1. Packages
  2. AWS Classic
  3. API Docs
  4. opensearch
  5. ServerlessSecurityPolicy

Try AWS Native preview for resources not in the classic version.

AWS Classic v6.37.1 published on Friday, May 24, 2024 by Pulumi

aws.opensearch.ServerlessSecurityPolicy

Explore with Pulumi AI

aws logo

Try AWS Native preview for resources not in the classic version.

AWS Classic v6.37.1 published on Friday, May 24, 2024 by Pulumi

    Resource for managing an AWS OpenSearch Serverless Security Policy. See AWS documentation for encryption policies and network policies.

    Example Usage

    Encryption Security Policy

    Applies to a single collection

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const example = new aws.opensearch.ServerlessSecurityPolicy("example", {
        name: "example",
        type: "encryption",
        description: "encryption security policy for example-collection",
        policy: JSON.stringify({
            Rules: [{
                Resource: ["collection/example-collection"],
                ResourceType: "collection",
            }],
            AWSOwnedKey: true,
        }),
    });
    
    import pulumi
    import json
    import pulumi_aws as aws
    
    example = aws.opensearch.ServerlessSecurityPolicy("example",
        name="example",
        type="encryption",
        description="encryption security policy for example-collection",
        policy=json.dumps({
            "Rules": [{
                "Resource": ["collection/example-collection"],
                "ResourceType": "collection",
            }],
            "AWSOwnedKey": True,
        }))
    
    package main
    
    import (
    	"encoding/json"
    
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		tmpJSON0, err := json.Marshal(map[string]interface{}{
    			"Rules": []map[string]interface{}{
    				map[string]interface{}{
    					"Resource": []string{
    						"collection/example-collection",
    					},
    					"ResourceType": "collection",
    				},
    			},
    			"AWSOwnedKey": true,
    		})
    		if err != nil {
    			return err
    		}
    		json0 := string(tmpJSON0)
    		_, err = opensearch.NewServerlessSecurityPolicy(ctx, "example", &opensearch.ServerlessSecurityPolicyArgs{
    			Name:        pulumi.String("example"),
    			Type:        pulumi.String("encryption"),
    			Description: pulumi.String("encryption security policy for example-collection"),
    			Policy:      pulumi.String(json0),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using System.Text.Json;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var example = new Aws.OpenSearch.ServerlessSecurityPolicy("example", new()
        {
            Name = "example",
            Type = "encryption",
            Description = "encryption security policy for example-collection",
            Policy = JsonSerializer.Serialize(new Dictionary<string, object?>
            {
                ["Rules"] = new[]
                {
                    new Dictionary<string, object?>
                    {
                        ["Resource"] = new[]
                        {
                            "collection/example-collection",
                        },
                        ["ResourceType"] = "collection",
                    },
                },
                ["AWSOwnedKey"] = true,
            }),
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.opensearch.ServerlessSecurityPolicy;
    import com.pulumi.aws.opensearch.ServerlessSecurityPolicyArgs;
    import static com.pulumi.codegen.internal.Serialization.*;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var example = new ServerlessSecurityPolicy("example", ServerlessSecurityPolicyArgs.builder()
                .name("example")
                .type("encryption")
                .description("encryption security policy for example-collection")
                .policy(serializeJson(
                    jsonObject(
                        jsonProperty("Rules", jsonArray(jsonObject(
                            jsonProperty("Resource", jsonArray("collection/example-collection")),
                            jsonProperty("ResourceType", "collection")
                        ))),
                        jsonProperty("AWSOwnedKey", true)
                    )))
                .build());
    
        }
    }
    
    resources:
      example:
        type: aws:opensearch:ServerlessSecurityPolicy
        properties:
          name: example
          type: encryption
          description: encryption security policy for example-collection
          policy:
            fn::toJSON:
              Rules:
                - Resource:
                    - collection/example-collection
                  ResourceType: collection
              AWSOwnedKey: true
    

    Applies to multiple collections

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const example = new aws.opensearch.ServerlessSecurityPolicy("example", {
        name: "example",
        type: "encryption",
        description: "encryption security policy for collections that begin with \"example\"",
        policy: JSON.stringify({
            Rules: [{
                Resource: ["collection/example*"],
                ResourceType: "collection",
            }],
            AWSOwnedKey: true,
        }),
    });
    
    import pulumi
    import json
    import pulumi_aws as aws
    
    example = aws.opensearch.ServerlessSecurityPolicy("example",
        name="example",
        type="encryption",
        description="encryption security policy for collections that begin with \"example\"",
        policy=json.dumps({
            "Rules": [{
                "Resource": ["collection/example*"],
                "ResourceType": "collection",
            }],
            "AWSOwnedKey": True,
        }))
    
    package main
    
    import (
    	"encoding/json"
    
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		tmpJSON0, err := json.Marshal(map[string]interface{}{
    			"Rules": []map[string]interface{}{
    				map[string]interface{}{
    					"Resource": []string{
    						"collection/example*",
    					},
    					"ResourceType": "collection",
    				},
    			},
    			"AWSOwnedKey": true,
    		})
    		if err != nil {
    			return err
    		}
    		json0 := string(tmpJSON0)
    		_, err = opensearch.NewServerlessSecurityPolicy(ctx, "example", &opensearch.ServerlessSecurityPolicyArgs{
    			Name:        pulumi.String("example"),
    			Type:        pulumi.String("encryption"),
    			Description: pulumi.String("encryption security policy for collections that begin with \"example\""),
    			Policy:      pulumi.String(json0),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using System.Text.Json;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var example = new Aws.OpenSearch.ServerlessSecurityPolicy("example", new()
        {
            Name = "example",
            Type = "encryption",
            Description = "encryption security policy for collections that begin with \"example\"",
            Policy = JsonSerializer.Serialize(new Dictionary<string, object?>
            {
                ["Rules"] = new[]
                {
                    new Dictionary<string, object?>
                    {
                        ["Resource"] = new[]
                        {
                            "collection/example*",
                        },
                        ["ResourceType"] = "collection",
                    },
                },
                ["AWSOwnedKey"] = true,
            }),
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.opensearch.ServerlessSecurityPolicy;
    import com.pulumi.aws.opensearch.ServerlessSecurityPolicyArgs;
    import static com.pulumi.codegen.internal.Serialization.*;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var example = new ServerlessSecurityPolicy("example", ServerlessSecurityPolicyArgs.builder()
                .name("example")
                .type("encryption")
                .description("encryption security policy for collections that begin with \"example\"")
                .policy(serializeJson(
                    jsonObject(
                        jsonProperty("Rules", jsonArray(jsonObject(
                            jsonProperty("Resource", jsonArray("collection/example*")),
                            jsonProperty("ResourceType", "collection")
                        ))),
                        jsonProperty("AWSOwnedKey", true)
                    )))
                .build());
    
        }
    }
    
    resources:
      example:
        type: aws:opensearch:ServerlessSecurityPolicy
        properties:
          name: example
          type: encryption
          description: encryption security policy for collections that begin with "example"
          policy:
            fn::toJSON:
              Rules:
                - Resource:
                    - collection/example*
                  ResourceType: collection
              AWSOwnedKey: true
    

    Using a customer managed key

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const example = new aws.opensearch.ServerlessSecurityPolicy("example", {
        name: "example",
        type: "encryption",
        description: "encryption security policy using customer KMS key",
        policy: JSON.stringify({
            Rules: [{
                Resource: ["collection/customer-managed-key-collection"],
                ResourceType: "collection",
            }],
            AWSOwnedKey: false,
            KmsARN: "arn:aws:kms:us-east-1:123456789012:key/93fd6da4-a317-4c17-bfe9-382b5d988b36",
        }),
    });
    
    import pulumi
    import json
    import pulumi_aws as aws
    
    example = aws.opensearch.ServerlessSecurityPolicy("example",
        name="example",
        type="encryption",
        description="encryption security policy using customer KMS key",
        policy=json.dumps({
            "Rules": [{
                "Resource": ["collection/customer-managed-key-collection"],
                "ResourceType": "collection",
            }],
            "AWSOwnedKey": False,
            "KmsARN": "arn:aws:kms:us-east-1:123456789012:key/93fd6da4-a317-4c17-bfe9-382b5d988b36",
        }))
    
    package main
    
    import (
    	"encoding/json"
    
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		tmpJSON0, err := json.Marshal(map[string]interface{}{
    			"Rules": []map[string]interface{}{
    				map[string]interface{}{
    					"Resource": []string{
    						"collection/customer-managed-key-collection",
    					},
    					"ResourceType": "collection",
    				},
    			},
    			"AWSOwnedKey": false,
    			"KmsARN":      "arn:aws:kms:us-east-1:123456789012:key/93fd6da4-a317-4c17-bfe9-382b5d988b36",
    		})
    		if err != nil {
    			return err
    		}
    		json0 := string(tmpJSON0)
    		_, err = opensearch.NewServerlessSecurityPolicy(ctx, "example", &opensearch.ServerlessSecurityPolicyArgs{
    			Name:        pulumi.String("example"),
    			Type:        pulumi.String("encryption"),
    			Description: pulumi.String("encryption security policy using customer KMS key"),
    			Policy:      pulumi.String(json0),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using System.Text.Json;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var example = new Aws.OpenSearch.ServerlessSecurityPolicy("example", new()
        {
            Name = "example",
            Type = "encryption",
            Description = "encryption security policy using customer KMS key",
            Policy = JsonSerializer.Serialize(new Dictionary<string, object?>
            {
                ["Rules"] = new[]
                {
                    new Dictionary<string, object?>
                    {
                        ["Resource"] = new[]
                        {
                            "collection/customer-managed-key-collection",
                        },
                        ["ResourceType"] = "collection",
                    },
                },
                ["AWSOwnedKey"] = false,
                ["KmsARN"] = "arn:aws:kms:us-east-1:123456789012:key/93fd6da4-a317-4c17-bfe9-382b5d988b36",
            }),
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.opensearch.ServerlessSecurityPolicy;
    import com.pulumi.aws.opensearch.ServerlessSecurityPolicyArgs;
    import static com.pulumi.codegen.internal.Serialization.*;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var example = new ServerlessSecurityPolicy("example", ServerlessSecurityPolicyArgs.builder()
                .name("example")
                .type("encryption")
                .description("encryption security policy using customer KMS key")
                .policy(serializeJson(
                    jsonObject(
                        jsonProperty("Rules", jsonArray(jsonObject(
                            jsonProperty("Resource", jsonArray("collection/customer-managed-key-collection")),
                            jsonProperty("ResourceType", "collection")
                        ))),
                        jsonProperty("AWSOwnedKey", false),
                        jsonProperty("KmsARN", "arn:aws:kms:us-east-1:123456789012:key/93fd6da4-a317-4c17-bfe9-382b5d988b36")
                    )))
                .build());
    
        }
    }
    
    resources:
      example:
        type: aws:opensearch:ServerlessSecurityPolicy
        properties:
          name: example
          type: encryption
          description: encryption security policy using customer KMS key
          policy:
            fn::toJSON:
              Rules:
                - Resource:
                    - collection/customer-managed-key-collection
                  ResourceType: collection
              AWSOwnedKey: false
              KmsARN: arn:aws:kms:us-east-1:123456789012:key/93fd6da4-a317-4c17-bfe9-382b5d988b36
    

    Network Security Policy

    Allow public access to the collection endpoint and the Dashboards endpoint

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const example = new aws.opensearch.ServerlessSecurityPolicy("example", {
        name: "example",
        type: "network",
        description: "Public access",
        policy: JSON.stringify([{
            Description: "Public access to collection and Dashboards endpoint for example collection",
            Rules: [
                {
                    ResourceType: "collection",
                    Resource: ["collection/example-collection"],
                },
                {
                    ResourceType: "dashboard",
                    Resource: ["collection/example-collection"],
                },
            ],
            AllowFromPublic: true,
        }]),
    });
    
    import pulumi
    import json
    import pulumi_aws as aws
    
    example = aws.opensearch.ServerlessSecurityPolicy("example",
        name="example",
        type="network",
        description="Public access",
        policy=json.dumps([{
            "Description": "Public access to collection and Dashboards endpoint for example collection",
            "Rules": [
                {
                    "ResourceType": "collection",
                    "Resource": ["collection/example-collection"],
                },
                {
                    "ResourceType": "dashboard",
                    "Resource": ["collection/example-collection"],
                },
            ],
            "AllowFromPublic": True,
        }]))
    
    package main
    
    import (
    	"encoding/json"
    
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		tmpJSON0, err := json.Marshal([]map[string]interface{}{
    			map[string]interface{}{
    				"Description": "Public access to collection and Dashboards endpoint for example collection",
    				"Rules": []map[string]interface{}{
    					map[string]interface{}{
    						"ResourceType": "collection",
    						"Resource": []string{
    							"collection/example-collection",
    						},
    					},
    					map[string]interface{}{
    						"ResourceType": "dashboard",
    						"Resource": []string{
    							"collection/example-collection",
    						},
    					},
    				},
    				"AllowFromPublic": true,
    			},
    		})
    		if err != nil {
    			return err
    		}
    		json0 := string(tmpJSON0)
    		_, err = opensearch.NewServerlessSecurityPolicy(ctx, "example", &opensearch.ServerlessSecurityPolicyArgs{
    			Name:        pulumi.String("example"),
    			Type:        pulumi.String("network"),
    			Description: pulumi.String("Public access"),
    			Policy:      pulumi.String(json0),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using System.Text.Json;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var example = new Aws.OpenSearch.ServerlessSecurityPolicy("example", new()
        {
            Name = "example",
            Type = "network",
            Description = "Public access",
            Policy = JsonSerializer.Serialize(new[]
            {
                new Dictionary<string, object?>
                {
                    ["Description"] = "Public access to collection and Dashboards endpoint for example collection",
                    ["Rules"] = new[]
                    {
                        new Dictionary<string, object?>
                        {
                            ["ResourceType"] = "collection",
                            ["Resource"] = new[]
                            {
                                "collection/example-collection",
                            },
                        },
                        new Dictionary<string, object?>
                        {
                            ["ResourceType"] = "dashboard",
                            ["Resource"] = new[]
                            {
                                "collection/example-collection",
                            },
                        },
                    },
                    ["AllowFromPublic"] = true,
                },
            }),
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.opensearch.ServerlessSecurityPolicy;
    import com.pulumi.aws.opensearch.ServerlessSecurityPolicyArgs;
    import static com.pulumi.codegen.internal.Serialization.*;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var example = new ServerlessSecurityPolicy("example", ServerlessSecurityPolicyArgs.builder()
                .name("example")
                .type("network")
                .description("Public access")
                .policy(serializeJson(
                    jsonArray(jsonObject(
                        jsonProperty("Description", "Public access to collection and Dashboards endpoint for example collection"),
                        jsonProperty("Rules", jsonArray(
                            jsonObject(
                                jsonProperty("ResourceType", "collection"),
                                jsonProperty("Resource", jsonArray("collection/example-collection"))
                            ), 
                            jsonObject(
                                jsonProperty("ResourceType", "dashboard"),
                                jsonProperty("Resource", jsonArray("collection/example-collection"))
                            )
                        )),
                        jsonProperty("AllowFromPublic", true)
                    ))))
                .build());
    
        }
    }
    
    resources:
      example:
        type: aws:opensearch:ServerlessSecurityPolicy
        properties:
          name: example
          type: network
          description: Public access
          policy:
            fn::toJSON:
              - Description: Public access to collection and Dashboards endpoint for example collection
                Rules:
                  - ResourceType: collection
                    Resource:
                      - collection/example-collection
                  - ResourceType: dashboard
                    Resource:
                      - collection/example-collection
                AllowFromPublic: true
    

    Allow VPC access to the collection endpoint and the Dashboards endpoint

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const example = new aws.opensearch.ServerlessSecurityPolicy("example", {
        name: "example",
        type: "network",
        description: "VPC access",
        policy: JSON.stringify([{
            Description: "VPC access to collection and Dashboards endpoint for example collection",
            Rules: [
                {
                    ResourceType: "collection",
                    Resource: ["collection/example-collection"],
                },
                {
                    ResourceType: "dashboard",
                    Resource: ["collection/example-collection"],
                },
            ],
            AllowFromPublic: false,
            SourceVPCEs: ["vpce-050f79086ee71ac05"],
        }]),
    });
    
    import pulumi
    import json
    import pulumi_aws as aws
    
    example = aws.opensearch.ServerlessSecurityPolicy("example",
        name="example",
        type="network",
        description="VPC access",
        policy=json.dumps([{
            "Description": "VPC access to collection and Dashboards endpoint for example collection",
            "Rules": [
                {
                    "ResourceType": "collection",
                    "Resource": ["collection/example-collection"],
                },
                {
                    "ResourceType": "dashboard",
                    "Resource": ["collection/example-collection"],
                },
            ],
            "AllowFromPublic": False,
            "SourceVPCEs": ["vpce-050f79086ee71ac05"],
        }]))
    
    package main
    
    import (
    	"encoding/json"
    
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		tmpJSON0, err := json.Marshal([]map[string]interface{}{
    			map[string]interface{}{
    				"Description": "VPC access to collection and Dashboards endpoint for example collection",
    				"Rules": []map[string]interface{}{
    					map[string]interface{}{
    						"ResourceType": "collection",
    						"Resource": []string{
    							"collection/example-collection",
    						},
    					},
    					map[string]interface{}{
    						"ResourceType": "dashboard",
    						"Resource": []string{
    							"collection/example-collection",
    						},
    					},
    				},
    				"AllowFromPublic": false,
    				"SourceVPCEs": []string{
    					"vpce-050f79086ee71ac05",
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		json0 := string(tmpJSON0)
    		_, err = opensearch.NewServerlessSecurityPolicy(ctx, "example", &opensearch.ServerlessSecurityPolicyArgs{
    			Name:        pulumi.String("example"),
    			Type:        pulumi.String("network"),
    			Description: pulumi.String("VPC access"),
    			Policy:      pulumi.String(json0),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using System.Text.Json;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var example = new Aws.OpenSearch.ServerlessSecurityPolicy("example", new()
        {
            Name = "example",
            Type = "network",
            Description = "VPC access",
            Policy = JsonSerializer.Serialize(new[]
            {
                new Dictionary<string, object?>
                {
                    ["Description"] = "VPC access to collection and Dashboards endpoint for example collection",
                    ["Rules"] = new[]
                    {
                        new Dictionary<string, object?>
                        {
                            ["ResourceType"] = "collection",
                            ["Resource"] = new[]
                            {
                                "collection/example-collection",
                            },
                        },
                        new Dictionary<string, object?>
                        {
                            ["ResourceType"] = "dashboard",
                            ["Resource"] = new[]
                            {
                                "collection/example-collection",
                            },
                        },
                    },
                    ["AllowFromPublic"] = false,
                    ["SourceVPCEs"] = new[]
                    {
                        "vpce-050f79086ee71ac05",
                    },
                },
            }),
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.opensearch.ServerlessSecurityPolicy;
    import com.pulumi.aws.opensearch.ServerlessSecurityPolicyArgs;
    import static com.pulumi.codegen.internal.Serialization.*;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var example = new ServerlessSecurityPolicy("example", ServerlessSecurityPolicyArgs.builder()
                .name("example")
                .type("network")
                .description("VPC access")
                .policy(serializeJson(
                    jsonArray(jsonObject(
                        jsonProperty("Description", "VPC access to collection and Dashboards endpoint for example collection"),
                        jsonProperty("Rules", jsonArray(
                            jsonObject(
                                jsonProperty("ResourceType", "collection"),
                                jsonProperty("Resource", jsonArray("collection/example-collection"))
                            ), 
                            jsonObject(
                                jsonProperty("ResourceType", "dashboard"),
                                jsonProperty("Resource", jsonArray("collection/example-collection"))
                            )
                        )),
                        jsonProperty("AllowFromPublic", false),
                        jsonProperty("SourceVPCEs", jsonArray("vpce-050f79086ee71ac05"))
                    ))))
                .build());
    
        }
    }
    
    resources:
      example:
        type: aws:opensearch:ServerlessSecurityPolicy
        properties:
          name: example
          type: network
          description: VPC access
          policy:
            fn::toJSON:
              - Description: VPC access to collection and Dashboards endpoint for example collection
                Rules:
                  - ResourceType: collection
                    Resource:
                      - collection/example-collection
                  - ResourceType: dashboard
                    Resource:
                      - collection/example-collection
                AllowFromPublic: false
                SourceVPCEs:
                  - vpce-050f79086ee71ac05
    

    Mixed access for different collections

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const example = new aws.opensearch.ServerlessSecurityPolicy("example", {
        name: "example",
        type: "network",
        description: "Mixed access for marketing and sales",
        policy: JSON.stringify([
            {
                Description: "Marketing access",
                Rules: [
                    {
                        ResourceType: "collection",
                        Resource: ["collection/marketing*"],
                    },
                    {
                        ResourceType: "dashboard",
                        Resource: ["collection/marketing*"],
                    },
                ],
                AllowFromPublic: false,
                SourceVPCEs: ["vpce-050f79086ee71ac05"],
            },
            {
                Description: "Sales access",
                Rules: [{
                    ResourceType: "collection",
                    Resource: ["collection/finance"],
                }],
                AllowFromPublic: true,
            },
        ]),
    });
    
    import pulumi
    import json
    import pulumi_aws as aws
    
    example = aws.opensearch.ServerlessSecurityPolicy("example",
        name="example",
        type="network",
        description="Mixed access for marketing and sales",
        policy=json.dumps([
            {
                "Description": "Marketing access",
                "Rules": [
                    {
                        "ResourceType": "collection",
                        "Resource": ["collection/marketing*"],
                    },
                    {
                        "ResourceType": "dashboard",
                        "Resource": ["collection/marketing*"],
                    },
                ],
                "AllowFromPublic": False,
                "SourceVPCEs": ["vpce-050f79086ee71ac05"],
            },
            {
                "Description": "Sales access",
                "Rules": [{
                    "ResourceType": "collection",
                    "Resource": ["collection/finance"],
                }],
                "AllowFromPublic": True,
            },
        ]))
    
    package main
    
    import (
    	"encoding/json"
    
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		tmpJSON0, err := json.Marshal([]interface{}{
    			map[string]interface{}{
    				"Description": "Marketing access",
    				"Rules": []map[string]interface{}{
    					map[string]interface{}{
    						"ResourceType": "collection",
    						"Resource": []string{
    							"collection/marketing*",
    						},
    					},
    					map[string]interface{}{
    						"ResourceType": "dashboard",
    						"Resource": []string{
    							"collection/marketing*",
    						},
    					},
    				},
    				"AllowFromPublic": false,
    				"SourceVPCEs": []string{
    					"vpce-050f79086ee71ac05",
    				},
    			},
    			map[string]interface{}{
    				"Description": "Sales access",
    				"Rules": []map[string]interface{}{
    					map[string]interface{}{
    						"ResourceType": "collection",
    						"Resource": []string{
    							"collection/finance",
    						},
    					},
    				},
    				"AllowFromPublic": true,
    			},
    		})
    		if err != nil {
    			return err
    		}
    		json0 := string(tmpJSON0)
    		_, err = opensearch.NewServerlessSecurityPolicy(ctx, "example", &opensearch.ServerlessSecurityPolicyArgs{
    			Name:        pulumi.String("example"),
    			Type:        pulumi.String("network"),
    			Description: pulumi.String("Mixed access for marketing and sales"),
    			Policy:      pulumi.String(json0),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using System.Text.Json;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var example = new Aws.OpenSearch.ServerlessSecurityPolicy("example", new()
        {
            Name = "example",
            Type = "network",
            Description = "Mixed access for marketing and sales",
            Policy = JsonSerializer.Serialize(new[]
            {
                new Dictionary<string, object?>
                {
                    ["Description"] = "Marketing access",
                    ["Rules"] = new[]
                    {
                        new Dictionary<string, object?>
                        {
                            ["ResourceType"] = "collection",
                            ["Resource"] = new[]
                            {
                                "collection/marketing*",
                            },
                        },
                        new Dictionary<string, object?>
                        {
                            ["ResourceType"] = "dashboard",
                            ["Resource"] = new[]
                            {
                                "collection/marketing*",
                            },
                        },
                    },
                    ["AllowFromPublic"] = false,
                    ["SourceVPCEs"] = new[]
                    {
                        "vpce-050f79086ee71ac05",
                    },
                },
                new Dictionary<string, object?>
                {
                    ["Description"] = "Sales access",
                    ["Rules"] = new[]
                    {
                        new Dictionary<string, object?>
                        {
                            ["ResourceType"] = "collection",
                            ["Resource"] = new[]
                            {
                                "collection/finance",
                            },
                        },
                    },
                    ["AllowFromPublic"] = true,
                },
            }),
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.opensearch.ServerlessSecurityPolicy;
    import com.pulumi.aws.opensearch.ServerlessSecurityPolicyArgs;
    import static com.pulumi.codegen.internal.Serialization.*;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var example = new ServerlessSecurityPolicy("example", ServerlessSecurityPolicyArgs.builder()
                .name("example")
                .type("network")
                .description("Mixed access for marketing and sales")
                .policy(serializeJson(
                    jsonArray(
                        jsonObject(
                            jsonProperty("Description", "Marketing access"),
                            jsonProperty("Rules", jsonArray(
                                jsonObject(
                                    jsonProperty("ResourceType", "collection"),
                                    jsonProperty("Resource", jsonArray("collection/marketing*"))
                                ), 
                                jsonObject(
                                    jsonProperty("ResourceType", "dashboard"),
                                    jsonProperty("Resource", jsonArray("collection/marketing*"))
                                )
                            )),
                            jsonProperty("AllowFromPublic", false),
                            jsonProperty("SourceVPCEs", jsonArray("vpce-050f79086ee71ac05"))
                        ), 
                        jsonObject(
                            jsonProperty("Description", "Sales access"),
                            jsonProperty("Rules", jsonArray(jsonObject(
                                jsonProperty("ResourceType", "collection"),
                                jsonProperty("Resource", jsonArray("collection/finance"))
                            ))),
                            jsonProperty("AllowFromPublic", true)
                        )
                    )))
                .build());
    
        }
    }
    
    resources:
      example:
        type: aws:opensearch:ServerlessSecurityPolicy
        properties:
          name: example
          type: network
          description: Mixed access for marketing and sales
          policy:
            fn::toJSON:
              - Description: Marketing access
                Rules:
                  - ResourceType: collection
                    Resource:
                      - collection/marketing*
                  - ResourceType: dashboard
                    Resource:
                      - collection/marketing*
                AllowFromPublic: false
                SourceVPCEs:
                  - vpce-050f79086ee71ac05
              - Description: Sales access
                Rules:
                  - ResourceType: collection
                    Resource:
                      - collection/finance
                AllowFromPublic: true
    

    Create ServerlessSecurityPolicy Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new ServerlessSecurityPolicy(name: string, args: ServerlessSecurityPolicyArgs, opts?: CustomResourceOptions);
    @overload
    def ServerlessSecurityPolicy(resource_name: str,
                                 args: ServerlessSecurityPolicyArgs,
                                 opts: Optional[ResourceOptions] = None)
    
    @overload
    def ServerlessSecurityPolicy(resource_name: str,
                                 opts: Optional[ResourceOptions] = None,
                                 policy: Optional[str] = None,
                                 type: Optional[str] = None,
                                 description: Optional[str] = None,
                                 name: Optional[str] = None)
    func NewServerlessSecurityPolicy(ctx *Context, name string, args ServerlessSecurityPolicyArgs, opts ...ResourceOption) (*ServerlessSecurityPolicy, error)
    public ServerlessSecurityPolicy(string name, ServerlessSecurityPolicyArgs args, CustomResourceOptions? opts = null)
    public ServerlessSecurityPolicy(String name, ServerlessSecurityPolicyArgs args)
    public ServerlessSecurityPolicy(String name, ServerlessSecurityPolicyArgs args, CustomResourceOptions options)
    
    type: aws:opensearch:ServerlessSecurityPolicy
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args ServerlessSecurityPolicyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args ServerlessSecurityPolicyArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args ServerlessSecurityPolicyArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args ServerlessSecurityPolicyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args ServerlessSecurityPolicyArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Example

    The following reference example uses placeholder values for all input properties.

    var serverlessSecurityPolicyResource = new Aws.OpenSearch.ServerlessSecurityPolicy("serverlessSecurityPolicyResource", new()
    {
        Policy = "string",
        Type = "string",
        Description = "string",
        Name = "string",
    });
    
    example, err := opensearch.NewServerlessSecurityPolicy(ctx, "serverlessSecurityPolicyResource", &opensearch.ServerlessSecurityPolicyArgs{
    	Policy:      pulumi.String("string"),
    	Type:        pulumi.String("string"),
    	Description: pulumi.String("string"),
    	Name:        pulumi.String("string"),
    })
    
    var serverlessSecurityPolicyResource = new ServerlessSecurityPolicy("serverlessSecurityPolicyResource", ServerlessSecurityPolicyArgs.builder()        
        .policy("string")
        .type("string")
        .description("string")
        .name("string")
        .build());
    
    serverless_security_policy_resource = aws.opensearch.ServerlessSecurityPolicy("serverlessSecurityPolicyResource",
        policy="string",
        type="string",
        description="string",
        name="string")
    
    const serverlessSecurityPolicyResource = new aws.opensearch.ServerlessSecurityPolicy("serverlessSecurityPolicyResource", {
        policy: "string",
        type: "string",
        description: "string",
        name: "string",
    });
    
    type: aws:opensearch:ServerlessSecurityPolicy
    properties:
        description: string
        name: string
        policy: string
        type: string
    

    ServerlessSecurityPolicy Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The ServerlessSecurityPolicy resource accepts the following input properties:

    Policy string
    JSON policy document to use as the content for the new policy
    Type string

    Type of security policy. One of encryption or network.

    The following arguments are optional:

    Description string
    Description of the policy. Typically used to store information about the permissions defined in the policy.
    Name string
    Name of the policy.
    Policy string
    JSON policy document to use as the content for the new policy
    Type string

    Type of security policy. One of encryption or network.

    The following arguments are optional:

    Description string
    Description of the policy. Typically used to store information about the permissions defined in the policy.
    Name string
    Name of the policy.
    policy String
    JSON policy document to use as the content for the new policy
    type String

    Type of security policy. One of encryption or network.

    The following arguments are optional:

    description String
    Description of the policy. Typically used to store information about the permissions defined in the policy.
    name String
    Name of the policy.
    policy string
    JSON policy document to use as the content for the new policy
    type string

    Type of security policy. One of encryption or network.

    The following arguments are optional:

    description string
    Description of the policy. Typically used to store information about the permissions defined in the policy.
    name string
    Name of the policy.
    policy str
    JSON policy document to use as the content for the new policy
    type str

    Type of security policy. One of encryption or network.

    The following arguments are optional:

    description str
    Description of the policy. Typically used to store information about the permissions defined in the policy.
    name str
    Name of the policy.
    policy String
    JSON policy document to use as the content for the new policy
    type String

    Type of security policy. One of encryption or network.

    The following arguments are optional:

    description String
    Description of the policy. Typically used to store information about the permissions defined in the policy.
    name String
    Name of the policy.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the ServerlessSecurityPolicy resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    PolicyVersion string
    Version of the policy.
    Id string
    The provider-assigned unique ID for this managed resource.
    PolicyVersion string
    Version of the policy.
    id String
    The provider-assigned unique ID for this managed resource.
    policyVersion String
    Version of the policy.
    id string
    The provider-assigned unique ID for this managed resource.
    policyVersion string
    Version of the policy.
    id str
    The provider-assigned unique ID for this managed resource.
    policy_version str
    Version of the policy.
    id String
    The provider-assigned unique ID for this managed resource.
    policyVersion String
    Version of the policy.

    Look up Existing ServerlessSecurityPolicy Resource

    Get an existing ServerlessSecurityPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: ServerlessSecurityPolicyState, opts?: CustomResourceOptions): ServerlessSecurityPolicy
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            description: Optional[str] = None,
            name: Optional[str] = None,
            policy: Optional[str] = None,
            policy_version: Optional[str] = None,
            type: Optional[str] = None) -> ServerlessSecurityPolicy
    func GetServerlessSecurityPolicy(ctx *Context, name string, id IDInput, state *ServerlessSecurityPolicyState, opts ...ResourceOption) (*ServerlessSecurityPolicy, error)
    public static ServerlessSecurityPolicy Get(string name, Input<string> id, ServerlessSecurityPolicyState? state, CustomResourceOptions? opts = null)
    public static ServerlessSecurityPolicy get(String name, Output<String> id, ServerlessSecurityPolicyState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    Description string
    Description of the policy. Typically used to store information about the permissions defined in the policy.
    Name string
    Name of the policy.
    Policy string
    JSON policy document to use as the content for the new policy
    PolicyVersion string
    Version of the policy.
    Type string

    Type of security policy. One of encryption or network.

    The following arguments are optional:

    Description string
    Description of the policy. Typically used to store information about the permissions defined in the policy.
    Name string
    Name of the policy.
    Policy string
    JSON policy document to use as the content for the new policy
    PolicyVersion string
    Version of the policy.
    Type string

    Type of security policy. One of encryption or network.

    The following arguments are optional:

    description String
    Description of the policy. Typically used to store information about the permissions defined in the policy.
    name String
    Name of the policy.
    policy String
    JSON policy document to use as the content for the new policy
    policyVersion String
    Version of the policy.
    type String

    Type of security policy. One of encryption or network.

    The following arguments are optional:

    description string
    Description of the policy. Typically used to store information about the permissions defined in the policy.
    name string
    Name of the policy.
    policy string
    JSON policy document to use as the content for the new policy
    policyVersion string
    Version of the policy.
    type string

    Type of security policy. One of encryption or network.

    The following arguments are optional:

    description str
    Description of the policy. Typically used to store information about the permissions defined in the policy.
    name str
    Name of the policy.
    policy str
    JSON policy document to use as the content for the new policy
    policy_version str
    Version of the policy.
    type str

    Type of security policy. One of encryption or network.

    The following arguments are optional:

    description String
    Description of the policy. Typically used to store information about the permissions defined in the policy.
    name String
    Name of the policy.
    policy String
    JSON policy document to use as the content for the new policy
    policyVersion String
    Version of the policy.
    type String

    Type of security policy. One of encryption or network.

    The following arguments are optional:

    Import

    Using pulumi import, import OpenSearchServerless Security Policy using the name and type arguments separated by a slash (/). For example:

    $ pulumi import aws:opensearch/serverlessSecurityPolicy:ServerlessSecurityPolicy example example/encryption
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    AWS Classic pulumi/pulumi-aws
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the aws Terraform Provider.
    aws logo

    Try AWS Native preview for resources not in the classic version.

    AWS Classic v6.37.1 published on Friday, May 24, 2024 by Pulumi