Documentation ¶
Index ¶
- func CfnDomain_CFN_RESOURCE_TYPE_NAME() *string
- func CfnDomain_IsCfnElement(x interface{}) *bool
- func CfnDomain_IsCfnResource(construct constructs.IConstruct) *bool
- func CfnDomain_IsConstruct(x interface{}) *bool
- func Domain_IsConstruct(x interface{}) *bool
- func Domain_IsOwnedResource(construct constructs.IConstruct) *bool
- func Domain_IsResource(construct constructs.IConstruct) *bool
- func NewCfnDomain_Override(c CfnDomain, scope constructs.Construct, id *string, props *CfnDomainProps)
- func NewDomain_Override(d Domain, scope constructs.Construct, id *string, props *DomainProps)
- type AdvancedSecurityOptions
- type CapacityConfig
- type CfnDomain
- type CfnDomainProps
- type CfnDomain_AdvancedSecurityOptionsInputProperty
- type CfnDomain_ClusterConfigProperty
- type CfnDomain_CognitoOptionsProperty
- type CfnDomain_DomainEndpointOptionsProperty
- type CfnDomain_EBSOptionsProperty
- type CfnDomain_EncryptionAtRestOptionsProperty
- type CfnDomain_IdpProperty
- type CfnDomain_LogPublishingOptionProperty
- type CfnDomain_MasterUserOptionsProperty
- type CfnDomain_NodeToNodeEncryptionOptionsProperty
- type CfnDomain_OffPeakWindowOptionsProperty
- type CfnDomain_OffPeakWindowProperty
- type CfnDomain_SAMLOptionsProperty
- type CfnDomain_ServiceSoftwareOptionsProperty
- type CfnDomain_SnapshotOptionsProperty
- type CfnDomain_SoftwareUpdateOptionsProperty
- type CfnDomain_VPCOptionsProperty
- type CfnDomain_WindowStartTimeProperty
- type CfnDomain_ZoneAwarenessConfigProperty
- type CognitoOptions
- type CustomEndpointOptions
- type Domain
- type DomainAttributes
- type DomainProps
- type EbsOptions
- type EncryptionAtRestOptions
- type EngineVersion
- func EngineVersion_ELASTICSEARCH_1_5() EngineVersion
- func EngineVersion_ELASTICSEARCH_2_3() EngineVersion
- func EngineVersion_ELASTICSEARCH_5_1() EngineVersion
- func EngineVersion_ELASTICSEARCH_5_3() EngineVersion
- func EngineVersion_ELASTICSEARCH_5_5() EngineVersion
- func EngineVersion_ELASTICSEARCH_5_6() EngineVersion
- func EngineVersion_ELASTICSEARCH_6_0() EngineVersion
- func EngineVersion_ELASTICSEARCH_6_2() EngineVersion
- func EngineVersion_ELASTICSEARCH_6_3() EngineVersion
- func EngineVersion_ELASTICSEARCH_6_4() EngineVersion
- func EngineVersion_ELASTICSEARCH_6_5() EngineVersion
- func EngineVersion_ELASTICSEARCH_6_7() EngineVersion
- func EngineVersion_ELASTICSEARCH_6_8() EngineVersion
- func EngineVersion_ELASTICSEARCH_7_1() EngineVersion
- func EngineVersion_ELASTICSEARCH_7_10() EngineVersion
- func EngineVersion_ELASTICSEARCH_7_4() EngineVersion
- func EngineVersion_ELASTICSEARCH_7_7() EngineVersion
- func EngineVersion_ELASTICSEARCH_7_8() EngineVersion
- func EngineVersion_ELASTICSEARCH_7_9() EngineVersion
- func EngineVersion_Elasticsearch(version *string) EngineVersion
- func EngineVersion_OPENSEARCH_1_0() EngineVersion
- func EngineVersion_OPENSEARCH_1_1() EngineVersion
- func EngineVersion_OPENSEARCH_1_2() EngineVersion
- func EngineVersion_OPENSEARCH_1_3() EngineVersion
- func EngineVersion_OPENSEARCH_2_3() EngineVersion
- func EngineVersion_OPENSEARCH_2_5() EngineVersion
- func EngineVersion_OPENSEARCH_2_7() EngineVersion
- func EngineVersion_OpenSearch(version *string) EngineVersion
- type IDomain
- type LoggingOptions
- type SAMLOptionsProperty
- type TLSSecurityPolicy
- type WindowStartTime
- type ZoneAwarenessConfig
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CfnDomain_CFN_RESOURCE_TYPE_NAME ¶
func CfnDomain_CFN_RESOURCE_TYPE_NAME() *string
func CfnDomain_IsCfnElement ¶
func CfnDomain_IsCfnElement(x interface{}) *bool
Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).
Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.
Returns: The construct as a stack element or undefined if it is not a stack element.
func CfnDomain_IsCfnResource ¶
func CfnDomain_IsCfnResource(construct constructs.IConstruct) *bool
Check whether the given construct is a CfnResource.
func CfnDomain_IsConstruct ¶
func CfnDomain_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.
Returns: true if `x` is an object created from a class which extends `Construct`.
func Domain_IsConstruct ¶
func Domain_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.
Returns: true if `x` is an object created from a class which extends `Construct`.
func Domain_IsOwnedResource ¶ added in v2.32.0
func Domain_IsOwnedResource(construct constructs.IConstruct) *bool
Returns true if the construct was created by CDK, and false otherwise.
func Domain_IsResource ¶
func Domain_IsResource(construct constructs.IConstruct) *bool
Check whether the given construct is a Resource.
func NewCfnDomain_Override ¶
func NewCfnDomain_Override(c CfnDomain, scope constructs.Construct, id *string, props *CfnDomainProps)
func NewDomain_Override ¶
func NewDomain_Override(d Domain, scope constructs.Construct, id *string, props *DomainProps)
Types ¶
type AdvancedSecurityOptions ¶
type AdvancedSecurityOptions struct { // ARN for the master user. // // Only specify this or masterUserName, but not both. // Default: - fine-grained access control is disabled. // MasterUserArn *string `field:"optional" json:"masterUserArn" yaml:"masterUserArn"` // Username for the master user. // // Only specify this or masterUserArn, but not both. // Default: - fine-grained access control is disabled. // MasterUserName *string `field:"optional" json:"masterUserName" yaml:"masterUserName"` // Password for the master user. // // You can use `SecretValue.unsafePlainText` to specify a password in plain text or // use `secretsmanager.Secret.fromSecretAttributes` to reference a secret in // Secrets Manager. // Default: - A Secrets Manager generated password. // MasterUserPassword awscdk.SecretValue `field:"optional" json:"masterUserPassword" yaml:"masterUserPassword"` // True to enable SAML authentication for a domain. // See: https://docs.aws.amazon.com/opensearch-service/latest/developerguide/saml.html // // Default: - SAML authentication is disabled. Enabled if `samlAuthenticationOptions` is set. // SamlAuthenticationEnabled *bool `field:"optional" json:"samlAuthenticationEnabled" yaml:"samlAuthenticationEnabled"` // Container for information about the SAML configuration for OpenSearch Dashboards. // // If set, `samlAuthenticationEnabled` will be enabled. // Default: - no SAML authentication options. // SamlAuthenticationOptions *SAMLOptionsProperty `field:"optional" json:"samlAuthenticationOptions" yaml:"samlAuthenticationOptions"` }
Specifies options for fine-grained access control.
Example:
domain := awscdk.NewDomain(this, jsii.String("Domain"), &DomainProps{ Version: awscdk.EngineVersion_OPENSEARCH_1_0(), EnforceHttps: jsii.Boolean(true), NodeToNodeEncryption: jsii.Boolean(true), EncryptionAtRest: &EncryptionAtRestOptions{ Enabled: jsii.Boolean(true), }, FineGrainedAccessControl: &AdvancedSecurityOptions{ MasterUserName: jsii.String("master-user"), SamlAuthenticationEnabled: jsii.Boolean(true), SamlAuthenticationOptions: &SAMLOptionsProperty{ IdpEntityId: jsii.String("entity-id"), IdpMetadataContent: jsii.String("metadata-content-with-quotes-escaped"), }, }, })
type CapacityConfig ¶
type CapacityConfig struct { // The instance type for your data nodes, such as `m3.medium.search`. For valid values, see [Supported Instance Types](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/supported-instance-types.html) in the Amazon OpenSearch Service Developer Guide. // Default: - r5.large.search // DataNodeInstanceType *string `field:"optional" json:"dataNodeInstanceType" yaml:"dataNodeInstanceType"` // The number of data nodes (instances) to use in the Amazon OpenSearch Service domain. // Default: - 1. // DataNodes *float64 `field:"optional" json:"dataNodes" yaml:"dataNodes"` // The hardware configuration of the computer that hosts the dedicated master node, such as `m3.medium.search`. For valid values, see [Supported Instance Types] (https://docs.aws.amazon.com/opensearch-service/latest/developerguide/supported-instance-types.html) in the Amazon OpenSearch Service Developer Guide. // Default: - r5.large.search // MasterNodeInstanceType *string `field:"optional" json:"masterNodeInstanceType" yaml:"masterNodeInstanceType"` // The number of instances to use for the master node. // Default: - no dedicated master nodes. // MasterNodes *float64 `field:"optional" json:"masterNodes" yaml:"masterNodes"` // Indicates whether Multi-AZ with Standby deployment option is enabled. // // For more information, see [Multi-AZ with Standby] // (https://docs.aws.amazon.com/opensearch-service/latest/developerguide/managedomains-multiaz.html#managedomains-za-standby) // Default: - no multi-az with standby. // MultiAzWithStandbyEnabled *bool `field:"optional" json:"multiAzWithStandbyEnabled" yaml:"multiAzWithStandbyEnabled"` // The instance type for your UltraWarm node, such as `ultrawarm1.medium.search`. For valid values, see [UltraWarm Storage Limits] (https://docs.aws.amazon.com/opensearch-service/latest/developerguide/limits.html#limits-ultrawarm) in the Amazon OpenSearch Service Developer Guide. // Default: - ultrawarm1.medium.search // WarmInstanceType *string `field:"optional" json:"warmInstanceType" yaml:"warmInstanceType"` // The number of UltraWarm nodes (instances) to use in the Amazon OpenSearch Service domain. // Default: - no UltraWarm nodes. // WarmNodes *float64 `field:"optional" json:"warmNodes" yaml:"warmNodes"` }
Configures the capacity of the cluster such as the instance type and the number of instances.
Example:
domain := awscdk.NewDomain(this, jsii.String("Domain"), &DomainProps{ Version: awscdk.EngineVersion_OPENSEARCH_1_0(), Capacity: &CapacityConfig{ MasterNodes: jsii.Number(2), WarmNodes: jsii.Number(2), WarmInstanceType: jsii.String("ultrawarm1.medium.search"), }, })
type CfnDomain ¶
type CfnDomain interface { awscdk.CfnResource awscdk.IInspectable awscdk.ITaggable // An AWS Identity and Access Management ( IAM ) policy document that specifies who can access the OpenSearch Service domain and their permissions. AccessPolicies() interface{} SetAccessPolicies(val interface{}) // Additional options to specify for the OpenSearch Service domain. AdvancedOptions() interface{} SetAdvancedOptions(val interface{}) // Specifies options for fine-grained access control and SAML authentication. AdvancedSecurityOptions() interface{} SetAdvancedSecurityOptions(val interface{}) // Date and time when the migration period will be disabled. // // Only necessary when [enabling fine-grained access control on an existing domain](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/fgac.html#fgac-enabling-existing) . AttrAdvancedSecurityOptionsAnonymousAuthDisableDate() *string // The Amazon Resource Name (ARN) of the domain, such as `arn:aws:es:us-west-2:123456789012:domain/mystack-1ab2cdefghij` . AttrArn() *string // The domain-specific endpoint used for requests to the OpenSearch APIs, such as `search-mystack-1ab2cdefghij-ab1c2deckoyb3hofw7wpqa3cm.us-west-1.es.amazonaws.com` . AttrDomainEndpoint() *string AttrDomainEndpoints() awscdk.IResolvable // The resource ID. // // For example, `123456789012/my-domain` . AttrId() *string // The current status of the service software for a domain. AttrServiceSoftwareOptions() awscdk.IResolvable // The timestamp, in Epoch time, until which you can manually request a service software update. // // After this date, we automatically update your service software. AttrServiceSoftwareOptionsAutomatedUpdateDate() *string // True if you're able to cancel your service software version update. // // False if you can't cancel your service software update. AttrServiceSoftwareOptionsCancellable() awscdk.IResolvable // The current service software version present on the domain. AttrServiceSoftwareOptionsCurrentVersion() *string // A description of the service software update status. AttrServiceSoftwareOptionsDescription() *string // The new service software version, if one is available. AttrServiceSoftwareOptionsNewVersion() *string // True if a service software is never automatically updated. // // False if a service software is automatically updated after the automated update date. AttrServiceSoftwareOptionsOptionalDeployment() awscdk.IResolvable // True if you're able to update your service software version. // // False if you can't update your service software version. AttrServiceSoftwareOptionsUpdateAvailable() awscdk.IResolvable // The status of your service software update. AttrServiceSoftwareOptionsUpdateStatus() *string // Options for this resource, such as condition, update policy etc. CfnOptions() awscdk.ICfnResourceOptions CfnProperties() *map[string]interface{} // AWS resource type. CfnResourceType() *string // Container for the cluster configuration of a domain. ClusterConfig() interface{} SetClusterConfig(val interface{}) // Configures OpenSearch Service to use Amazon Cognito authentication for OpenSearch Dashboards. CognitoOptions() interface{} SetCognitoOptions(val interface{}) // Returns: the stack trace of the point where this Resource was created from, sourced // from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most // node +internal+ entries filtered. CreationStack() *[]*string DomainArn() *string SetDomainArn(val *string) // Specifies additional options for the domain endpoint, such as whether to require HTTPS for all traffic or whether to use a custom endpoint rather than the default endpoint. DomainEndpointOptions() interface{} SetDomainEndpointOptions(val interface{}) // A name for the OpenSearch Service domain. DomainName() *string SetDomainName(val *string) // The configurations of Amazon Elastic Block Store (Amazon EBS) volumes that are attached to data nodes in the OpenSearch Service domain. EbsOptions() interface{} SetEbsOptions(val interface{}) // Whether the domain should encrypt data at rest, and if so, the AWS KMS key to use. EncryptionAtRestOptions() interface{} SetEncryptionAtRestOptions(val interface{}) // The version of OpenSearch to use. EngineVersion() *string SetEngineVersion(val *string) // The logical ID for this CloudFormation stack element. // // The logical ID of the element // is calculated from the path of the resource node in the construct tree. // // To override this value, use `overrideLogicalId(newLogicalId)`. // // Returns: the logical ID as a stringified token. This value will only get // resolved during synthesis. LogicalId() *string // An object with one or more of the following keys: `SEARCH_SLOW_LOGS` , `ES_APPLICATION_LOGS` , `INDEX_SLOW_LOGS` , `AUDIT_LOGS` , depending on the types of logs you want to publish. LogPublishingOptions() interface{} SetLogPublishingOptions(val interface{}) // The tree node. Node() constructs.Node // Specifies whether node-to-node encryption is enabled. NodeToNodeEncryptionOptions() interface{} SetNodeToNodeEncryptionOptions(val interface{}) // Options for a domain's off-peak window, during which OpenSearch Service can perform mandatory configuration changes on the domain. OffPeakWindowOptions() interface{} SetOffPeakWindowOptions(val interface{}) // Return a string that will be resolved to a CloudFormation `{ Ref }` for this element. // // If, by any chance, the intrinsic reference of a resource is not a string, you could // coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`. Ref() *string // *DEPRECATED* . SnapshotOptions() interface{} SetSnapshotOptions(val interface{}) // Options for configuring service software updates for a domain. SoftwareUpdateOptions() interface{} SetSoftwareUpdateOptions(val interface{}) // The stack in which this element is defined. // // CfnElements must be defined within a stack scope (directly or indirectly). Stack() awscdk.Stack // Tag Manager which manages the tags for this resource. Tags() awscdk.TagManager // An arbitrary set of tags (key–value pairs) to associate with the OpenSearch Service domain. TagsRaw() *[]*awscdk.CfnTag SetTagsRaw(val *[]*awscdk.CfnTag) // Deprecated. // Deprecated: use `updatedProperties` // // Return properties modified after initiation // // Resources that expose mutable properties should override this function to // collect and return the properties object for this resource. UpdatedProperites() *map[string]interface{} // Return properties modified after initiation. // // Resources that expose mutable properties should override this function to // collect and return the properties object for this resource. UpdatedProperties() *map[string]interface{} // The virtual private cloud (VPC) configuration for the OpenSearch Service domain. VpcOptions() interface{} SetVpcOptions(val interface{}) // Syntactic sugar for `addOverride(path, undefined)`. AddDeletionOverride(path *string) // Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. // // This can be used for resources across stacks (or nested stack) boundaries // and the dependency will automatically be transferred to the relevant scope. AddDependency(target awscdk.CfnResource) // Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. // Deprecated: use addDependency. AddDependsOn(target awscdk.CfnResource) // Add a value to the CloudFormation Resource Metadata. // See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html // // Note that this is a different set of metadata from CDK node metadata; this // metadata ends up in the stack template under the resource, whereas CDK // node metadata ends up in the Cloud Assembly. // AddMetadata(key *string, value interface{}) // Adds an override to the synthesized CloudFormation resource. // // To add a // property override, either use `addPropertyOverride` or prefix `path` with // "Properties." (i.e. `Properties.TopicName`). // // If the override is nested, separate each nested level using a dot (.) in the path parameter. // If there is an array as part of the nesting, specify the index in the path. // // To include a literal `.` in the property name, prefix with a `\`. In most // programming languages you will need to write this as `"\\."` because the // `\` itself will need to be escaped. // // For example, // “`typescript // cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']); // cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE'); // “` // would add the overrides // “`json // "Properties": { // "GlobalSecondaryIndexes": [ // { // "Projection": { // "NonKeyAttributes": [ "myattribute" ] // ... // } // ... // }, // { // "ProjectionType": "INCLUDE" // ... // }, // ] // ... // } // “` // // The `value` argument to `addOverride` will not be processed or translated // in any way. Pass raw JSON values in here with the correct capitalization // for CloudFormation. If you pass CDK classes or structs, they will be // rendered with lowercased key names, and CloudFormation will reject the // template. AddOverride(path *string, value interface{}) // Adds an override that deletes the value of a property from the resource definition. AddPropertyDeletionOverride(propertyPath *string) // Adds an override to a resource property. // // Syntactic sugar for `addOverride("Properties.<...>", value)`. AddPropertyOverride(propertyPath *string, value interface{}) // Sets the deletion policy of the resource based on the removal policy specified. // // The Removal Policy controls what happens to this resource when it stops // being managed by CloudFormation, either because you've removed it from the // CDK application or because you've made a change that requires the resource // to be replaced. // // The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS // account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some // cases, a snapshot can be taken of the resource prior to deletion // (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy // can be found in the following link:. // See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options // ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions) // Returns a token for an runtime attribute of this resource. // // Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility // in case there is no generated attribute. GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference // Retrieve a value value from the CloudFormation Resource Metadata. // See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html // // Note that this is a different set of metadata from CDK node metadata; this // metadata ends up in the stack template under the resource, whereas CDK // node metadata ends up in the Cloud Assembly. // GetMetadata(key *string) interface{} // Examines the CloudFormation resource and discloses attributes. Inspect(inspector awscdk.TreeInspector) // Retrieves an array of resources this resource depends on. // // This assembles dependencies on resources across stacks (including nested stacks) // automatically. ObtainDependencies() *[]interface{} // Get a shallow copy of dependencies between this resource and other resources in the same stack. ObtainResourceDependencies() *[]awscdk.CfnResource // Overrides the auto-generated logical ID with a specific ID. OverrideLogicalId(newLogicalId *string) // Indicates that this resource no longer depends on another resource. // // This can be used for resources across stacks (including nested stacks) // and the dependency will automatically be removed from the relevant scope. RemoveDependency(target awscdk.CfnResource) RenderProperties(props *map[string]interface{}) *map[string]interface{} // Replaces one dependency with another. ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource) // Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template. // // Returns: `true` if the resource should be included or `false` is the resource // should be omitted. ShouldSynthesize() *bool // Returns a string representation of this construct. // // Returns: a string representation of this resource. ToString() *string ValidateProperties(_properties interface{}) }
The AWS::OpenSearchService::Domain resource creates an Amazon OpenSearch Service domain.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" var accessPolicies interface{} cfnDomain := awscdk.Aws_opensearchservice.NewCfnDomain(this, jsii.String("MyCfnDomain"), &CfnDomainProps{ AccessPolicies: accessPolicies, AdvancedOptions: map[string]*string{ "advancedOptionsKey": jsii.String("advancedOptions"), }, AdvancedSecurityOptions: &AdvancedSecurityOptionsInputProperty{ AnonymousAuthDisableDate: jsii.String("anonymousAuthDisableDate"), AnonymousAuthEnabled: jsii.Boolean(false), Enabled: jsii.Boolean(false), InternalUserDatabaseEnabled: jsii.Boolean(false), MasterUserOptions: &MasterUserOptionsProperty{ MasterUserArn: jsii.String("masterUserArn"), MasterUserName: jsii.String("masterUserName"), MasterUserPassword: jsii.String("masterUserPassword"), }, SamlOptions: &SAMLOptionsProperty{ Enabled: jsii.Boolean(false), Idp: &IdpProperty{ EntityId: jsii.String("entityId"), MetadataContent: jsii.String("metadataContent"), }, MasterBackendRole: jsii.String("masterBackendRole"), MasterUserName: jsii.String("masterUserName"), RolesKey: jsii.String("rolesKey"), SessionTimeoutMinutes: jsii.Number(123), SubjectKey: jsii.String("subjectKey"), }, }, ClusterConfig: &ClusterConfigProperty{ DedicatedMasterCount: jsii.Number(123), DedicatedMasterEnabled: jsii.Boolean(false), DedicatedMasterType: jsii.String("dedicatedMasterType"), InstanceCount: jsii.Number(123), InstanceType: jsii.String("instanceType"), MultiAzWithStandbyEnabled: jsii.Boolean(false), WarmCount: jsii.Number(123), WarmEnabled: jsii.Boolean(false), WarmType: jsii.String("warmType"), ZoneAwarenessConfig: &ZoneAwarenessConfigProperty{ AvailabilityZoneCount: jsii.Number(123), }, ZoneAwarenessEnabled: jsii.Boolean(false), }, CognitoOptions: &CognitoOptionsProperty{ Enabled: jsii.Boolean(false), IdentityPoolId: jsii.String("identityPoolId"), RoleArn: jsii.String("roleArn"), UserPoolId: jsii.String("userPoolId"), }, DomainArn: jsii.String("domainArn"), DomainEndpointOptions: &DomainEndpointOptionsProperty{ CustomEndpoint: jsii.String("customEndpoint"), CustomEndpointCertificateArn: jsii.String("customEndpointCertificateArn"), CustomEndpointEnabled: jsii.Boolean(false), EnforceHttps: jsii.Boolean(false), TlsSecurityPolicy: jsii.String("tlsSecurityPolicy"), }, DomainName: jsii.String("domainName"), EbsOptions: &EBSOptionsProperty{ EbsEnabled: jsii.Boolean(false), Iops: jsii.Number(123), Throughput: jsii.Number(123), VolumeSize: jsii.Number(123), VolumeType: jsii.String("volumeType"), }, EncryptionAtRestOptions: &EncryptionAtRestOptionsProperty{ Enabled: jsii.Boolean(false), KmsKeyId: jsii.String("kmsKeyId"), }, EngineVersion: jsii.String("engineVersion"), LogPublishingOptions: map[string]interface{}{ "logPublishingOptionsKey": &LogPublishingOptionProperty{ "cloudWatchLogsLogGroupArn": jsii.String("cloudWatchLogsLogGroupArn"), "enabled": jsii.Boolean(false), }, }, NodeToNodeEncryptionOptions: &NodeToNodeEncryptionOptionsProperty{ Enabled: jsii.Boolean(false), }, OffPeakWindowOptions: &OffPeakWindowOptionsProperty{ Enabled: jsii.Boolean(false), OffPeakWindow: &OffPeakWindowProperty{ WindowStartTime: &WindowStartTimeProperty{ Hours: jsii.Number(123), Minutes: jsii.Number(123), }, }, }, SnapshotOptions: &SnapshotOptionsProperty{ AutomatedSnapshotStartHour: jsii.Number(123), }, SoftwareUpdateOptions: &SoftwareUpdateOptionsProperty{ AutoSoftwareUpdateEnabled: jsii.Boolean(false), }, Tags: []cfnTag{ &cfnTag{ Key: jsii.String("key"), Value: jsii.String("value"), }, }, VpcOptions: &VPCOptionsProperty{ SecurityGroupIds: []*string{ jsii.String("securityGroupIds"), }, SubnetIds: []*string{ jsii.String("subnetIds"), }, }, })
func NewCfnDomain ¶
func NewCfnDomain(scope constructs.Construct, id *string, props *CfnDomainProps) CfnDomain
type CfnDomainProps ¶
type CfnDomainProps struct { // An AWS Identity and Access Management ( IAM ) policy document that specifies who can access the OpenSearch Service domain and their permissions. // // For more information, see [Configuring access policies](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/ac.html#ac-creating) in the *Amazon OpenSearch Service Developer Guide* . // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html#cfn-opensearchservice-domain-accesspolicies // AccessPolicies interface{} `field:"optional" json:"accessPolicies" yaml:"accessPolicies"` // Additional options to specify for the OpenSearch Service domain. // // For more information, see [AdvancedOptions](https://docs.aws.amazon.com/opensearch-service/latest/APIReference/API_CreateDomain.html#API_CreateDomain_RequestBody) in the OpenSearch Service API reference. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html#cfn-opensearchservice-domain-advancedoptions // AdvancedOptions interface{} `field:"optional" json:"advancedOptions" yaml:"advancedOptions"` // Specifies options for fine-grained access control and SAML authentication. // // If you specify advanced security options, you must also enable node-to-node encryption ( [NodeToNodeEncryptionOptions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-nodetonodeencryptionoptions.html) ) and encryption at rest ( [EncryptionAtRestOptions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-encryptionatrestoptions.html) ). You must also enable `EnforceHTTPS` within [DomainEndpointOptions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-domainendpointoptions.html) , which requires HTTPS for all traffic to the domain. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html#cfn-opensearchservice-domain-advancedsecurityoptions // AdvancedSecurityOptions interface{} `field:"optional" json:"advancedSecurityOptions" yaml:"advancedSecurityOptions"` // Container for the cluster configuration of a domain. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html#cfn-opensearchservice-domain-clusterconfig // ClusterConfig interface{} `field:"optional" json:"clusterConfig" yaml:"clusterConfig"` // Configures OpenSearch Service to use Amazon Cognito authentication for OpenSearch Dashboards. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html#cfn-opensearchservice-domain-cognitooptions // CognitoOptions interface{} `field:"optional" json:"cognitoOptions" yaml:"cognitoOptions"` // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html#cfn-opensearchservice-domain-domainarn // DomainArn *string `field:"optional" json:"domainArn" yaml:"domainArn"` // Specifies additional options for the domain endpoint, such as whether to require HTTPS for all traffic or whether to use a custom endpoint rather than the default endpoint. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html#cfn-opensearchservice-domain-domainendpointoptions // DomainEndpointOptions interface{} `field:"optional" json:"domainEndpointOptions" yaml:"domainEndpointOptions"` // A name for the OpenSearch Service domain. // // The name must have a minimum length of 3 and a maximum length of 28. If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the domain name. For more information, see [Name Type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html) . // // Required when creating a new domain. // // > If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html#cfn-opensearchservice-domain-domainname // DomainName *string `field:"optional" json:"domainName" yaml:"domainName"` // The configurations of Amazon Elastic Block Store (Amazon EBS) volumes that are attached to data nodes in the OpenSearch Service domain. // // For more information, see [EBS volume size limits](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/limits.html#ebsresource) in the *Amazon OpenSearch Service Developer Guide* . // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html#cfn-opensearchservice-domain-ebsoptions // EbsOptions interface{} `field:"optional" json:"ebsOptions" yaml:"ebsOptions"` // Whether the domain should encrypt data at rest, and if so, the AWS KMS key to use. // // See [Encryption of data at rest for Amazon OpenSearch Service](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/encryption-at-rest.html) . // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html#cfn-opensearchservice-domain-encryptionatrestoptions // EncryptionAtRestOptions interface{} `field:"optional" json:"encryptionAtRestOptions" yaml:"encryptionAtRestOptions"` // The version of OpenSearch to use. // // The value must be in the format `OpenSearch_X.Y` or `Elasticsearch_X.Y` . If not specified, the latest version of OpenSearch is used. For information about the versions that OpenSearch Service supports, see [Supported versions of OpenSearch and Elasticsearch](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/what-is.html#choosing-version) in the *Amazon OpenSearch Service Developer Guide* . // // If you set the [EnableVersionUpgrade](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-updatepolicy.html#cfn-attributes-updatepolicy-upgradeopensearchdomain) update policy to `true` , you can update `EngineVersion` without interruption. When `EnableVersionUpgrade` is set to `false` , or is not specified, updating `EngineVersion` results in [replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) . // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html#cfn-opensearchservice-domain-engineversion // EngineVersion *string `field:"optional" json:"engineVersion" yaml:"engineVersion"` // An object with one or more of the following keys: `SEARCH_SLOW_LOGS` , `ES_APPLICATION_LOGS` , `INDEX_SLOW_LOGS` , `AUDIT_LOGS` , depending on the types of logs you want to publish. // // Each key needs a valid `LogPublishingOption` value. For the full syntax, see the [examples](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html#aws-resource-opensearchservice-domain--examples) . // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html#cfn-opensearchservice-domain-logpublishingoptions // LogPublishingOptions interface{} `field:"optional" json:"logPublishingOptions" yaml:"logPublishingOptions"` // Specifies whether node-to-node encryption is enabled. // // See [Node-to-node encryption for Amazon OpenSearch Service](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/ntn.html) . // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html#cfn-opensearchservice-domain-nodetonodeencryptionoptions // NodeToNodeEncryptionOptions interface{} `field:"optional" json:"nodeToNodeEncryptionOptions" yaml:"nodeToNodeEncryptionOptions"` // Options for a domain's off-peak window, during which OpenSearch Service can perform mandatory configuration changes on the domain. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html#cfn-opensearchservice-domain-offpeakwindowoptions // OffPeakWindowOptions interface{} `field:"optional" json:"offPeakWindowOptions" yaml:"offPeakWindowOptions"` // *DEPRECATED* . // // The automated snapshot configuration for the OpenSearch Service domain indexes. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html#cfn-opensearchservice-domain-snapshotoptions // SnapshotOptions interface{} `field:"optional" json:"snapshotOptions" yaml:"snapshotOptions"` // Options for configuring service software updates for a domain. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html#cfn-opensearchservice-domain-softwareupdateoptions // SoftwareUpdateOptions interface{} `field:"optional" json:"softwareUpdateOptions" yaml:"softwareUpdateOptions"` // An arbitrary set of tags (key–value pairs) to associate with the OpenSearch Service domain. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html#cfn-opensearchservice-domain-tags // Tags *[]*awscdk.CfnTag `field:"optional" json:"tags" yaml:"tags"` // The virtual private cloud (VPC) configuration for the OpenSearch Service domain. // // For more information, see [Launching your Amazon OpenSearch Service domains within a VPC](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/vpc.html) in the *Amazon OpenSearch Service Developer Guide* . // // If you remove this entity altogether, along with its associated properties, it causes a replacement. You might encounter this scenario if you're updating your security configuration from a VPC to a public endpoint. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html#cfn-opensearchservice-domain-vpcoptions // VpcOptions interface{} `field:"optional" json:"vpcOptions" yaml:"vpcOptions"` }
Properties for defining a `CfnDomain`.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" var accessPolicies interface{} cfnDomainProps := &CfnDomainProps{ AccessPolicies: accessPolicies, AdvancedOptions: map[string]*string{ "advancedOptionsKey": jsii.String("advancedOptions"), }, AdvancedSecurityOptions: &AdvancedSecurityOptionsInputProperty{ AnonymousAuthDisableDate: jsii.String("anonymousAuthDisableDate"), AnonymousAuthEnabled: jsii.Boolean(false), Enabled: jsii.Boolean(false), InternalUserDatabaseEnabled: jsii.Boolean(false), MasterUserOptions: &MasterUserOptionsProperty{ MasterUserArn: jsii.String("masterUserArn"), MasterUserName: jsii.String("masterUserName"), MasterUserPassword: jsii.String("masterUserPassword"), }, SamlOptions: &SAMLOptionsProperty{ Enabled: jsii.Boolean(false), Idp: &IdpProperty{ EntityId: jsii.String("entityId"), MetadataContent: jsii.String("metadataContent"), }, MasterBackendRole: jsii.String("masterBackendRole"), MasterUserName: jsii.String("masterUserName"), RolesKey: jsii.String("rolesKey"), SessionTimeoutMinutes: jsii.Number(123), SubjectKey: jsii.String("subjectKey"), }, }, ClusterConfig: &ClusterConfigProperty{ DedicatedMasterCount: jsii.Number(123), DedicatedMasterEnabled: jsii.Boolean(false), DedicatedMasterType: jsii.String("dedicatedMasterType"), InstanceCount: jsii.Number(123), InstanceType: jsii.String("instanceType"), MultiAzWithStandbyEnabled: jsii.Boolean(false), WarmCount: jsii.Number(123), WarmEnabled: jsii.Boolean(false), WarmType: jsii.String("warmType"), ZoneAwarenessConfig: &ZoneAwarenessConfigProperty{ AvailabilityZoneCount: jsii.Number(123), }, ZoneAwarenessEnabled: jsii.Boolean(false), }, CognitoOptions: &CognitoOptionsProperty{ Enabled: jsii.Boolean(false), IdentityPoolId: jsii.String("identityPoolId"), RoleArn: jsii.String("roleArn"), UserPoolId: jsii.String("userPoolId"), }, DomainArn: jsii.String("domainArn"), DomainEndpointOptions: &DomainEndpointOptionsProperty{ CustomEndpoint: jsii.String("customEndpoint"), CustomEndpointCertificateArn: jsii.String("customEndpointCertificateArn"), CustomEndpointEnabled: jsii.Boolean(false), EnforceHttps: jsii.Boolean(false), TlsSecurityPolicy: jsii.String("tlsSecurityPolicy"), }, DomainName: jsii.String("domainName"), EbsOptions: &EBSOptionsProperty{ EbsEnabled: jsii.Boolean(false), Iops: jsii.Number(123), Throughput: jsii.Number(123), VolumeSize: jsii.Number(123), VolumeType: jsii.String("volumeType"), }, EncryptionAtRestOptions: &EncryptionAtRestOptionsProperty{ Enabled: jsii.Boolean(false), KmsKeyId: jsii.String("kmsKeyId"), }, EngineVersion: jsii.String("engineVersion"), LogPublishingOptions: map[string]interface{}{ "logPublishingOptionsKey": &LogPublishingOptionProperty{ "cloudWatchLogsLogGroupArn": jsii.String("cloudWatchLogsLogGroupArn"), "enabled": jsii.Boolean(false), }, }, NodeToNodeEncryptionOptions: &NodeToNodeEncryptionOptionsProperty{ Enabled: jsii.Boolean(false), }, OffPeakWindowOptions: &OffPeakWindowOptionsProperty{ Enabled: jsii.Boolean(false), OffPeakWindow: &OffPeakWindowProperty{ WindowStartTime: &WindowStartTimeProperty{ Hours: jsii.Number(123), Minutes: jsii.Number(123), }, }, }, SnapshotOptions: &SnapshotOptionsProperty{ AutomatedSnapshotStartHour: jsii.Number(123), }, SoftwareUpdateOptions: &SoftwareUpdateOptionsProperty{ AutoSoftwareUpdateEnabled: jsii.Boolean(false), }, Tags: []cfnTag{ &cfnTag{ Key: jsii.String("key"), Value: jsii.String("value"), }, }, VpcOptions: &VPCOptionsProperty{ SecurityGroupIds: []*string{ jsii.String("securityGroupIds"), }, SubnetIds: []*string{ jsii.String("subnetIds"), }, }, }
type CfnDomain_AdvancedSecurityOptionsInputProperty ¶
type CfnDomain_AdvancedSecurityOptionsInputProperty struct { // Date and time when the migration period will be disabled. // // Only necessary when [enabling fine-grained access control on an existing domain](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/fgac.html#fgac-enabling-existing) . // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-advancedsecurityoptionsinput.html#cfn-opensearchservice-domain-advancedsecurityoptionsinput-anonymousauthdisabledate // AnonymousAuthDisableDate *string `field:"optional" json:"anonymousAuthDisableDate" yaml:"anonymousAuthDisableDate"` // True to enable a 30-day migration period during which administrators can create role mappings. // // Only necessary when [enabling fine-grained access control on an existing domain](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/fgac.html#fgac-enabling-existing) . // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-advancedsecurityoptionsinput.html#cfn-opensearchservice-domain-advancedsecurityoptionsinput-anonymousauthenabled // AnonymousAuthEnabled interface{} `field:"optional" json:"anonymousAuthEnabled" yaml:"anonymousAuthEnabled"` // True to enable fine-grained access control. // // You must also enable encryption of data at rest and node-to-node encryption. See [Fine-grained access control in Amazon OpenSearch Service](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/fgac.html) . // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-advancedsecurityoptionsinput.html#cfn-opensearchservice-domain-advancedsecurityoptionsinput-enabled // Enabled interface{} `field:"optional" json:"enabled" yaml:"enabled"` // True to enable the internal user database. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-advancedsecurityoptionsinput.html#cfn-opensearchservice-domain-advancedsecurityoptionsinput-internaluserdatabaseenabled // InternalUserDatabaseEnabled interface{} `field:"optional" json:"internalUserDatabaseEnabled" yaml:"internalUserDatabaseEnabled"` // Specifies information about the master user. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-advancedsecurityoptionsinput.html#cfn-opensearchservice-domain-advancedsecurityoptionsinput-masteruseroptions // MasterUserOptions interface{} `field:"optional" json:"masterUserOptions" yaml:"masterUserOptions"` // Container for information about the SAML configuration for OpenSearch Dashboards. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-advancedsecurityoptionsinput.html#cfn-opensearchservice-domain-advancedsecurityoptionsinput-samloptions // SamlOptions interface{} `field:"optional" json:"samlOptions" yaml:"samlOptions"` }
Specifies options for fine-grained access control.
If you specify advanced security options, you must also enable node-to-node encryption ( [NodeToNodeEncryptionOptions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-nodetonodeencryptionoptions.html) ) and encryption at rest ( EncryptionAtRestOptions(https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-encryptionatrestoptions.html) ). You must also enable `EnforceHTTPS` within [DomainEndpointOptions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-domainendpointoptions.html) , which requires HTTPS for all traffic to the domain.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" advancedSecurityOptionsInputProperty := &AdvancedSecurityOptionsInputProperty{ AnonymousAuthDisableDate: jsii.String("anonymousAuthDisableDate"), AnonymousAuthEnabled: jsii.Boolean(false), Enabled: jsii.Boolean(false), InternalUserDatabaseEnabled: jsii.Boolean(false), MasterUserOptions: &MasterUserOptionsProperty{ MasterUserArn: jsii.String("masterUserArn"), MasterUserName: jsii.String("masterUserName"), MasterUserPassword: jsii.String("masterUserPassword"), }, SamlOptions: &SAMLOptionsProperty{ Enabled: jsii.Boolean(false), Idp: &IdpProperty{ EntityId: jsii.String("entityId"), MetadataContent: jsii.String("metadataContent"), }, MasterBackendRole: jsii.String("masterBackendRole"), MasterUserName: jsii.String("masterUserName"), RolesKey: jsii.String("rolesKey"), SessionTimeoutMinutes: jsii.Number(123), SubjectKey: jsii.String("subjectKey"), }, }
type CfnDomain_ClusterConfigProperty ¶
type CfnDomain_ClusterConfigProperty struct { // The number of instances to use for the master node. // // If you specify this property, you must specify `true` for the `DedicatedMasterEnabled` property. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-clusterconfig.html#cfn-opensearchservice-domain-clusterconfig-dedicatedmastercount // DedicatedMasterCount *float64 `field:"optional" json:"dedicatedMasterCount" yaml:"dedicatedMasterCount"` // Indicates whether to use a dedicated master node for the OpenSearch Service domain. // // A dedicated master node is a cluster node that performs cluster management tasks, but doesn't hold data or respond to data upload requests. Dedicated master nodes offload cluster management tasks to increase the stability of your search clusters. See [Dedicated master nodes in Amazon OpenSearch Service](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/managedomains-dedicatedmasternodes.html) . // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-clusterconfig.html#cfn-opensearchservice-domain-clusterconfig-dedicatedmasterenabled // DedicatedMasterEnabled interface{} `field:"optional" json:"dedicatedMasterEnabled" yaml:"dedicatedMasterEnabled"` // The hardware configuration of the computer that hosts the dedicated master node, such as `m3.medium.search` . If you specify this property, you must specify `true` for the `DedicatedMasterEnabled` property. For valid values, see [Supported instance types in Amazon OpenSearch Service](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/supported-instance-types.html) . // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-clusterconfig.html#cfn-opensearchservice-domain-clusterconfig-dedicatedmastertype // DedicatedMasterType *string `field:"optional" json:"dedicatedMasterType" yaml:"dedicatedMasterType"` // The number of data nodes (instances) to use in the OpenSearch Service domain. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-clusterconfig.html#cfn-opensearchservice-domain-clusterconfig-instancecount // InstanceCount *float64 `field:"optional" json:"instanceCount" yaml:"instanceCount"` // The instance type for your data nodes, such as `m3.medium.search` . For valid values, see [Supported instance types in Amazon OpenSearch Service](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/supported-instance-types.html) . // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-clusterconfig.html#cfn-opensearchservice-domain-clusterconfig-instancetype // InstanceType *string `field:"optional" json:"instanceType" yaml:"instanceType"` // Indicates whether Multi-AZ with Standby deployment option is enabled. // // For more information, see [Multi-AZ with Standby](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/managedomains-multiaz.html#managedomains-za-standby) . // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-clusterconfig.html#cfn-opensearchservice-domain-clusterconfig-multiazwithstandbyenabled // MultiAzWithStandbyEnabled interface{} `field:"optional" json:"multiAzWithStandbyEnabled" yaml:"multiAzWithStandbyEnabled"` // The number of warm nodes in the cluster. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-clusterconfig.html#cfn-opensearchservice-domain-clusterconfig-warmcount // WarmCount *float64 `field:"optional" json:"warmCount" yaml:"warmCount"` // Whether to enable UltraWarm storage for the cluster. // // See [UltraWarm storage for Amazon OpenSearch Service](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/ultrawarm.html) . // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-clusterconfig.html#cfn-opensearchservice-domain-clusterconfig-warmenabled // WarmEnabled interface{} `field:"optional" json:"warmEnabled" yaml:"warmEnabled"` // The instance type for the cluster's warm nodes. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-clusterconfig.html#cfn-opensearchservice-domain-clusterconfig-warmtype // WarmType *string `field:"optional" json:"warmType" yaml:"warmType"` // Specifies zone awareness configuration options. // // Only use if `ZoneAwarenessEnabled` is `true` . // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-clusterconfig.html#cfn-opensearchservice-domain-clusterconfig-zoneawarenessconfig // ZoneAwarenessConfig interface{} `field:"optional" json:"zoneAwarenessConfig" yaml:"zoneAwarenessConfig"` // Indicates whether to enable zone awareness for the OpenSearch Service domain. // // When you enable zone awareness, OpenSearch Service allocates the nodes and replica index shards that belong to a cluster across two Availability Zones (AZs) in the same region to prevent data loss and minimize downtime in the event of node or data center failure. Don't enable zone awareness if your cluster has no replica index shards or is a single-node cluster. For more information, see [Configuring a multi-AZ domain in Amazon OpenSearch Service](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/managedomains-multiaz.html) . // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-clusterconfig.html#cfn-opensearchservice-domain-clusterconfig-zoneawarenessenabled // ZoneAwarenessEnabled interface{} `field:"optional" json:"zoneAwarenessEnabled" yaml:"zoneAwarenessEnabled"` }
The cluster configuration for the OpenSearch Service domain.
You can specify options such as the instance type and the number of instances. For more information, see [Creating and managing Amazon OpenSearch Service domains](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/createupdatedomains.html) in the *Amazon OpenSearch Service Developer Guide* .
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" clusterConfigProperty := &ClusterConfigProperty{ DedicatedMasterCount: jsii.Number(123), DedicatedMasterEnabled: jsii.Boolean(false), DedicatedMasterType: jsii.String("dedicatedMasterType"), InstanceCount: jsii.Number(123), InstanceType: jsii.String("instanceType"), MultiAzWithStandbyEnabled: jsii.Boolean(false), WarmCount: jsii.Number(123), WarmEnabled: jsii.Boolean(false), WarmType: jsii.String("warmType"), ZoneAwarenessConfig: &ZoneAwarenessConfigProperty{ AvailabilityZoneCount: jsii.Number(123), }, ZoneAwarenessEnabled: jsii.Boolean(false), }
type CfnDomain_CognitoOptionsProperty ¶
type CfnDomain_CognitoOptionsProperty struct { // Whether to enable or disable Amazon Cognito authentication for OpenSearch Dashboards. // // See [Amazon Cognito authentication for OpenSearch Dashboards](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/cognito-auth.html) . // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-cognitooptions.html#cfn-opensearchservice-domain-cognitooptions-enabled // Enabled interface{} `field:"optional" json:"enabled" yaml:"enabled"` // The Amazon Cognito identity pool ID that you want OpenSearch Service to use for OpenSearch Dashboards authentication. // // Required if you enabled Cognito Authentication for OpenSearch Dashboards. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-cognitooptions.html#cfn-opensearchservice-domain-cognitooptions-identitypoolid // IdentityPoolId *string `field:"optional" json:"identityPoolId" yaml:"identityPoolId"` // The `AmazonOpenSearchServiceCognitoAccess` role that allows OpenSearch Service to configure your user pool and identity pool. // // Required if you enabled Cognito Authentication for OpenSearch Dashboards. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-cognitooptions.html#cfn-opensearchservice-domain-cognitooptions-rolearn // RoleArn *string `field:"optional" json:"roleArn" yaml:"roleArn"` // The Amazon Cognito user pool ID that you want OpenSearch Service to use for OpenSearch Dashboards authentication. // // Required if you enabled Cognito Authentication for OpenSearch Dashboards. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-cognitooptions.html#cfn-opensearchservice-domain-cognitooptions-userpoolid // UserPoolId *string `field:"optional" json:"userPoolId" yaml:"userPoolId"` }
Configures OpenSearch Service to use Amazon Cognito authentication for OpenSearch Dashboards.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" cognitoOptionsProperty := &CognitoOptionsProperty{ Enabled: jsii.Boolean(false), IdentityPoolId: jsii.String("identityPoolId"), RoleArn: jsii.String("roleArn"), UserPoolId: jsii.String("userPoolId"), }
type CfnDomain_DomainEndpointOptionsProperty ¶
type CfnDomain_DomainEndpointOptionsProperty struct { // The fully qualified URL for your custom endpoint. // // Required if you enabled a custom endpoint for the domain. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-domainendpointoptions.html#cfn-opensearchservice-domain-domainendpointoptions-customendpoint // CustomEndpoint *string `field:"optional" json:"customEndpoint" yaml:"customEndpoint"` // The AWS Certificate Manager ARN for your domain's SSL/TLS certificate. // // Required if you enabled a custom endpoint for the domain. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-domainendpointoptions.html#cfn-opensearchservice-domain-domainendpointoptions-customendpointcertificatearn // CustomEndpointCertificateArn *string `field:"optional" json:"customEndpointCertificateArn" yaml:"customEndpointCertificateArn"` // True to enable a custom endpoint for the domain. // // If enabled, you must also provide values for `CustomEndpoint` and `CustomEndpointCertificateArn` . // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-domainendpointoptions.html#cfn-opensearchservice-domain-domainendpointoptions-customendpointenabled // CustomEndpointEnabled interface{} `field:"optional" json:"customEndpointEnabled" yaml:"customEndpointEnabled"` // True to require that all traffic to the domain arrive over HTTPS. // // Required if you enable fine-grained access control in [AdvancedSecurityOptions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-advancedsecurityoptionsinput.html) . // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-domainendpointoptions.html#cfn-opensearchservice-domain-domainendpointoptions-enforcehttps // EnforceHttps interface{} `field:"optional" json:"enforceHttps" yaml:"enforceHttps"` // The minimum TLS version required for traffic to the domain. Valid values are TLS 1.3 (recommended) or 1.2:. // // - `Policy-Min-TLS-1-0-2019-07` // - `Policy-Min-TLS-1-2-2019-07`. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-domainendpointoptions.html#cfn-opensearchservice-domain-domainendpointoptions-tlssecuritypolicy // TlsSecurityPolicy *string `field:"optional" json:"tlsSecurityPolicy" yaml:"tlsSecurityPolicy"` }
Specifies additional options for the domain endpoint, such as whether to require HTTPS for all traffic or whether to use a custom endpoint rather than the default endpoint.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" domainEndpointOptionsProperty := &DomainEndpointOptionsProperty{ CustomEndpoint: jsii.String("customEndpoint"), CustomEndpointCertificateArn: jsii.String("customEndpointCertificateArn"), CustomEndpointEnabled: jsii.Boolean(false), EnforceHttps: jsii.Boolean(false), TlsSecurityPolicy: jsii.String("tlsSecurityPolicy"), }
type CfnDomain_EBSOptionsProperty ¶
type CfnDomain_EBSOptionsProperty struct { // Specifies whether Amazon EBS volumes are attached to data nodes in the OpenSearch Service domain. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-ebsoptions.html#cfn-opensearchservice-domain-ebsoptions-ebsenabled // EbsEnabled interface{} `field:"optional" json:"ebsEnabled" yaml:"ebsEnabled"` // The number of I/O operations per second (IOPS) that the volume supports. // // This property applies only to the `gp3` and provisioned IOPS EBS volume types. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-ebsoptions.html#cfn-opensearchservice-domain-ebsoptions-iops // Iops *float64 `field:"optional" json:"iops" yaml:"iops"` // The throughput (in MiB/s) of the EBS volumes attached to data nodes. // // Applies only to the `gp3` volume type. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-ebsoptions.html#cfn-opensearchservice-domain-ebsoptions-throughput // Throughput *float64 `field:"optional" json:"throughput" yaml:"throughput"` // The size (in GiB) of the EBS volume for each data node. // // The minimum and maximum size of an EBS volume depends on the EBS volume type and the instance type to which it is attached. For more information, see [EBS volume size limits](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/limits.html#ebsresource) in the *Amazon OpenSearch Service Developer Guide* . // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-ebsoptions.html#cfn-opensearchservice-domain-ebsoptions-volumesize // VolumeSize *float64 `field:"optional" json:"volumeSize" yaml:"volumeSize"` // The EBS volume type to use with the OpenSearch Service domain. // // If you choose `gp3` , you must also specify values for `Iops` and `Throughput` . For more information about each type, see [Amazon EBS volume types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html) in the *Amazon EC2 User Guide for Linux Instances* . // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-ebsoptions.html#cfn-opensearchservice-domain-ebsoptions-volumetype // VolumeType *string `field:"optional" json:"volumeType" yaml:"volumeType"` }
The configurations of Amazon Elastic Block Store (Amazon EBS) volumes that are attached to data nodes in the OpenSearch Service domain.
For more information, see [EBS volume size limits](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/limits.html#ebsresource) in the *Amazon OpenSearch Service Developer Guide* .
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" eBSOptionsProperty := &EBSOptionsProperty{ EbsEnabled: jsii.Boolean(false), Iops: jsii.Number(123), Throughput: jsii.Number(123), VolumeSize: jsii.Number(123), VolumeType: jsii.String("volumeType"), }
type CfnDomain_EncryptionAtRestOptionsProperty ¶
type CfnDomain_EncryptionAtRestOptionsProperty struct { // Specify `true` to enable encryption at rest. // // Required if you enable fine-grained access control in [AdvancedSecurityOptionsInput](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-advancedsecurityoptionsinput.html) . // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-encryptionatrestoptions.html#cfn-opensearchservice-domain-encryptionatrestoptions-enabled // Enabled interface{} `field:"optional" json:"enabled" yaml:"enabled"` // The KMS key ID. Takes the form `1a2a3a4-1a2a-3a4a-5a6a-1a2a3a4a5a6a` . Required if you enable encryption at rest. // // You can also use `keyAlias` as a value. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-encryptionatrestoptions.html#cfn-opensearchservice-domain-encryptionatrestoptions-kmskeyid // KmsKeyId *string `field:"optional" json:"kmsKeyId" yaml:"kmsKeyId"` }
Whether the domain should encrypt data at rest, and if so, the AWS Key Management Service key to use.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" encryptionAtRestOptionsProperty := &EncryptionAtRestOptionsProperty{ Enabled: jsii.Boolean(false), KmsKeyId: jsii.String("kmsKeyId"), }
type CfnDomain_IdpProperty ¶ added in v2.63.0
type CfnDomain_IdpProperty struct { // The unique entity ID of the application in the SAML identity provider. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-idp.html#cfn-opensearchservice-domain-idp-entityid // EntityId *string `field:"required" json:"entityId" yaml:"entityId"` // The metadata of the SAML application, in XML format. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-idp.html#cfn-opensearchservice-domain-idp-metadatacontent // MetadataContent *string `field:"required" json:"metadataContent" yaml:"metadataContent"` }
The SAML Identity Provider's information.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" idpProperty := &IdpProperty{ EntityId: jsii.String("entityId"), MetadataContent: jsii.String("metadataContent"), }
type CfnDomain_LogPublishingOptionProperty ¶
type CfnDomain_LogPublishingOptionProperty struct { // Specifies the CloudWatch log group to publish to. // // Required if you enable log publishing. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-logpublishingoption.html#cfn-opensearchservice-domain-logpublishingoption-cloudwatchlogsloggrouparn // CloudWatchLogsLogGroupArn *string `field:"optional" json:"cloudWatchLogsLogGroupArn" yaml:"cloudWatchLogsLogGroupArn"` // If `true` , enables the publishing of logs to CloudWatch. // // Default: `false` . // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-logpublishingoption.html#cfn-opensearchservice-domain-logpublishingoption-enabled // Enabled interface{} `field:"optional" json:"enabled" yaml:"enabled"` }
Specifies whether the OpenSearch Service domain publishes application, search slow logs, or index slow logs to Amazon CloudWatch.
Each option must be an object of name `SEARCH_SLOW_LOGS` , `ES_APPLICATION_LOGS` , `INDEX_SLOW_LOGS` , or `AUDIT_LOGS` depending on the type of logs you want to publish. For the full syntax, see the [examples](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html#aws-resource-opensearchservice-domain--examples) .
Before you enable log publishing, you need to create a CloudWatch log group and provide OpenSearch Service the correct permissions to write to it. To learn more, see [Enabling log publishing ( AWS CloudFormation)](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/createdomain-configure-slow-logs.html#createdomain-configure-slow-logs-cfn) .
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" logPublishingOptionProperty := &LogPublishingOptionProperty{ CloudWatchLogsLogGroupArn: jsii.String("cloudWatchLogsLogGroupArn"), Enabled: jsii.Boolean(false), }
type CfnDomain_MasterUserOptionsProperty ¶
type CfnDomain_MasterUserOptionsProperty struct { // Amazon Resource Name (ARN) for the master user. // // The ARN can point to an IAM user or role. This property is required for Amazon Cognito to work, and it must match the role configured for Cognito. Only specify if `InternalUserDatabaseEnabled` is false in [AdvancedSecurityOptionsInput](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-advancedsecurityoptionsinput.html) . // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-masteruseroptions.html#cfn-opensearchservice-domain-masteruseroptions-masteruserarn // MasterUserArn *string `field:"optional" json:"masterUserArn" yaml:"masterUserArn"` // Username for the master user. Only specify if `InternalUserDatabaseEnabled` is true in [AdvancedSecurityOptionsInput](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-advancedsecurityoptionsinput.html) . // // If you don't want to specify this value directly within the template, you can use a [dynamic reference](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/dynamic-references.html) instead. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-masteruseroptions.html#cfn-opensearchservice-domain-masteruseroptions-masterusername // MasterUserName *string `field:"optional" json:"masterUserName" yaml:"masterUserName"` // Password for the master user. Only specify if `InternalUserDatabaseEnabled` is true in [AdvancedSecurityOptionsInput](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-advancedsecurityoptionsinput.html) . // // If you don't want to specify this value directly within the template, you can use a [dynamic reference](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/dynamic-references.html) instead. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-masteruseroptions.html#cfn-opensearchservice-domain-masteruseroptions-masteruserpassword // MasterUserPassword *string `field:"optional" json:"masterUserPassword" yaml:"masterUserPassword"` }
Specifies information about the master user.
Required if if `InternalUserDatabaseEnabled` is true in AdvancedSecurityOptions(https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-advancedsecurityoptionsinput.html) .
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" masterUserOptionsProperty := &MasterUserOptionsProperty{ MasterUserArn: jsii.String("masterUserArn"), MasterUserName: jsii.String("masterUserName"), MasterUserPassword: jsii.String("masterUserPassword"), }
type CfnDomain_NodeToNodeEncryptionOptionsProperty ¶
type CfnDomain_NodeToNodeEncryptionOptionsProperty struct { // Specifies to enable or disable node-to-node encryption on the domain. // // Required if you enable fine-grained access control in [AdvancedSecurityOptionsInput](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-advancedsecurityoptionsinput.html) . // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-nodetonodeencryptionoptions.html#cfn-opensearchservice-domain-nodetonodeencryptionoptions-enabled // Enabled interface{} `field:"optional" json:"enabled" yaml:"enabled"` }
Specifies options for node-to-node encryption.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" nodeToNodeEncryptionOptionsProperty := &NodeToNodeEncryptionOptionsProperty{ Enabled: jsii.Boolean(false), }
type CfnDomain_OffPeakWindowOptionsProperty ¶ added in v2.72.0
type CfnDomain_OffPeakWindowOptionsProperty struct { // Specifies whether off-peak window settings are enabled for the domain. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-offpeakwindowoptions.html#cfn-opensearchservice-domain-offpeakwindowoptions-enabled // Enabled interface{} `field:"optional" json:"enabled" yaml:"enabled"` // Off-peak window settings for the domain. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-offpeakwindowoptions.html#cfn-opensearchservice-domain-offpeakwindowoptions-offpeakwindow // OffPeakWindow interface{} `field:"optional" json:"offPeakWindow" yaml:"offPeakWindow"` }
Off-peak window settings for the domain.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" offPeakWindowOptionsProperty := &OffPeakWindowOptionsProperty{ Enabled: jsii.Boolean(false), OffPeakWindow: &OffPeakWindowProperty{ WindowStartTime: &WindowStartTimeProperty{ Hours: jsii.Number(123), Minutes: jsii.Number(123), }, }, }
type CfnDomain_OffPeakWindowProperty ¶ added in v2.72.0
type CfnDomain_OffPeakWindowProperty struct { // The desired start time for an off-peak maintenance window. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-offpeakwindow.html#cfn-opensearchservice-domain-offpeakwindow-windowstarttime // WindowStartTime interface{} `field:"optional" json:"windowStartTime" yaml:"windowStartTime"` }
A custom 10-hour, low-traffic window during which OpenSearch Service can perform mandatory configuration changes on the domain.
These actions can include scheduled service software updates and blue/green Auto-Tune enhancements. OpenSearch Service will schedule these actions during the window that you specify. If you don't specify a window start time, it defaults to 10:00 P.M. local time.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" offPeakWindowProperty := &OffPeakWindowProperty{ WindowStartTime: &WindowStartTimeProperty{ Hours: jsii.Number(123), Minutes: jsii.Number(123), }, }
type CfnDomain_SAMLOptionsProperty ¶ added in v2.63.0
type CfnDomain_SAMLOptionsProperty struct { // True to enable SAML authentication for a domain. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-samloptions.html#cfn-opensearchservice-domain-samloptions-enabled // Enabled interface{} `field:"optional" json:"enabled" yaml:"enabled"` // The SAML Identity Provider's information. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-samloptions.html#cfn-opensearchservice-domain-samloptions-idp // Idp interface{} `field:"optional" json:"idp" yaml:"idp"` // The backend role that the SAML master user is mapped to. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-samloptions.html#cfn-opensearchservice-domain-samloptions-masterbackendrole // MasterBackendRole *string `field:"optional" json:"masterBackendRole" yaml:"masterBackendRole"` // The SAML master user name, which is stored in the domain's internal user database. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-samloptions.html#cfn-opensearchservice-domain-samloptions-masterusername // MasterUserName *string `field:"optional" json:"masterUserName" yaml:"masterUserName"` // Element of the SAML assertion to use for backend roles. // // Default is `roles` . // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-samloptions.html#cfn-opensearchservice-domain-samloptions-roleskey // RolesKey *string `field:"optional" json:"rolesKey" yaml:"rolesKey"` // The duration, in minutes, after which a user session becomes inactive. // // Acceptable values are between 1 and 1440, and the default value is 60. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-samloptions.html#cfn-opensearchservice-domain-samloptions-sessiontimeoutminutes // SessionTimeoutMinutes *float64 `field:"optional" json:"sessionTimeoutMinutes" yaml:"sessionTimeoutMinutes"` // Element of the SAML assertion to use for the user name. // // Default is `NameID` . // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-samloptions.html#cfn-opensearchservice-domain-samloptions-subjectkey // SubjectKey *string `field:"optional" json:"subjectKey" yaml:"subjectKey"` }
Container for information about the SAML configuration for OpenSearch Dashboards.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" sAMLOptionsProperty := &SAMLOptionsProperty{ Enabled: jsii.Boolean(false), Idp: &IdpProperty{ EntityId: jsii.String("entityId"), MetadataContent: jsii.String("metadataContent"), }, MasterBackendRole: jsii.String("masterBackendRole"), MasterUserName: jsii.String("masterUserName"), RolesKey: jsii.String("rolesKey"), SessionTimeoutMinutes: jsii.Number(123), SubjectKey: jsii.String("subjectKey"), }
type CfnDomain_ServiceSoftwareOptionsProperty ¶ added in v2.55.0
type CfnDomain_ServiceSoftwareOptionsProperty struct { // The timestamp, in Epoch time, until which you can manually request a service software update. // // After this date, we automatically update your service software. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-servicesoftwareoptions.html#cfn-opensearchservice-domain-servicesoftwareoptions-automatedupdatedate // AutomatedUpdateDate *string `field:"optional" json:"automatedUpdateDate" yaml:"automatedUpdateDate"` // True if you're able to cancel your service software version update. // // False if you can't cancel your service software update. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-servicesoftwareoptions.html#cfn-opensearchservice-domain-servicesoftwareoptions-cancellable // Cancellable interface{} `field:"optional" json:"cancellable" yaml:"cancellable"` // The current service software version present on the domain. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-servicesoftwareoptions.html#cfn-opensearchservice-domain-servicesoftwareoptions-currentversion // CurrentVersion *string `field:"optional" json:"currentVersion" yaml:"currentVersion"` // A description of the service software update status. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-servicesoftwareoptions.html#cfn-opensearchservice-domain-servicesoftwareoptions-description // Description *string `field:"optional" json:"description" yaml:"description"` // The new service software version, if one is available. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-servicesoftwareoptions.html#cfn-opensearchservice-domain-servicesoftwareoptions-newversion // NewVersion *string `field:"optional" json:"newVersion" yaml:"newVersion"` // True if a service software is never automatically updated. // // False if a service software is automatically updated after the automated update date. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-servicesoftwareoptions.html#cfn-opensearchservice-domain-servicesoftwareoptions-optionaldeployment // OptionalDeployment interface{} `field:"optional" json:"optionalDeployment" yaml:"optionalDeployment"` // True if you're able to update your service software version. // // False if you can't update your service software version. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-servicesoftwareoptions.html#cfn-opensearchservice-domain-servicesoftwareoptions-updateavailable // UpdateAvailable interface{} `field:"optional" json:"updateAvailable" yaml:"updateAvailable"` // The status of your service software update. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-servicesoftwareoptions.html#cfn-opensearchservice-domain-servicesoftwareoptions-updatestatus // UpdateStatus *string `field:"optional" json:"updateStatus" yaml:"updateStatus"` }
The current status of the service software for an Amazon OpenSearch Service domain.
For more information, see [Service software updates in Amazon OpenSearch Service](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/service-software.html) .
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" serviceSoftwareOptionsProperty := &ServiceSoftwareOptionsProperty{ AutomatedUpdateDate: jsii.String("automatedUpdateDate"), Cancellable: jsii.Boolean(false), CurrentVersion: jsii.String("currentVersion"), Description: jsii.String("description"), NewVersion: jsii.String("newVersion"), OptionalDeployment: jsii.Boolean(false), UpdateAvailable: jsii.Boolean(false), UpdateStatus: jsii.String("updateStatus"), }
type CfnDomain_SnapshotOptionsProperty ¶
type CfnDomain_SnapshotOptionsProperty struct { // The hour in UTC during which the service takes an automated daily snapshot of the indexes in the OpenSearch Service domain. // // For example, if you specify 0, OpenSearch Service takes an automated snapshot everyday between midnight and 1 am. You can specify a value between 0 and 23. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-snapshotoptions.html#cfn-opensearchservice-domain-snapshotoptions-automatedsnapshotstarthour // AutomatedSnapshotStartHour *float64 `field:"optional" json:"automatedSnapshotStartHour" yaml:"automatedSnapshotStartHour"` }
*DEPRECATED* .
This setting is only relevant to domains running legacy Elasticsearch OSS versions earlier than 5.3. It does not apply to OpenSearch domains.
The automated snapshot configuration for the OpenSearch Service domain indexes.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" snapshotOptionsProperty := &SnapshotOptionsProperty{ AutomatedSnapshotStartHour: jsii.Number(123), }
type CfnDomain_SoftwareUpdateOptionsProperty ¶ added in v2.72.0
type CfnDomain_SoftwareUpdateOptionsProperty struct { // Specifies whether automatic service software updates are enabled for the domain. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-softwareupdateoptions.html#cfn-opensearchservice-domain-softwareupdateoptions-autosoftwareupdateenabled // AutoSoftwareUpdateEnabled interface{} `field:"optional" json:"autoSoftwareUpdateEnabled" yaml:"autoSoftwareUpdateEnabled"` }
Options for configuring service software updates for a domain.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" softwareUpdateOptionsProperty := &SoftwareUpdateOptionsProperty{ AutoSoftwareUpdateEnabled: jsii.Boolean(false), }
type CfnDomain_VPCOptionsProperty ¶
type CfnDomain_VPCOptionsProperty struct { // The list of security group IDs that are associated with the VPC endpoints for the domain. // // If you don't provide a security group ID, OpenSearch Service uses the default security group for the VPC. To learn more, see [Security groups for your VPC](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html) in the *Amazon VPC User Guide* . // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-vpcoptions.html#cfn-opensearchservice-domain-vpcoptions-securitygroupids // SecurityGroupIds *[]*string `field:"optional" json:"securityGroupIds" yaml:"securityGroupIds"` // Provide one subnet ID for each Availability Zone that your domain uses. // // For example, you must specify three subnet IDs for a three-AZ domain. To learn more, see [VPCs and subnets](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html) in the *Amazon VPC User Guide* . // // If you specify more than one subnet, you must also configure `ZoneAwarenessEnabled` and `ZoneAwarenessConfig` within [ClusterConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-clusterconfig.html) , otherwise you'll see the error "You must specify exactly one subnet" during template creation. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-vpcoptions.html#cfn-opensearchservice-domain-vpcoptions-subnetids // SubnetIds *[]*string `field:"optional" json:"subnetIds" yaml:"subnetIds"` }
The virtual private cloud (VPC) configuration for the OpenSearch Service domain.
For more information, see [Launching your Amazon OpenSearch Service domains using a VPC](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/vpc.html) in the *Amazon OpenSearch Service Developer Guide* .
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" vPCOptionsProperty := &VPCOptionsProperty{ SecurityGroupIds: []*string{ jsii.String("securityGroupIds"), }, SubnetIds: []*string{ jsii.String("subnetIds"), }, }
type CfnDomain_WindowStartTimeProperty ¶ added in v2.72.0
type CfnDomain_WindowStartTimeProperty struct { // The start hour of the window in Coordinated Universal Time (UTC), using 24-hour time. // // For example, 17 refers to 5:00 P.M. UTC. The minimum value is 0 and the maximum value is 23. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-windowstarttime.html#cfn-opensearchservice-domain-windowstarttime-hours // Hours *float64 `field:"required" json:"hours" yaml:"hours"` // The start minute of the window, in UTC. // // The minimum value is 0 and the maximum value is 59. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-windowstarttime.html#cfn-opensearchservice-domain-windowstarttime-minutes // Minutes *float64 `field:"required" json:"minutes" yaml:"minutes"` }
A custom start time for the off-peak window, in Coordinated Universal Time (UTC).
The window length will always be 10 hours, so you can't specify an end time. For example, if you specify 11:00 P.M. UTC as a start time, the end time will automatically be set to 9:00 A.M.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" windowStartTimeProperty := &WindowStartTimeProperty{ Hours: jsii.Number(123), Minutes: jsii.Number(123), }
type CfnDomain_ZoneAwarenessConfigProperty ¶
type CfnDomain_ZoneAwarenessConfigProperty struct { // If you enabled multiple Availability Zones (AZs), the number of AZs that you want the domain to use. // // Valid values are `2` and `3` . Default is 2. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-zoneawarenessconfig.html#cfn-opensearchservice-domain-zoneawarenessconfig-availabilityzonecount // AvailabilityZoneCount *float64 `field:"optional" json:"availabilityZoneCount" yaml:"availabilityZoneCount"` }
Specifies zone awareness configuration options.
Only use if `ZoneAwarenessEnabled` is `true` .
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" zoneAwarenessConfigProperty := &ZoneAwarenessConfigProperty{ AvailabilityZoneCount: jsii.Number(123), }
type CognitoOptions ¶
type CognitoOptions struct { // The Amazon Cognito identity pool ID that you want Amazon OpenSearch Service to use for OpenSearch Dashboards authentication. IdentityPoolId *string `field:"required" json:"identityPoolId" yaml:"identityPoolId"` // A role that allows Amazon OpenSearch Service to configure your user pool and identity pool. // // It must have the `AmazonESCognitoAccess` policy attached to it. // See: https://docs.aws.amazon.com/opensearch-service/latest/developerguide/cognito-auth.html#cognito-auth-prereq // Role awsiam.IRole `field:"required" json:"role" yaml:"role"` // The Amazon Cognito user pool ID that you want Amazon OpenSearch Service to use for OpenSearch Dashboards authentication. UserPoolId *string `field:"required" json:"userPoolId" yaml:"userPoolId"` }
Configures Amazon OpenSearch Service to use Amazon Cognito authentication for OpenSearch Dashboards.
Example:
opensearch.NewDomain(this, jsii.String("Domain"), &DomainProps{ CognitoDashboardsAuth: &CognitoOptions{ IdentityPoolId: jsii.String("test-identity-pool-id"), UserPoolId: jsii.String("test-user-pool-id"), Role: role, }, Version: openSearchVersion, })
See: https://docs.aws.amazon.com/opensearch-service/latest/developerguide/cognito-auth.html
type CustomEndpointOptions ¶
type CustomEndpointOptions struct { // The custom domain name to assign. DomainName *string `field:"required" json:"domainName" yaml:"domainName"` // The certificate to use. // Default: - create a new one. // Certificate awscertificatemanager.ICertificate `field:"optional" json:"certificate" yaml:"certificate"` // The hosted zone in Route53 to create the CNAME record in. // Default: - do not create a CNAME. // HostedZone awsroute53.IHostedZone `field:"optional" json:"hostedZone" yaml:"hostedZone"` }
Configures a custom domain endpoint for the Amazon OpenSearch Service domain.
Example:
awscdk.NewDomain(this, jsii.String("Domain"), &DomainProps{ Version: awscdk.EngineVersion_OPENSEARCH_1_0(), CustomEndpoint: &CustomEndpointOptions{ DomainName: jsii.String("search.example.com"), }, })
type Domain ¶
type Domain interface { awscdk.Resource awsec2.IConnectable IDomain // Log group that application logs are logged to. AppLogGroup() awslogs.ILogGroup // Log group that audit logs are logged to. AuditLogGroup() awslogs.ILogGroup // Manages network connections to the domain. // // This will throw an error in case the domain // is not placed inside a VPC. Connections() awsec2.Connections // Arn of the Amazon OpenSearch Service domain. DomainArn() *string // Endpoint of the Amazon OpenSearch Service domain. DomainEndpoint() *string // Identifier of the Amazon OpenSearch Service domain. DomainId() *string // Domain name of the Amazon OpenSearch Service domain. DomainName() *string // The environment this resource belongs to. // // For resources that are created and managed by the CDK // (generally, those created by creating new class instances like Role, Bucket, etc.), // this is always the same as the environment of the stack they belong to; // however, for imported resources // (those obtained from static methods like fromRoleArn, fromBucketName, etc.), // that might be different than the stack they were imported into. Env() *awscdk.ResourceEnvironment // Master user password if fine grained access control is configured. MasterUserPassword() awscdk.SecretValue // The tree node. Node() constructs.Node // Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource. // // This value will resolve to one of the following: // - a concrete value (e.g. `"my-awesome-bucket"`) // - `undefined`, when a name should be generated by CloudFormation // - a concrete name generated automatically during synthesis, in // cross-environment scenarios. PhysicalName() *string // Log group that slow indices are logged to. SlowIndexLogGroup() awslogs.ILogGroup // Log group that slow searches are logged to. SlowSearchLogGroup() awslogs.ILogGroup // The stack in which this resource is defined. Stack() awscdk.Stack // Add policy statements to the domain access policy. AddAccessPolicies(accessPolicyStatements ...awsiam.PolicyStatement) // Apply the given removal policy to this resource. // // The Removal Policy controls what happens to this resource when it stops // being managed by CloudFormation, either because you've removed it from the // CDK application or because you've made a change that requires the resource // to be replaced. // // The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS // account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). ApplyRemovalPolicy(policy awscdk.RemovalPolicy) GeneratePhysicalName() *string // Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`). // // Normally, this token will resolve to `arnAttr`, but if the resource is // referenced across environments, `arnComponents` will be used to synthesize // a concrete ARN with the resource's physical name. Make sure to reference // `this.physicalName` in `arnComponents`. GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string // Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`). // // Normally, this token will resolve to `nameAttr`, but if the resource is // referenced across environments, it will be resolved to `this.physicalName`, // which will be a concrete name. GetResourceNameAttribute(nameAttr *string) *string // Grant read permissions for an index in this domain to an IAM principal (Role/Group/User). GrantIndexRead(index *string, identity awsiam.IGrantable) awsiam.Grant // Grant read/write permissions for an index in this domain to an IAM principal (Role/Group/User). GrantIndexReadWrite(index *string, identity awsiam.IGrantable) awsiam.Grant // Grant write permissions for an index in this domain to an IAM principal (Role/Group/User). GrantIndexWrite(index *string, identity awsiam.IGrantable) awsiam.Grant // Grant read permissions for a specific path in this domain to an IAM principal (Role/Group/User). GrantPathRead(path *string, identity awsiam.IGrantable) awsiam.Grant // Grant read/write permissions for a specific path in this domain to an IAM principal (Role/Group/User). GrantPathReadWrite(path *string, identity awsiam.IGrantable) awsiam.Grant // Grant write permissions for a specific path in this domain to an IAM principal (Role/Group/User). GrantPathWrite(path *string, identity awsiam.IGrantable) awsiam.Grant // Grant read permissions for this domain and its contents to an IAM principal (Role/Group/User). GrantRead(identity awsiam.IGrantable) awsiam.Grant // Grant read/write permissions for this domain and its contents to an IAM principal (Role/Group/User). GrantReadWrite(identity awsiam.IGrantable) awsiam.Grant // Grant write permissions for this domain and its contents to an IAM principal (Role/Group/User). GrantWrite(identity awsiam.IGrantable) awsiam.Grant // Return the given named metric for this domain. Metric(metricName *string, props *awscloudwatch.MetricOptions) awscloudwatch.Metric // Metric for automated snapshot failures. // Default: maximum over 5 minutes. // MetricAutomatedSnapshotFailure(props *awscloudwatch.MetricOptions) awscloudwatch.Metric // Metric for the cluster blocking index writes. // Default: maximum over 1 minute. // MetricClusterIndexWritesBlocked(props *awscloudwatch.MetricOptions) awscloudwatch.Metric // Metric for the time the cluster status is red. // Default: maximum over 5 minutes. // MetricClusterStatusRed(props *awscloudwatch.MetricOptions) awscloudwatch.Metric // Metric for the time the cluster status is yellow. // Default: maximum over 5 minutes. // MetricClusterStatusYellow(props *awscloudwatch.MetricOptions) awscloudwatch.Metric // Metric for CPU utilization. // Default: maximum over 5 minutes. // MetricCPUUtilization(props *awscloudwatch.MetricOptions) awscloudwatch.Metric // Metric for the storage space of nodes in the cluster. // Default: minimum over 5 minutes. // MetricFreeStorageSpace(props *awscloudwatch.MetricOptions) awscloudwatch.Metric // Metric for indexing latency. // Default: p99 over 5 minutes. // MetricIndexingLatency(props *awscloudwatch.MetricOptions) awscloudwatch.Metric // Metric for JVM memory pressure. // Default: maximum over 5 minutes. // MetricJVMMemoryPressure(props *awscloudwatch.MetricOptions) awscloudwatch.Metric // Metric for KMS key errors. // Default: maximum over 5 minutes. // MetricKMSKeyError(props *awscloudwatch.MetricOptions) awscloudwatch.Metric // Metric for KMS key being inaccessible. // Default: maximum over 5 minutes. // MetricKMSKeyInaccessible(props *awscloudwatch.MetricOptions) awscloudwatch.Metric // Metric for master CPU utilization. // Default: maximum over 5 minutes. // MetricMasterCPUUtilization(props *awscloudwatch.MetricOptions) awscloudwatch.Metric // Metric for master JVM memory pressure. // Default: maximum over 5 minutes. // MetricMasterJVMMemoryPressure(props *awscloudwatch.MetricOptions) awscloudwatch.Metric // Metric for the number of nodes. // Default: minimum over 1 hour. // MetricNodes(props *awscloudwatch.MetricOptions) awscloudwatch.Metric // Metric for number of searchable documents. // Default: maximum over 5 minutes. // MetricSearchableDocuments(props *awscloudwatch.MetricOptions) awscloudwatch.Metric // Metric for search latency. // Default: p99 over 5 minutes. // MetricSearchLatency(props *awscloudwatch.MetricOptions) awscloudwatch.Metric // Returns a string representation of this construct. ToString() *string }
Provides an Amazon OpenSearch Service domain.
Example:
domain := awscdk.NewDomain(this, jsii.String("Domain"), &DomainProps{ Version: awscdk.EngineVersion_OPENSEARCH_1_0(), Ebs: &EbsOptions{ VolumeSize: jsii.Number(100), VolumeType: ec2.EbsDeviceVolumeType_GENERAL_PURPOSE_SSD, }, NodeToNodeEncryption: jsii.Boolean(true), EncryptionAtRest: &EncryptionAtRestOptions{ Enabled: jsii.Boolean(true), }, })
func NewDomain ¶
func NewDomain(scope constructs.Construct, id *string, props *DomainProps) Domain
type DomainAttributes ¶
type DomainAttributes struct { // The ARN of the Amazon OpenSearch Service domain. DomainArn *string `field:"required" json:"domainArn" yaml:"domainArn"` // The domain endpoint of the Amazon OpenSearch Service domain. DomainEndpoint *string `field:"required" json:"domainEndpoint" yaml:"domainEndpoint"` }
Reference to an Amazon OpenSearch Service domain.
Example:
domainArn := awscdk.Fn_ImportValue(jsii.String("another-cf-stack-export-domain-arn")) domainEndpoint := awscdk.Fn_ImportValue(jsii.String("another-cf-stack-export-domain-endpoint")) domain := awscdk.Domain_FromDomainAttributes(this, jsii.String("ImportedDomain"), &DomainAttributes{ DomainArn: jsii.String(DomainArn), DomainEndpoint: jsii.String(DomainEndpoint), })
type DomainProps ¶
type DomainProps struct { // The Elasticsearch/OpenSearch version that your domain will leverage. Version EngineVersion `field:"required" json:"version" yaml:"version"` // Domain access policies. // Default: - No access policies. // AccessPolicies *[]awsiam.PolicyStatement `field:"optional" json:"accessPolicies" yaml:"accessPolicies"` // Additional options to specify for the Amazon OpenSearch Service domain. // See: https://docs.aws.amazon.com/opensearch-service/latest/developerguide/createupdatedomains.html#createdomain-configure-advanced-options // // Default: - no advanced options are specified. // AdvancedOptions *map[string]*string `field:"optional" json:"advancedOptions" yaml:"advancedOptions"` // The hour in UTC during which the service takes an automated daily snapshot of the indices in the Amazon OpenSearch Service domain. // // Only applies for Elasticsearch versions // below 5.3. // Default: - Hourly automated snapshots not used. // AutomatedSnapshotStartHour *float64 `field:"optional" json:"automatedSnapshotStartHour" yaml:"automatedSnapshotStartHour"` // The cluster capacity configuration for the Amazon OpenSearch Service domain. // Default: - 1 r5.large.search data node; no dedicated master nodes. // Capacity *CapacityConfig `field:"optional" json:"capacity" yaml:"capacity"` // Configures Amazon OpenSearch Service to use Amazon Cognito authentication for OpenSearch Dashboards. // Default: - Cognito not used for authentication to OpenSearch Dashboards. // CognitoDashboardsAuth *CognitoOptions `field:"optional" json:"cognitoDashboardsAuth" yaml:"cognitoDashboardsAuth"` // To configure a custom domain configure these options. // // If you specify a Route53 hosted zone it will create a CNAME record and use DNS validation for the certificate. // Default: - no custom domain endpoint will be configured. // CustomEndpoint *CustomEndpointOptions `field:"optional" json:"customEndpoint" yaml:"customEndpoint"` // Enforces a particular physical domain name. // Default: - A name will be auto-generated. // DomainName *string `field:"optional" json:"domainName" yaml:"domainName"` // The configurations of Amazon Elastic Block Store (Amazon EBS) volumes that are attached to data nodes in the Amazon OpenSearch Service domain. // Default: - 10 GiB General Purpose (SSD) volumes per node. // Ebs *EbsOptions `field:"optional" json:"ebs" yaml:"ebs"` // Specifies whether automatic service software updates are enabled for the domain. // See: https://docs.aws.amazon.com/it_it/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-softwareupdateoptions.html // // Default: - false. // EnableAutoSoftwareUpdate *bool `field:"optional" json:"enableAutoSoftwareUpdate" yaml:"enableAutoSoftwareUpdate"` // To upgrade an Amazon OpenSearch Service domain to a new version, rather than replacing the entire domain resource, use the EnableVersionUpgrade update policy. // See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-updatepolicy.html#cfn-attributes-updatepolicy-upgradeopensearchdomain // // Default: - false. // EnableVersionUpgrade *bool `field:"optional" json:"enableVersionUpgrade" yaml:"enableVersionUpgrade"` // Encryption at rest options for the cluster. // Default: - No encryption at rest. // EncryptionAtRest *EncryptionAtRestOptions `field:"optional" json:"encryptionAtRest" yaml:"encryptionAtRest"` // True to require that all traffic to the domain arrive over HTTPS. // Default: - false. // EnforceHttps *bool `field:"optional" json:"enforceHttps" yaml:"enforceHttps"` // Specifies options for fine-grained access control. // // Requires Elasticsearch version 6.7 or later or OpenSearch version 1.0 or later. Enabling fine-grained access control // also requires encryption of data at rest and node-to-node encryption, along with // enforced HTTPS. // Default: - fine-grained access control is disabled. // FineGrainedAccessControl *AdvancedSecurityOptions `field:"optional" json:"fineGrainedAccessControl" yaml:"fineGrainedAccessControl"` // Configuration log publishing configuration options. // Default: - No logs are published. // Logging *LoggingOptions `field:"optional" json:"logging" yaml:"logging"` // Specify true to enable node to node encryption. // // Requires Elasticsearch version 6.0 or later or OpenSearch version 1.0 or later. // Default: - Node to node encryption is not enabled. // NodeToNodeEncryption *bool `field:"optional" json:"nodeToNodeEncryption" yaml:"nodeToNodeEncryption"` // Options for enabling a domain's off-peak window, during which OpenSearch Service can perform mandatory configuration changes on the domain. // // Off-peak windows were introduced on February 16, 2023. // All domains created before this date have the off-peak window disabled by default. // You must manually enable and configure the off-peak window for these domains. // All domains created after this date will have the off-peak window enabled by default. // You can't disable the off-peak window for a domain after it's enabled. // See: https://docs.aws.amazon.com/it_it/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-offpeakwindow.html // // Default: - Disabled for domains created before February 16, 2023. Enabled for domains created after. Enabled if `offPeakWindowStart` is set. // OffPeakWindowEnabled *bool `field:"optional" json:"offPeakWindowEnabled" yaml:"offPeakWindowEnabled"` // Start time for the off-peak window, in Coordinated Universal Time (UTC). // // The window length will always be 10 hours, so you can't specify an end time. // For example, if you specify 11:00 P.M. UTC as a start time, the end time will automatically be set to 9:00 A.M. // Default: - 10:00 P.M. local time // OffPeakWindowStart *WindowStartTime `field:"optional" json:"offPeakWindowStart" yaml:"offPeakWindowStart"` // Policy to apply when the domain is removed from the stack. // Default: RemovalPolicy.RETAIN // RemovalPolicy awscdk.RemovalPolicy `field:"optional" json:"removalPolicy" yaml:"removalPolicy"` // The list of security groups that are associated with the VPC endpoints for the domain. // // Only used if `vpc` is specified. // See: https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html // // Default: - One new security group is created. // SecurityGroups *[]awsec2.ISecurityGroup `field:"optional" json:"securityGroups" yaml:"securityGroups"` // The minimum TLS version required for traffic to the domain. // Default: - TLSSecurityPolicy.TLS_1_0 // TlsSecurityPolicy TLSSecurityPolicy `field:"optional" json:"tlsSecurityPolicy" yaml:"tlsSecurityPolicy"` // Configures the domain so that unsigned basic auth is enabled. // // If no master user is provided a default master user // with username `admin` and a dynamically generated password stored in KMS is created. The password can be retrieved // by getting `masterUserPassword` from the domain instance. // // Setting this to true will also add an access policy that allows unsigned // access, enable node to node encryption, encryption at rest. If conflicting // settings are encountered (like disabling encryption at rest) enabling this // setting will cause a failure. // Default: - false. // UseUnsignedBasicAuth *bool `field:"optional" json:"useUnsignedBasicAuth" yaml:"useUnsignedBasicAuth"` // Place the domain inside this VPC. // See: https://docs.aws.amazon.com/opensearch-service/latest/developerguide/vpc.html // // Default: - Domain is not placed in a VPC. // Vpc awsec2.IVpc `field:"optional" json:"vpc" yaml:"vpc"` // The specific vpc subnets the domain will be placed in. // // You must provide one subnet for each Availability Zone // that your domain uses. For example, you must specify three subnet IDs for a three Availability Zone // domain. // // Only used if `vpc` is specified. // See: https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html // // Default: - All private subnets. // VpcSubnets *[]*awsec2.SubnetSelection `field:"optional" json:"vpcSubnets" yaml:"vpcSubnets"` // The cluster zone awareness configuration for the Amazon OpenSearch Service domain. // Default: - no zone awareness (1 AZ). // ZoneAwareness *ZoneAwarenessConfig `field:"optional" json:"zoneAwareness" yaml:"zoneAwareness"` }
Properties for an Amazon OpenSearch Service domain.
Example:
domain := awscdk.NewDomain(this, jsii.String("Domain"), &DomainProps{ Version: awscdk.EngineVersion_OPENSEARCH_1_0(), Ebs: &EbsOptions{ VolumeSize: jsii.Number(100), VolumeType: ec2.EbsDeviceVolumeType_GENERAL_PURPOSE_SSD, }, NodeToNodeEncryption: jsii.Boolean(true), EncryptionAtRest: &EncryptionAtRestOptions{ Enabled: jsii.Boolean(true), }, })
type EbsOptions ¶
type EbsOptions struct { // Specifies whether Amazon EBS volumes are attached to data nodes in the Amazon OpenSearch Service domain. // Default: - true. // Enabled *bool `field:"optional" json:"enabled" yaml:"enabled"` // The number of I/O operations per second (IOPS) that the volume supports. // // This property applies only to the gp3 and Provisioned IOPS (SSD) EBS // volume type. // Default: - iops are not set. // Iops *float64 `field:"optional" json:"iops" yaml:"iops"` // The throughput (in MiB/s) of the EBS volumes attached to data nodes. // // This property applies only to the gp3 volume type. // Default: - throughput is not set. // Throughput *float64 `field:"optional" json:"throughput" yaml:"throughput"` // The size (in GiB) of the EBS volume for each data node. // // The minimum and // maximum size of an EBS volume depends on the EBS volume type and the // instance type to which it is attached. For valid values, see // [EBS volume size limits] // (https://docs.aws.amazon.com/opensearch-service/latest/developerguide/limits.html#ebsresource) // in the Amazon OpenSearch Service Developer Guide. // Default: 10. // VolumeSize *float64 `field:"optional" json:"volumeSize" yaml:"volumeSize"` // The EBS volume type to use with the Amazon OpenSearch Service domain, such as standard, gp2, io1. // Default: gp2. // VolumeType awsec2.EbsDeviceVolumeType `field:"optional" json:"volumeType" yaml:"volumeType"` }
The configurations of Amazon Elastic Block Store (Amazon EBS) volumes that are attached to data nodes in the Amazon OpenSearch Service domain.
For more information, see [Amazon EBS] (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AmazonEBS.html) in the Amazon Elastic Compute Cloud Developer Guide.
Example:
domain := awscdk.NewDomain(this, jsii.String("Domain"), &DomainProps{ Version: awscdk.EngineVersion_OPENSEARCH_1_0(), Ebs: &EbsOptions{ VolumeSize: jsii.Number(100), VolumeType: ec2.EbsDeviceVolumeType_GENERAL_PURPOSE_SSD, }, NodeToNodeEncryption: jsii.Boolean(true), EncryptionAtRest: &EncryptionAtRestOptions{ Enabled: jsii.Boolean(true), }, })
type EncryptionAtRestOptions ¶
type EncryptionAtRestOptions struct { // Specify true to enable encryption at rest. // Default: - encryption at rest is disabled. // Enabled *bool `field:"optional" json:"enabled" yaml:"enabled"` // Supply if using KMS key for encryption at rest. // Default: - uses default aws/es KMS key. // KmsKey awskms.IKey `field:"optional" json:"kmsKey" yaml:"kmsKey"` }
Whether the domain should encrypt data at rest, and if so, the AWS Key Management Service (KMS) key to use.
Can only be used to create a new domain, not update an existing one. Requires Elasticsearch version 5.1 or later or OpenSearch version 1.0 or later.
Example:
domain := awscdk.NewDomain(this, jsii.String("Domain"), &DomainProps{ Version: awscdk.EngineVersion_OPENSEARCH_1_0(), EnforceHttps: jsii.Boolean(true), NodeToNodeEncryption: jsii.Boolean(true), EncryptionAtRest: &EncryptionAtRestOptions{ Enabled: jsii.Boolean(true), }, FineGrainedAccessControl: &AdvancedSecurityOptions{ MasterUserName: jsii.String("master-user"), SamlAuthenticationEnabled: jsii.Boolean(true), SamlAuthenticationOptions: &SAMLOptionsProperty{ IdpEntityId: jsii.String("entity-id"), IdpMetadataContent: jsii.String("metadata-content-with-quotes-escaped"), }, }, })
type EngineVersion ¶
type EngineVersion interface { // engine version identifier. Version() *string }
OpenSearch version.
Example:
domain := awscdk.NewDomain(this, jsii.String("Domain"), &DomainProps{ Version: awscdk.EngineVersion_OPENSEARCH_1_0(), Ebs: &EbsOptions{ VolumeSize: jsii.Number(100), VolumeType: ec2.EbsDeviceVolumeType_GENERAL_PURPOSE_SSD, }, NodeToNodeEncryption: jsii.Boolean(true), EncryptionAtRest: &EncryptionAtRestOptions{ Enabled: jsii.Boolean(true), }, })
func EngineVersion_ELASTICSEARCH_1_5 ¶
func EngineVersion_ELASTICSEARCH_1_5() EngineVersion
func EngineVersion_ELASTICSEARCH_2_3 ¶
func EngineVersion_ELASTICSEARCH_2_3() EngineVersion
func EngineVersion_ELASTICSEARCH_5_1 ¶
func EngineVersion_ELASTICSEARCH_5_1() EngineVersion
func EngineVersion_ELASTICSEARCH_5_3 ¶
func EngineVersion_ELASTICSEARCH_5_3() EngineVersion
func EngineVersion_ELASTICSEARCH_5_5 ¶
func EngineVersion_ELASTICSEARCH_5_5() EngineVersion
func EngineVersion_ELASTICSEARCH_5_6 ¶
func EngineVersion_ELASTICSEARCH_5_6() EngineVersion
func EngineVersion_ELASTICSEARCH_6_0 ¶
func EngineVersion_ELASTICSEARCH_6_0() EngineVersion
func EngineVersion_ELASTICSEARCH_6_2 ¶
func EngineVersion_ELASTICSEARCH_6_2() EngineVersion
func EngineVersion_ELASTICSEARCH_6_3 ¶
func EngineVersion_ELASTICSEARCH_6_3() EngineVersion
func EngineVersion_ELASTICSEARCH_6_4 ¶
func EngineVersion_ELASTICSEARCH_6_4() EngineVersion
func EngineVersion_ELASTICSEARCH_6_5 ¶
func EngineVersion_ELASTICSEARCH_6_5() EngineVersion
func EngineVersion_ELASTICSEARCH_6_7 ¶
func EngineVersion_ELASTICSEARCH_6_7() EngineVersion
func EngineVersion_ELASTICSEARCH_6_8 ¶
func EngineVersion_ELASTICSEARCH_6_8() EngineVersion
func EngineVersion_ELASTICSEARCH_7_1 ¶
func EngineVersion_ELASTICSEARCH_7_1() EngineVersion
func EngineVersion_ELASTICSEARCH_7_10 ¶
func EngineVersion_ELASTICSEARCH_7_10() EngineVersion
func EngineVersion_ELASTICSEARCH_7_4 ¶
func EngineVersion_ELASTICSEARCH_7_4() EngineVersion
func EngineVersion_ELASTICSEARCH_7_7 ¶
func EngineVersion_ELASTICSEARCH_7_7() EngineVersion
func EngineVersion_ELASTICSEARCH_7_8 ¶
func EngineVersion_ELASTICSEARCH_7_8() EngineVersion
func EngineVersion_ELASTICSEARCH_7_9 ¶
func EngineVersion_ELASTICSEARCH_7_9() EngineVersion
func EngineVersion_Elasticsearch ¶
func EngineVersion_Elasticsearch(version *string) EngineVersion
Custom ElasticSearch version.
func EngineVersion_OPENSEARCH_1_0 ¶
func EngineVersion_OPENSEARCH_1_0() EngineVersion
func EngineVersion_OPENSEARCH_1_1 ¶ added in v2.9.0
func EngineVersion_OPENSEARCH_1_1() EngineVersion
func EngineVersion_OPENSEARCH_1_2 ¶ added in v2.20.0
func EngineVersion_OPENSEARCH_1_2() EngineVersion
func EngineVersion_OPENSEARCH_1_3 ¶ added in v2.35.0
func EngineVersion_OPENSEARCH_1_3() EngineVersion
func EngineVersion_OPENSEARCH_2_3 ¶ added in v2.61.0
func EngineVersion_OPENSEARCH_2_3() EngineVersion
func EngineVersion_OPENSEARCH_2_5 ¶ added in v2.78.0
func EngineVersion_OPENSEARCH_2_5() EngineVersion
func EngineVersion_OPENSEARCH_2_7 ¶ added in v2.88.0
func EngineVersion_OPENSEARCH_2_7() EngineVersion
func EngineVersion_OpenSearch ¶
func EngineVersion_OpenSearch(version *string) EngineVersion
Custom OpenSearch version.
type IDomain ¶
type IDomain interface { awscdk.IResource // Grant read permissions for an index in this domain to an IAM principal (Role/Group/User). GrantIndexRead(index *string, identity awsiam.IGrantable) awsiam.Grant // Grant read/write permissions for an index in this domain to an IAM principal (Role/Group/User). GrantIndexReadWrite(index *string, identity awsiam.IGrantable) awsiam.Grant // Grant write permissions for an index in this domain to an IAM principal (Role/Group/User). GrantIndexWrite(index *string, identity awsiam.IGrantable) awsiam.Grant // Grant read permissions for a specific path in this domain to an IAM principal (Role/Group/User). GrantPathRead(path *string, identity awsiam.IGrantable) awsiam.Grant // Grant read/write permissions for a specific path in this domain to an IAM principal (Role/Group/User). GrantPathReadWrite(path *string, identity awsiam.IGrantable) awsiam.Grant // Grant write permissions for a specific path in this domain to an IAM principal (Role/Group/User). GrantPathWrite(path *string, identity awsiam.IGrantable) awsiam.Grant // Grant read permissions for this domain and its contents to an IAM principal (Role/Group/User). GrantRead(identity awsiam.IGrantable) awsiam.Grant // Grant read/write permissions for this domain and its contents to an IAM principal (Role/Group/User). GrantReadWrite(identity awsiam.IGrantable) awsiam.Grant // Grant write permissions for this domain and its contents to an IAM principal (Role/Group/User). GrantWrite(identity awsiam.IGrantable) awsiam.Grant // Return the given named metric for this domain. Metric(metricName *string, props *awscloudwatch.MetricOptions) awscloudwatch.Metric // Metric for automated snapshot failures. // Default: maximum over 5 minutes. // MetricAutomatedSnapshotFailure(props *awscloudwatch.MetricOptions) awscloudwatch.Metric // Metric for the cluster blocking index writes. // Default: maximum over 1 minute. // MetricClusterIndexWritesBlocked(props *awscloudwatch.MetricOptions) awscloudwatch.Metric // Metric for the time the cluster status is red. // Default: maximum over 5 minutes. // MetricClusterStatusRed(props *awscloudwatch.MetricOptions) awscloudwatch.Metric // Metric for the time the cluster status is yellow. // Default: maximum over 5 minutes. // MetricClusterStatusYellow(props *awscloudwatch.MetricOptions) awscloudwatch.Metric // Metric for CPU utilization. // Default: maximum over 5 minutes. // MetricCPUUtilization(props *awscloudwatch.MetricOptions) awscloudwatch.Metric // Metric for the storage space of nodes in the cluster. // Default: minimum over 5 minutes. // MetricFreeStorageSpace(props *awscloudwatch.MetricOptions) awscloudwatch.Metric // Metric for indexing latency. // Default: p99 over 5 minutes. // MetricIndexingLatency(props *awscloudwatch.MetricOptions) awscloudwatch.Metric // Metric for JVM memory pressure. // Default: maximum over 5 minutes. // MetricJVMMemoryPressure(props *awscloudwatch.MetricOptions) awscloudwatch.Metric // Metric for KMS key errors. // Default: maximum over 5 minutes. // MetricKMSKeyError(props *awscloudwatch.MetricOptions) awscloudwatch.Metric // Metric for KMS key being inaccessible. // Default: maximum over 5 minutes. // MetricKMSKeyInaccessible(props *awscloudwatch.MetricOptions) awscloudwatch.Metric // Metric for master CPU utilization. // Default: maximum over 5 minutes. // MetricMasterCPUUtilization(props *awscloudwatch.MetricOptions) awscloudwatch.Metric // Metric for master JVM memory pressure. // Default: maximum over 5 minutes. // MetricMasterJVMMemoryPressure(props *awscloudwatch.MetricOptions) awscloudwatch.Metric // Metric for the number of nodes. // Default: minimum over 1 hour. // MetricNodes(props *awscloudwatch.MetricOptions) awscloudwatch.Metric // Metric for number of searchable documents. // Default: maximum over 5 minutes. // MetricSearchableDocuments(props *awscloudwatch.MetricOptions) awscloudwatch.Metric // Metric for search latency. // Default: p99 over 5 minutes. // MetricSearchLatency(props *awscloudwatch.MetricOptions) awscloudwatch.Metric // Arn of the Amazon OpenSearch Service domain. DomainArn() *string // Endpoint of the Amazon OpenSearch Service domain. DomainEndpoint() *string // Identifier of the Amazon OpenSearch Service domain. DomainId() *string // Domain name of the Amazon OpenSearch Service domain. DomainName() *string }
An interface that represents an Amazon OpenSearch Service domain - either created with the CDK, or an existing one.
func Domain_FromDomainAttributes ¶
func Domain_FromDomainAttributes(scope constructs.Construct, id *string, attrs *DomainAttributes) IDomain
Creates a domain construct that represents an external domain.
func Domain_FromDomainEndpoint ¶
func Domain_FromDomainEndpoint(scope constructs.Construct, id *string, domainEndpoint *string) IDomain
Creates a domain construct that represents an external domain via domain endpoint.
type LoggingOptions ¶
type LoggingOptions struct { // Specify if Amazon OpenSearch Service application logging should be set up. // // Requires Elasticsearch version 5.1 or later or OpenSearch version 1.0 or later. // Default: - false. // AppLogEnabled *bool `field:"optional" json:"appLogEnabled" yaml:"appLogEnabled"` // Log Amazon OpenSearch Service application logs to this log group. // Default: - a new log group is created if app logging is enabled. // AppLogGroup awslogs.ILogGroup `field:"optional" json:"appLogGroup" yaml:"appLogGroup"` // Specify if Amazon OpenSearch Service audit logging should be set up. // // Requires Elasticsearch version 6.7 or later or OpenSearch version 1.0 or later and fine grained access control to be enabled. // Default: - false. // AuditLogEnabled *bool `field:"optional" json:"auditLogEnabled" yaml:"auditLogEnabled"` // Log Amazon OpenSearch Service audit logs to this log group. // Default: - a new log group is created if audit logging is enabled. // AuditLogGroup awslogs.ILogGroup `field:"optional" json:"auditLogGroup" yaml:"auditLogGroup"` // Specify if slow index logging should be set up. // // Requires Elasticsearch version 5.1 or later or OpenSearch version 1.0 or later. // Default: - false. // SlowIndexLogEnabled *bool `field:"optional" json:"slowIndexLogEnabled" yaml:"slowIndexLogEnabled"` // Log slow indices to this log group. // Default: - a new log group is created if slow index logging is enabled. // SlowIndexLogGroup awslogs.ILogGroup `field:"optional" json:"slowIndexLogGroup" yaml:"slowIndexLogGroup"` // Specify if slow search logging should be set up. // // Requires Elasticsearch version 5.1 or later or OpenSearch version 1.0 or later. // Default: - false. // SlowSearchLogEnabled *bool `field:"optional" json:"slowSearchLogEnabled" yaml:"slowSearchLogEnabled"` // Log slow searches to this log group. // Default: - a new log group is created if slow search logging is enabled. // SlowSearchLogGroup awslogs.ILogGroup `field:"optional" json:"slowSearchLogGroup" yaml:"slowSearchLogGroup"` }
Configures log settings for the domain.
Example:
prodDomain := awscdk.NewDomain(this, jsii.String("Domain"), &DomainProps{ Version: awscdk.EngineVersion_OPENSEARCH_1_0(), Capacity: &CapacityConfig{ MasterNodes: jsii.Number(5), DataNodes: jsii.Number(20), }, Ebs: &EbsOptions{ VolumeSize: jsii.Number(20), }, ZoneAwareness: &ZoneAwarenessConfig{ AvailabilityZoneCount: jsii.Number(3), }, Logging: &LoggingOptions{ SlowSearchLogEnabled: jsii.Boolean(true), AppLogEnabled: jsii.Boolean(true), SlowIndexLogEnabled: jsii.Boolean(true), }, })
type SAMLOptionsProperty ¶ added in v2.92.0
type SAMLOptionsProperty struct { // The unique entity ID of the application in the SAML identity provider. IdpEntityId *string `field:"required" json:"idpEntityId" yaml:"idpEntityId"` // The metadata of the SAML application, in XML format. IdpMetadataContent *string `field:"required" json:"idpMetadataContent" yaml:"idpMetadataContent"` // The backend role that the SAML master user is mapped to. // // Any users with this backend role receives full permission in OpenSearch Dashboards/Kibana. // To use a SAML master backend role, configure the `rolesKey` property. // Default: - The master user is not mapped to a backend role. // MasterBackendRole *string `field:"optional" json:"masterBackendRole" yaml:"masterBackendRole"` // The SAML master username, which is stored in the domain's internal user database. // // This SAML user receives full permission in OpenSearch Dashboards/Kibana. // Creating a new master username does not delete any existing master usernames. // Default: - No master user name is configured. // MasterUserName *string `field:"optional" json:"masterUserName" yaml:"masterUserName"` // Element of the SAML assertion to use for backend roles. // Default: - roles. // RolesKey *string `field:"optional" json:"rolesKey" yaml:"rolesKey"` // The duration, in minutes, after which a user session becomes inactive. // Default: - 60. // SessionTimeoutMinutes *float64 `field:"optional" json:"sessionTimeoutMinutes" yaml:"sessionTimeoutMinutes"` // Element of the SAML assertion to use for the user name. // Default: - NameID element of the SAML assertion fot the user name. // SubjectKey *string `field:"optional" json:"subjectKey" yaml:"subjectKey"` }
Container for information about the SAML configuration for OpenSearch Dashboards.
Example:
domain := awscdk.NewDomain(this, jsii.String("Domain"), &DomainProps{ Version: awscdk.EngineVersion_OPENSEARCH_1_0(), EnforceHttps: jsii.Boolean(true), NodeToNodeEncryption: jsii.Boolean(true), EncryptionAtRest: &EncryptionAtRestOptions{ Enabled: jsii.Boolean(true), }, FineGrainedAccessControl: &AdvancedSecurityOptions{ MasterUserName: jsii.String("master-user"), SamlAuthenticationEnabled: jsii.Boolean(true), SamlAuthenticationOptions: &SAMLOptionsProperty{ IdpEntityId: jsii.String("entity-id"), IdpMetadataContent: jsii.String("metadata-content-with-quotes-escaped"), }, }, })
type TLSSecurityPolicy ¶
type TLSSecurityPolicy string
The minimum TLS version required for traffic to the domain.
const ( // Cipher suite TLS 1.0. TLSSecurityPolicy_TLS_1_0 TLSSecurityPolicy = "TLS_1_0" // Cipher suite TLS 1.2. TLSSecurityPolicy_TLS_1_2 TLSSecurityPolicy = "TLS_1_2" )
type WindowStartTime ¶ added in v2.89.0
type WindowStartTime struct { // The start hour of the window in Coordinated Universal Time (UTC), using 24-hour time. // // For example, 17 refers to 5:00 P.M. UTC. // Default: - 22. // Hours *float64 `field:"required" json:"hours" yaml:"hours"` // The start minute of the window, in UTC. // Default: - 0. // Minutes *float64 `field:"required" json:"minutes" yaml:"minutes"` }
Example:
domain := awscdk.NewDomain(this, jsii.String("Domain"), &DomainProps{ Version: awscdk.EngineVersion_OPENSEARCH_1_3(), OffPeakWindowEnabled: jsii.Boolean(true), // can be omitted if offPeakWindowStart is set OffPeakWindowStart: &WindowStartTime{ Hours: jsii.Number(20), Minutes: jsii.Number(0), }, })
type ZoneAwarenessConfig ¶
type ZoneAwarenessConfig struct { // If you enabled multiple Availability Zones (AZs), the number of AZs that you want the domain to use. // // Valid values are 2 and 3. // Default: - 2 if zone awareness is enabled. // AvailabilityZoneCount *float64 `field:"optional" json:"availabilityZoneCount" yaml:"availabilityZoneCount"` // Indicates whether to enable zone awareness for the Amazon OpenSearch Service domain. // // When you enable zone awareness, Amazon OpenSearch Service allocates the nodes and replica // index shards that belong to a cluster across two Availability Zones (AZs) // in the same region to prevent data loss and minimize downtime in the event // of node or data center failure. Don't enable zone awareness if your cluster // has no replica index shards or is a single-node cluster. For more information, // see [Configuring a Multi-AZ Domain] // (https://docs.aws.amazon.com/opensearch-service/latest/developerguide/managedomains-multiaz.html) // in the Amazon OpenSearch Service Developer Guide. // Default: - false. // Enabled *bool `field:"optional" json:"enabled" yaml:"enabled"` }
Specifies zone awareness configuration options.
Example:
domain := awscdk.NewDomain(this, jsii.String("Domain"), &DomainProps{ Version: awscdk.EngineVersion_OPENSEARCH_1_3(), Ebs: &EbsOptions{ VolumeSize: jsii.Number(10), VolumeType: ec2.EbsDeviceVolumeType_GENERAL_PURPOSE_SSD_GP3, }, ZoneAwareness: &ZoneAwarenessConfig{ Enabled: jsii.Boolean(true), AvailabilityZoneCount: jsii.Number(3), }, Capacity: &CapacityConfig{ MultiAzWithStandbyEnabled: jsii.Boolean(true), MasterNodes: jsii.Number(3), DataNodes: jsii.Number(3), }, })
Source Files ¶
- AdvancedSecurityOptions.go
- CapacityConfig.go
- CfnDomain.go
- CfnDomainProps.go
- CfnDomain_AdvancedSecurityOptionsInputProperty.go
- CfnDomain_ClusterConfigProperty.go
- CfnDomain_CognitoOptionsProperty.go
- CfnDomain_DomainEndpointOptionsProperty.go
- CfnDomain_EBSOptionsProperty.go
- CfnDomain_EncryptionAtRestOptionsProperty.go
- CfnDomain_IdpProperty.go
- CfnDomain_LogPublishingOptionProperty.go
- CfnDomain_MasterUserOptionsProperty.go
- CfnDomain_NodeToNodeEncryptionOptionsProperty.go
- CfnDomain_OffPeakWindowOptionsProperty.go
- CfnDomain_OffPeakWindowProperty.go
- CfnDomain_SAMLOptionsProperty.go
- CfnDomain_ServiceSoftwareOptionsProperty.go
- CfnDomain_SnapshotOptionsProperty.go
- CfnDomain_SoftwareUpdateOptionsProperty.go
- CfnDomain_VPCOptionsProperty.go
- CfnDomain_WindowStartTimeProperty.go
- CfnDomain_ZoneAwarenessConfigProperty.go
- CfnDomain__checks.go
- CognitoOptions.go
- CustomEndpointOptions.go
- Domain.go
- DomainAttributes.go
- DomainProps.go
- Domain__checks.go
- EbsOptions.go
- EncryptionAtRestOptions.go
- EngineVersion.go
- EngineVersion__checks.go
- IDomain.go
- IDomain__checks.go
- LoggingOptions.go
- SAMLOptionsProperty.go
- TLSSecurityPolicy.go
- WindowStartTime.go
- ZoneAwarenessConfig.go
- main.go