogResourcePolicy("exampleLogResourcePolicy",
    policy_name="example",
    policy_document=example_policy_document.json)
# .. other configuration ...
example_domain = aws.opensearch.Domain("exampleDomain", log_publishing_options=[aws.opensearch.DomainLogPublishingOptionArgs(
    cloudwatch_log_group_arn=example_log_group.arn,
    log_type="INDEX_SLOW_LOGS",
)])

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const exampleLogGroup = new aws.cloudwatch.LogGroup("exampleLogGroup", {});
const examplePolicyDocument = aws.iam.getPolicyDocument({
    statements: [{
        effect: "Allow",
        principals: [{
            type: "Service",
            identifiers: ["es.amazonaws.com"],
        }],
        actions: [
            "logs:PutLogEvents",
            "logs:PutLogEventsBatch",
            "logs:CreateLogStream",
        ],
        resources: ["arn:aws:logs:*"],
    }],
});
const exampleLogResourcePolicy = new aws.cloudwatch.LogResourcePolicy("exampleLogResourcePolicy", {
    policyName: "example",
    policyDocument: examplePolicyDocument.then(examplePolicyDocument => examplePolicyDocument.json),
});
// .. other configuration ...
const exampleDomain = new aws.opensearch.Domain("exampleDomain", {logPublishingOptions: [{
    cloudwatchLogGroupArn: exampleLogGroup.arn,
    logType: "INDEX_SLOW_LOGS",
}]});

resources:
  exampleLogGroup:
    type: aws:cloudwatch:LogGroup
  exampleLogResourcePolicy:
    type: aws:cloudwatch:LogResourcePolicy
    properties:
      policyName: example
      policyDocument: ${examplePolicyDocument.json}
  exampleDomain:
    type: aws:opensearch:Domain
    properties:
      logPublishingOptions:
        - cloudwatchLogGroupArn: ${exampleLogGroup.arn}
          logType: INDEX_SLOW_LOGS
variables:
  examplePolicyDocument:
    fn::invoke:
      Function: aws:iam:getPolicyDocument
      Arguments:
        statements:
          - effect: Allow
            principals:
              - type: Service
                identifiers:
                  - es.amazonaws.com
            actions:
              - logs:PutLogEvents
              - logs:PutLogEventsBatch
              - logs:CreateLogStream
            resources:
              - arn:aws:logs:*

VPC based OpenSearch

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var config = new Config();
    var vpc = config.RequireObject<dynamic>("vpc");
    var domain = config.Get("domain") ?? "tf-test";
    var exampleVpc = Aws.Ec2.GetVpc.Invoke(new()
    {
        Tags = 
        {
            { "Name", vpc },
        },
    });

    var exampleSubnets = Aws.Ec2.GetSubnets.Invoke(new()
    {
        Filters = new[]
        {
            new Aws.Ec2.Inputs.GetSubnetsFilterInputArgs
            {
                Name = "vpc-id",
                Values = new[]
                {
                    exampleVpc.Apply(getVpcResult => getVpcResult.Id),
                },
            },
        },
        Tags = 
        {
            { "Tier", "private" },
        },
    });

    var currentRegion = Aws.GetRegion.Invoke();

    var currentCallerIdentity = Aws.GetCallerIdentity.Invoke();

    var exampleSecurityGroup = new Aws.Ec2.SecurityGroup("exampleSecurityGroup", new()
    {
        Description = "Managed by Pulumi",
        VpcId = exampleVpc.Apply(getVpcResult => getVpcResult.Id),
        Ingress = new[]
        {
            new Aws.Ec2.Inputs.SecurityGroupIngressArgs
            {
                FromPort = 443,
                ToPort = 443,
                Protocol = "tcp",
                CidrBlocks = new[]
                {
                    exampleVpc.Apply(getVpcResult => getVpcResult.CidrBlock),
                },
            },
        },
    });

    var exampleServiceLinkedRole = new Aws.Iam.ServiceLinkedRole("exampleServiceLinkedRole", new()
    {
        AwsServiceName = "opensearchservice.amazonaws.com",
    });

    var examplePolicyDocument = Aws.Iam.GetPolicyDocument.Invoke(new()
    {
        Statements = new[]
        {
            new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
            {
                Effect = "Allow",
                Principals = new[]
                {
                    new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs
                    {
                        Type = "*",
                        Identifiers = new[]
                        {
                            "*",
                        },
                    },
                },
                Actions = new[]
                {
                    "es:*",
                },
                Resources = new[]
                {
                    $"arn:aws:es:{currentRegion.Apply(getRegionResult => getRegionResult.Name)}:{currentCallerIdentity.Apply(getCallerIdentityResult => getCallerIdentityResult.AccountId)}:domain/{domain}/*",
                },
            },
        },
    });

    var exampleDomain = new Aws.OpenSearch.Domain("exampleDomain", new()
    {
        EngineVersion = "OpenSearch_1.0",
        ClusterConfig = new Aws.OpenSearch.Inputs.DomainClusterConfigArgs
        {
            InstanceType = "m4.large.search",
            ZoneAwarenessEnabled = true,
        },
        VpcOptions = new Aws.OpenSearch.Inputs.DomainVpcOptionsArgs
        {
            SubnetIds = new[]
            {
                exampleSubnets.Apply(getSubnetsResult => getSubnetsResult.Ids[0]),
                exampleSubnets.Apply(getSubnetsResult => getSubnetsResult.Ids[1]),
            },
            SecurityGroupIds = new[]
            {
                exampleSecurityGroup.Id,
            },
        },
        AdvancedOptions = 
        {
            { "rest.action.multi.allow_explicit_index", "true" },
        },
        AccessPolicies = examplePolicyDocument.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
        Tags = 
        {
            { "Domain", "TestDomain" },
        },
    }, new CustomResourceOptions
    {
        DependsOn = new[]
        {
            exampleServiceLinkedRole,
        },
    });

});

package main

import (
	"fmt"

	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws"
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2"
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
cfg := config.New(ctx, "")
vpc := cfg.RequireObject("vpc")
domain := "tf-test";
if param := cfg.Get("domain"); param != ""{
domain = param
}
exampleVpc, err := ec2.LookupVpc(ctx, &ec2.LookupVpcArgs{
Tags: interface{}{
Name: vpc,
},
}, nil);
if err != nil {
return err
}
exampleSubnets, err := ec2.GetSubnets(ctx, &ec2.GetSubnetsArgs{
Filters: []ec2.GetSubnetsFilter{
{
Name: "vpc-id",
Values: interface{}{
exampleVpc.Id,
},
},
},
Tags: map[string]interface{}{
"Tier": "private",
},
}, nil);
if err != nil {
return err
}
currentRegion, err := aws.GetRegion(ctx, nil, nil);
if err != nil {
return err
}
currentCallerIdentity, err := aws.GetCallerIdentity(ctx, nil, nil);
if err != nil {
return err
}
exampleSecurityGroup, err := ec2.NewSecurityGroup(ctx, "exampleSecurityGroup", &ec2.SecurityGroupArgs{
Description: pulumi.String("Managed by Pulumi"),
VpcId: *pulumi.String(exampleVpc.Id),
Ingress: ec2.SecurityGroupIngressArray{
&ec2.SecurityGroupIngressArgs{
FromPort: pulumi.Int(443),
ToPort: pulumi.Int(443),
Protocol: pulumi.String("tcp"),
CidrBlocks: pulumi.StringArray{
*pulumi.String(exampleVpc.CidrBlock),
},
},
},
})
if err != nil {
return err
}
exampleServiceLinkedRole, err := iam.NewServiceLinkedRole(ctx, "exampleServiceLinkedRole", &iam.ServiceLinkedRoleArgs{
AwsServiceName: pulumi.String("opensearchservice.amazonaws.com"),
})
if err != nil {
return err
}
examplePolicyDocument, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{
Statements: []iam.GetPolicyDocumentStatement{
{
Effect: pulumi.StringRef("Allow"),
Principals: []iam.GetPolicyDocumentStatementPrincipal{
{
Type: "*",
Identifiers: []string{
"*",
},
},
},
Actions: []string{
"es:*",
},
Resources: []string{
fmt.Sprintf("arn:aws:es:%v:%v:domain/%v/*", currentRegion.Name, currentCallerIdentity.AccountId, domain),
},
},
},
}, nil);
if err != nil {
return err
}
_, err = opensearch.NewDomain(ctx, "exampleDomain", &opensearch.DomainArgs{
EngineVersion: pulumi.String("OpenSearch_1.0"),
ClusterConfig: &opensearch.DomainClusterConfigArgs{
InstanceType: pulumi.String("m4.large.search"),
ZoneAwarenessEnabled: pulumi.Bool(true),
},
VpcOptions: &opensearch.DomainVpcOptionsArgs{
SubnetIds: pulumi.StringArray{
*pulumi.String(exampleSubnets.Ids[0]),
*pulumi.String(exampleSubnets.Ids[1]),
},
SecurityGroupIds: pulumi.StringArray{
exampleSecurityGroup.ID(),
},
},
AdvancedOptions: pulumi.StringMap{
"rest.action.multi.allow_explicit_index": pulumi.String("true"),
},
AccessPolicies: *pulumi.String(examplePolicyDocument.Json),
Tags: pulumi.StringMap{
"Domain": pulumi.String("TestDomain"),
},
}, pulumi.DependsOn([]pulumi.Resource{
exampleServiceLinkedRole,
}))
if err != nil {
return err
}
return nil
})
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ec2.Ec2Functions;
import com.pulumi.aws.ec2.inputs.GetVpcArgs;
import com.pulumi.aws.ec2.inputs.GetSubnetsArgs;
import com.pulumi.aws.AwsFunctions;
import com.pulumi.aws.inputs.GetRegionArgs;
import com.pulumi.aws.inputs.GetCallerIdentityArgs;
import com.pulumi.aws.ec2.SecurityGroup;
import com.pulumi.aws.ec2.SecurityGroupArgs;
import com.pulumi.aws.ec2.inputs.SecurityGroupIngressArgs;
import com.pulumi.aws.iam.ServiceLinkedRole;
import com.pulumi.aws.iam.ServiceLinkedRoleArgs;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.opensearch.Domain;
import com.pulumi.aws.opensearch.DomainArgs;
import com.pulumi.aws.opensearch.inputs.DomainClusterConfigArgs;
import com.pulumi.aws.opensearch.inputs.DomainVpcOptionsArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var config = ctx.config();
        final var vpc = config.get("vpc");
        final var domain = config.get("domain").orElse("tf-test");
        final var exampleVpc = Ec2Functions.getVpc(GetVpcArgs.builder()
            .tags(Map.of("Name", vpc))
            .build());

        final var exampleSubnets = Ec2Functions.getSubnets(GetSubnetsArgs.builder()
            .filters(GetSubnetsFilterArgs.builder()
                .name("vpc-id")
                .values(exampleVpc.applyValue(getVpcResult -> getVpcResult.id()))
                .build())
            .tags(Map.of("Tier", "private"))
            .build());

        final var currentRegion = AwsFunctions.getRegion();

        final var currentCallerIdentity = AwsFunctions.getCallerIdentity();

        var exampleSecurityGroup = new SecurityGroup("exampleSecurityGroup", SecurityGroupArgs.builder()        
            .description("Managed by Pulumi")
            .vpcId(exampleVpc.applyValue(getVpcResult -> getVpcResult.id()))
            .ingress(SecurityGroupIngressArgs.builder()
                .fromPort(443)
                .toPort(443)
                .protocol("tcp")
                .cidrBlocks(exampleVpc.applyValue(getVpcResult -> getVpcResult.cidrBlock()))
                .build())
            .build());

        var exampleServiceLinkedRole = new ServiceLinkedRole("exampleServiceLinkedRole", ServiceLinkedRoleArgs.builder()        
            .awsServiceName("opensearchservice.amazonaws.com")
            .build());

        final var examplePolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
            .statements(GetPolicyDocumentStatementArgs.builder()
                .effect("Allow")
                .principals(GetPolicyDocumentStatementPrincipalArgs.builder()
                    .type("*")
                    .identifiers("*")
                    .build())
                .actions("es:*")
                .resources(String.format("arn:aws:es:%s:%s:domain/%s/*", currentRegion.applyValue(getRegionResult -> getRegionResult.name()),currentCallerIdentity.applyValue(getCallerIdentityResult -> getCallerIdentityResult.accountId()),domain))
                .build())
            .build());

        var exampleDomain = new Domain("exampleDomain", DomainArgs.builder()        
            .engineVersion("OpenSearch_1.0")
            .clusterConfig(DomainClusterConfigArgs.builder()
                .instanceType("m4.large.search")
                .zoneAwarenessEnabled(true)
                .build())
            .vpcOptions(DomainVpcOptionsArgs.builder()
                .subnetIds(                
                    exampleSubnets.applyValue(getSubnetsResult -> getSubnetsResult.ids()[0]),
                    exampleSubnets.applyValue(getSubnetsResult -> getSubnetsResult.ids()[1]))
                .securityGroupIds(exampleSecurityGroup.id())
                .build())
            .advancedOptions(Map.of("rest.action.multi.allow_explicit_index", "true"))
            .accessPolicies(examplePolicyDocument.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json()))
            .tags(Map.of("Domain", "TestDomain"))
            .build(), CustomResourceOptions.builder()
                .dependsOn(exampleServiceLinkedRole)
                .build());

    }
}

import pulumi
import pulumi_aws as aws

config = pulumi.Config()
vpc = config.require_object("vpc")
domain = config.get("domain")
if domain is None:
    domain = "tf-test"
example_vpc = aws.ec2.get_vpc(tags={
    "Name": vpc,
})
example_subnets = aws.ec2.get_subnets(filters=[aws.ec2.GetSubnetsFilterArgs(
        name="vpc-id",
        values=[example_vpc.id],
    )],
    tags={
        "Tier": "private",
    })
current_region = aws.get_region()
current_caller_identity = aws.get_caller_identity()
example_security_group = aws.ec2.SecurityGroup("exampleSecurityGroup",
    description="Managed by Pulumi",
    vpc_id=example_vpc.id,
    ingress=[aws.ec2.SecurityGroupIngressArgs(
        from_port=443,
        to_port=443,
        protocol="tcp",
        cidr_blocks=[example_vpc.cidr_block],
    )])
example_service_linked_role = aws.iam.ServiceLinkedRole("exampleServiceLinkedRole", aws_service_name="opensearchservice.amazonaws.com")
example_policy_document = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(
    effect="Allow",
    principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(
        type="*",
        identifiers=["*"],
    )],
    actions=["es:*"],
    resources=[f"arn:aws:es:{current_region.name}:{current_caller_identity.account_id}:domain/{domain}/*"],
)])
example_domain = aws.opensearch.Domain("exampleDomain",
    engine_version="OpenSearch_1.0",
    cluster_config=aws.opensearch.DomainClusterConfigArgs(
        instance_type="m4.large.search",
        zone_awareness_enabled=True,
    ),
    vpc_options=aws.opensearch.DomainVpcOptionsArgs(
        subnet_ids=[
            example_subnets.ids[0],
            example_subnets.ids[1],
        ],
        security_group_ids=[example_security_group.id],
    ),
    advanced_options={
        "rest.action.multi.allow_explicit_index": "true",
    },
    access_policies=example_policy_document.json,
    tags={
        "Domain": "TestDomain",
    },
    opts=pulumi.ResourceOptions(depends_on=[example_service_linked_role]))

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const config = new pulumi.Config();
const vpc = config.requireObject("vpc");
const domain = config.get("domain") || "tf-test";
const exampleVpc = aws.ec2.getVpc({
    tags: {
        Name: vpc,
    },
});
const exampleSubnets = exampleVpc.then(exampleVpc => aws.ec2.getSubnets({
    filters: [{
        name: "vpc-id",
        values: [exampleVpc.id],
    }],
    tags: {
        Tier: "private",
    },
}));
const currentRegion = aws.getRegion({});
const currentCallerIdentity = aws.getCallerIdentity({});
const exampleSecurityGroup = new aws.ec2.SecurityGroup("exampleSecurityGroup", {
    description: "Managed by Pulumi",
    vpcId: exampleVpc.then(exampleVpc => exampleVpc.id),
    ingress: [{
        fromPort: 443,
        toPort: 443,
        protocol: "tcp",
        cidrBlocks: [exampleVpc.then(exampleVpc => exampleVpc.cidrBlock)],
    }],
});
const exampleServiceLinkedRole = new aws.iam.ServiceLinkedRole("exampleServiceLinkedRole", {awsServiceName: "opensearchservice.amazonaws.com"});
const examplePolicyDocument = Promise.all([currentRegion, currentCallerIdentity]).then(([currentRegion, currentCallerIdentity]) => aws.iam.getPolicyDocument({
    statements: [{
        effect: "Allow",
        principals: [{
            type: "*",
            identifiers: ["*"],
        }],
        actions: ["es:*"],
        resources: [`arn:aws:es:${currentRegion.name}:${currentCallerIdentity.accountId}:domain/${domain}/*`],
    }],
}));
const exampleDomain = new aws.opensearch.Domain("exampleDomain", {
    engineVersion: "OpenSearch_1.0",
    clusterConfig: {
        instanceType: "m4.large.search",
        zoneAwarenessEnabled: true,
    },
    vpcOptions: {
        subnetIds: [
            exampleSubnets.then(exampleSubnets => exampleSubnets.ids?.[0]),
            exampleSubnets.then(exampleSubnets => exampleSubnets.ids?.[1]),
        ],
        securityGroupIds: [exampleSecurityGroup.id],
    },
    advancedOptions: {
        "rest.action.multi.allow_explicit_index": "true",
    },
    accessPolicies: examplePolicyDocument.then(examplePolicyDocument => examplePolicyDocument.json),
    tags: {
        Domain: "TestDomain",
    },
}, {
    dependsOn: [exampleServiceLinkedRole],
});

configuration:
  vpc:
    type: dynamic
  domain:
    type: string
    default: tf-test
resources:
  exampleSecurityGroup:
    type: aws:ec2:SecurityGroup
    properties:
      description: Managed by Pulumi
      vpcId: ${exampleVpc.id}
      ingress:
        - fromPort: 443
          toPort: 443
          protocol: tcp
          cidrBlocks:
            - ${exampleVpc.cidrBlock}
  exampleServiceLinkedRole:
    type: aws:iam:ServiceLinkedRole
    properties:
      awsServiceName: opensearchservice.amazonaws.com
  exampleDomain:
    type: aws:opensearch:Domain
    properties:
      engineVersion: OpenSearch_1.0
      clusterConfig:
        instanceType: m4.large.search
        zoneAwarenessEnabled: true
      vpcOptions:
        subnetIds:
          - ${exampleSubnets.ids[0]}
          - ${exampleSubnets.ids[1]}
        securityGroupIds:
          - ${exampleSecurityGroup.id}
      advancedOptions:
        rest.action.multi.allow_explicit_index: 'true'
      accessPolicies: ${examplePolicyDocument.json}
      tags:
        Domain: TestDomain
    options:
      dependson:
        - ${exampleServiceLinkedRole}
variables:
  exampleVpc:
    fn::invoke:
      Function: aws:ec2:getVpc
      Arguments:
        tags:
          Name: ${vpc}
  exampleSubnets:
    fn::invoke:
      Function: aws:ec2:getSubnets
      Arguments:
        filters:
          - name: vpc-id
            values:
              - ${exampleVpc.id}
        tags:
          Tier: private
  currentRegion:
    fn::invoke:
      Function: aws:getRegion
      Arguments: {}
  currentCallerIdentity:
    fn::invoke:
      Function: aws:getCallerIdentity
      Arguments: {}
  examplePolicyDocument:
    fn::invoke:
      Function: aws:iam:getPolicyDocument
      Arguments:
        statements:
          - effect: Allow
            principals:
              - type: '*'
                identifiers:
                  - '*'
            actions:
              - es:*
            resources:
              - arn:aws:es:${currentRegion.name}:${currentCallerIdentity.accountId}:domain/${domain}/*

First apply

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var example = new Aws.OpenSearch.Domain("example", new()
    {
        AdvancedSecurityOptions = new Aws.OpenSearch.Inputs.DomainAdvancedSecurityOptionsArgs
        {
            AnonymousAuthEnabled = true,
            Enabled = false,
            InternalUserDatabaseEnabled = true,
            MasterUserOptions = new Aws.OpenSearch.Inputs.DomainAdvancedSecurityOptionsMasterUserOptionsArgs
            {
                MasterUserName = "example",
                MasterUserPassword = "Barbarbarbar1!",
            },
        },
        ClusterConfig = new Aws.OpenSearch.Inputs.DomainClusterConfigArgs
        {
            InstanceType = "r5.large.search",
        },
        DomainEndpointOptions = new Aws.OpenSearch.Inputs.DomainDomainEndpointOptionsArgs
        {
            EnforceHttps = true,
            TlsSecurityPolicy = "Policy-Min-TLS-1-2-2019-07",
        },
        EbsOptions = new Aws.OpenSearch.Inputs.DomainEbsOptionsArgs
        {
            EbsEnabled = true,
            VolumeSize = 10,
        },
        EncryptAtRest = new Aws.OpenSearch.Inputs.DomainEncryptAtRestArgs
        {
            Enabled = true,
        },
        EngineVersion = "Elasticsearch_7.1",
        NodeToNodeEncryption = new Aws.OpenSearch.Inputs.DomainNodeToNodeEncryptionArgs
        {
            Enabled = true,
        },
    });

});

package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := opensearch.NewDomain(ctx, "example", &opensearch.DomainArgs{
			AdvancedSecurityOptions: &opensearch.DomainAdvancedSecurityOptionsArgs{
				AnonymousAuthEnabled:        pulumi.Bool(true),
				Enabled:                     pulumi.Bool(false),
				InternalUserDatabaseEnabled: pulumi.Bool(true),
				MasterUserOptions: &opensearch.DomainAdvancedSecurityOptionsMasterUserOptionsArgs{
					MasterUserName:     pulumi.String("example"),
					MasterUserPassword: pulumi.String("Barbarbarbar1!"),
				},
			},
			ClusterConfig: &opensearch.DomainClusterConfigArgs{
				InstanceType: pulumi.String("r5.large.search"),
			},
			DomainEndpointOptions: &opensearch.DomainDomainEndpointOptionsArgs{
				EnforceHttps:      pulumi.Bool(true),
				TlsSecurityPolicy: pulumi.String("Policy-Min-TLS-1-2-2019-07"),
			},
			EbsOptions: &opensearch.DomainEbsOptionsArgs{
				EbsEnabled: pulumi.Bool(true),
				VolumeSize: pulumi.Int(10),
			},
			EncryptAtRest: &opensearch.DomainEncryptAtRestArgs{
				Enabled: pulumi.Bool(true),
			},
			EngineVersion: pulumi.String("Elasticsearch_7.1"),
			NodeToNodeEncryption: &opensearch.DomainNodeToNodeEncryptionArgs{
				Enabled: pulumi.Bool(true),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.opensearch.Domain;
import com.pulumi.aws.opensearch.DomainArgs;
import com.pulumi.aws.opensearch.inputs.DomainAdvancedSecurityOptionsArgs;
import com.pulumi.aws.opensearch.inputs.DomainAdvancedSecurityOptionsMasterUserOptionsArgs;
import com.pulumi.aws.opensearch.inputs.DomainClusterConfigArgs;
import com.pulumi.aws.opensearch.inputs.DomainDomainEndpointOptionsArgs;
import com.pulumi.aws.opensearch.inputs.DomainEbsOptionsArgs;
import com.pulumi.aws.opensearch.inputs.DomainEncryptAtRestArgs;
import com.pulumi.aws.opensearch.inputs.DomainNodeToNodeEncryptionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new Domain("example", DomainArgs.builder()        
            .advancedSecurityOptions(DomainAdvancedSecurityOptionsArgs.builder()
                .anonymousAuthEnabled(true)
                .enabled(false)
                .internalUserDatabaseEnabled(true)
                .masterUserOptions(DomainAdvancedSecurityOptionsMasterUserOptionsArgs.builder()
                    .masterUserName("example")
                    .masterUserPassword("Barbarbarbar1!")
                    .build())
                .build())
            .clusterConfig(DomainClusterConfigArgs.builder()
                .instanceType("r5.large.search")
                .build())
            .domainEndpointOptions(DomainDomainEndpointOptionsArgs.builder()
                .enforceHttps(true)
                .tlsSecurityPolicy("Policy-Min-TLS-1-2-2019-07")
                .build())
            .ebsOptions(DomainEbsOptionsArgs.builder()
                .ebsEnabled(true)
                .volumeSize(10)
                .build())
            .encryptAtRest(DomainEncryptAtRestArgs.builder()
                .enabled(true)
                .build())
            .engineVersion("Elasticsearch_7.1")
            .nodeToNodeEncryption(DomainNodeToNodeEncryptionArgs.builder()
                .enabled(true)
                .build())
            .build());

    }
}

import pulumi
import pulumi_aws as aws

example = aws.opensearch.Domain("example",
    advanced_security_options=aws.opensearch.DomainAdvancedSecurityOptionsArgs(
        anonymous_auth_enabled=True,
        enabled=False,
        internal_user_database_enabled=True,
        master_user_options=aws.opensearch.DomainAdvancedSecurityOptionsMasterUserOptionsArgs(
            master_user_name="example",
            master_user_password="Barbarbarbar1!",
        ),
    ),
    cluster_config=aws.opensearch.DomainClusterConfigArgs(
        instance_type="r5.large.search",
    ),
    domain_endpoint_options=aws.opensearch.DomainDomainEndpointOptionsArgs(
        enforce_https=True,
        tls_security_policy="Policy-Min-TLS-1-2-2019-07",
    ),
    ebs_options=aws.opensearch.DomainEbsOptionsArgs(
        ebs_enabled=True,
        volume_size=10,
    ),
    encrypt_at_rest=aws.opensearch.DomainEncryptAtRestArgs(
        enabled=True,
    ),
    engine_version="Elasticsearch_7.1",
    node_to_node_encryption=aws.opensearch.DomainNodeToNodeEncryptionArgs(
        enabled=True,
    ))

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.opensearch.Domain("example", {
    advancedSecurityOptions: {
        anonymousAuthEnabled: true,
        enabled: false,
        internalUserDatabaseEnabled: true,
        masterUserOptions: {
            masterUserName: "example",
            masterUserPassword: "Barbarbarbar1!",
        },
    },
    clusterConfig: {
        instanceType: "r5.large.search",
    },
    domainEndpointOptions: {
        enforceHttps: true,
        tlsSecurityPolicy: "Policy-Min-TLS-1-2-2019-07",
    },
    ebsOptions: {
        ebsEnabled: true,
        volumeSize: 10,
    },
    encryptAtRest: {
        enabled: true,
    },
    engineVersion: "Elasticsearch_7.1",
    nodeToNodeEncryption: {
        enabled: true,
    },
});

resources:
  example:
    type: aws:opensearch:Domain
    properties:
      advancedSecurityOptions:
        anonymousAuthEnabled: true
        enabled: false
        internalUserDatabaseEnabled: true
        masterUserOptions:
          masterUserName: example
          masterUserPassword: Barbarbarbar1!
      clusterConfig:
        instanceType: r5.large.search
      domainEndpointOptions:
        enforceHttps: true
        tlsSecurityPolicy: Policy-Min-TLS-1-2-2019-07
      ebsOptions:
        ebsEnabled: true
        volumeSize: 10
      encryptAtRest:
        enabled: true
      engineVersion: Elasticsearch_7.1
      nodeToNodeEncryption:
        enabled: true

Second apply

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var example = new Aws.OpenSearch.Domain("example", new()
    {
        AdvancedSecurityOptions = new Aws.OpenSearch.Inputs.DomainAdvancedSecurityOptionsArgs
        {
            AnonymousAuthEnabled = true,
            Enabled = true,
            InternalUserDatabaseEnabled = true,
            MasterUserOptions = new Aws.OpenSearch.Inputs.DomainAdvancedSecurityOptionsMasterUserOptionsArgs
            {
                MasterUserName = "example",
                MasterUserPassword = "Barbarbarbar1!",
            },
        },
        ClusterConfig = new Aws.OpenSearch.Inputs.DomainClusterConfigArgs
        {
            InstanceType = "r5.large.search",
        },
        DomainEndpointOptions = new Aws.OpenSearch.Inputs.DomainDomainEndpointOptionsArgs
        {
            EnforceHttps = true,
            TlsSecurityPolicy = "Policy-Min-TLS-1-2-2019-07",
        },
        EbsOptions = new Aws.OpenSearch.Inputs.DomainEbsOptionsArgs
        {
            EbsEnabled = true,
            VolumeSize = 10,
        },
        EncryptAtRest = new Aws.OpenSearch.Inputs.DomainEncryptAtRestArgs
        {
            Enabled = true,
        },
        EngineVersion = "Elasticsearch_7.1",
        NodeToNodeEncryption = new Aws.OpenSearch.Inputs.DomainNodeToNodeEncryptionArgs
        {
            Enabled = true,
        },
    });

});

package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := opensearch.NewDomain(ctx, "example", &opensearch.DomainArgs{
			AdvancedSecurityOptions: &opensearch.DomainAdvancedSecurityOptionsArgs{
				AnonymousAuthEnabled:        pulumi.Bool(true),
				Enabled:                     pulumi.Bool(true),
				InternalUserDatabaseEnabled: pulumi.Bool(true),
				MasterUserOptions: &opensearch.DomainAdvancedSecurityOptionsMasterUserOptionsArgs{
					MasterUserName:     pulumi.String("example"),
					MasterUserPassword: pulumi.String("Barbarbarbar1!"),
				},
			},
			ClusterConfig: &opensearch.DomainClusterConfigArgs{
				InstanceType: pulumi.String("r5.large.search"),
			},
			DomainEndpointOptions: &opensearch.DomainDomainEndpointOptionsArgs{
				EnforceHttps:      pulumi.Bool(true),
				TlsSecurityPolicy: pulumi.String("Policy-Min-TLS-1-2-2019-07"),
			},
			EbsOptions: &opensearch.DomainEbsOptionsArgs{
				EbsEnabled: pulumi.Bool(true),
				VolumeSize: pulumi.Int(10),
			},
			EncryptAtRest: &opensearch.DomainEncryptAtRestArgs{
				Enabled: pulumi.Bool(true),
			},
			EngineVersion: pulumi.String("Elasticsearch_7.1"),
			NodeToNodeEncryption: &opensearch.DomainNodeToNodeEncryptionArgs{
				Enabled: pulumi.Bool(true),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.opensearch.Domain;
import com.pulumi.aws.opensearch.DomainArgs;
import com.pulumi.aws.opensearch.inputs.DomainAdvancedSecurityOptionsArgs;
import com.pulumi.aws.opensearch.inputs.DomainAdvancedSecurityOptionsMasterUserOptionsArgs;
import com.pulumi.aws.opensearch.inputs.DomainClusterConfigArgs;
import com.pulumi.aws.opensearch.inputs.DomainDomainEndpointOptionsArgs;
import com.pulumi.aws.opensearch.inputs.DomainEbsOptionsArgs;
import com.pulumi.aws.opensearch.inputs.DomainEncryptAtRestArgs;
import com.pulumi.aws.opensearch.inputs.DomainNodeToNodeEncryptionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new Domain("example", DomainArgs.builder()        
            .advancedSecurityOptions(DomainAdvancedSecurityOptionsArgs.builder()
                .anonymousAuthEnabled(true)
                .enabled(true)
                .internalUserDatabaseEnabled(true)
                .masterUserOptions(DomainAdvancedSecurityOptionsMasterUserOptionsArgs.builder()
                    .masterUserName("example")
                    .masterUserPassword("Barbarbarbar1!")
                    .build())
                .build())
            .clusterConfig(DomainClusterConfigArgs.builder()
                .instanceType("r5.large.search")
                .build())
            .domainEndpointOptions(DomainDomainEndpointOptionsArgs.builder()
                .enforceHttps(true)
                .tlsSecurityPolicy("Policy-Min-TLS-1-2-2019-07")
                .build())
            .ebsOptions(DomainEbsOptionsArgs.builder()
                .ebsEnabled(true)
                .volumeSize(10)
                .build())
            .encryptAtRest(DomainEncryptAtRestArgs.builder()
                .enabled(true)
                .build())
            .engineVersion("Elasticsearch_7.1")
            .nodeToNodeEncryption(DomainNodeToNodeEncryptionArgs.builder()
                .enabled(true)
                .build())
            .build());

    }
}

import pulumi
import pulumi_aws as aws

example = aws.opensearch.Domain("example",
    advanced_security_options=aws.opensearch.DomainAdvancedSecurityOptionsArgs(
        anonymous_auth_enabled=True,
        enabled=True,
        internal_user_database_enabled=True,
        master_user_options=aws.opensearch.DomainAdvancedSecurityOptionsMasterUserOptionsArgs(
            master_user_name="example",
            master_user_password="Barbarbarbar1!",
        ),
    ),
    cluster_config=aws.opensearch.DomainClusterConfigArgs(
        instance_type="r5.large.search",
    ),
    domain_endpoint_options=aws.opensearch.DomainDomainEndpointOptionsArgs(
        enforce_https=True,
        tls_security_policy="Policy-Min-TLS-1-2-2019-07",
    ),
    ebs_options=aws.opensearch.DomainEbsOptionsArgs(
        ebs_enabled=True,
        volume_size=10,
    ),
    encrypt_at_rest=aws.opensearch.DomainEncryptAtRestArgs(
        enabled=True,
    ),
    engine_version="Elasticsearch_7.1",
    node_to_node_encryption=aws.opensearch.DomainNodeToNodeEncryptionArgs(
        enabled=True,
    ))

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.opensearch.Domain("example", {
    advancedSecurityOptions: {
        anonymousAuthEnabled: true,
        enabled: true,
        internalUserDatabaseEnabled: true,
        masterUserOptions: {
            masterUserName: "example",
            masterUserPassword: "Barbarbarbar1!",
        },
    },
    clusterConfig: {
        instanceType: "r5.large.search",
    },
    domainEndpointOptions: {
        enforceHttps: true,
        tlsSecurityPolicy: "Policy-Min-TLS-1-2-2019-07",
    },
    ebsOptions: {
        ebsEnabled: true,
        volumeSize: 10,
    },
    encryptAtRest: {
        enabled: true,
    },
    engineVersion: "Elasticsearch_7.1",
    nodeToNodeEncryption: {
        enabled: true,
    },
});

resources:
  example:
    type: aws:opensearch:Domain
    properties:
      advancedSecurityOptions:
        anonymousAuthEnabled: true
        enabled: true
        internalUserDatabaseEnabled: true
        masterUserOptions:
          masterUserName: example
          masterUserPassword: Barbarbarbar1!
      clusterConfig:
        instanceType: r5.large.search
      domainEndpointOptions:
        enforceHttps: true
        tlsSecurityPolicy: Policy-Min-TLS-1-2-2019-07
      ebsOptions:
        ebsEnabled: true
        volumeSize: 10
      encryptAtRest:
        enabled: true
      engineVersion: Elasticsearch_7.1
      nodeToNodeEncryption:
        enabled: true

Create Domain Resource

new Domain(name: string, args?: DomainArgs, opts?: CustomResourceOptions);

@overload
def Domain(resource_name: str,
           opts: Optional[ResourceOptions] = None,
           access_policies: Optional[str] = None,
           advanced_options: Optional[Mapping[str, str]] = None,
           advanced_security_options: Optional[DomainAdvancedSecurityOptionsArgs] = None,
           auto_tune_options: Optional[DomainAutoTuneOptionsArgs] = None,
           cluster_config: Optional[DomainClusterConfigArgs] = None,
           cognito_options: Optional[DomainCognitoOptionsArgs] = None,
           domain_endpoint_options: Optional[DomainDomainEndpointOptionsArgs] = None,
           domain_name: Optional[str] = None,
           ebs_options: Optional[DomainEbsOptionsArgs] = None,
           encrypt_at_rest: Optional[DomainEncryptAtRestArgs] = None,
           engine_version: Optional[str] = None,
           log_publishing_options: Optional[Sequence[DomainLogPublishingOptionArgs]] = None,
           node_to_node_encryption: Optional[DomainNodeToNodeEncryptionArgs] = None,
           off_peak_window_options: Optional[DomainOffPeakWindowOptionsArgs] = None,
           snapshot_options: Optional[DomainSnapshotOptionsArgs] = None,
           software_update_options: Optional[DomainSoftwareUpdateOptionsArgs] = None,
           tags: Optional[Mapping[str, str]] = None,
           vpc_options: Optional[DomainVpcOptionsArgs] = None)
@overload
def Domain(resource_name: str,
           args: Optional[DomainArgs] = None,
           opts: Optional[ResourceOptions] = None)

func NewDomain(ctx *Context, name string, args *DomainArgs, opts ...ResourceOption) (*Domain, error)

public Domain(string name, DomainArgs? args = null, CustomResourceOptions? opts = null)

public Domain(String name, DomainArgs args)
public Domain(String name, DomainArgs args, CustomResourceOptions options)

type: aws:opensearch:Domain
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string: The unique name of the resource.
args DomainArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args DomainArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args DomainArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args DomainArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args DomainArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Domain Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The Domain resource accepts the following input properties:

AccessPolicies string

IAM policy document specifying the access policies for the domain.

AdvancedOptions Dictionary<string, string>

Key-value string pairs to specify advanced configuration options. Note that the values for these configuration options must be strings (wrapped in quotes) or they may be wrong and cause a perpetual diff, causing the provider to want to recreate your OpenSearch domain on every apply.

AdvancedSecurityOptions DomainAdvancedSecurityOptions

Configuration block for fine-grained access control. Detailed below.

AutoTuneOptions DomainAutoTuneOptions

Configuration block for the Auto-Tune options of the domain. Detailed below.

ClusterConfig DomainClusterConfig

Configuration block for the cluster of the domain. Detailed below.

CognitoOptions DomainCognitoOptions

Configuration block for authenticating dashboard with Cognito. Detailed below.

DomainEndpointOptions DomainDomainEndpointOptions

Configuration block for domain endpoint HTTP(S) related options. Detailed below.

DomainName string

Name of the domain.

The following arguments are optional:

EbsOptions DomainEbsOptions

Configuration block for EBS related options, may be required based on chosen instance size. Detailed below.

EncryptAtRest DomainEncryptAtRest

Configuration block for encrypt at rest options. Only available for certain instance types. Detailed below.

EngineVersion string

Either Elasticsearch_X.Y or OpenSearch_X.Y to specify the engine version for the Amazon OpenSearch Service domain. For example, OpenSearch_1.0 or Elasticsearch_7.9. See Creating and managing Amazon OpenSearch Service domains. Defaults to the lastest version of OpenSearch.

LogPublishingOptions List<DomainLogPublishingOption>

Configuration block for publishing slow and application logs to CloudWatch Logs. This block can be declared multiple times, for each log_type, within the same resource. Detailed below.

NodeToNodeEncryption DomainNodeToNodeEncryption

Configuration block for node-to-node encryption options. Detailed below.

OffPeakWindowOptions DomainOffPeakWindowOptions

Configuration to add Off Peak update options. (documentation). Detailed below.

SnapshotOptions DomainSnapshotOptions

Configuration block for snapshot related options. Detailed below. DEPRECATED. For domains running OpenSearch 5.3 and later, Amazon OpenSearch takes hourly automated snapshots, making this setting irrelevant. For domains running earlier versions, OpenSearch takes daily automated snapshots.

SoftwareUpdateOptions DomainSoftwareUpdateOptions

Software update options for the domain. Detailed below.

Tags Dictionary<string, string>

Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

VpcOptions DomainVpcOptions

Configuration block for VPC related options. Adding or removing this configuration forces a new resource (documentation). Detailed below.

AccessPolicies string

IAM policy document specifying the access policies for the domain.

AdvancedOptions map[string]string

AdvancedSecurityOptions DomainAdvancedSecurityOptionsArgs

Configuration block for fine-grained access control. Detailed below.

AutoTuneOptions DomainAutoTuneOptionsArgs

Configuration block for the Auto-Tune options of the domain. Detailed below.

ClusterConfig DomainClusterConfigArgs

Configuration block for the cluster of the domain. Detailed below.

CognitoOptions DomainCognitoOptionsArgs

Configuration block for authenticating dashboard with Cognito. Detailed below.

DomainEndpointOptions DomainDomainEndpointOptionsArgs

Configuration block for domain endpoint HTTP(S) related options. Detailed below.

DomainName string

Name of the domain.

The following arguments are optional:

EbsOptions DomainEbsOptionsArgs

Configuration block for EBS related options, may be required based on chosen instance size. Detailed below.

EncryptAtRest DomainEncryptAtRestArgs

Configuration block for encrypt at rest options. Only available for certain instance types. Detailed below.

EngineVersion string

LogPublishingOptions []DomainLogPublishingOptionArgs

Configuration block for publishing slow and application logs to CloudWatch Logs. This block can be declared multiple times, for each log_type, within the same resource. Detailed below.

NodeToNodeEncryption DomainNodeToNodeEncryptionArgs

Configuration block for node-to-node encryption options. Detailed below.

OffPeakWindowOptions DomainOffPeakWindowOptionsArgs

Configuration to add Off Peak update options. (documentation). Detailed below.

SnapshotOptions DomainSnapshotOptionsArgs

SoftwareUpdateOptions DomainSoftwareUpdateOptionsArgs

Software update options for the domain. Detailed below.

Tags map[string]string

Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

VpcOptions DomainVpcOptionsArgs

Configuration block for VPC related options. Adding or removing this configuration forces a new resource (documentation). Detailed below.

accessPolicies String

IAM policy document specifying the access policies for the domain.

advancedOptions Map<String,String>

advancedSecurityOptions DomainAdvancedSecurityOptions

Configuration block for fine-grained access control. Detailed below.

autoTuneOptions DomainAutoTuneOptions

Configuration block for the Auto-Tune options of the domain. Detailed below.

clusterConfig DomainClusterConfig

Configuration block for the cluster of the domain. Detailed below.

cognitoOptions DomainCognitoOptions

Configuration block for authenticating dashboard with Cognito. Detailed below.

domainEndpointOptions DomainDomainEndpointOptions

Configuration block for domain endpoint HTTP(S) related options. Detailed below.

domainName String

Name of the domain.

The following arguments are optional:

ebsOptions DomainEbsOptions

Configuration block for EBS related options, may be required based on chosen instance size. Detailed below.

encryptAtRest DomainEncryptAtRest

Configuration block for encrypt at rest options. Only available for certain instance types. Detailed below.

engineVersion String

logPublishingOptions List<DomainLogPublishingOption>

Configuration block for publishing slow and application logs to CloudWatch Logs. This block can be declared multiple times, for each log_type, within the same resource. Detailed below.

nodeToNodeEncryption DomainNodeToNodeEncryption

Configuration block for node-to-node encryption options. Detailed below.

offPeakWindowOptions DomainOffPeakWindowOptions

Configuration to add Off Peak update options. (documentation). Detailed below.

snapshotOptions DomainSnapshotOptions

softwareUpdateOptions DomainSoftwareUpdateOptions

Software update options for the domain. Detailed below.

tags Map<String,String>

Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

vpcOptions DomainVpcOptions

Configuration block for VPC related options. Adding or removing this configuration forces a new resource (documentation). Detailed below.

accessPolicies string

IAM policy document specifying the access policies for the domain.

advancedOptions {[key: string]: string}

advancedSecurityOptions DomainAdvancedSecurityOptions

Configuration block for fine-grained access control. Detailed below.

autoTuneOptions DomainAutoTuneOptions

Configuration block for the Auto-Tune options of the domain. Detailed below.

clusterConfig DomainClusterConfig

Configuration block for the cluster of the domain. Detailed below.

cognitoOptions DomainCognitoOptions

Configuration block for authenticating dashboard with Cognito. Detailed below.

domainEndpointOptions DomainDomainEndpointOptions

Configuration block for domain endpoint HTTP(S) related options. Detailed below.

domainName string

Name of the domain.

The following arguments are optional:

ebsOptions DomainEbsOptions

Configuration block for EBS related options, may be required based on chosen instance size. Detailed below.

encryptAtRest DomainEncryptAtRest

Configuration block for encrypt at rest options. Only available for certain instance types. Detailed below.

engineVersion string

logPublishingOptions DomainLogPublishingOption[]

Configuration block for publishing slow and application logs to CloudWatch Logs. This block can be declared multiple times, for each log_type, within the same resource. Detailed below.

nodeToNodeEncryption DomainNodeToNodeEncryption

Configuration block for node-to-node encryption options. Detailed below.

offPeakWindowOptions DomainOffPeakWindowOptions

Configuration to add Off Peak update options. (documentation). Detailed below.

snapshotOptions DomainSnapshotOptions

softwareUpdateOptions DomainSoftwareUpdateOptions

Software update options for the domain. Detailed below.

tags {[key: string]: string}

Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

vpcOptions DomainVpcOptions

Configuration block for VPC related options. Adding or removing this configuration forces a new resource (documentation). Detailed below.

access_policies str

IAM policy document specifying the access policies for the domain.

advanced_options Mapping[str, str]

advanced_security_options DomainAdvancedSecurityOptionsArgs

Configuration block for fine-grained access control. Detailed below.

auto_tune_options DomainAutoTuneOptionsArgs

Configuration block for the Auto-Tune options of the domain. Detailed below.

cluster_config DomainClusterConfigArgs

Configuration block for the cluster of the domain. Detailed below.

cognito_options DomainCognitoOptionsArgs

Configuration block for authenticating dashboard with Cognito. Detailed below.

domain_endpoint_options DomainDomainEndpointOptionsArgs

Configuration block for domain endpoint HTTP(S) related options. Detailed below.

domain_name str

Name of the domain.

The following arguments are optional:

ebs_options DomainEbsOptionsArgs

Configuration block for EBS related options, may be required based on chosen instance size. Detailed below.

encrypt_at_rest DomainEncryptAtRestArgs

Configuration block for encrypt at rest options. Only available for certain instance types. Detailed below.

engine_version str

log_publishing_options Sequence[DomainLogPublishingOptionArgs]

Configuration block for publishing slow and application logs to CloudWatch Logs. This block can be declared multiple times, for each log_type, within the same resource. Detailed below.

node_to_node_encryption DomainNodeToNodeEncryptionArgs

Configuration block for node-to-node encryption options. Detailed below.

off_peak_window_options DomainOffPeakWindowOptionsArgs

Configuration to add Off Peak update options. (documentation). Detailed below.

snapshot_options DomainSnapshotOptionsArgs

software_update_options DomainSoftwareUpdateOptionsArgs

Software update options for the domain. Detailed below.

tags Mapping[str, str]

Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

vpc_options DomainVpcOptionsArgs

Configuration block for VPC related options. Adding or removing this configuration forces a new resource (documentation). Detailed below.

accessPolicies String

IAM policy document specifying the access policies for the domain.

advancedOptions Map<String>

advancedSecurityOptions Property Map

Configuration block for fine-grained access control. Detailed below.

autoTuneOptions Property Map

Configuration block for the Auto-Tune options of the domain. Detailed below.

clusterConfig Property Map

Configuration block for the cluster of the domain. Detailed below.

cognitoOptions Property Map

Configuration block for authenticating dashboard with Cognito. Detailed below.

domainEndpointOptions Property Map

Configuration block for domain endpoint HTTP(S) related options. Detailed below.

domainName String

Name of the domain.

The following arguments are optional:

ebsOptions Property Map

Configuration block for EBS related options, may be required based on chosen instance size. Detailed below.

encryptAtRest Property Map

Configuration block for encrypt at rest options. Only available for certain instance types. Detailed below.

engineVersion String

logPublishingOptions List<Property Map>

Configuration block for publishing slow and application logs to CloudWatch Logs. This block can be declared multiple times, for each log_type, within the same resource. Detailed below.

nodeToNodeEncryption Property Map

Configuration block for node-to-node encryption options. Detailed below.

offPeakWindowOptions Property Map

Configuration to add Off Peak update options. (documentation). Detailed below.

snapshotOptions Property Map

softwareUpdateOptions Property Map

Software update options for the domain. Detailed below.

tags Map<String>

Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

vpcOptions Property Map

Configuration block for VPC related options. Adding or removing this configuration forces a new resource (documentation). Detailed below.

Outputs

All input properties are implicitly available as output properties. Additionally, the Domain resource produces the following output properties:

Arn string

ARN of the domain.

DashboardEndpoint string

Domain-specific endpoint for Dashboard without https scheme.

DomainId string

Unique identifier for the domain.

Endpoint string

Domain-specific endpoint used to submit index, search, and data upload requests.

Id string

The provider-assigned unique ID for this managed resource.

KibanaEndpoint string

(Deprecated) Domain-specific endpoint for kibana without https scheme. Use the dashboard_endpoint attribute instead.

Deprecated:

use 'dashboard_endpoint' attribute instead

TagsAll Dictionary<string, string>

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

vpc_options.0.availability_zones - If the domain was created inside a VPC, the names of the availability zones the configured subnet_ids were created inside.
vpc_options.0.vpc_id - If the domain was created inside a VPC, the ID of the VPC.

Deprecated:

Please use tags instead.

Arn string

ARN of the domain.

DashboardEndpoint string

Domain-specific endpoint for Dashboard without https scheme.

DomainId string

Unique identifier for the domain.

Endpoint string

Domain-specific endpoint used to submit index, search, and data upload requests.

Id string

The provider-assigned unique ID for this managed resource.

KibanaEndpoint string

(Deprecated) Domain-specific endpoint for kibana without https scheme. Use the dashboard_endpoint attribute instead.

Deprecated:

use 'dashboard_endpoint' attribute instead

TagsAll map[string]string

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

vpc_options.0.availability_zones - If the domain was created inside a VPC, the names of the availability zones the configured subnet_ids were created inside.
vpc_options.0.vpc_id - If the domain was created inside a VPC, the ID of the VPC.

Deprecated:

Please use tags instead.

arn String

ARN of the domain.

dashboardEndpoint String

Domain-specific endpoint for Dashboard without https scheme.

domainId String

Unique identifier for the domain.

endpoint String

Domain-specific endpoint used to submit index, search, and data upload requests.

id String

The provider-assigned unique ID for this managed resource.

kibanaEndpoint String

(Deprecated) Domain-specific endpoint for kibana without https scheme. Use the dashboard_endpoint attribute instead.

Deprecated:

use 'dashboard_endpoint' attribute instead

tagsAll Map<String,String>

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

vpc_options.0.availability_zones - If the domain was created inside a VPC, the names of the availability zones the configured subnet_ids were created inside.
vpc_options.0.vpc_id - If the domain was created inside a VPC, the ID of the VPC.

Deprecated:

Please use tags instead.

arn string

ARN of the domain.

dashboardEndpoint string

Domain-specific endpoint for Dashboard without https scheme.

domainId string

Unique identifier for the domain.

endpoint string

Domain-specific endpoint used to submit index, search, and data upload requests.

id string

The provider-assigned unique ID for this managed resource.

kibanaEndpoint string

(Deprecated) Domain-specific endpoint for kibana without https scheme. Use the dashboard_endpoint attribute instead.

Deprecated:

use 'dashboard_endpoint' attribute instead

tagsAll {[key: string]: string}

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

vpc_options.0.availability_zones - If the domain was created inside a VPC, the names of the availability zones the configured subnet_ids were created inside.
vpc_options.0.vpc_id - If the domain was created inside a VPC, the ID of the VPC.

Deprecated:

Please use tags instead.

arn str

ARN of the domain.

dashboard_endpoint str

Domain-specific endpoint for Dashboard without https scheme.

domain_id str

Unique identifier for the domain.

endpoint str

Domain-specific endpoint used to submit index, search, and data upload requests.

id str

The provider-assigned unique ID for this managed resource.

kibana_endpoint str

(Deprecated) Domain-specific endpoint for kibana without https scheme. Use the dashboard_endpoint attribute instead.

Deprecated:

use 'dashboard_endpoint' attribute instead

tags_all Mapping[str, str]

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

vpc_options.0.availability_zones - If the domain was created inside a VPC, the names of the availability zones the configured subnet_ids were created inside.
vpc_options.0.vpc_id - If the domain was created inside a VPC, the ID of the VPC.

Deprecated:

Please use tags instead.

arn String

ARN of the domain.

dashboardEndpoint String

Domain-specific endpoint for Dashboard without https scheme.

domainId String

Unique identifier for the domain.

endpoint String

Domain-specific endpoint used to submit index, search, and data upload requests.

id String

The provider-assigned unique ID for this managed resource.

kibanaEndpoint String

(Deprecated) Domain-specific endpoint for kibana without https scheme. Use the dashboard_endpoint attribute instead.

Deprecated:

use 'dashboard_endpoint' attribute instead

tagsAll Map<String>

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

vpc_options.0.availability_zones - If the domain was created inside a VPC, the names of the availability zones the configured subnet_ids were created inside.
vpc_options.0.vpc_id - If the domain was created inside a VPC, the ID of the VPC.

Deprecated:

Please use tags instead.

Look up Existing Domain Resource

Get an existing Domain resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: DomainState, opts?: CustomResourceOptions): Domain

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        access_policies: Optional[str] = None,
        advanced_options: Optional[Mapping[str, str]] = None,
        advanced_security_options: Optional[DomainAdvancedSecurityOptionsArgs] = None,
        arn: Optional[str] = None,
        auto_tune_options: Optional[DomainAutoTuneOptionsArgs] = None,
        cluster_config: Optional[DomainClusterConfigArgs] = None,
        cognito_options: Optional[DomainCognitoOptionsArgs] = None,
        dashboard_endpoint: Optional[str] = None,
        domain_endpoint_options: Optional[DomainDomainEndpointOptionsArgs] = None,
        domain_id: Optional[str] = None,
        domain_name: Optional[str] = None,
        ebs_options: Optional[DomainEbsOptionsArgs] = None,
        encrypt_at_rest: Optional[DomainEncryptAtRestArgs] = None,
        endpoint: Optional[str] = None,
        engine_version: Optional[str] = None,
        kibana_endpoint: Optional[str] = None,
        log_publishing_options: Optional[Sequence[DomainLogPublishingOptionArgs]] = None,
        node_to_node_encryption: Optional[DomainNodeToNodeEncryptionArgs] = None,
        off_peak_window_options: Optional[DomainOffPeakWindowOptionsArgs] = None,
        snapshot_options: Optional[DomainSnapshotOptionsArgs] = None,
        software_update_options: Optional[DomainSoftwareUpdateOptionsArgs] = None,
        tags: Optional[Mapping[str, str]] = None,
        tags_all: Optional[Mapping[str, str]] = None,
        vpc_options: Optional[DomainVpcOptionsArgs] = None) -> Domain

func GetDomain(ctx *Context, name string, id IDInput, state *DomainState, opts ...ResourceOption) (*Domain, error)

public static Domain Get(string name, Input<string> id, DomainState? state, CustomResourceOptions? opts = null)

public static Domain get(String name, Output<String> id, DomainState state, CustomResourceOptions options)

Resource lookup is not supported in YAML

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AccessPolicies string

IAM policy document specifying the access policies for the domain.

AdvancedOptions Dictionary<string, string>

AdvancedSecurityOptions DomainAdvancedSecurityOptions

Configuration block for fine-grained access control. Detailed below.

Arn string

ARN of the domain.

AutoTuneOptions DomainAutoTuneOptions

Configuration block for the Auto-Tune options of the domain. Detailed below.

ClusterConfig DomainClusterConfig

Configuration block for the cluster of the domain. Detailed below.

CognitoOptions DomainCognitoOptions

Configuration block for authenticating dashboard with Cognito. Detailed below.

DashboardEndpoint string

Domain-specific endpoint for Dashboard without https scheme.

DomainEndpointOptions DomainDomainEndpointOptions

Configuration block for domain endpoint HTTP(S) related options. Detailed below.

DomainId string

Unique identifier for the domain.

DomainName string

Name of the domain.

The following arguments are optional:

EbsOptions DomainEbsOptions

Configuration block for EBS related options, may be required based on chosen instance size. Detailed below.

EncryptAtRest DomainEncryptAtRest

Configuration block for encrypt at rest options. Only available for certain instance types. Detailed below.

Endpoint string

Domain-specific endpoint used to submit index, search, and data upload requests.

EngineVersion string

KibanaEndpoint string

(Deprecated) Domain-specific endpoint for kibana without https scheme. Use the dashboard_endpoint attribute instead.

Deprecated:

use 'dashboard_endpoint' attribute instead

LogPublishingOptions List<DomainLogPublishingOption>

Configuration block for publishing slow and application logs to CloudWatch Logs. This block can be declared multiple times, for each log_type, within the same resource. Detailed below.

NodeToNodeEncryption DomainNodeToNodeEncryption

Configuration block for node-to-node encryption options. Detailed below.

OffPeakWindowOptions DomainOffPeakWindowOptions

Configuration to add Off Peak update options. (documentation). Detailed below.

SnapshotOptions DomainSnapshotOptions

SoftwareUpdateOptions DomainSoftwareUpdateOptions

Software update options for the domain. Detailed below.

Tags Dictionary<string, string>

Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

TagsAll Dictionary<string, string>

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

vpc_options.0.availability_zones - If the domain was created inside a VPC, the names of the availability zones the configured subnet_ids were created inside.
vpc_options.0.vpc_id - If the domain was created inside a VPC, the ID of the VPC.

Deprecated:

Please use tags instead.

VpcOptions DomainVpcOptions

Configuration block for VPC related options. Adding or removing this configuration forces a new resource (documentation). Detailed below.

AccessPolicies string

IAM policy document specifying the access policies for the domain.

AdvancedOptions map[string]string

AdvancedSecurityOptions DomainAdvancedSecurityOptionsArgs

Configuration block for fine-grained access control. Detailed below.

Arn string

ARN of the domain.

AutoTuneOptions DomainAutoTuneOptionsArgs

Configuration block for the Auto-Tune options of the domain. Detailed below.

ClusterConfig DomainClusterConfigArgs

Configuration block for the cluster of the domain. Detailed below.

CognitoOptions DomainCognitoOptionsArgs

Configuration block for authenticating dashboard with Cognito. Detailed below.

DashboardEndpoint string

Domain-specific endpoint for Dashboard without https scheme.

DomainEndpointOptions DomainDomainEndpointOptionsArgs

Configuration block for domain endpoint HTTP(S) related options. Detailed below.

DomainId string

Unique identifier for the domain.

DomainName string

Name of the domain.

The following arguments are optional:

EbsOptions DomainEbsOptionsArgs

Configuration block for EBS related options, may be required based on chosen instance size. Detailed below.

EncryptAtRest DomainEncryptAtRestArgs

Configuration block for encrypt at rest options. Only available for certain instance types. Detailed below.

Endpoint string

Domain-specific endpoint used to submit index, search, and data upload requests.

EngineVersion string

KibanaEndpoint string

(Deprecated) Domain-specific endpoint for kibana without https scheme. Use the dashboard_endpoint attribute instead.

Deprecated:

use 'dashboard_endpoint' attribute instead

LogPublishingOptions []DomainLogPublishingOptionArgs

Configuration block for publishing slow and application logs to CloudWatch Logs. This block can be declared multiple times, for each log_type, within the same resource. Detailed below.

NodeToNodeEncryption DomainNodeToNodeEncryptionArgs

Configuration block for node-to-node encryption options. Detailed below.

OffPeakWindowOptions DomainOffPeakWindowOptionsArgs

Configuration to add Off Peak update options. (documentation). Detailed below.

SnapshotOptions DomainSnapshotOptionsArgs

SoftwareUpdateOptions DomainSoftwareUpdateOptionsArgs

Software update options for the domain. Detailed below.

Tags map[string]string

Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

TagsAll map[string]string

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

vpc_options.0.availability_zones - If the domain was created inside a VPC, the names of the availability zones the configured subnet_ids were created inside.
vpc_options.0.vpc_id - If the domain was created inside a VPC, the ID of the VPC.

Deprecated:

Please use tags instead.

VpcOptions DomainVpcOptionsArgs

Configuration block for VPC related options. Adding or removing this configuration forces a new resource (documentation). Detailed below.

accessPolicies String

IAM policy document specifying the access policies for the domain.

advancedOptions Map<String,String>

advancedSecurityOptions DomainAdvancedSecurityOptions

Configuration block for fine-grained access control. Detailed below.

arn String

ARN of the domain.

autoTuneOptions DomainAutoTuneOptions

Configuration block for the Auto-Tune options of the domain. Detailed below.

clusterConfig DomainClusterConfig

Configuration block for the cluster of the domain. Detailed below.

cognitoOptions DomainCognitoOptions

Configuration block for authenticating dashboard with Cognito. Detailed below.

dashboardEndpoint String

Domain-specific endpoint for Dashboard without https scheme.

domainEndpointOptions DomainDomainEndpointOptions

Configuration block for domain endpoint HTTP(S) related options. Detailed below.

domainId String

Unique identifier for the domain.

domainName String

Name of the domain.

The following arguments are optional:

ebsOptions DomainEbsOptions

Configuration block for EBS related options, may be required based on chosen instance size. Detailed below.

encryptAtRest DomainEncryptAtRest

Configuration block for encrypt at rest options. Only available for certain instance types. Detailed below.

endpoint String

Domain-specific endpoint used to submit index, search, and data upload requests.

engineVersion String

kibanaEndpoint String

(Deprecated) Domain-specific endpoint for kibana without https scheme. Use the dashboard_endpoint attribute instead.

Deprecated:

use 'dashboard_endpoint' attribute instead

logPublishingOptions List<DomainLogPublishingOption>

Configuration block for publishing slow and application logs to CloudWatch Logs. This block can be declared multiple times, for each log_type, within the same resource. Detailed below.

nodeToNodeEncryption DomainNodeToNodeEncryption

Configuration block for node-to-node encryption options. Detailed below.

offPeakWindowOptions DomainOffPeakWindowOptions

Configuration to add Off Peak update options. (documentation). Detailed below.

snapshotOptions DomainSnapshotOptions

softwareUpdateOptions DomainSoftwareUpdateOptions

Software update options for the domain. Detailed below.

tags Map<String,String>

Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tagsAll Map<String,String>

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

vpc_options.0.availability_zones - If the domain was created inside a VPC, the names of the availability zones the configured subnet_ids were created inside.
vpc_options.0.vpc_id - If the domain was created inside a VPC, the ID of the VPC.

Deprecated:

Please use tags instead.

vpcOptions DomainVpcOptions

Configuration block for VPC related options. Adding or removing this configuration forces a new resource (documentation). Detailed below.

accessPolicies string

IAM policy document specifying the access policies for the domain.

advancedOptions {[key: string]: string}

advancedSecurityOptions DomainAdvancedSecurityOptions

Configuration block for fine-grained access control. Detailed below.

arn string

ARN of the domain.

autoTuneOptions DomainAutoTuneOptions

Configuration block for the Auto-Tune options of the domain. Detailed below.

clusterConfig DomainClusterConfig

Configuration block for the cluster of the domain. Detailed below.

cognitoOptions DomainCognitoOptions

Configuration block for authenticating dashboard with Cognito. Detailed below.

dashboardEndpoint string

Domain-specific endpoint for Dashboard without https scheme.

domainEndpointOptions DomainDomainEndpointOptions

Configuration block for domain endpoint HTTP(S) related options. Detailed below.

domainId string

Unique identifier for the domain.

domainName string

Name of the domain.

The following arguments are optional:

ebsOptions DomainEbsOptions

Configuration block for EBS related options, may be required based on chosen instance size. Detailed below.

encryptAtRest DomainEncryptAtRest

Configuration block for encrypt at rest options. Only available for certain instance types. Detailed below.

endpoint string

Domain-specific endpoint used to submit index, search, and data upload requests.

engineVersion string

kibanaEndpoint string

(Deprecated) Domain-specific endpoint for kibana without https scheme. Use the dashboard_endpoint attribute instead.

Deprecated:

use 'dashboard_endpoint' attribute instead

logPublishingOptions DomainLogPublishingOption[]

Configuration block for publishing slow and application logs to CloudWatch Logs. This block can be declared multiple times, for each log_type, within the same resource. Detailed below.

nodeToNodeEncryption DomainNodeToNodeEncryption

Configuration block for node-to-node encryption options. Detailed below.

offPeakWindowOptions DomainOffPeakWindowOptions

Configuration to add Off Peak update options. (documentation). Detailed below.

snapshotOptions DomainSnapshotOptions

softwareUpdateOptions DomainSoftwareUpdateOptions

Software update options for the domain. Detailed below.

tags {[key: string]: string}

Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tagsAll {[key: string]: string}

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

vpc_options.0.availability_zones - If the domain was created inside a VPC, the names of the availability zones the configured subnet_ids were created inside.
vpc_options.0.vpc_id - If the domain was created inside a VPC, the ID of the VPC.

Deprecated:

Please use tags instead.

vpcOptions DomainVpcOptions

Configuration block for VPC related options. Adding or removing this configuration forces a new resource (documentation). Detailed below.

access_policies str

IAM policy document specifying the access policies for the domain.

advanced_options Mapping[str, str]

advanced_security_options DomainAdvancedSecurityOptionsArgs

Configuration block for fine-grained access control. Detailed below.

arn str

ARN of the domain.

auto_tune_options DomainAutoTuneOptionsArgs

Configuration block for the Auto-Tune options of the domain. Detailed below.

cluster_config DomainClusterConfigArgs

Configuration block for the cluster of the domain. Detailed below.

cognito_options DomainCognitoOptionsArgs

Configuration block for authenticating dashboard with Cognito. Detailed below.

dashboard_endpoint str

Domain-specific endpoint for Dashboard without https scheme.

domain_endpoint_options DomainDomainEndpointOptionsArgs

Configuration block for domain endpoint HTTP(S) related options. Detailed below.

domain_id str

Unique identifier for the domain.

domain_name str

Name of the domain.

The following arguments are optional:

ebs_options DomainEbsOptionsArgs

Configuration block for EBS related options, may be required based on chosen instance size. Detailed below.

encrypt_at_rest DomainEncryptAtRestArgs

Configuration block for encrypt at rest options. Only available for certain instance types. Detailed below.

endpoint str

Domain-specific endpoint used to submit index, search, and data upload requests.

engine_version str

kibana_endpoint str

(Deprecated) Domain-specific endpoint for kibana without https scheme. Use the dashboard_endpoint attribute instead.

Deprecated:

use 'dashboard_endpoint' attribute instead

log_publishing_options Sequence[DomainLogPublishingOptionArgs]

Configuration block for publishing slow and application logs to CloudWatch Logs. This block can be declared multiple times, for each log_type, within the same resource. Detailed below.

node_to_node_encryption DomainNodeToNodeEncryptionArgs

Configuration block for node-to-node encryption options. Detailed below.

off_peak_window_options DomainOffPeakWindowOptionsArgs

Configuration to add Off Peak update options. (documentation). Detailed below.

snapshot_options DomainSnapshotOptionsArgs

software_update_options DomainSoftwareUpdateOptionsArgs

Software update options for the domain. Detailed below.

tags Mapping[str, str]

Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tags_all Mapping[str, str]

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

vpc_options.0.availability_zones - If the domain was created inside a VPC, the names of the availability zones the configured subnet_ids were created inside.
vpc_options.0.vpc_id - If the domain was created inside a VPC, the ID of the VPC.

Deprecated:

Please use tags instead.

vpc_options DomainVpcOptionsArgs

Configuration block for VPC related options. Adding or removing this configuration forces a new resource (documentation). Detailed below.

accessPolicies String

IAM policy document specifying the access policies for the domain.

advancedOptions Map<String>

advancedSecurityOptions Property Map

Configuration block for fine-grained access control. Detailed below.

arn String

ARN of the domain.

autoTuneOptions Property Map

Configuration block for the Auto-Tune options of the domain. Detailed below.

clusterConfig Property Map

Configuration block for the cluster of the domain. Detailed below.

cognitoOptions Property Map

Configuration block for authenticating dashboard with Cognito. Detailed below.

dashboardEndpoint String

Domain-specific endpoint for Dashboard without https scheme.

domainEndpointOptions Property Map

Configuration block for domain endpoint HTTP(S) related options. Detailed below.

domainId String

Unique identifier for the domain.

domainName String

Name of the domain.

The following arguments are optional:

ebsOptions Property Map

Configuration block for EBS related options, may be required based on chosen instance size. Detailed below.

encryptAtRest Property Map

Configuration block for encrypt at rest options. Only available for certain instance types. Detailed below.

endpoint String

Domain-specific endpoint used to submit index, search, and data upload requests.

engineVersion String

kibanaEndpoint String

(Deprecated) Domain-specific endpoint for kibana without https scheme. Use the dashboard_endpoint attribute instead.

Deprecated:

use 'dashboard_endpoint' attribute instead

logPublishingOptions List<Property Map>

Configuration block for publishing slow and application logs to CloudWatch Logs. This block can be declared multiple times, for each log_type, within the same resource. Detailed below.

nodeToNodeEncryption Property Map

Configuration block for node-to-node encryption options. Detailed below.

offPeakWindowOptions Property Map

Configuration to add Off Peak update options. (documentation). Detailed below.

snapshotOptions Property Map

softwareUpdateOptions Property Map

Software update options for the domain. Detailed below.

tags Map<String>

Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tagsAll Map<String>

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

vpc_options.0.availability_zones - If the domain was created inside a VPC, the names of the availability zones the configured subnet_ids were created inside.
vpc_options.0.vpc_id - If the domain was created inside a VPC, the ID of the VPC.

Deprecated:

Please use tags instead.

vpcOptions Property Map

Configuration block for VPC related options. Adding or removing this configuration forces a new resource (documentation). Detailed below.

Supporting Types

DomainAdvancedSecurityOptions, DomainAdvancedSecurityOptionsArgs

Enabled bool: Whether advanced security is enabled.
AnonymousAuthEnabled bool: Whether Anonymous auth is enabled. Enables fine-grained access control on an existing domain. Ignored unless advanced_security_options are enabled. Can only be enabled on an existing domain.
InternalUserDatabaseEnabled bool: Whether the internal user database is enabled. Default is false.
MasterUserOptions DomainAdvancedSecurityOptionsMasterUserOptions: Configuration block for the main user. Detailed below.

Enabled bool: Whether advanced security is enabled.
AnonymousAuthEnabled bool: Whether Anonymous auth is enabled. Enables fine-grained access control on an existing domain. Ignored unless advanced_security_options are enabled. Can only be enabled on an existing domain.
InternalUserDatabaseEnabled bool: Whether the internal user database is enabled. Default is false.
MasterUserOptions DomainAdvancedSecurityOptionsMasterUserOptions: Configuration block for the main user. Detailed below.

enabled Boolean: Whether advanced security is enabled.
anonymousAuthEnabled Boolean: Whether Anonymous auth is enabled. Enables fine-grained access control on an existing domain. Ignored unless advanced_security_options are enabled. Can only be enabled on an existing domain.
internalUserDatabaseEnabled Boolean: Whether the internal user database is enabled. Default is false.
masterUserOptions DomainAdvancedSecurityOptionsMasterUserOptions: Configuration block for the main user. Detailed below.

enabled boolean: Whether advanced security is enabled.
anonymousAuthEnabled boolean: Whether Anonymous auth is enabled. Enables fine-grained access control on an existing domain. Ignored unless advanced_security_options are enabled. Can only be enabled on an existing domain.
internalUserDatabaseEnabled boolean: Whether the internal user database is enabled. Default is false.
masterUserOptions DomainAdvancedSecurityOptionsMasterUserOptions: Configuration block for the main user. Detailed below.

enabled bool: Whether advanced security is enabled.
anonymous_auth_enabled bool: Whether Anonymous auth is enabled. Enables fine-grained access control on an existing domain. Ignored unless advanced_security_options are enabled. Can only be enabled on an existing domain.
internal_user_database_enabled bool: Whether the internal user database is enabled. Default is false.
master_user_options DomainAdvancedSecurityOptionsMasterUserOptions: Configuration block for the main user. Detailed below.

enabled Boolean: Whether advanced security is enabled.
anonymousAuthEnabled Boolean: Whether Anonymous auth is enabled. Enables fine-grained access control on an existing domain. Ignored unless advanced_security_options are enabled. Can only be enabled on an existing domain.
internalUserDatabaseEnabled Boolean: Whether the internal user database is enabled. Default is false.
masterUserOptions Property Map: Configuration block for the main user. Detailed below.

DomainAdvancedSecurityOptionsMasterUserOptions, DomainAdvancedSecurityOptionsMasterUserOptionsArgs

MasterUserArn string: ARN for the main user. Only specify if internal_user_database_enabled is not set or set to false.
MasterUserName string: Main user's username, which is stored in the Amazon OpenSearch Service domain's internal database. Only specify if internal_user_database_enabled is set to true.
MasterUserPassword string: Main user's password, which is stored in the Amazon OpenSearch Service domain's internal database. Only specify if internal_user_database_enabled is set to true.

MasterUserArn string: ARN for the main user. Only specify if internal_user_database_enabled is not set or set to false.
MasterUserName string: Main user's username, which is stored in the Amazon OpenSearch Service domain's internal database. Only specify if internal_user_database_enabled is set to true.
MasterUserPassword string: Main user's password, which is stored in the Amazon OpenSearch Service domain's internal database. Only specify if internal_user_database_enabled is set to true.

masterUserArn String: ARN for the main user. Only specify if internal_user_database_enabled is not set or set to false.
masterUserName String: Main user's username, which is stored in the Amazon OpenSearch Service domain's internal database. Only specify if internal_user_database_enabled is set to true.
masterUserPassword String: Main user's password, which is stored in the Amazon OpenSearch Service domain's internal database. Only specify if internal_user_database_enabled is set to true.

masterUserArn string: ARN for the main user. Only specify if internal_user_database_enabled is not set or set to false.
masterUserName string: Main user's username, which is stored in the Amazon OpenSearch Service domain's internal database. Only specify if internal_user_database_enabled is set to true.
masterUserPassword string: Main user's password, which is stored in the Amazon OpenSearch Service domain's internal database. Only specify if internal_user_database_enabled is set to true.

master_user_arn str: ARN for the main user. Only specify if internal_user_database_enabled is not set or set to false.
master_user_name str: Main user's username, which is stored in the Amazon OpenSearch Service domain's internal database. Only specify if internal_user_database_enabled is set to true.
master_user_password str: Main user's password, which is stored in the Amazon OpenSearch Service domain's internal database. Only specify if internal_user_database_enabled is set to true.

masterUserArn String: ARN for the main user. Only specify if internal_user_database_enabled is not set or set to false.
masterUserName String: Main user's username, which is stored in the Amazon OpenSearch Service domain's internal database. Only specify if internal_user_database_enabled is set to true.
masterUserPassword String: Main user's password, which is stored in the Amazon OpenSearch Service domain's internal database. Only specify if internal_user_database_enabled is set to true.

DomainAutoTuneOptions, DomainAutoTuneOptionsArgs

DesiredState string: Auto-Tune desired state for the domain. Valid values: ENABLED or DISABLED.
MaintenanceSchedules List<DomainAutoTuneOptionsMaintenanceSchedule>: Configuration block for Auto-Tune maintenance windows. Can be specified multiple times for each maintenance window. Detailed below.
RollbackOnDisable string: Whether to roll back to default Auto-Tune settings when disabling Auto-Tune. Valid values: DEFAULT_ROLLBACK or NO_ROLLBACK.

DesiredState string: Auto-Tune desired state for the domain. Valid values: ENABLED or DISABLED.
MaintenanceSchedules []DomainAutoTuneOptionsMaintenanceSchedule: Configuration block for Auto-Tune maintenance windows. Can be specified multiple times for each maintenance window. Detailed below.
RollbackOnDisable string: Whether to roll back to default Auto-Tune settings when disabling Auto-Tune. Valid values: DEFAULT_ROLLBACK or NO_ROLLBACK.

desiredState String: Auto-Tune desired state for the domain. Valid values: ENABLED or DISABLED.
maintenanceSchedules List<DomainAutoTuneOptionsMaintenanceSchedule>: Configuration block for Auto-Tune maintenance windows. Can be specified multiple times for each maintenance window. Detailed below.
rollbackOnDisable String: Whether to roll back to default Auto-Tune settings when disabling Auto-Tune. Valid values: DEFAULT_ROLLBACK or NO_ROLLBACK.

desiredState string: Auto-Tune desired state for the domain. Valid values: ENABLED or DISABLED.
maintenanceSchedules DomainAutoTuneOptionsMaintenanceSchedule[]: Configuration block for Auto-Tune maintenance windows. Can be specified multiple times for each maintenance window. Detailed below.
rollbackOnDisable string: Whether to roll back to default Auto-Tune settings when disabling Auto-Tune. Valid values: DEFAULT_ROLLBACK or NO_ROLLBACK.

desired_state str: Auto-Tune desired state for the domain. Valid values: ENABLED or DISABLED.
maintenance_schedules Sequence[DomainAutoTuneOptionsMaintenanceSchedule]: Configuration block for Auto-Tune maintenance windows. Can be specified multiple times for each maintenance window. Detailed below.
rollback_on_disable str: Whether to roll back to default Auto-Tune settings when disabling Auto-Tune. Valid values: DEFAULT_ROLLBACK or NO_ROLLBACK.

desiredState String: Auto-Tune desired state for the domain. Valid values: ENABLED or DISABLED.
maintenanceSchedules List<Property Map>: Configuration block for Auto-Tune maintenance windows. Can be specified multiple times for each maintenance window. Detailed below.
rollbackOnDisable String: Whether to roll back to default Auto-Tune settings when disabling Auto-Tune. Valid values: DEFAULT_ROLLBACK or NO_ROLLBACK.

DomainAutoTuneOptionsMaintenanceSchedule, DomainAutoTuneOptionsMaintenanceScheduleArgs

CronExpressionForRecurrence string: A cron expression specifying the recurrence pattern for an Auto-Tune maintenance schedule.
Duration DomainAutoTuneOptionsMaintenanceScheduleDuration: Configuration block for the duration of the Auto-Tune maintenance window. Detailed below.
StartAt string: Date and time at which to start the Auto-Tune maintenance schedule in RFC3339 format.

CronExpressionForRecurrence string: A cron expression specifying the recurrence pattern for an Auto-Tune maintenance schedule.
Duration DomainAutoTuneOptionsMaintenanceScheduleDuration: Configuration block for the duration of the Auto-Tune maintenance window. Detailed below.
StartAt string: Date and time at which to start the Auto-Tune maintenance schedule in RFC3339 format.

cronExpressionForRecurrence String: A cron expression specifying the recurrence pattern for an Auto-Tune maintenance schedule.
duration DomainAutoTuneOptionsMaintenanceScheduleDuration: Configuration block for the duration of the Auto-Tune maintenance window. Detailed below.
startAt String: Date and time at which to start the Auto-Tune maintenance schedule in RFC3339 format.

cronExpressionForRecurrence string: A cron expression specifying the recurrence pattern for an Auto-Tune maintenance schedule.
duration DomainAutoTuneOptionsMaintenanceScheduleDuration: Configuration block for the duration of the Auto-Tune maintenance window. Detailed below.
startAt string: Date and time at which to start the Auto-Tune maintenance schedule in RFC3339 format.

cron_expression_for_recurrence str: A cron expression specifying the recurrence pattern for an Auto-Tune maintenance schedule.
duration DomainAutoTuneOptionsMaintenanceScheduleDuration: Configuration block for the duration of the Auto-Tune maintenance window. Detailed below.
start_at str: Date and time at which to start the Auto-Tune maintenance schedule in RFC3339 format.

cronExpressionForRecurrence String: A cron expression specifying the recurrence pattern for an Auto-Tune maintenance schedule.
duration Property Map: Configuration block for the duration of the Auto-Tune maintenance window. Detailed below.
startAt String: Date and time at which to start the Auto-Tune maintenance schedule in RFC3339 format.

DomainAutoTuneOptionsMaintenanceScheduleDuration, DomainAutoTuneOptionsMaintenanceScheduleDurationArgs

Unit string: Unit of time specifying the duration of an Auto-Tune maintenance window. Valid values: HOURS.
Value int: An integer specifying the value of the duration of an Auto-Tune maintenance window.

Unit string: Unit of time specifying the duration of an Auto-Tune maintenance window. Valid values: HOURS.
Value int: An integer specifying the value of the duration of an Auto-Tune maintenance window.

unit String: Unit of time specifying the duration of an Auto-Tune maintenance window. Valid values: HOURS.
value Integer: An integer specifying the value of the duration of an Auto-Tune maintenance window.

unit string: Unit of time specifying the duration of an Auto-Tune maintenance window. Valid values: HOURS.
value number: An integer specifying the value of the duration of an Auto-Tune maintenance window.

unit str: Unit of time specifying the duration of an Auto-Tune maintenance window. Valid values: HOURS.
value int: An integer specifying the value of the duration of an Auto-Tune maintenance window.

unit String: Unit of time specifying the duration of an Auto-Tune maintenance window. Valid values: HOURS.
value Number: An integer specifying the value of the duration of an Auto-Tune maintenance window.

DomainClusterConfig, DomainClusterConfigArgs

ColdStorageOptions DomainClusterConfigColdStorageOptions: Configuration block containing cold storage configuration. Detailed below.
DedicatedMasterCount int: Number of dedicated main nodes in the cluster.
DedicatedMasterEnabled bool: Whether dedicated main nodes are enabled for the cluster.
DedicatedMasterType string: Instance type of the dedicated main nodes in the cluster.
InstanceCount int: Number of instances in the cluster.
InstanceType string: Instance type of data nodes in the cluster.
MultiAzWithStandbyEnabled bool
WarmCount int: Number of warm nodes in the cluster. Valid values are between 2 and 150. warm_count can be only and must be set when warm_enabled is set to true.
WarmEnabled bool: Whether to enable warm storage.
WarmType string: Instance type for the OpenSearch cluster's warm nodes. Valid values are ultrawarm1.medium.search, ultrawarm1.large.search and ultrawarm1.xlarge.search. warm_type can be only and must be set when warm_enabled is set to true.
ZoneAwarenessConfig DomainClusterConfigZoneAwarenessConfig: Configuration block containing zone awareness settings. Detailed below.
ZoneAwarenessEnabled bool: Whether zone awareness is enabled, set to true for multi-az deployment. To enable awareness with three Availability Zones, the availability_zone_count within the zone_awareness_config must be set to 3.

ColdStorageOptions DomainClusterConfigColdStorageOptions: Configuration block containing cold storage configuration. Detailed below.
DedicatedMasterCount int: Number of dedicated main nodes in the cluster.
DedicatedMasterEnabled bool: Whether dedicated main nodes are enabled for the cluster.
DedicatedMasterType string: Instance type of the dedicated main nodes in the cluster.
InstanceCount int: Number of instances in the cluster.
InstanceType string: Instance type of data nodes in the cluster.
MultiAzWithStandbyEnabled bool
WarmCount int: Number of warm nodes in the cluster. Valid values are between 2 and 150. warm_count can be only and must be set when warm_enabled is set to true.
WarmEnabled bool: Whether to enable warm storage.
WarmType string: Instance type for the OpenSearch cluster's warm nodes. Valid values are ultrawarm1.medium.search, ultrawarm1.large.search and ultrawarm1.xlarge.search. warm_type can be only and must be set when warm_enabled is set to true.
ZoneAwarenessConfig DomainClusterConfigZoneAwarenessConfig: Configuration block containing zone awareness settings. Detailed below.
ZoneAwarenessEnabled bool: Whether zone awareness is enabled, set to true for multi-az deployment. To enable awareness with three Availability Zones, the availability_zone_count within the zone_awareness_config must be set to 3.

coldStorageOptions DomainClusterConfigColdStorageOptions: Configuration block containing cold storage configuration. Detailed below.
dedicatedMasterCount Integer: Number of dedicated main nodes in the cluster.
dedicatedMasterEnabled Boolean: Whether dedicated main nodes are enabled for the cluster.
dedicatedMasterType String: Instance type of the dedicated main nodes in the cluster.
instanceCount Integer: Number of instances in the cluster.
instanceType String: Instance type of data nodes in the cluster.
multiAzWithStandbyEnabled Boolean
warmCount Integer: Number of warm nodes in the cluster. Valid values are between 2 and 150. warm_count can be only and must be set when warm_enabled is set to true.
warmEnabled Boolean: Whether to enable warm storage.
warmType String: Instance type for the OpenSearch cluster's warm nodes. Valid values are ultrawarm1.medium.search, ultrawarm1.large.search and ultrawarm1.xlarge.search. warm_type can be only and must be set when warm_enabled is set to true.
zoneAwarenessConfig DomainClusterConfigZoneAwarenessConfig: Configuration block containing zone awareness settings. Detailed below.
zoneAwarenessEnabled Boolean: Whether zone awareness is enabled, set to true for multi-az deployment. To enable awareness with three Availability Zones, the availability_zone_count within the zone_awareness_config must be set to 3.

coldStorageOptions DomainClusterConfigColdStorageOptions: Configuration block containing cold storage configuration. Detailed below.
dedicatedMasterCount number: Number of dedicated main nodes in the cluster.
dedicatedMasterEnabled boolean: Whether dedicated main nodes are enabled for the cluster.
dedicatedMasterType string: Instance type of the dedicated main nodes in the cluster.
instanceCount number: Number of instances in the cluster.
instanceType string: Instance type of data nodes in the cluster.
multiAzWithStandbyEnabled boolean
warmCount number: Number of warm nodes in the cluster. Valid values are between 2 and 150. warm_count can be only and must be set when warm_enabled is set to true.
warmEnabled boolean: Whether to enable warm storage.
warmType string: Instance type for the OpenSearch cluster's warm nodes. Valid values are ultrawarm1.medium.search, ultrawarm1.large.search and ultrawarm1.xlarge.search. warm_type can be only and must be set when warm_enabled is set to true.
zoneAwarenessConfig DomainClusterConfigZoneAwarenessConfig: Configuration block containing zone awareness settings. Detailed below.
zoneAwarenessEnabled boolean: Whether zone awareness is enabled, set to true for multi-az deployment. To enable awareness with three Availability Zones, the availability_zone_count within the zone_awareness_config must be set to 3.

cold_storage_options DomainClusterConfigColdStorageOptions: Configuration block containing cold storage configuration. Detailed below.
dedicated_master_count int: Number of dedicated main nodes in the cluster.
dedicated_master_enabled bool: Whether dedicated main nodes are enabled for the cluster.
dedicated_master_type str: Instance type of the dedicated main nodes in the cluster.
instance_count int: Number of instances in the cluster.
instance_type str: Instance type of data nodes in the cluster.
multi_az_with_standby_enabled bool
warm_count int: Number of warm nodes in the cluster. Valid values are between 2 and 150. warm_count can be only and must be set when warm_enabled is set to true.
warm_enabled bool: Whether to enable warm storage.
warm_type str: Instance type for the OpenSearch cluster's warm nodes. Valid values are ultrawarm1.medium.search, ultrawarm1.large.search and ultrawarm1.xlarge.search. warm_type can be only and must be set when warm_enabled is set to true.
zone_awareness_config DomainClusterConfigZoneAwarenessConfig: Configuration block containing zone awareness settings. Detailed below.
zone_awareness_enabled bool: Whether zone awareness is enabled, set to true for multi-az deployment. To enable awareness with three Availability Zones, the availability_zone_count within the zone_awareness_config must be set to 3.

coldStorageOptions Property Map: Configuration block containing cold storage configuration. Detailed below.
dedicatedMasterCount Number: Number of dedicated main nodes in the cluster.
dedicatedMasterEnabled Boolean: Whether dedicated main nodes are enabled for the cluster.
dedicatedMasterType String: Instance type of the dedicated main nodes in the cluster.
instanceCount Number: Number of instances in the cluster.
instanceType String: Instance type of data nodes in the cluster.
multiAzWithStandbyEnabled Boolean
warmCount Number: Number of warm nodes in the cluster. Valid values are between 2 and 150. warm_count can be only and must be set when warm_enabled is set to true.
warmEnabled Boolean: Whether to enable warm storage.
warmType String: Instance type for the OpenSearch cluster's warm nodes. Valid values are ultrawarm1.medium.search, ultrawarm1.large.search and ultrawarm1.xlarge.search. warm_type can be only and must be set when warm_enabled is set to true.
zoneAwarenessConfig Property Map: Configuration block containing zone awareness settings. Detailed below.
zoneAwarenessEnabled Boolean: Whether zone awareness is enabled, set to true for multi-az deployment. To enable awareness with three Availability Zones, the availability_zone_count within the zone_awareness_config must be set to 3.

DomainClusterConfigColdStorageOptions, DomainClusterConfigColdStorageOptionsArgs

Enabled bool: Boolean to enable cold storage for an OpenSearch domain. Defaults to false. Master and ultrawarm nodes must be enabled for cold storage.

Enabled bool: Boolean to enable cold storage for an OpenSearch domain. Defaults to false. Master and ultrawarm nodes must be enabled for cold storage.

enabled Boolean: Boolean to enable cold storage for an OpenSearch domain. Defaults to false. Master and ultrawarm nodes must be enabled for cold storage.

enabled boolean: Boolean to enable cold storage for an OpenSearch domain. Defaults to false. Master and ultrawarm nodes must be enabled for cold storage.

enabled bool: Boolean to enable cold storage for an OpenSearch domain. Defaults to false. Master and ultrawarm nodes must be enabled for cold storage.

enabled Boolean: Boolean to enable cold storage for an OpenSearch domain. Defaults to false. Master and ultrawarm nodes must be enabled for cold storage.

DomainClusterConfigZoneAwarenessConfig, DomainClusterConfigZoneAwarenessConfigArgs

AvailabilityZoneCount int: Number of Availability Zones for the domain to use with zone_awareness_enabled. Defaults to 2. Valid values: 2 or 3.

AvailabilityZoneCount int: Number of Availability Zones for the domain to use with zone_awareness_enabled. Defaults to 2. Valid values: 2 or 3.

availabilityZoneCount Integer: Number of Availability Zones for the domain to use with zone_awareness_enabled. Defaults to 2. Valid values: 2 or 3.

availabilityZoneCount number: Number of Availability Zones for the domain to use with zone_awareness_enabled. Defaults to 2. Valid values: 2 or 3.

availability_zone_count int: Number of Availability Zones for the domain to use with zone_awareness_enabled. Defaults to 2. Valid values: 2 or 3.

availabilityZoneCount Number: Number of Availability Zones for the domain to use with zone_awareness_enabled. Defaults to 2. Valid values: 2 or 3.

DomainCognitoOptions, DomainCognitoOptionsArgs

IdentityPoolId string: ID of the Cognito Identity Pool to use.
RoleArn string: ARN of the IAM role that has the AmazonOpenSearchServiceCognitoAccess policy attached.
UserPoolId string: ID of the Cognito User Pool to use.
Enabled bool: Whether Amazon Cognito authentication with Dashboard is enabled or not. Default is false.

IdentityPoolId string: ID of the Cognito Identity Pool to use.
RoleArn string: ARN of the IAM role that has the AmazonOpenSearchServiceCognitoAccess policy attached.
UserPoolId string: ID of the Cognito User Pool to use.
Enabled bool: Whether Amazon Cognito authentication with Dashboard is enabled or not. Default is false.

identityPoolId String: ID of the Cognito Identity Pool to use.
roleArn String: ARN of the IAM role that has the AmazonOpenSearchServiceCognitoAccess policy attached.
userPoolId String: ID of the Cognito User Pool to use.
enabled Boolean: Whether Amazon Cognito authentication with Dashboard is enabled or not. Default is false.

identityPoolId string: ID of the Cognito Identity Pool to use.
roleArn string: ARN of the IAM role that has the AmazonOpenSearchServiceCognitoAccess policy attached.
userPoolId string: ID of the Cognito User Pool to use.
enabled boolean: Whether Amazon Cognito authentication with Dashboard is enabled or not. Default is false.

identity_pool_id str: ID of the Cognito Identity Pool to use.
role_arn str: ARN of the IAM role that has the AmazonOpenSearchServiceCognitoAccess policy attached.
user_pool_id str: ID of the Cognito User Pool to use.
enabled bool: Whether Amazon Cognito authentication with Dashboard is enabled or not. Default is false.

identityPoolId String: ID of the Cognito Identity Pool to use.
roleArn String: ARN of the IAM role that has the AmazonOpenSearchServiceCognitoAccess policy attached.
userPoolId String: ID of the Cognito User Pool to use.
enabled Boolean: Whether Amazon Cognito authentication with Dashboard is enabled or not. Default is false.

DomainDomainEndpointOptions, DomainDomainEndpointOptionsArgs

CustomEndpoint string: Fully qualified domain for your custom endpoint.
CustomEndpointCertificateArn string: ACM certificate ARN for your custom endpoint.
CustomEndpointEnabled bool: Whether to enable custom endpoint for the OpenSearch domain.
EnforceHttps bool: Whether or not to require HTTPS. Defaults to true.
TlsSecurityPolicy string: Name of the TLS security policy that needs to be applied to the HTTPS endpoint. Valid values: Policy-Min-TLS-1-0-2019-07 and Policy-Min-TLS-1-2-2019-07. The provider will only perform drift detection if a configuration value is provided.

CustomEndpoint string: Fully qualified domain for your custom endpoint.
CustomEndpointCertificateArn string: ACM certificate ARN for your custom endpoint.
CustomEndpointEnabled bool: Whether to enable custom endpoint for the OpenSearch domain.
EnforceHttps bool: Whether or not to require HTTPS. Defaults to true.
TlsSecurityPolicy string: Name of the TLS security policy that needs to be applied to the HTTPS endpoint. Valid values: Policy-Min-TLS-1-0-2019-07 and Policy-Min-TLS-1-2-2019-07. The provider will only perform drift detection if a configuration value is provided.

customEndpoint String: Fully qualified domain for your custom endpoint.
customEndpointCertificateArn String: ACM certificate ARN for your custom endpoint.
customEndpointEnabled Boolean: Whether to enable custom endpoint for the OpenSearch domain.
enforceHttps Boolean: Whether or not to require HTTPS. Defaults to true.
tlsSecurityPolicy String: Name of the TLS security policy that needs to be applied to the HTTPS endpoint. Valid values: Policy-Min-TLS-1-0-2019-07 and Policy-Min-TLS-1-2-2019-07. The provider will only perform drift detection if a configuration value is provided.

customEndpoint string: Fully qualified domain for your custom endpoint.
customEndpointCertificateArn string: ACM certificate ARN for your custom endpoint.
customEndpointEnabled boolean: Whether to enable custom endpoint for the OpenSearch domain.
enforceHttps boolean: Whether or not to require HTTPS. Defaults to true.
tlsSecurityPolicy string: Name of the TLS security policy that needs to be applied to the HTTPS endpoint. Valid values: Policy-Min-TLS-1-0-2019-07 and Policy-Min-TLS-1-2-2019-07. The provider will only perform drift detection if a configuration value is provided.

custom_endpoint str: Fully qualified domain for your custom endpoint.
custom_endpoint_certificate_arn str: ACM certificate ARN for your custom endpoint.
custom_endpoint_enabled bool: Whether to enable custom endpoint for the OpenSearch domain.
enforce_https bool: Whether or not to require HTTPS. Defaults to true.
tls_security_policy str: Name of the TLS security policy that needs to be applied to the HTTPS endpoint. Valid values: Policy-Min-TLS-1-0-2019-07 and Policy-Min-TLS-1-2-2019-07. The provider will only perform drift detection if a configuration value is provided.

customEndpoint String: Fully qualified domain for your custom endpoint.
customEndpointCertificateArn String: ACM certificate ARN for your custom endpoint.
customEndpointEnabled Boolean: Whether to enable custom endpoint for the OpenSearch domain.
enforceHttps Boolean: Whether or not to require HTTPS. Defaults to true.
tlsSecurityPolicy String: Name of the TLS security policy that needs to be applied to the HTTPS endpoint. Valid values: Policy-Min-TLS-1-0-2019-07 and Policy-Min-TLS-1-2-2019-07. The provider will only perform drift detection if a configuration value is provided.

DomainEbsOptions, DomainEbsOptionsArgs

EbsEnabled bool: Whether EBS volumes are attached to data nodes in the domain.
Iops int: Baseline input/output (I/O) performance of EBS volumes attached to data nodes. Applicable only for the GP3 and Provisioned IOPS EBS volume types.
Throughput int: Specifies the throughput (in MiB/s) of the EBS volumes attached to data nodes. Applicable only for the gp3 volume type.
VolumeSize int: Size of EBS volumes attached to data nodes (in GiB).
VolumeType string: Type of EBS volumes attached to data nodes.

EbsEnabled bool: Whether EBS volumes are attached to data nodes in the domain.
Iops int: Baseline input/output (I/O) performance of EBS volumes attached to data nodes. Applicable only for the GP3 and Provisioned IOPS EBS volume types.
Throughput int: Specifies the throughput (in MiB/s) of the EBS volumes attached to data nodes. Applicable only for the gp3 volume type.
VolumeSize int: Size of EBS volumes attached to data nodes (in GiB).
VolumeType string: Type of EBS volumes attached to data nodes.

ebsEnabled Boolean: Whether EBS volumes are attached to data nodes in the domain.
iops Integer: Baseline input/output (I/O) performance of EBS volumes attached to data nodes. Applicable only for the GP3 and Provisioned IOPS EBS volume types.
throughput Integer: Specifies the throughput (in MiB/s) of the EBS volumes attached to data nodes. Applicable only for the gp3 volume type.
volumeSize Integer: Size of EBS volumes attached to data nodes (in GiB).
volumeType String: Type of EBS volumes attached to data nodes.

ebsEnabled boolean: Whether EBS volumes are attached to data nodes in the domain.
iops number: Baseline input/output (I/O) performance of EBS volumes attached to data nodes. Applicable only for the GP3 and Provisioned IOPS EBS volume types.
throughput number: Specifies the throughput (in MiB/s) of the EBS volumes attached to data nodes. Applicable only for the gp3 volume type.
volumeSize number: Size of EBS volumes attached to data nodes (in GiB).
volumeType string: Type of EBS volumes attached to data nodes.

ebs_enabled bool: Whether EBS volumes are attached to data nodes in the domain.
iops int: Baseline input/output (I/O) performance of EBS volumes attached to data nodes. Applicable only for the GP3 and Provisioned IOPS EBS volume types.
throughput int: Specifies the throughput (in MiB/s) of the EBS volumes attached to data nodes. Applicable only for the gp3 volume type.
volume_size int: Size of EBS volumes attached to data nodes (in GiB).
volume_type str: Type of EBS volumes attached to data nodes.

ebsEnabled Boolean: Whether EBS volumes are attached to data nodes in the domain.
iops Number: Baseline input/output (I/O) performance of EBS volumes attached to data nodes. Applicable only for the GP3 and Provisioned IOPS EBS volume types.
throughput Number: Specifies the throughput (in MiB/s) of the EBS volumes attached to data nodes. Applicable only for the gp3 volume type.
volumeSize Number: Size of EBS volumes attached to data nodes (in GiB).
volumeType String: Type of EBS volumes attached to data nodes.

DomainEncryptAtRest, DomainEncryptAtRestArgs

Enabled bool: Whether to enable encryption at rest. If the encrypt_at_rest block is not provided then this defaults to false. Enabling encryption on new domains requires an engine_version of OpenSearch_X.Y or Elasticsearch_5.1 or greater.
KmsKeyId string: KMS key ARN to encrypt the Elasticsearch domain with. If not specified then it defaults to using the aws/es service KMS key. Note that KMS will accept a KMS key ID but will return the key ARN. To prevent the provider detecting unwanted changes, use the key ARN instead.

Enabled bool: Whether to enable encryption at rest. If the encrypt_at_rest block is not provided then this defaults to false. Enabling encryption on new domains requires an engine_version of OpenSearch_X.Y or Elasticsearch_5.1 or greater.
KmsKeyId string: KMS key ARN to encrypt the Elasticsearch domain with. If not specified then it defaults to using the aws/es service KMS key. Note that KMS will accept a KMS key ID but will return the key ARN. To prevent the provider detecting unwanted changes, use the key ARN instead.

enabled Boolean: Whether to enable encryption at rest. If the encrypt_at_rest block is not provided then this defaults to false. Enabling encryption on new domains requires an engine_version of OpenSearch_X.Y or Elasticsearch_5.1 or greater.
kmsKeyId String: KMS key ARN to encrypt the Elasticsearch domain with. If not specified then it defaults to using the aws/es service KMS key. Note that KMS will accept a KMS key ID but will return the key ARN. To prevent the provider detecting unwanted changes, use the key ARN instead.

enabled boolean: Whether to enable encryption at rest. If the encrypt_at_rest block is not provided then this defaults to false. Enabling encryption on new domains requires an engine_version of OpenSearch_X.Y or Elasticsearch_5.1 or greater.
kmsKeyId string: KMS key ARN to encrypt the Elasticsearch domain with. If not specified then it defaults to using the aws/es service KMS key. Note that KMS will accept a KMS key ID but will return the key ARN. To prevent the provider detecting unwanted changes, use the key ARN instead.

enabled bool: Whether to enable encryption at rest. If the encrypt_at_rest block is not provided then this defaults to false. Enabling encryption on new domains requires an engine_version of OpenSearch_X.Y or Elasticsearch_5.1 or greater.
kms_key_id str: KMS key ARN to encrypt the Elasticsearch domain with. If not specified then it defaults to using the aws/es service KMS key. Note that KMS will accept a KMS key ID but will return the key ARN. To prevent the provider detecting unwanted changes, use the key ARN instead.

enabled Boolean: Whether to enable encryption at rest. If the encrypt_at_rest block is not provided then this defaults to false. Enabling encryption on new domains requires an engine_version of OpenSearch_X.Y or Elasticsearch_5.1 or greater.
kmsKeyId String: KMS key ARN to encrypt the Elasticsearch domain with. If not specified then it defaults to using the aws/es service KMS key. Note that KMS will accept a KMS key ID but will return the key ARN. To prevent the provider detecting unwanted changes, use the key ARN instead.

DomainLogPublishingOption, DomainLogPublishingOptionArgs

CloudwatchLogGroupArn string: ARN of the Cloudwatch log group to which log needs to be published.
LogType string: Type of OpenSearch log. Valid values: INDEX_SLOW_LOGS, SEARCH_SLOW_LOGS, ES_APPLICATION_LOGS, AUDIT_LOGS.
Enabled bool: Whether given log publishing option is enabled or not.

CloudwatchLogGroupArn string: ARN of the Cloudwatch log group to which log needs to be published.
LogType string: Type of OpenSearch log. Valid values: INDEX_SLOW_LOGS, SEARCH_SLOW_LOGS, ES_APPLICATION_LOGS, AUDIT_LOGS.
Enabled bool: Whether given log publishing option is enabled or not.

cloudwatchLogGroupArn String: ARN of the Cloudwatch log group to which log needs to be published.
logType String: Type of OpenSearch log. Valid values: INDEX_SLOW_LOGS, SEARCH_SLOW_LOGS, ES_APPLICATION_LOGS, AUDIT_LOGS.
enabled Boolean: Whether given log publishing option is enabled or not.

cloudwatchLogGroupArn string: ARN of the Cloudwatch log group to which log needs to be published.
logType string: Type of OpenSearch log. Valid values: INDEX_SLOW_LOGS, SEARCH_SLOW_LOGS, ES_APPLICATION_LOGS, AUDIT_LOGS.
enabled boolean: Whether given log publishing option is enabled or not.

cloudwatch_log_group_arn str: ARN of the Cloudwatch log group to which log needs to be published.
log_type str: Type of OpenSearch log. Valid values: INDEX_SLOW_LOGS, SEARCH_SLOW_LOGS, ES_APPLICATION_LOGS, AUDIT_LOGS.
enabled bool: Whether given log publishing option is enabled or not.

cloudwatchLogGroupArn String: ARN of the Cloudwatch log group to which log needs to be published.
logType String: Type of OpenSearch log. Valid values: INDEX_SLOW_LOGS, SEARCH_SLOW_LOGS, ES_APPLICATION_LOGS, AUDIT_LOGS.
enabled Boolean: Whether given log publishing option is enabled or not.

DomainNodeToNodeEncryption, DomainNodeToNodeEncryptionArgs

Enabled bool: Whether to enable node-to-node encryption. If the node_to_node_encryption block is not provided then this defaults to false. Enabling node-to-node encryption of a new domain requires an engine_version of OpenSearch_X.Y or Elasticsearch_6.0 or greater.

Enabled bool: Whether to enable node-to-node encryption. If the node_to_node_encryption block is not provided then this defaults to false. Enabling node-to-node encryption of a new domain requires an engine_version of OpenSearch_X.Y or Elasticsearch_6.0 or greater.

enabled Boolean: Whether to enable node-to-node encryption. If the node_to_node_encryption block is not provided then this defaults to false. Enabling node-to-node encryption of a new domain requires an engine_version of OpenSearch_X.Y or Elasticsearch_6.0 or greater.

enabled boolean: Whether to enable node-to-node encryption. If the node_to_node_encryption block is not provided then this defaults to false. Enabling node-to-node encryption of a new domain requires an engine_version of OpenSearch_X.Y or Elasticsearch_6.0 or greater.

enabled bool: Whether to enable node-to-node encryption. If the node_to_node_encryption block is not provided then this defaults to false. Enabling node-to-node encryption of a new domain requires an engine_version of OpenSearch_X.Y or Elasticsearch_6.0 or greater.

enabled Boolean: Whether to enable node-to-node encryption. If the node_to_node_encryption block is not provided then this defaults to false. Enabling node-to-node encryption of a new domain requires an engine_version of OpenSearch_X.Y or Elasticsearch_6.0 or greater.

DomainOffPeakWindowOptions, DomainOffPeakWindowOptionsArgs

Enabled bool: Enabled disabled toggle for off-peak update window.
OffPeakWindow DomainOffPeakWindowOptionsOffPeakWindow

Enabled bool: Enabled disabled toggle for off-peak update window.
OffPeakWindow DomainOffPeakWindowOptionsOffPeakWindow

enabled Boolean: Enabled disabled toggle for off-peak update window.
offPeakWindow DomainOffPeakWindowOptionsOffPeakWindow

enabled boolean: Enabled disabled toggle for off-peak update window.
offPeakWindow DomainOffPeakWindowOptionsOffPeakWindow

enabled bool: Enabled disabled toggle for off-peak update window.
off_peak_window DomainOffPeakWindowOptionsOffPeakWindow

enabled Boolean: Enabled disabled toggle for off-peak update window.
offPeakWindow Property Map

DomainOffPeakWindowOptionsOffPeakWindow, DomainOffPeakWindowOptionsOffPeakWindowArgs

WindowStartTime DomainOffPeakWindowOptionsOffPeakWindowWindowStartTime: 10h window for updates

WindowStartTime DomainOffPeakWindowOptionsOffPeakWindowWindowStartTime: 10h window for updates

windowStartTime DomainOffPeakWindowOptionsOffPeakWindowWindowStartTime: 10h window for updates

windowStartTime DomainOffPeakWindowOptionsOffPeakWindowWindowStartTime: 10h window for updates

window_start_time DomainOffPeakWindowOptionsOffPeakWindowWindowStartTime: 10h window for updates

windowStartTime Property Map: 10h window for updates

DomainOffPeakWindowOptionsOffPeakWindowWindowStartTime, DomainOffPeakWindowOptionsOffPeakWindowWindowStartTimeArgs

Hours int: Starting hour of the 10-hour window for updates
Minutes int: Starting minute of the 10-hour window for updates

Hours int: Starting hour of the 10-hour window for updates
Minutes int: Starting minute of the 10-hour window for updates

hours Integer: Starting hour of the 10-hour window for updates
minutes Integer: Starting minute of the 10-hour window for updates

hours number: Starting hour of the 10-hour window for updates
minutes number: Starting minute of the 10-hour window for updates

hours int: Starting hour of the 10-hour window for updates
minutes int: Starting minute of the 10-hour window for updates

hours Number: Starting hour of the 10-hour window for updates
minutes Number: Starting minute of the 10-hour window for updates

DomainSnapshotOptions, DomainSnapshotOptionsArgs

AutomatedSnapshotStartHour int: Hour during which the service takes an automated daily snapshot of the indices in the domain.

AutomatedSnapshotStartHour int: Hour during which the service takes an automated daily snapshot of the indices in the domain.

automatedSnapshotStartHour Integer: Hour during which the service takes an automated daily snapshot of the indices in the domain.

automatedSnapshotStartHour number: Hour during which the service takes an automated daily snapshot of the indices in the domain.

automated_snapshot_start_hour int: Hour during which the service takes an automated daily snapshot of the indices in the domain.

automatedSnapshotStartHour Number: Hour during which the service takes an automated daily snapshot of the indices in the domain.

DomainSoftwareUpdateOptions, DomainSoftwareUpdateOptionsArgs

AutoSoftwareUpdateEnabled bool: Whether automatic service software updates are enabled for the domain. Defaults to false.

AutoSoftwareUpdateEnabled bool: Whether automatic service software updates are enabled for the domain. Defaults to false.

autoSoftwareUpdateEnabled Boolean: Whether automatic service software updates are enabled for the domain. Defaults to false.

autoSoftwareUpdateEnabled boolean: Whether automatic service software updates are enabled for the domain. Defaults to false.

auto_software_update_enabled bool: Whether automatic service software updates are enabled for the domain. Defaults to false.

autoSoftwareUpdateEnabled Boolean: Whether automatic service software updates are enabled for the domain. Defaults to false.

DomainVpcOptions, DomainVpcOptionsArgs

AvailabilityZones List<string>
SecurityGroupIds List<string>: List of VPC Security Group IDs to be applied to the OpenSearch domain endpoints. If omitted, the default Security Group for the VPC will be used.
SubnetIds List<string>: List of VPC Subnet IDs for the OpenSearch domain endpoints to be created in.
VpcId string

AvailabilityZones []string
SecurityGroupIds []string: List of VPC Security Group IDs to be applied to the OpenSearch domain endpoints. If omitted, the default Security Group for the VPC will be used.
SubnetIds []string: List of VPC Subnet IDs for the OpenSearch domain endpoints to be created in.
VpcId string

availabilityZones List<String>
securityGroupIds List<String>: List of VPC Security Group IDs to be applied to the OpenSearch domain endpoints. If omitted, the default Security Group for the VPC will be used.
subnetIds List<String>: List of VPC Subnet IDs for the OpenSearch domain endpoints to be created in.
vpcId String

availabilityZones string[]
securityGroupIds string[]: List of VPC Security Group IDs to be applied to the OpenSearch domain endpoints. If omitted, the default Security Group for the VPC will be used.
subnetIds string[]: List of VPC Subnet IDs for the OpenSearch domain endpoints to be created in.
vpcId string

availability_zones Sequence[str]
security_group_ids Sequence[str]: List of VPC Security Group IDs to be applied to the OpenSearch domain endpoints. If omitted, the default Security Group for the VPC will be used.
subnet_ids Sequence[str]: List of VPC Subnet IDs for the OpenSearch domain endpoints to be created in.
vpc_id str

availabilityZones List<String>
securityGroupIds List<String>: List of VPC Security Group IDs to be applied to the OpenSearch domain endpoints. If omitted, the default Security Group for the VPC will be used.
subnetIds List<String>: List of VPC Subnet IDs for the OpenSearch domain endpoints to be created in.
vpcId String

Import

Using pulumi import, import OpenSearch domains using the domain_name. For example:

 $ pulumi import aws:opensearch/domain:Domain example domain_name

Package Details

Repository: AWS Classic pulumi/pulumi-aws
License: Apache-2.0
Notes: This Pulumi package is based on the aws Terraform Provider.

Try AWS Native preview for resources not in the classic version.

AWS Classic v6.2.1 published on Friday, Sep 22, 2023 by Pulumi

pulumi/pulumi-aws

aws.opensearch.Domain

On this page

On this page

Elasticsearch vs. OpenSearch

Example Usage

Basic Usage

Access Policy

Log publishing to CloudWatch Logs

VPC based OpenSearch

First apply

Second apply

Create Domain Resource

Domain Resource Properties

Inputs

Outputs

Look up Existing Domain Resource

Supporting Types

DomainAdvancedSecurityOptions, DomainAdvancedSecurityOptionsArgs

DomainAdvancedSecurityOptionsMasterUserOptions, DomainAdvancedSecurityOptionsMasterUserOptionsArgs

DomainAutoTuneOptions, DomainAutoTuneOptionsArgs

DomainAutoTuneOptionsMaintenanceSchedule, DomainAutoTuneOptionsMaintenanceScheduleArgs

DomainAutoTuneOptionsMaintenanceScheduleDuration, DomainAutoTuneOptionsMaintenanceScheduleDurationArgs

DomainClusterConfig, DomainClusterConfigArgs

DomainClusterConfigColdStorageOptions, DomainClusterConfigColdStorageOptionsArgs

DomainClusterConfigZoneAwarenessConfig, DomainClusterConfigZoneAwarenessConfigArgs

DomainCognitoOptions, DomainCognitoOptionsArgs

DomainDomainEndpointOptions, DomainDomainEndpointOptionsArgs

DomainEbsOptions, DomainEbsOptionsArgs

DomainEncryptAtRest, DomainEncryptAtRestArgs

DomainLogPublishingOption, DomainLogPublishingOptionArgs

DomainNodeToNodeEncryption, DomainNodeToNodeEncryptionArgs

DomainOffPeakWindowOptions, DomainOffPeakWindowOptionsArgs

DomainOffPeakWindowOptionsOffPeakWindow, DomainOffPeakWindowOptionsOffPeakWindowArgs

DomainOffPeakWindowOptionsOffPeakWindowWindowStartTime, DomainOffPeakWindowOptionsOffPeakWindowWindowStartTimeArgs

DomainSnapshotOptions, DomainSnapshotOptionsArgs

DomainSoftwareUpdateOptions, DomainSoftwareUpdateOptionsArgs

DomainVpcOptions, DomainVpcOptionsArgs

Import

Package Details

On this page

On this page