README
¶
Amazon OpenSearch Service Construct Library
Amazon OpenSearch Service is the successor to Amazon Elasticsearch Service.
See Migrating to OpenSearch for migration instructions from @aws-cdk/aws-elasticsearch to this module, @aws-cdk/aws-opensearchservice.
Quick start
Create a development cluster by simply specifying the version:
devDomain := awscdk.NewDomain(this, jsii.String("Domain"), &domainProps{
version: awscdk.EngineVersion_OPENSEARCH_1_0(),
})
To perform version upgrades without replacing the entire domain, specify the enableVersionUpgrade property.
devDomain := awscdk.NewDomain(this, jsii.String("Domain"), &domainProps{
version: awscdk.EngineVersion_OPENSEARCH_1_0(),
enableVersionUpgrade: jsii.Boolean(true),
})
Create a production grade cluster by also specifying things like capacity and az distribution
prodDomain := awscdk.NewDomain(this, jsii.String("Domain"), &domainProps{
version: awscdk.EngineVersion_OPENSEARCH_1_0(),
capacity: &capacityConfig{
masterNodes: jsii.Number(5),
dataNodes: jsii.Number(20),
},
ebs: &ebsOptions{
volumeSize: jsii.Number(20),
},
zoneAwareness: &zoneAwarenessConfig{
availabilityZoneCount: jsii.Number(3),
},
logging: &loggingOptions{
slowSearchLogEnabled: jsii.Boolean(true),
appLogEnabled: jsii.Boolean(true),
slowIndexLogEnabled: jsii.Boolean(true),
},
})
This creates an Amazon OpenSearch Service cluster and automatically sets up log groups for logging the domain logs and slow search logs.
A note about SLR
Some cluster configurations (e.g VPC access) require the existence of the AWSServiceRoleForAmazonElasticsearchService Service-Linked Role.
When performing such operations via the AWS Console, this SLR is created automatically when needed. However, this is not the behavior when using CloudFormation. If an SLR is needed, but doesn't exist, you will encounter a failure message simlar to:
Before you can proceed, you must enable a service-linked role to give Amazon OpenSearch Service...
To resolve this, you need to create the SLR. We recommend using the AWS CLI:
aws iam create-service-linked-role --aws-service-name es.amazonaws.com
You can also create it using the CDK, but note that only the first application deploying this will succeed:
slr := iam.NewCfnServiceLinkedRole(this, jsii.String("Service Linked Role"), &cfnServiceLinkedRoleProps{
awsServiceName: jsii.String("es.amazonaws.com"),
})
Importing existing domains
Using a known domain endpoint
To import an existing domain into your CDK application, use the Domain.fromDomainEndpoint factory method.
This method accepts a domain endpoint of an already existing domain:
domainEndpoint := "https://my-domain-jcjotrt6f7otem4sqcwbch3c4u.us-east-1.es.amazonaws.com"
domain := awscdk.Domain.fromDomainEndpoint(this, jsii.String("ImportedDomain"), domainEndpoint)
Using the output of another CloudFormation stack
To import an existing domain with the help of an exported value from another CloudFormation stack,
use the Domain.fromDomainAttributes factory method. This will accept tokens.
domainArn := awscdk.Fn.importValue(jsii.String("another-cf-stack-export-domain-arn"))
domainEndpoint := awscdk.Fn.importValue(jsii.String("another-cf-stack-export-domain-endpoint"))
domain := awscdk.Domain.fromDomainAttributes(this, jsii.String("ImportedDomain"), &domainAttributes{
domainArn: jsii.String(domainArn),
domainEndpoint: jsii.String(domainEndpoint),
})
Permissions
IAM
Helper methods also exist for managing access to the domain.
var fn function
var domain domain
// Grant write access to the app-search index
domain.grantIndexWrite(jsii.String("app-search"), fn)
// Grant read access to the 'app-search/_search' path
domain.grantPathRead(jsii.String("app-search/_search"), fn)
Encryption
The domain can also be created with encryption enabled:
domain := awscdk.NewDomain(this, jsii.String("Domain"), &domainProps{
version: awscdk.EngineVersion_OPENSEARCH_1_0(),
ebs: &ebsOptions{
volumeSize: jsii.Number(100),
volumeType: ec2.ebsDeviceVolumeType_GENERAL_PURPOSE_SSD,
},
nodeToNodeEncryption: jsii.Boolean(true),
encryptionAtRest: &encryptionAtRestOptions{
enabled: jsii.Boolean(true),
},
})
This sets up the domain with node to node encryption and encryption at rest. You can also choose to supply your own KMS key to use for encryption at rest.
VPC Support
Domains can be placed inside a VPC, providing a secure communication between Amazon OpenSearch Service and other services within the VPC without the need for an internet gateway, NAT device, or VPN connection.
Visit VPC Support for Amazon OpenSearch Service Domains for more details.
vpc := ec2.NewVpc(this, jsii.String("Vpc"))
domainProps := &domainProps{
version: awscdk.EngineVersion_OPENSEARCH_1_0(),
removalPolicy: awscdk.RemovalPolicy_DESTROY,
vpc: vpc,
// must be enabled since our VPC contains multiple private subnets.
zoneAwareness: &zoneAwarenessConfig{
enabled: jsii.Boolean(true),
},
capacity: &capacityConfig{
// must be an even number since the default az count is 2.
dataNodes: jsii.Number(2),
},
}
awscdk.NewDomain(this, jsii.String("Domain"), domainProps)
In addition, you can use the vpcSubnets property to control which specific subnets will be used, and the securityGroups property to control
which security groups will be attached to the domain. By default, CDK will select all private subnets in the VPC, and create one dedicated security group.
Metrics
Helper methods exist to access common domain metrics for example:
var domain domain
freeStorageSpace := domain.metricFreeStorageSpace()
masterSysMemoryUtilization := domain.metric(jsii.String("MasterSysMemoryUtilization"))
This module is part of the AWS Cloud Development Kit project.
Fine grained access control
The domain can also be created with a master user configured. The password can be supplied or dynamically created if not supplied.
domain := awscdk.NewDomain(this, jsii.String("Domain"), &domainProps{
version: awscdk.EngineVersion_OPENSEARCH_1_0(),
enforceHttps: jsii.Boolean(true),
nodeToNodeEncryption: jsii.Boolean(true),
encryptionAtRest: &encryptionAtRestOptions{
enabled: jsii.Boolean(true),
},
fineGrainedAccessControl: &advancedSecurityOptions{
masterUserName: jsii.String("master-user"),
},
})
masterUserPassword := domain.masterUserPassword
Using unsigned basic auth
For convenience, the domain can be configured to allow unsigned HTTP requests that use basic auth. Unless the domain is configured to be part of a VPC this means anyone can access the domain using the configured master username and password.
To enable unsigned basic auth access the domain is configured with an access policy that allows anyonmous requests, HTTPS required, node to node encryption, encryption at rest and fine grained access control.
If the above settings are not set they will be configured as part of enabling unsigned basic auth. If they are set with conflicting values, an error will be thrown.
If no master user is configured a default master user is created with the
username admin.
If no password is configured a default master user password is created and
stored in the AWS Secrets Manager as secret. The secret has the prefix
<domain id>MasterUser.
domain := awscdk.NewDomain(this, jsii.String("Domain"), &domainProps{
version: awscdk.EngineVersion_OPENSEARCH_1_0(),
useUnsignedBasicAuth: jsii.Boolean(true),
})
masterUserPassword := domain.masterUserPassword
Custom access policies
If the domain requires custom access control it can be configured either as a constructor property, or later by means of a helper method.
For simple permissions the accessPolicies constructor may be sufficient:
domain := awscdk.NewDomain(this, jsii.String("Domain"), &domainProps{
version: awscdk.EngineVersion_OPENSEARCH_1_0(),
accessPolicies: []policyStatement{
iam.NewPolicyStatement(&policyStatementProps{
actions: []*string{
jsii.String("es:*ESHttpPost"),
jsii.String("es:ESHttpPut*"),
},
effect: iam.effect_ALLOW,
principals: []iPrincipal{
iam.NewAccountPrincipal(jsii.String("123456789012")),
},
resources: []*string{
jsii.String("*"),
},
}),
},
})
For more complex use-cases, for example, to set the domain up to receive data from a
cross-account Kinesis Firehose the addAccessPolicies helper method
allows for policies that include the explicit domain ARN.
domain := awscdk.NewDomain(this, jsii.String("Domain"), &domainProps{
version: awscdk.EngineVersion_OPENSEARCH_1_0(),
})
domain.addAccessPolicies(
iam.NewPolicyStatement(&policyStatementProps{
actions: []*string{
jsii.String("es:ESHttpPost"),
jsii.String("es:ESHttpPut"),
},
effect: iam.effect_ALLOW,
principals: []iPrincipal{
iam.NewAccountPrincipal(jsii.String("123456789012")),
},
resources: []*string{
domain.domainArn,
fmt.Sprintf("%v/*", domain.domainArn),
},
}),
iam.NewPolicyStatement(&policyStatementProps{
actions: []*string{
jsii.String("es:ESHttpGet"),
},
effect: iam.*effect_ALLOW,
principals: []*iPrincipal{
iam.NewAccountPrincipal(jsii.String("123456789012")),
},
resources: []*string{
fmt.Sprintf("%v/_all/_settings", domain.domainArn),
fmt.Sprintf("%v/_cluster/stats", domain.domainArn),
fmt.Sprintf("%v/index-name*/_mapping/type-name", domain.domainArn),
fmt.Sprintf("%v/roletest*/_mapping/roletest", domain.domainArn),
fmt.Sprintf("%v/_nodes", domain.domainArn),
fmt.Sprintf("%v/_nodes/stats", domain.domainArn),
fmt.Sprintf("%v/_nodes/*/stats", domain.domainArn),
fmt.Sprintf("%v/_stats", domain.domainArn),
fmt.Sprintf("%v/index-name*/_stats", domain.domainArn),
fmt.Sprintf("%v/roletest*/_stat", domain.domainArn),
},
}))
Audit logs
Audit logs can be enabled for a domain, but only when fine grained access control is enabled.
domain := awscdk.NewDomain(this, jsii.String("Domain"), &domainProps{
version: awscdk.EngineVersion_OPENSEARCH_1_0(),
enforceHttps: jsii.Boolean(true),
nodeToNodeEncryption: jsii.Boolean(true),
encryptionAtRest: &encryptionAtRestOptions{
enabled: jsii.Boolean(true),
},
fineGrainedAccessControl: &advancedSecurityOptions{
masterUserName: jsii.String("master-user"),
},
logging: &loggingOptions{
auditLogEnabled: jsii.Boolean(true),
slowSearchLogEnabled: jsii.Boolean(true),
appLogEnabled: jsii.Boolean(true),
slowIndexLogEnabled: jsii.Boolean(true),
},
})
UltraWarm
UltraWarm nodes can be enabled to provide a cost-effective way to store large amounts of read-only data.
domain := awscdk.NewDomain(this, jsii.String("Domain"), &domainProps{
version: awscdk.EngineVersion_OPENSEARCH_1_0(),
capacity: &capacityConfig{
masterNodes: jsii.Number(2),
warmNodes: jsii.Number(2),
warmInstanceType: jsii.String("ultrawarm1.medium.search"),
},
})
Custom endpoint
Custom endpoints can be configured to reach the domain under a custom domain name.
awscdk.NewDomain(this, jsii.String("Domain"), &domainProps{
version: awscdk.EngineVersion_OPENSEARCH_1_0(),
customEndpoint: &customEndpointOptions{
domainName: jsii.String("search.example.com"),
},
})
It is also possible to specify a custom certificate instead of the auto-generated one.
Additionally, an automatic CNAME-Record is created if a hosted zone is provided for the custom endpoint
Advanced options
Advanced options can used to configure additional options.
awscdk.NewDomain(this, jsii.String("Domain"), &domainProps{
version: awscdk.EngineVersion_OPENSEARCH_1_0(),
advancedOptions: map[string]*string{
"rest.action.multi.allow_explicit_index": jsii.String("false"),
"indices.fielddata.cache.size": jsii.String("25"),
"indices.query.bool.max_clause_count": jsii.String("2048"),
},
})
Amazon Cognito authentication for OpenSearch Dashboards
The domain can be configured to use Amazon Cognito authentication for OpenSearch Dashboards.
Visit Configuring Amazon Cognito authentication for OpenSearch Dashboards for more details.
var cognitoConfigurationRole role
domain := awscdk.NewDomain(this, jsii.String("Domain"), &domainProps{
version: awscdk.EngineVersion_OPENSEARCH_1_0(),
cognitoDashboardsAuth: &cognitoOptions{
role: cognitoConfigurationRole,
identityPoolId: jsii.String("example-identity-pool-id"),
userPoolId: jsii.String("example-user-pool-id"),
},
})
Documentation
¶
Index ¶
- func CfnDomain_CFN_RESOURCE_TYPE_NAME() *string
- func CfnDomain_IsCfnElement(x interface{}) *bool
- func CfnDomain_IsCfnResource(construct constructs.IConstruct) *bool
- func CfnDomain_IsConstruct(x interface{}) *bool
- func Domain_IsConstruct(x interface{}) *bool
- func Domain_IsOwnedResource(construct constructs.IConstruct) *bool
- func Domain_IsResource(construct constructs.IConstruct) *bool
- func NewCfnDomain_Override(c CfnDomain, scope constructs.Construct, id *string, props *CfnDomainProps)
- func NewDomain_Override(d Domain, scope constructs.Construct, id *string, props *DomainProps)
- type AdvancedSecurityOptions
- type CapacityConfig
- type CfnDomain
- type CfnDomainProps
- type CfnDomain_AdvancedSecurityOptionsInputProperty
- type CfnDomain_ClusterConfigProperty
- type CfnDomain_CognitoOptionsProperty
- type CfnDomain_DomainEndpointOptionsProperty
- type CfnDomain_EBSOptionsProperty
- type CfnDomain_EncryptionAtRestOptionsProperty
- type CfnDomain_LogPublishingOptionProperty
- type CfnDomain_MasterUserOptionsProperty
- type CfnDomain_NodeToNodeEncryptionOptionsProperty
- type CfnDomain_SnapshotOptionsProperty
- type CfnDomain_VPCOptionsProperty
- type CfnDomain_ZoneAwarenessConfigProperty
- type CognitoOptions
- type CustomEndpointOptions
- type Domain
- type DomainAttributes
- type DomainProps
- type EbsOptions
- type EncryptionAtRestOptions
- type EngineVersion
- func EngineVersion_ELASTICSEARCH_1_5() EngineVersion
- func EngineVersion_ELASTICSEARCH_2_3() EngineVersion
- func EngineVersion_ELASTICSEARCH_5_1() EngineVersion
- func EngineVersion_ELASTICSEARCH_5_3() EngineVersion
- func EngineVersion_ELASTICSEARCH_5_5() EngineVersion
- func EngineVersion_ELASTICSEARCH_5_6() EngineVersion
- func EngineVersion_ELASTICSEARCH_6_0() EngineVersion
- func EngineVersion_ELASTICSEARCH_6_2() EngineVersion
- func EngineVersion_ELASTICSEARCH_6_3() EngineVersion
- func EngineVersion_ELASTICSEARCH_6_4() EngineVersion
- func EngineVersion_ELASTICSEARCH_6_5() EngineVersion
- func EngineVersion_ELASTICSEARCH_6_7() EngineVersion
- func EngineVersion_ELASTICSEARCH_6_8() EngineVersion
- func EngineVersion_ELASTICSEARCH_7_1() EngineVersion
- func EngineVersion_ELASTICSEARCH_7_10() EngineVersion
- func EngineVersion_ELASTICSEARCH_7_4() EngineVersion
- func EngineVersion_ELASTICSEARCH_7_7() EngineVersion
- func EngineVersion_ELASTICSEARCH_7_8() EngineVersion
- func EngineVersion_ELASTICSEARCH_7_9() EngineVersion
- func EngineVersion_Elasticsearch(version *string) EngineVersion
- func EngineVersion_OPENSEARCH_1_0() EngineVersion
- func EngineVersion_OPENSEARCH_1_1() EngineVersion
- func EngineVersion_OPENSEARCH_1_2() EngineVersion
- func EngineVersion_OPENSEARCH_1_3() EngineVersion
- func EngineVersion_OpenSearch(version *string) EngineVersion
- type IDomain
- type LoggingOptions
- type TLSSecurityPolicy
- type ZoneAwarenessConfig
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CfnDomain_CFN_RESOURCE_TYPE_NAME ¶
func CfnDomain_CFN_RESOURCE_TYPE_NAME() *string
func CfnDomain_IsCfnElement ¶
func CfnDomain_IsCfnElement(x interface{}) *bool
Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).
Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.
Returns: The construct as a stack element or undefined if it is not a stack element.
func CfnDomain_IsCfnResource ¶
func CfnDomain_IsCfnResource(construct constructs.IConstruct) *bool
Check whether the given construct is a CfnResource.
func CfnDomain_IsConstruct ¶
func CfnDomain_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.
Returns: true if `x` is an object created from a class which extends `Construct`.
func Domain_IsConstruct ¶
func Domain_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.
Returns: true if `x` is an object created from a class which extends `Construct`.
func Domain_IsOwnedResource ¶ added in v2.32.0
func Domain_IsOwnedResource(construct constructs.IConstruct) *bool
Returns true if the construct was created by CDK, and false otherwise.
func Domain_IsResource ¶
func Domain_IsResource(construct constructs.IConstruct) *bool
Check whether the given construct is a Resource.
func NewCfnDomain_Override ¶
func NewCfnDomain_Override(c CfnDomain, scope constructs.Construct, id *string, props *CfnDomainProps)
Create a new `AWS::OpenSearchService::Domain`.
func NewDomain_Override ¶
func NewDomain_Override(d Domain, scope constructs.Construct, id *string, props *DomainProps)
Types ¶
type AdvancedSecurityOptions ¶
type AdvancedSecurityOptions struct {
// ARN for the master user.
//
// Only specify this or masterUserName, but not both.
MasterUserArn *string `field:"optional" json:"masterUserArn" yaml:"masterUserArn"`
// Username for the master user.
//
// Only specify this or masterUserArn, but not both.
MasterUserName *string `field:"optional" json:"masterUserName" yaml:"masterUserName"`
// Password for the master user.
//
// You can use `SecretValue.unsafePlainText` to specify a password in plain text or
// use `secretsmanager.Secret.fromSecretAttributes` to reference a secret in
// Secrets Manager.
MasterUserPassword awscdk.SecretValue `field:"optional" json:"masterUserPassword" yaml:"masterUserPassword"`
}
Specifies options for fine-grained access control.
Example:
domain := awscdk.NewDomain(this, jsii.String("Domain"), &domainProps{
version: awscdk.EngineVersion_OPENSEARCH_1_0(),
enforceHttps: jsii.Boolean(true),
nodeToNodeEncryption: jsii.Boolean(true),
encryptionAtRest: &encryptionAtRestOptions{
enabled: jsii.Boolean(true),
},
fineGrainedAccessControl: &advancedSecurityOptions{
masterUserName: jsii.String("master-user"),
},
logging: &loggingOptions{
auditLogEnabled: jsii.Boolean(true),
slowSearchLogEnabled: jsii.Boolean(true),
appLogEnabled: jsii.Boolean(true),
slowIndexLogEnabled: jsii.Boolean(true),
},
})
type CapacityConfig ¶
type CapacityConfig struct {
// The instance type for your data nodes, such as `m3.medium.search`. For valid values, see [Supported Instance Types](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/supported-instance-types.html) in the Amazon OpenSearch Service Developer Guide.
DataNodeInstanceType *string `field:"optional" json:"dataNodeInstanceType" yaml:"dataNodeInstanceType"`
// The number of data nodes (instances) to use in the Amazon OpenSearch Service domain.
DataNodes *float64 `field:"optional" json:"dataNodes" yaml:"dataNodes"`
// The hardware configuration of the computer that hosts the dedicated master node, such as `m3.medium.search`. For valid values, see [Supported Instance Types] (https://docs.aws.amazon.com/opensearch-service/latest/developerguide/supported-instance-types.html) in the Amazon OpenSearch Service Developer Guide.
MasterNodeInstanceType *string `field:"optional" json:"masterNodeInstanceType" yaml:"masterNodeInstanceType"`
// The number of instances to use for the master node.
MasterNodes *float64 `field:"optional" json:"masterNodes" yaml:"masterNodes"`
// The instance type for your UltraWarm node, such as `ultrawarm1.medium.search`. For valid values, see [UltraWarm Storage Limits] (https://docs.aws.amazon.com/opensearch-service/latest/developerguide/limits.html#limits-ultrawarm) in the Amazon OpenSearch Service Developer Guide.
WarmInstanceType *string `field:"optional" json:"warmInstanceType" yaml:"warmInstanceType"`
// The number of UltraWarm nodes (instances) to use in the Amazon OpenSearch Service domain.
WarmNodes *float64 `field:"optional" json:"warmNodes" yaml:"warmNodes"`
}
Configures the capacity of the cluster such as the instance type and the number of instances.
Example:
domain := awscdk.NewDomain(this, jsii.String("Domain"), &domainProps{
version: awscdk.EngineVersion_OPENSEARCH_1_0(),
capacity: &capacityConfig{
masterNodes: jsii.Number(2),
warmNodes: jsii.Number(2),
warmInstanceType: jsii.String("ultrawarm1.medium.search"),
},
})
type CfnDomain ¶
type CfnDomain interface {
awscdk.CfnResource
awscdk.IInspectable
// An AWS Identity and Access Management ( IAM ) policy document that specifies who can access the OpenSearch Service domain and their permissions.
//
// For more information, see [Configuring access policies](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/ac.html#ac-creating) in the *Amazon OpenSearch Service Developer Guide* .
AccessPolicies() interface{}
SetAccessPolicies(val interface{})
// Additional options to specify for the OpenSearch Service domain.
//
// For more information, see [AdvancedOptions](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/configuration-api.html#configuration-api-datatypes-advancedoptions) in the OpenSearch Service configuration API reference.
AdvancedOptions() interface{}
SetAdvancedOptions(val interface{})
// Specifies options for fine-grained access control.
AdvancedSecurityOptions() interface{}
SetAdvancedSecurityOptions(val interface{})
// The Amazon Resource Name (ARN) of the domain, such as `arn:aws:es:us-west-2:123456789012:domain/mystack-1ab2cdefghij` .
AttrArn() *string
// The domain-specific endpoint used for requests to the OpenSearch APIs, such as `search-mystack-1ab2cdefghij-ab1c2deckoyb3hofw7wpqa3cm.us-west-1.es.amazonaws.com` .
AttrDomainEndpoint() *string
// The resource ID.
//
// For example, `123456789012/my-domain` .
AttrId() *string
// Options for this resource, such as condition, update policy etc.
CfnOptions() awscdk.ICfnResourceOptions
CfnProperties() *map[string]interface{}
// AWS resource type.
CfnResourceType() *string
// `ClusterConfig` is a property of the AWS::OpenSearchService::Domain resource that configures an Amazon OpenSearch Service cluster.
ClusterConfig() interface{}
SetClusterConfig(val interface{})
// Configures OpenSearch Service to use Amazon Cognito authentication for OpenSearch Dashboards.
CognitoOptions() interface{}
SetCognitoOptions(val interface{})
// Returns: the stack trace of the point where this Resource was created from, sourced
// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
// node +internal+ entries filtered.
CreationStack() *[]*string
// Specifies additional options for the domain endpoint, such as whether to require HTTPS for all traffic or whether to use a custom endpoint rather than the default endpoint.
DomainEndpointOptions() interface{}
SetDomainEndpointOptions(val interface{})
// A name for the OpenSearch Service domain.
//
// For valid values, see the [DomainName](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/configuration-api.html#configuration-api-datatypes-domainname) data type in the *Amazon OpenSearch Service Developer Guide* . If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the domain name. For more information, see [Name Type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html) .
//
// Required when creating a new domain.
//
// > If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.
DomainName() *string
SetDomainName(val *string)
// The configurations of Amazon Elastic Block Store (Amazon EBS) volumes that are attached to data nodes in the OpenSearch Service domain.
//
// For more information, see [EBS volume size limits](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/limits.html#ebsresource) in the *Amazon OpenSearch Service Developer Guide* .
EbsOptions() interface{}
SetEbsOptions(val interface{})
// Whether the domain should encrypt data at rest, and if so, the AWS KMS key to use.
//
// See [Encryption of data at rest for Amazon OpenSearch Service](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/encryption-at-rest.html) .
EncryptionAtRestOptions() interface{}
SetEncryptionAtRestOptions(val interface{})
// The version of OpenSearch to use.
//
// The value must be in the format `OpenSearch_X.Y` or `Elasticsearch_X.Y` . If not specified, the latest version of OpenSearch is used. For information about the versions that OpenSearch Service supports, see [Supported versions of OpenSearch and Elasticsearch](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/what-is.html#choosing-version) in the *Amazon OpenSearch Service Developer Guide* .
//
// If you set the [EnableVersionUpgrade](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-updatepolicy.html#cfn-attributes-updatepolicy-upgradeopensearchdomain) update policy to `true` , you can update `EngineVersion` without interruption. When `EnableVersionUpgrade` is set to `false` , or is not specified, updating `EngineVersion` results in [replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) .
EngineVersion() *string
SetEngineVersion(val *string)
// The logical ID for this CloudFormation stack element.
//
// The logical ID of the element
// is calculated from the path of the resource node in the construct tree.
//
// To override this value, use `overrideLogicalId(newLogicalId)`.
//
// Returns: the logical ID as a stringified token. This value will only get
// resolved during synthesis.
LogicalId() *string
// An object with one or more of the following keys: `SEARCH_SLOW_LOGS` , `ES_APPLICATION_LOGS` , `INDEX_SLOW_LOGS` , `AUDIT_LOGS` , depending on the types of logs you want to publish.
//
// Each key needs a valid `LogPublishingOption` value. For the full syntax, see the [examples](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html#aws-resource-opensearchservice-domain--examples) .
LogPublishingOptions() interface{}
SetLogPublishingOptions(val interface{})
// The tree node.
Node() constructs.Node
// Specifies whether node-to-node encryption is enabled.
//
// See [Node-to-node encryption for Amazon OpenSearch Service](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/ntn.html) .
NodeToNodeEncryptionOptions() interface{}
SetNodeToNodeEncryptionOptions(val interface{})
// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
//
// If, by any chance, the intrinsic reference of a resource is not a string, you could
// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
Ref() *string
// *DEPRECATED* .
//
// The automated snapshot configuration for the OpenSearch Service domain indices.
SnapshotOptions() interface{}
SetSnapshotOptions(val interface{})
// The stack in which this element is defined.
//
// CfnElements must be defined within a stack scope (directly or indirectly).
Stack() awscdk.Stack
// An arbitrary set of tags (key–value pairs) to associate with the OpenSearch Service domain.
Tags() awscdk.TagManager
// Deprecated.
// Deprecated: use `updatedProperties`
//
// Return properties modified after initiation
//
// Resources that expose mutable properties should override this function to
// collect and return the properties object for this resource.
UpdatedProperites() *map[string]interface{}
// Return properties modified after initiation.
//
// Resources that expose mutable properties should override this function to
// collect and return the properties object for this resource.
UpdatedProperties() *map[string]interface{}
// The virtual private cloud (VPC) configuration for the OpenSearch Service domain.
//
// For more information, see [Launching your Amazon OpenSearch Service domains within a VPC](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/vpc.html) in the *Amazon OpenSearch Service Developer Guide* .
VpcOptions() interface{}
SetVpcOptions(val interface{})
// Syntactic sugar for `addOverride(path, undefined)`.
AddDeletionOverride(path *string)
// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
//
// This can be used for resources across stacks (or nested stack) boundaries
// and the dependency will automatically be transferred to the relevant scope.
AddDependsOn(target awscdk.CfnResource)
// Add a value to the CloudFormation Resource Metadata.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
//
// Note that this is a different set of metadata from CDK node metadata; this
// metadata ends up in the stack template under the resource, whereas CDK
// node metadata ends up in the Cloud Assembly.
//
AddMetadata(key *string, value interface{})
// Adds an override to the synthesized CloudFormation resource.
//
// To add a
// property override, either use `addPropertyOverride` or prefix `path` with
// "Properties." (i.e. `Properties.TopicName`).
//
// If the override is nested, separate each nested level using a dot (.) in the path parameter.
// If there is an array as part of the nesting, specify the index in the path.
//
// To include a literal `.` in the property name, prefix with a `\`. In most
// programming languages you will need to write this as `"\\."` because the
// `\` itself will need to be escaped.
//
// For example,
// “`typescript
// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
// “`
// would add the overrides
// “`json
// "Properties": {
// "GlobalSecondaryIndexes": [
// {
// "Projection": {
// "NonKeyAttributes": [ "myattribute" ]
// ...
// }
// ...
// },
// {
// "ProjectionType": "INCLUDE"
// ...
// },
// ]
// ...
// }
// “`
//
// The `value` argument to `addOverride` will not be processed or translated
// in any way. Pass raw JSON values in here with the correct capitalization
// for CloudFormation. If you pass CDK classes or structs, they will be
// rendered with lowercased key names, and CloudFormation will reject the
// template.
AddOverride(path *string, value interface{})
// Adds an override that deletes the value of a property from the resource definition.
AddPropertyDeletionOverride(propertyPath *string)
// Adds an override to a resource property.
//
// Syntactic sugar for `addOverride("Properties.<...>", value)`.
AddPropertyOverride(propertyPath *string, value interface{})
// Sets the deletion policy of the resource based on the removal policy specified.
//
// The Removal Policy controls what happens to this resource when it stops
// being managed by CloudFormation, either because you've removed it from the
// CDK application or because you've made a change that requires the resource
// to be replaced.
//
// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some
// cases, a snapshot can be taken of the resource prior to deletion
// (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy
// can be found in the following link:.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options
//
ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
// Returns a token for an runtime attribute of this resource.
//
// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
// in case there is no generated attribute.
GetAtt(attributeName *string) awscdk.Reference
// Retrieve a value value from the CloudFormation Resource Metadata.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
//
// Note that this is a different set of metadata from CDK node metadata; this
// metadata ends up in the stack template under the resource, whereas CDK
// node metadata ends up in the Cloud Assembly.
//
GetMetadata(key *string) interface{}
// Examines the CloudFormation resource and discloses attributes.
Inspect(inspector awscdk.TreeInspector)
// Overrides the auto-generated logical ID with a specific ID.
OverrideLogicalId(newLogicalId *string)
RenderProperties(props *map[string]interface{}) *map[string]interface{}
// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
//
// Returns: `true` if the resource should be included or `false` is the resource
// should be omitted.
ShouldSynthesize() *bool
// Returns a string representation of this construct.
//
// Returns: a string representation of this resource.
ToString() *string
ValidateProperties(_properties interface{})
}
A CloudFormation `AWS::OpenSearchService::Domain`.
The AWS::OpenSearchService::Domain resource creates an Amazon OpenSearch Service domain.
> The `AWS::OpenSearchService::Domain` resource replaces the legacy [AWS::Elasticsearch::Domain](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticsearch-domain.html) resource. While the Elasticsearch resource and options are still supported, we recommend modifying your existing Cloudformation templates to use the new OpenSearch Service resource, which supports both OpenSearch and legacy Elasticsearch engines. For instructions to upgrade domains defined within CloudFormation from Elasticsearch to OpenSearch, see [Remarks](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html#aws-resource-opensearchservice-domain--remarks) .
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
var accessPolicies interface{}
cfnDomain := awscdk.Aws_opensearchservice.NewCfnDomain(this, jsii.String("MyCfnDomain"), &cfnDomainProps{
accessPolicies: accessPolicies,
advancedOptions: map[string]*string{
"advancedOptionsKey": jsii.String("advancedOptions"),
},
advancedSecurityOptions: &advancedSecurityOptionsInputProperty{
enabled: jsii.Boolean(false),
internalUserDatabaseEnabled: jsii.Boolean(false),
masterUserOptions: &masterUserOptionsProperty{
masterUserArn: jsii.String("masterUserArn"),
masterUserName: jsii.String("masterUserName"),
masterUserPassword: jsii.String("masterUserPassword"),
},
},
clusterConfig: &clusterConfigProperty{
dedicatedMasterCount: jsii.Number(123),
dedicatedMasterEnabled: jsii.Boolean(false),
dedicatedMasterType: jsii.String("dedicatedMasterType"),
instanceCount: jsii.Number(123),
instanceType: jsii.String("instanceType"),
warmCount: jsii.Number(123),
warmEnabled: jsii.Boolean(false),
warmType: jsii.String("warmType"),
zoneAwarenessConfig: &zoneAwarenessConfigProperty{
availabilityZoneCount: jsii.Number(123),
},
zoneAwarenessEnabled: jsii.Boolean(false),
},
cognitoOptions: &cognitoOptionsProperty{
enabled: jsii.Boolean(false),
identityPoolId: jsii.String("identityPoolId"),
roleArn: jsii.String("roleArn"),
userPoolId: jsii.String("userPoolId"),
},
domainEndpointOptions: &domainEndpointOptionsProperty{
customEndpoint: jsii.String("customEndpoint"),
customEndpointCertificateArn: jsii.String("customEndpointCertificateArn"),
customEndpointEnabled: jsii.Boolean(false),
enforceHttps: jsii.Boolean(false),
tlsSecurityPolicy: jsii.String("tlsSecurityPolicy"),
},
domainName: jsii.String("domainName"),
ebsOptions: &eBSOptionsProperty{
ebsEnabled: jsii.Boolean(false),
iops: jsii.Number(123),
volumeSize: jsii.Number(123),
volumeType: jsii.String("volumeType"),
},
encryptionAtRestOptions: &encryptionAtRestOptionsProperty{
enabled: jsii.Boolean(false),
kmsKeyId: jsii.String("kmsKeyId"),
},
engineVersion: jsii.String("engineVersion"),
logPublishingOptions: map[string]interface{}{
"logPublishingOptionsKey": &LogPublishingOptionProperty{
"cloudWatchLogsLogGroupArn": jsii.String("cloudWatchLogsLogGroupArn"),
"enabled": jsii.Boolean(false),
},
},
nodeToNodeEncryptionOptions: &nodeToNodeEncryptionOptionsProperty{
enabled: jsii.Boolean(false),
},
snapshotOptions: &snapshotOptionsProperty{
automatedSnapshotStartHour: jsii.Number(123),
},
tags: []cfnTag{
&cfnTag{
key: jsii.String("key"),
value: jsii.String("value"),
},
},
vpcOptions: &vPCOptionsProperty{
securityGroupIds: []*string{
jsii.String("securityGroupIds"),
},
subnetIds: []*string{
jsii.String("subnetIds"),
},
},
})
func NewCfnDomain ¶
func NewCfnDomain(scope constructs.Construct, id *string, props *CfnDomainProps) CfnDomain
Create a new `AWS::OpenSearchService::Domain`.
type CfnDomainProps ¶
type CfnDomainProps struct {
// An AWS Identity and Access Management ( IAM ) policy document that specifies who can access the OpenSearch Service domain and their permissions.
//
// For more information, see [Configuring access policies](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/ac.html#ac-creating) in the *Amazon OpenSearch Service Developer Guide* .
AccessPolicies interface{} `field:"optional" json:"accessPolicies" yaml:"accessPolicies"`
// Additional options to specify for the OpenSearch Service domain.
//
// For more information, see [AdvancedOptions](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/configuration-api.html#configuration-api-datatypes-advancedoptions) in the OpenSearch Service configuration API reference.
AdvancedOptions interface{} `field:"optional" json:"advancedOptions" yaml:"advancedOptions"`
// Specifies options for fine-grained access control.
AdvancedSecurityOptions interface{} `field:"optional" json:"advancedSecurityOptions" yaml:"advancedSecurityOptions"`
// `ClusterConfig` is a property of the AWS::OpenSearchService::Domain resource that configures an Amazon OpenSearch Service cluster.
ClusterConfig interface{} `field:"optional" json:"clusterConfig" yaml:"clusterConfig"`
// Configures OpenSearch Service to use Amazon Cognito authentication for OpenSearch Dashboards.
CognitoOptions interface{} `field:"optional" json:"cognitoOptions" yaml:"cognitoOptions"`
// Specifies additional options for the domain endpoint, such as whether to require HTTPS for all traffic or whether to use a custom endpoint rather than the default endpoint.
DomainEndpointOptions interface{} `field:"optional" json:"domainEndpointOptions" yaml:"domainEndpointOptions"`
// A name for the OpenSearch Service domain.
//
// For valid values, see the [DomainName](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/configuration-api.html#configuration-api-datatypes-domainname) data type in the *Amazon OpenSearch Service Developer Guide* . If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the domain name. For more information, see [Name Type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html) .
//
// Required when creating a new domain.
//
// > If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.
DomainName *string `field:"optional" json:"domainName" yaml:"domainName"`
// The configurations of Amazon Elastic Block Store (Amazon EBS) volumes that are attached to data nodes in the OpenSearch Service domain.
//
// For more information, see [EBS volume size limits](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/limits.html#ebsresource) in the *Amazon OpenSearch Service Developer Guide* .
EbsOptions interface{} `field:"optional" json:"ebsOptions" yaml:"ebsOptions"`
// Whether the domain should encrypt data at rest, and if so, the AWS KMS key to use.
//
// See [Encryption of data at rest for Amazon OpenSearch Service](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/encryption-at-rest.html) .
EncryptionAtRestOptions interface{} `field:"optional" json:"encryptionAtRestOptions" yaml:"encryptionAtRestOptions"`
// The version of OpenSearch to use.
//
// The value must be in the format `OpenSearch_X.Y` or `Elasticsearch_X.Y` . If not specified, the latest version of OpenSearch is used. For information about the versions that OpenSearch Service supports, see [Supported versions of OpenSearch and Elasticsearch](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/what-is.html#choosing-version) in the *Amazon OpenSearch Service Developer Guide* .
//
// If you set the [EnableVersionUpgrade](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-updatepolicy.html#cfn-attributes-updatepolicy-upgradeopensearchdomain) update policy to `true` , you can update `EngineVersion` without interruption. When `EnableVersionUpgrade` is set to `false` , or is not specified, updating `EngineVersion` results in [replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) .
EngineVersion *string `field:"optional" json:"engineVersion" yaml:"engineVersion"`
// An object with one or more of the following keys: `SEARCH_SLOW_LOGS` , `ES_APPLICATION_LOGS` , `INDEX_SLOW_LOGS` , `AUDIT_LOGS` , depending on the types of logs you want to publish.
//
// Each key needs a valid `LogPublishingOption` value. For the full syntax, see the [examples](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html#aws-resource-opensearchservice-domain--examples) .
LogPublishingOptions interface{} `field:"optional" json:"logPublishingOptions" yaml:"logPublishingOptions"`
// Specifies whether node-to-node encryption is enabled.
//
// See [Node-to-node encryption for Amazon OpenSearch Service](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/ntn.html) .
NodeToNodeEncryptionOptions interface{} `field:"optional" json:"nodeToNodeEncryptionOptions" yaml:"nodeToNodeEncryptionOptions"`
// *DEPRECATED* .
//
// The automated snapshot configuration for the OpenSearch Service domain indices.
SnapshotOptions interface{} `field:"optional" json:"snapshotOptions" yaml:"snapshotOptions"`
// An arbitrary set of tags (key–value pairs) to associate with the OpenSearch Service domain.
Tags *[]*awscdk.CfnTag `field:"optional" json:"tags" yaml:"tags"`
// The virtual private cloud (VPC) configuration for the OpenSearch Service domain.
//
// For more information, see [Launching your Amazon OpenSearch Service domains within a VPC](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/vpc.html) in the *Amazon OpenSearch Service Developer Guide* .
VpcOptions interface{} `field:"optional" json:"vpcOptions" yaml:"vpcOptions"`
}
Properties for defining a `CfnDomain`.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
var accessPolicies interface{}
cfnDomainProps := &cfnDomainProps{
accessPolicies: accessPolicies,
advancedOptions: map[string]*string{
"advancedOptionsKey": jsii.String("advancedOptions"),
},
advancedSecurityOptions: &advancedSecurityOptionsInputProperty{
enabled: jsii.Boolean(false),
internalUserDatabaseEnabled: jsii.Boolean(false),
masterUserOptions: &masterUserOptionsProperty{
masterUserArn: jsii.String("masterUserArn"),
masterUserName: jsii.String("masterUserName"),
masterUserPassword: jsii.String("masterUserPassword"),
},
},
clusterConfig: &clusterConfigProperty{
dedicatedMasterCount: jsii.Number(123),
dedicatedMasterEnabled: jsii.Boolean(false),
dedicatedMasterType: jsii.String("dedicatedMasterType"),
instanceCount: jsii.Number(123),
instanceType: jsii.String("instanceType"),
warmCount: jsii.Number(123),
warmEnabled: jsii.Boolean(false),
warmType: jsii.String("warmType"),
zoneAwarenessConfig: &zoneAwarenessConfigProperty{
availabilityZoneCount: jsii.Number(123),
},
zoneAwarenessEnabled: jsii.Boolean(false),
},
cognitoOptions: &cognitoOptionsProperty{
enabled: jsii.Boolean(false),
identityPoolId: jsii.String("identityPoolId"),
roleArn: jsii.String("roleArn"),
userPoolId: jsii.String("userPoolId"),
},
domainEndpointOptions: &domainEndpointOptionsProperty{
customEndpoint: jsii.String("customEndpoint"),
customEndpointCertificateArn: jsii.String("customEndpointCertificateArn"),
customEndpointEnabled: jsii.Boolean(false),
enforceHttps: jsii.Boolean(false),
tlsSecurityPolicy: jsii.String("tlsSecurityPolicy"),
},
domainName: jsii.String("domainName"),
ebsOptions: &eBSOptionsProperty{
ebsEnabled: jsii.Boolean(false),
iops: jsii.Number(123),
volumeSize: jsii.Number(123),
volumeType: jsii.String("volumeType"),
},
encryptionAtRestOptions: &encryptionAtRestOptionsProperty{
enabled: jsii.Boolean(false),
kmsKeyId: jsii.String("kmsKeyId"),
},
engineVersion: jsii.String("engineVersion"),
logPublishingOptions: map[string]interface{}{
"logPublishingOptionsKey": &LogPublishingOptionProperty{
"cloudWatchLogsLogGroupArn": jsii.String("cloudWatchLogsLogGroupArn"),
"enabled": jsii.Boolean(false),
},
},
nodeToNodeEncryptionOptions: &nodeToNodeEncryptionOptionsProperty{
enabled: jsii.Boolean(false),
},
snapshotOptions: &snapshotOptionsProperty{
automatedSnapshotStartHour: jsii.Number(123),
},
tags: []cfnTag{
&cfnTag{
key: jsii.String("key"),
value: jsii.String("value"),
},
},
vpcOptions: &vPCOptionsProperty{
securityGroupIds: []*string{
jsii.String("securityGroupIds"),
},
subnetIds: []*string{
jsii.String("subnetIds"),
},
},
}
type CfnDomain_AdvancedSecurityOptionsInputProperty ¶
type CfnDomain_AdvancedSecurityOptionsInputProperty struct {
// True to enable fine-grained access control.
//
// You must also enable encryption of data at rest and node-to-node encryption. See [Fine-grained access control in Amazon OpenSearch Service](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/fgac.html) .
Enabled interface{} `field:"optional" json:"enabled" yaml:"enabled"`
// True to enable the internal user database.
InternalUserDatabaseEnabled interface{} `field:"optional" json:"internalUserDatabaseEnabled" yaml:"internalUserDatabaseEnabled"`
// Specifies information about the master user.
MasterUserOptions interface{} `field:"optional" json:"masterUserOptions" yaml:"masterUserOptions"`
}
Specifies options for fine-grained access control.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
advancedSecurityOptionsInputProperty := &advancedSecurityOptionsInputProperty{
enabled: jsii.Boolean(false),
internalUserDatabaseEnabled: jsii.Boolean(false),
masterUserOptions: &masterUserOptionsProperty{
masterUserArn: jsii.String("masterUserArn"),
masterUserName: jsii.String("masterUserName"),
masterUserPassword: jsii.String("masterUserPassword"),
},
}
type CfnDomain_ClusterConfigProperty ¶
type CfnDomain_ClusterConfigProperty struct {
// The number of instances to use for the master node.
//
// If you specify this property, you must specify `true` for the `DedicatedMasterEnabled` property.
DedicatedMasterCount *float64 `field:"optional" json:"dedicatedMasterCount" yaml:"dedicatedMasterCount"`
// Indicates whether to use a dedicated master node for the OpenSearch Service domain.
//
// A dedicated master node is a cluster node that performs cluster management tasks, but doesn't hold data or respond to data upload requests. Dedicated master nodes offload cluster management tasks to increase the stability of your search clusters. See [Dedicated master nodes in Amazon OpenSearch Service](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/managedomains-dedicatedmasternodes.html) .
DedicatedMasterEnabled interface{} `field:"optional" json:"dedicatedMasterEnabled" yaml:"dedicatedMasterEnabled"`
// The hardware configuration of the computer that hosts the dedicated master node, such as `m3.medium.search` . If you specify this property, you must specify `true` for the `DedicatedMasterEnabled` property. For valid values, see [Supported instance types in Amazon OpenSearch Service](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/supported-instance-types.html) .
DedicatedMasterType *string `field:"optional" json:"dedicatedMasterType" yaml:"dedicatedMasterType"`
// The number of data nodes (instances) to use in the OpenSearch Service domain.
InstanceCount *float64 `field:"optional" json:"instanceCount" yaml:"instanceCount"`
// The instance type for your data nodes, such as `m3.medium.search` . For valid values, see [Supported instance types in Amazon OpenSearch Service](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/supported-instance-types.html) .
InstanceType *string `field:"optional" json:"instanceType" yaml:"instanceType"`
// The number of warm nodes in the cluster.
WarmCount *float64 `field:"optional" json:"warmCount" yaml:"warmCount"`
// Whether to enable UltraWarm storage for the cluster.
//
// See [UltraWarm storage for Amazon OpenSearch Service](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/ultrawarm.html) .
WarmEnabled interface{} `field:"optional" json:"warmEnabled" yaml:"warmEnabled"`
// The instance type for the cluster's warm nodes.
WarmType *string `field:"optional" json:"warmType" yaml:"warmType"`
// Specifies zone awareness configuration options.
//
// Only use if `ZoneAwarenessEnabled` is `true` .
ZoneAwarenessConfig interface{} `field:"optional" json:"zoneAwarenessConfig" yaml:"zoneAwarenessConfig"`
// Indicates whether to enable zone awareness for the OpenSearch Service domain.
//
// When you enable zone awareness, OpenSearch Service allocates the nodes and replica index shards that belong to a cluster across two Availability Zones (AZs) in the same region to prevent data loss and minimize downtime in the event of node or data center failure. Don't enable zone awareness if your cluster has no replica index shards or is a single-node cluster. For more information, see [Configuring a multi-AZ domain in Amazon OpenSearch Service](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/managedomains-multiaz.html) .
ZoneAwarenessEnabled interface{} `field:"optional" json:"zoneAwarenessEnabled" yaml:"zoneAwarenessEnabled"`
}
The cluster configuration for the OpenSearch Service domain.
You can specify options such as the instance type and the number of instances. For more information, see [Creating and managing Amazon OpenSearch Service domains](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/createupdatedomains.html) in the *Amazon OpenSearch Service Developer Guide* .
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
clusterConfigProperty := &clusterConfigProperty{
dedicatedMasterCount: jsii.Number(123),
dedicatedMasterEnabled: jsii.Boolean(false),
dedicatedMasterType: jsii.String("dedicatedMasterType"),
instanceCount: jsii.Number(123),
instanceType: jsii.String("instanceType"),
warmCount: jsii.Number(123),
warmEnabled: jsii.Boolean(false),
warmType: jsii.String("warmType"),
zoneAwarenessConfig: &zoneAwarenessConfigProperty{
availabilityZoneCount: jsii.Number(123),
},
zoneAwarenessEnabled: jsii.Boolean(false),
}
type CfnDomain_CognitoOptionsProperty ¶
type CfnDomain_CognitoOptionsProperty struct {
// Whether to enable or disable Amazon Cognito authentication for OpenSearch Dashboards.
//
// See [Amazon Cognito authentication for OpenSearch Dashboards](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/cognito-auth.html) .
Enabled interface{} `field:"optional" json:"enabled" yaml:"enabled"`
// The Amazon Cognito identity pool ID that you want OpenSearch Service to use for OpenSearch Dashboards authentication.
//
// Required if you enabled Cognito Authentication for OpenSearch Dashboards.
IdentityPoolId *string `field:"optional" json:"identityPoolId" yaml:"identityPoolId"`
// The `AmazonOpenSearchServiceCognitoAccess` role that allows OpenSearch Service to configure your user pool and identity pool.
//
// Required if you enabled Cognito Authentication for OpenSearch Dashboards.
RoleArn *string `field:"optional" json:"roleArn" yaml:"roleArn"`
// The Amazon Cognito user pool ID that you want OpenSearch Service to use for OpenSearch Dashboards authentication.
//
// Required if you enabled Cognito Authentication for OpenSearch Dashboards.
UserPoolId *string `field:"optional" json:"userPoolId" yaml:"userPoolId"`
}
Configures OpenSearch Service to use Amazon Cognito authentication for OpenSearch Dashboards.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
cognitoOptionsProperty := &cognitoOptionsProperty{
enabled: jsii.Boolean(false),
identityPoolId: jsii.String("identityPoolId"),
roleArn: jsii.String("roleArn"),
userPoolId: jsii.String("userPoolId"),
}
type CfnDomain_DomainEndpointOptionsProperty ¶
type CfnDomain_DomainEndpointOptionsProperty struct {
// The fully qualified URL for your custom endpoint.
//
// Required if you enabled a custom endpoint for the domain.
CustomEndpoint *string `field:"optional" json:"customEndpoint" yaml:"customEndpoint"`
// The AWS Certificate Manager ARN for your domain's SSL/TLS certificate.
//
// Required if you enabled a custom endpoint for the domain.
CustomEndpointCertificateArn *string `field:"optional" json:"customEndpointCertificateArn" yaml:"customEndpointCertificateArn"`
// True to enable a custom endpoint for the domain.
//
// If enabled, you must also provide values for `CustomEndpoint` and `CustomEndpointCertificateArn` .
CustomEndpointEnabled interface{} `field:"optional" json:"customEndpointEnabled" yaml:"customEndpointEnabled"`
// True to require that all traffic to the domain arrive over HTTPS.
EnforceHttps interface{} `field:"optional" json:"enforceHttps" yaml:"enforceHttps"`
// The minimum TLS version required for traffic to the domain. Valid values are TLS 1.0 (default) or 1.2:.
//
// - `Policy-Min-TLS-1-0-2019-07`
// - `Policy-Min-TLS-1-2-2019-07`.
TlsSecurityPolicy *string `field:"optional" json:"tlsSecurityPolicy" yaml:"tlsSecurityPolicy"`
}
Specifies additional options for the domain endpoint, such as whether to require HTTPS for all traffic or whether to use a custom endpoint rather than the default endpoint.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
domainEndpointOptionsProperty := &domainEndpointOptionsProperty{
customEndpoint: jsii.String("customEndpoint"),
customEndpointCertificateArn: jsii.String("customEndpointCertificateArn"),
customEndpointEnabled: jsii.Boolean(false),
enforceHttps: jsii.Boolean(false),
tlsSecurityPolicy: jsii.String("tlsSecurityPolicy"),
}
type CfnDomain_EBSOptionsProperty ¶
type CfnDomain_EBSOptionsProperty struct {
// Specifies whether Amazon EBS volumes are attached to data nodes in the OpenSearch Service domain.
EbsEnabled interface{} `field:"optional" json:"ebsEnabled" yaml:"ebsEnabled"`
// The number of I/O operations per second (IOPS) that the volume supports.
//
// This property applies only to the Provisioned IOPS (SSD) EBS volume type.
Iops *float64 `field:"optional" json:"iops" yaml:"iops"`
// The size (in GiB) of the EBS volume for each data node.
//
// The minimum and maximum size of an EBS volume depends on the EBS volume type and the instance type to which it is attached. For more information, see [EBS volume size limits](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/limits.html#ebsresource) in the *Amazon OpenSearch Service Developer Guide* .
VolumeSize *float64 `field:"optional" json:"volumeSize" yaml:"volumeSize"`
// The EBS volume type to use with the OpenSearch Service domain, such as standard, gp2, or io1.
//
// For more information about each type, see [Amazon EBS volume types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html) in the *Amazon EC2 User Guide for Linux Instances* .
VolumeType *string `field:"optional" json:"volumeType" yaml:"volumeType"`
}
The configurations of Amazon Elastic Block Store (Amazon EBS) volumes that are attached to data nodes in the OpenSearch Service domain.
For more information, see [EBS volume size limits](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/limits.html#ebsresource) in the *Amazon OpenSearch Service Developer Guide* .
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
eBSOptionsProperty := &eBSOptionsProperty{
ebsEnabled: jsii.Boolean(false),
iops: jsii.Number(123),
volumeSize: jsii.Number(123),
volumeType: jsii.String("volumeType"),
}
type CfnDomain_EncryptionAtRestOptionsProperty ¶
type CfnDomain_EncryptionAtRestOptionsProperty struct {
// Specify `true` to enable encryption at rest.
Enabled interface{} `field:"optional" json:"enabled" yaml:"enabled"`
// The KMS key ID.
//
// Takes the form `1a2a3a4-1a2a-3a4a-5a6a-1a2a3a4a5a6a` . Required if you enable encryption at rest.
KmsKeyId *string `field:"optional" json:"kmsKeyId" yaml:"kmsKeyId"`
}
Whether the domain should encrypt data at rest, and if so, the AWS Key Management Service key to use.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
encryptionAtRestOptionsProperty := &encryptionAtRestOptionsProperty{
enabled: jsii.Boolean(false),
kmsKeyId: jsii.String("kmsKeyId"),
}
type CfnDomain_LogPublishingOptionProperty ¶
type CfnDomain_LogPublishingOptionProperty struct {
// Specifies the CloudWatch log group to publish to.
//
// Required if you enable log publishing.
CloudWatchLogsLogGroupArn *string `field:"optional" json:"cloudWatchLogsLogGroupArn" yaml:"cloudWatchLogsLogGroupArn"`
// If `true` , enables the publishing of logs to CloudWatch.
//
// Default: `false` .
Enabled interface{} `field:"optional" json:"enabled" yaml:"enabled"`
}
Specifies whether the OpenSearch Service domain publishes application, search slow logs, or index slow logs to Amazon CloudWatch.
Each option must be an object of name `SEARCH_SLOW_LOGS` , `ES_APPLICATION_LOGS` , `INDEX_SLOW_LOGS` , or `AUDIT_LOGS` depending on the type of logs you want to publish. For the full syntax, see the [examples](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html#aws-resource-opensearchservice-domain--examples) .
Before you enable log publishing, you need to create a CloudWatch log group and provide OpenSearch Service the correct permissions to write to it. To learn more, see [Enabling log publishing ( AWS CloudFormation)](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/createdomain-configure-slow-logs.html#createdomain-configure-slow-logs-cfn) .
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
logPublishingOptionProperty := &logPublishingOptionProperty{
cloudWatchLogsLogGroupArn: jsii.String("cloudWatchLogsLogGroupArn"),
enabled: jsii.Boolean(false),
}
type CfnDomain_MasterUserOptionsProperty ¶
type CfnDomain_MasterUserOptionsProperty struct {
// ARN for the master user.
//
// Only specify if `InternalUserDatabaseEnabled` is false in `AdvancedSecurityOptions` .
MasterUserArn *string `field:"optional" json:"masterUserArn" yaml:"masterUserArn"`
// Username for the master user.
//
// Only specify if `InternalUserDatabaseEnabled` is true in `AdvancedSecurityOptions` . If you don't want to specify this value directly within the template, you can use a [dynamic reference](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/dynamic-references.html) instead.
MasterUserName *string `field:"optional" json:"masterUserName" yaml:"masterUserName"`
// Password for the master user.
//
// Only specify if `InternalUserDatabaseEnabled` is true in `AdvancedSecurityOptions` . If you don't want to specify this value directly within the template, you can use a [dynamic reference](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/dynamic-references.html) instead.
MasterUserPassword *string `field:"optional" json:"masterUserPassword" yaml:"masterUserPassword"`
}
Specifies information about the master user.
Required if if `InternalUserDatabaseEnabled` is true in `AdvancedSecurityOptions` .
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
masterUserOptionsProperty := &masterUserOptionsProperty{
masterUserArn: jsii.String("masterUserArn"),
masterUserName: jsii.String("masterUserName"),
masterUserPassword: jsii.String("masterUserPassword"),
}
type CfnDomain_NodeToNodeEncryptionOptionsProperty ¶
type CfnDomain_NodeToNodeEncryptionOptionsProperty struct {
// Specifies to enable or disable node-to-node encryption on the domain.
Enabled interface{} `field:"optional" json:"enabled" yaml:"enabled"`
}
Specifies options for node-to-node encryption.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
nodeToNodeEncryptionOptionsProperty := &nodeToNodeEncryptionOptionsProperty{
enabled: jsii.Boolean(false),
}
type CfnDomain_SnapshotOptionsProperty ¶
type CfnDomain_SnapshotOptionsProperty struct {
// The hour in UTC during which the service takes an automated daily snapshot of the indices in the OpenSearch Service domain.
//
// For example, if you specify 0, OpenSearch Service takes an automated snapshot everyday between midnight and 1 am. You can specify a value between 0 and 23.
AutomatedSnapshotStartHour *float64 `field:"optional" json:"automatedSnapshotStartHour" yaml:"automatedSnapshotStartHour"`
}
*DEPRECATED* .
This setting is only relevant to domains running legacy Elasticsearch OSS versions earlier than 5.3. It does not apply to OpenSearch domains.
The automated snapshot configuration for the OpenSearch Service domain indices.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
snapshotOptionsProperty := &snapshotOptionsProperty{
automatedSnapshotStartHour: jsii.Number(123),
}
type CfnDomain_VPCOptionsProperty ¶
type CfnDomain_VPCOptionsProperty struct {
// The list of security group IDs that are associated with the VPC endpoints for the domain.
//
// If you don't provide a security group ID, OpenSearch Service uses the default security group for the VPC. To learn more, see [Security groups for your VPC](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html) in the *Amazon VPC User Guide* .
SecurityGroupIds *[]*string `field:"optional" json:"securityGroupIds" yaml:"securityGroupIds"`
// Provide one subnet ID for each Availability Zone that your domain uses.
//
// For example, you must specify three subnet IDs for a three Availability Zone domain. To learn more, see [VPCs and subnets](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html) in the *Amazon VPC User Guide* .
SubnetIds *[]*string `field:"optional" json:"subnetIds" yaml:"subnetIds"`
}
The virtual private cloud (VPC) configuration for the OpenSearch Service domain.
For more information, see [Launching your Amazon OpenSearch Service domains using a VPC](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/vpc.html) in the *Amazon OpenSearch Service Developer Guide* .
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
vPCOptionsProperty := &vPCOptionsProperty{
securityGroupIds: []*string{
jsii.String("securityGroupIds"),
},
subnetIds: []*string{
jsii.String("subnetIds"),
},
}
type CfnDomain_ZoneAwarenessConfigProperty ¶
type CfnDomain_ZoneAwarenessConfigProperty struct {
// If you enabled multiple Availability Zones (AZs), the number of AZs that you want the domain to use.
//
// Valid values are `2` and `3` . Default is 2.
AvailabilityZoneCount *float64 `field:"optional" json:"availabilityZoneCount" yaml:"availabilityZoneCount"`
}
Specifies zone awareness configuration options.
Only use if `ZoneAwarenessEnabled` is `true` .
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
zoneAwarenessConfigProperty := &zoneAwarenessConfigProperty{
availabilityZoneCount: jsii.Number(123),
}
type CognitoOptions ¶
type CognitoOptions struct {
// The Amazon Cognito identity pool ID that you want Amazon OpenSearch Service to use for OpenSearch Dashboards authentication.
IdentityPoolId *string `field:"required" json:"identityPoolId" yaml:"identityPoolId"`
// A role that allows Amazon OpenSearch Service to configure your user pool and identity pool.
//
// It must have the `AmazonESCognitoAccess` policy attached to it.
// See: https://docs.aws.amazon.com/opensearch-service/latest/developerguide/cognito-auth.html#cognito-auth-prereq
//
Role awsiam.IRole `field:"required" json:"role" yaml:"role"`
// The Amazon Cognito user pool ID that you want Amazon OpenSearch Service to use for OpenSearch Dashboards authentication.
UserPoolId *string `field:"required" json:"userPoolId" yaml:"userPoolId"`
}
Configures Amazon OpenSearch Service to use Amazon Cognito authentication for OpenSearch Dashboards.
Example:
// Example automatically generated from non-compiling source. May contain errors.
opensearch.NewDomain(this, jsii.String("Domain"), &domainProps{
cognitoDashboardsAuth: &cognitoOptions{
identityPoolId: jsii.String("test-identity-pool-id"),
userPoolId: jsii.String("test-user-pool-id"),
role: role,
},
version: openSearchVersion,
})
See: https://docs.aws.amazon.com/opensearch-service/latest/developerguide/cognito-auth.html
type CustomEndpointOptions ¶
type CustomEndpointOptions struct {
// The custom domain name to assign.
DomainName *string `field:"required" json:"domainName" yaml:"domainName"`
// The certificate to use.
Certificate awscertificatemanager.ICertificate `field:"optional" json:"certificate" yaml:"certificate"`
// The hosted zone in Route53 to create the CNAME record in.
HostedZone awsroute53.IHostedZone `field:"optional" json:"hostedZone" yaml:"hostedZone"`
}
Configures a custom domain endpoint for the Amazon OpenSearch Service domain.
Example:
awscdk.NewDomain(this, jsii.String("Domain"), &domainProps{
version: awscdk.EngineVersion_OPENSEARCH_1_0(),
customEndpoint: &customEndpointOptions{
domainName: jsii.String("search.example.com"),
},
})
type Domain ¶
type Domain interface {
awscdk.Resource
awsec2.IConnectable
IDomain
// Log group that application logs are logged to.
AppLogGroup() awslogs.ILogGroup
// Log group that audit logs are logged to.
AuditLogGroup() awslogs.ILogGroup
// Manages network connections to the domain.
//
// This will throw an error in case the domain
// is not placed inside a VPC.
Connections() awsec2.Connections
// Arn of the Amazon OpenSearch Service domain.
DomainArn() *string
// Endpoint of the Amazon OpenSearch Service domain.
DomainEndpoint() *string
// Identifier of the Amazon OpenSearch Service domain.
DomainId() *string
// Domain name of the Amazon OpenSearch Service domain.
DomainName() *string
// The environment this resource belongs to.
//
// For resources that are created and managed by the CDK
// (generally, those created by creating new class instances like Role, Bucket, etc.),
// this is always the same as the environment of the stack they belong to;
// however, for imported resources
// (those obtained from static methods like fromRoleArn, fromBucketName, etc.),
// that might be different than the stack they were imported into.
Env() *awscdk.ResourceEnvironment
// Master user password if fine grained access control is configured.
MasterUserPassword() awscdk.SecretValue
// The tree node.
Node() constructs.Node
// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
//
// This value will resolve to one of the following:
// - a concrete value (e.g. `"my-awesome-bucket"`)
// - `undefined`, when a name should be generated by CloudFormation
// - a concrete name generated automatically during synthesis, in
// cross-environment scenarios.
PhysicalName() *string
// Log group that slow indices are logged to.
SlowIndexLogGroup() awslogs.ILogGroup
// Log group that slow searches are logged to.
SlowSearchLogGroup() awslogs.ILogGroup
// The stack in which this resource is defined.
Stack() awscdk.Stack
// Add policy statements to the domain access policy.
AddAccessPolicies(accessPolicyStatements ...awsiam.PolicyStatement)
// Apply the given removal policy to this resource.
//
// The Removal Policy controls what happens to this resource when it stops
// being managed by CloudFormation, either because you've removed it from the
// CDK application or because you've made a change that requires the resource
// to be replaced.
//
// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
GeneratePhysicalName() *string
// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
//
// Normally, this token will resolve to `arnAttr`, but if the resource is
// referenced across environments, `arnComponents` will be used to synthesize
// a concrete ARN with the resource's physical name. Make sure to reference
// `this.physicalName` in `arnComponents`.
GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
//
// Normally, this token will resolve to `nameAttr`, but if the resource is
// referenced across environments, it will be resolved to `this.physicalName`,
// which will be a concrete name.
GetResourceNameAttribute(nameAttr *string) *string
// Grant read permissions for an index in this domain to an IAM principal (Role/Group/User).
GrantIndexRead(index *string, identity awsiam.IGrantable) awsiam.Grant
// Grant read/write permissions for an index in this domain to an IAM principal (Role/Group/User).
GrantIndexReadWrite(index *string, identity awsiam.IGrantable) awsiam.Grant
// Grant write permissions for an index in this domain to an IAM principal (Role/Group/User).
GrantIndexWrite(index *string, identity awsiam.IGrantable) awsiam.Grant
// Grant read permissions for a specific path in this domain to an IAM principal (Role/Group/User).
GrantPathRead(path *string, identity awsiam.IGrantable) awsiam.Grant
// Grant read/write permissions for a specific path in this domain to an IAM principal (Role/Group/User).
GrantPathReadWrite(path *string, identity awsiam.IGrantable) awsiam.Grant
// Grant write permissions for a specific path in this domain to an IAM principal (Role/Group/User).
GrantPathWrite(path *string, identity awsiam.IGrantable) awsiam.Grant
// Grant read permissions for this domain and its contents to an IAM principal (Role/Group/User).
GrantRead(identity awsiam.IGrantable) awsiam.Grant
// Grant read/write permissions for this domain and its contents to an IAM principal (Role/Group/User).
GrantReadWrite(identity awsiam.IGrantable) awsiam.Grant
// Grant write permissions for this domain and its contents to an IAM principal (Role/Group/User).
GrantWrite(identity awsiam.IGrantable) awsiam.Grant
// Return the given named metric for this domain.
Metric(metricName *string, props *awscloudwatch.MetricOptions) awscloudwatch.Metric
// Metric for automated snapshot failures.
MetricAutomatedSnapshotFailure(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
// Metric for the cluster blocking index writes.
MetricClusterIndexWritesBlocked(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
// Metric for the time the cluster status is red.
MetricClusterStatusRed(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
// Metric for the time the cluster status is yellow.
MetricClusterStatusYellow(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
// Metric for CPU utilization.
MetricCPUUtilization(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
// Metric for the storage space of nodes in the cluster.
MetricFreeStorageSpace(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
// Metric for indexing latency.
MetricIndexingLatency(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
// Metric for JVM memory pressure.
MetricJVMMemoryPressure(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
// Metric for KMS key errors.
MetricKMSKeyError(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
// Metric for KMS key being inaccessible.
MetricKMSKeyInaccessible(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
// Metric for master CPU utilization.
MetricMasterCPUUtilization(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
// Metric for master JVM memory pressure.
MetricMasterJVMMemoryPressure(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
// Metric for the number of nodes.
MetricNodes(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
// Metric for number of searchable documents.
MetricSearchableDocuments(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
// Metric for search latency.
MetricSearchLatency(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
// Returns a string representation of this construct.
ToString() *string
}
Provides an Amazon OpenSearch Service domain.
Example:
domain := awscdk.NewDomain(this, jsii.String("Domain"), &domainProps{
version: awscdk.EngineVersion_OPENSEARCH_1_0(),
ebs: &ebsOptions{
volumeSize: jsii.Number(100),
volumeType: ec2.ebsDeviceVolumeType_GENERAL_PURPOSE_SSD,
},
nodeToNodeEncryption: jsii.Boolean(true),
encryptionAtRest: &encryptionAtRestOptions{
enabled: jsii.Boolean(true),
},
})
func NewDomain ¶
func NewDomain(scope constructs.Construct, id *string, props *DomainProps) Domain
type DomainAttributes ¶
type DomainAttributes struct {
// The ARN of the Amazon OpenSearch Service domain.
DomainArn *string `field:"required" json:"domainArn" yaml:"domainArn"`
// The domain endpoint of the Amazon OpenSearch Service domain.
DomainEndpoint *string `field:"required" json:"domainEndpoint" yaml:"domainEndpoint"`
}
Reference to an Amazon OpenSearch Service domain.
Example:
domainArn := awscdk.Fn.importValue(jsii.String("another-cf-stack-export-domain-arn"))
domainEndpoint := awscdk.Fn.importValue(jsii.String("another-cf-stack-export-domain-endpoint"))
domain := awscdk.Domain.fromDomainAttributes(this, jsii.String("ImportedDomain"), &domainAttributes{
domainArn: jsii.String(domainArn),
domainEndpoint: jsii.String(domainEndpoint),
})
type DomainProps ¶
type DomainProps struct {
// The Elasticsearch/OpenSearch version that your domain will leverage.
Version EngineVersion `field:"required" json:"version" yaml:"version"`
// Domain access policies.
AccessPolicies *[]awsiam.PolicyStatement `field:"optional" json:"accessPolicies" yaml:"accessPolicies"`
// Additional options to specify for the Amazon OpenSearch Service domain.
// See: https://docs.aws.amazon.com/opensearch-service/latest/developerguide/createupdatedomains.html#createdomain-configure-advanced-options
//
AdvancedOptions *map[string]*string `field:"optional" json:"advancedOptions" yaml:"advancedOptions"`
// The hour in UTC during which the service takes an automated daily snapshot of the indices in the Amazon OpenSearch Service domain.
//
// Only applies for Elasticsearch versions
// below 5.3.
AutomatedSnapshotStartHour *float64 `field:"optional" json:"automatedSnapshotStartHour" yaml:"automatedSnapshotStartHour"`
// The cluster capacity configuration for the Amazon OpenSearch Service domain.
Capacity *CapacityConfig `field:"optional" json:"capacity" yaml:"capacity"`
// Configures Amazon OpenSearch Service to use Amazon Cognito authentication for OpenSearch Dashboards.
CognitoDashboardsAuth *CognitoOptions `field:"optional" json:"cognitoDashboardsAuth" yaml:"cognitoDashboardsAuth"`
// To configure a custom domain configure these options.
//
// If you specify a Route53 hosted zone it will create a CNAME record and use DNS validation for the certificate.
CustomEndpoint *CustomEndpointOptions `field:"optional" json:"customEndpoint" yaml:"customEndpoint"`
// Enforces a particular physical domain name.
DomainName *string `field:"optional" json:"domainName" yaml:"domainName"`
// The configurations of Amazon Elastic Block Store (Amazon EBS) volumes that are attached to data nodes in the Amazon OpenSearch Service domain.
Ebs *EbsOptions `field:"optional" json:"ebs" yaml:"ebs"`
// To upgrade an Amazon OpenSearch Service domain to a new version, rather than replacing the entire domain resource, use the EnableVersionUpgrade update policy.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-updatepolicy.html#cfn-attributes-updatepolicy-upgradeopensearchdomain
//
EnableVersionUpgrade *bool `field:"optional" json:"enableVersionUpgrade" yaml:"enableVersionUpgrade"`
// Encryption at rest options for the cluster.
EncryptionAtRest *EncryptionAtRestOptions `field:"optional" json:"encryptionAtRest" yaml:"encryptionAtRest"`
// True to require that all traffic to the domain arrive over HTTPS.
EnforceHttps *bool `field:"optional" json:"enforceHttps" yaml:"enforceHttps"`
// Specifies options for fine-grained access control.
//
// Requires Elasticsearch version 6.7 or later or OpenSearch version 1.0 or later. Enabling fine-grained access control
// also requires encryption of data at rest and node-to-node encryption, along with
// enforced HTTPS.
FineGrainedAccessControl *AdvancedSecurityOptions `field:"optional" json:"fineGrainedAccessControl" yaml:"fineGrainedAccessControl"`
// Configuration log publishing configuration options.
Logging *LoggingOptions `field:"optional" json:"logging" yaml:"logging"`
// Specify true to enable node to node encryption.
//
// Requires Elasticsearch version 6.0 or later or OpenSearch version 1.0 or later.
NodeToNodeEncryption *bool `field:"optional" json:"nodeToNodeEncryption" yaml:"nodeToNodeEncryption"`
// Policy to apply when the domain is removed from the stack.
RemovalPolicy awscdk.RemovalPolicy `field:"optional" json:"removalPolicy" yaml:"removalPolicy"`
// The list of security groups that are associated with the VPC endpoints for the domain.
//
// Only used if `vpc` is specified.
// See: https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html
//
SecurityGroups *[]awsec2.ISecurityGroup `field:"optional" json:"securityGroups" yaml:"securityGroups"`
// The minimum TLS version required for traffic to the domain.
TlsSecurityPolicy TLSSecurityPolicy `field:"optional" json:"tlsSecurityPolicy" yaml:"tlsSecurityPolicy"`
// Configures the domain so that unsigned basic auth is enabled.
//
// If no master user is provided a default master user
// with username `admin` and a dynamically generated password stored in KMS is created. The password can be retrieved
// by getting `masterUserPassword` from the domain instance.
//
// Setting this to true will also add an access policy that allows unsigned
// access, enable node to node encryption, encryption at rest. If conflicting
// settings are encountered (like disabling encryption at rest) enabling this
// setting will cause a failure.
UseUnsignedBasicAuth *bool `field:"optional" json:"useUnsignedBasicAuth" yaml:"useUnsignedBasicAuth"`
// Place the domain inside this VPC.
// See: https://docs.aws.amazon.com/opensearch-service/latest/developerguide/vpc.html
//
Vpc awsec2.IVpc `field:"optional" json:"vpc" yaml:"vpc"`
// The specific vpc subnets the domain will be placed in.
//
// You must provide one subnet for each Availability Zone
// that your domain uses. For example, you must specify three subnet IDs for a three Availability Zone
// domain.
//
// Only used if `vpc` is specified.
// See: https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html
//
VpcSubnets *[]*awsec2.SubnetSelection `field:"optional" json:"vpcSubnets" yaml:"vpcSubnets"`
// The cluster zone awareness configuration for the Amazon OpenSearch Service domain.
ZoneAwareness *ZoneAwarenessConfig `field:"optional" json:"zoneAwareness" yaml:"zoneAwareness"`
}
Properties for an Amazon OpenSearch Service domain.
Example:
domain := awscdk.NewDomain(this, jsii.String("Domain"), &domainProps{
version: awscdk.EngineVersion_OPENSEARCH_1_0(),
ebs: &ebsOptions{
volumeSize: jsii.Number(100),
volumeType: ec2.ebsDeviceVolumeType_GENERAL_PURPOSE_SSD,
},
nodeToNodeEncryption: jsii.Boolean(true),
encryptionAtRest: &encryptionAtRestOptions{
enabled: jsii.Boolean(true),
},
})
type EbsOptions ¶
type EbsOptions struct {
// Specifies whether Amazon EBS volumes are attached to data nodes in the Amazon OpenSearch Service domain.
Enabled *bool `field:"optional" json:"enabled" yaml:"enabled"`
// The number of I/O operations per second (IOPS) that the volume supports.
//
// This property applies only to the Provisioned IOPS (SSD) EBS
// volume type.
Iops *float64 `field:"optional" json:"iops" yaml:"iops"`
// The size (in GiB) of the EBS volume for each data node.
//
// The minimum and
// maximum size of an EBS volume depends on the EBS volume type and the
// instance type to which it is attached. For valid values, see
// [EBS volume size limits]
// (https://docs.aws.amazon.com/opensearch-service/latest/developerguide/limits.html#ebsresource)
// in the Amazon OpenSearch Service Developer Guide.
VolumeSize *float64 `field:"optional" json:"volumeSize" yaml:"volumeSize"`
// The EBS volume type to use with the Amazon OpenSearch Service domain, such as standard, gp2, io1.
VolumeType awsec2.EbsDeviceVolumeType `field:"optional" json:"volumeType" yaml:"volumeType"`
}
The configurations of Amazon Elastic Block Store (Amazon EBS) volumes that are attached to data nodes in the Amazon OpenSearch Service domain.
For more information, see [Amazon EBS] (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AmazonEBS.html) in the Amazon Elastic Compute Cloud Developer Guide.
Example:
prodDomain := awscdk.NewDomain(this, jsii.String("Domain"), &domainProps{
version: awscdk.EngineVersion_OPENSEARCH_1_0(),
capacity: &capacityConfig{
masterNodes: jsii.Number(5),
dataNodes: jsii.Number(20),
},
ebs: &ebsOptions{
volumeSize: jsii.Number(20),
},
zoneAwareness: &zoneAwarenessConfig{
availabilityZoneCount: jsii.Number(3),
},
logging: &loggingOptions{
slowSearchLogEnabled: jsii.Boolean(true),
appLogEnabled: jsii.Boolean(true),
slowIndexLogEnabled: jsii.Boolean(true),
},
})
type EncryptionAtRestOptions ¶
type EncryptionAtRestOptions struct {
// Specify true to enable encryption at rest.
Enabled *bool `field:"optional" json:"enabled" yaml:"enabled"`
// Supply if using KMS key for encryption at rest.
KmsKey awskms.IKey `field:"optional" json:"kmsKey" yaml:"kmsKey"`
}
Whether the domain should encrypt data at rest, and if so, the AWS Key Management Service (KMS) key to use.
Can only be used to create a new domain, not update an existing one. Requires Elasticsearch version 5.1 or later or OpenSearch version 1.0 or later.
Example:
domain := awscdk.NewDomain(this, jsii.String("Domain"), &domainProps{
version: awscdk.EngineVersion_OPENSEARCH_1_0(),
enforceHttps: jsii.Boolean(true),
nodeToNodeEncryption: jsii.Boolean(true),
encryptionAtRest: &encryptionAtRestOptions{
enabled: jsii.Boolean(true),
},
fineGrainedAccessControl: &advancedSecurityOptions{
masterUserName: jsii.String("master-user"),
},
logging: &loggingOptions{
auditLogEnabled: jsii.Boolean(true),
slowSearchLogEnabled: jsii.Boolean(true),
appLogEnabled: jsii.Boolean(true),
slowIndexLogEnabled: jsii.Boolean(true),
},
})
type EngineVersion ¶
type EngineVersion interface {
// engine version identifier.
Version() *string
}
OpenSearch version.
Example:
domain := awscdk.NewDomain(this, jsii.String("Domain"), &domainProps{
version: awscdk.EngineVersion_OPENSEARCH_1_0(),
ebs: &ebsOptions{
volumeSize: jsii.Number(100),
volumeType: ec2.ebsDeviceVolumeType_GENERAL_PURPOSE_SSD,
},
nodeToNodeEncryption: jsii.Boolean(true),
encryptionAtRest: &encryptionAtRestOptions{
enabled: jsii.Boolean(true),
},
})
func EngineVersion_ELASTICSEARCH_1_5 ¶
func EngineVersion_ELASTICSEARCH_1_5() EngineVersion
func EngineVersion_ELASTICSEARCH_2_3 ¶
func EngineVersion_ELASTICSEARCH_2_3() EngineVersion
func EngineVersion_ELASTICSEARCH_5_1 ¶
func EngineVersion_ELASTICSEARCH_5_1() EngineVersion
func EngineVersion_ELASTICSEARCH_5_3 ¶
func EngineVersion_ELASTICSEARCH_5_3() EngineVersion
func EngineVersion_ELASTICSEARCH_5_5 ¶
func EngineVersion_ELASTICSEARCH_5_5() EngineVersion
func EngineVersion_ELASTICSEARCH_5_6 ¶
func EngineVersion_ELASTICSEARCH_5_6() EngineVersion
func EngineVersion_ELASTICSEARCH_6_0 ¶
func EngineVersion_ELASTICSEARCH_6_0() EngineVersion
func EngineVersion_ELASTICSEARCH_6_2 ¶
func EngineVersion_ELASTICSEARCH_6_2() EngineVersion
func EngineVersion_ELASTICSEARCH_6_3 ¶
func EngineVersion_ELASTICSEARCH_6_3() EngineVersion
func EngineVersion_ELASTICSEARCH_6_4 ¶
func EngineVersion_ELASTICSEARCH_6_4() EngineVersion
func EngineVersion_ELASTICSEARCH_6_5 ¶
func EngineVersion_ELASTICSEARCH_6_5() EngineVersion
func EngineVersion_ELASTICSEARCH_6_7 ¶
func EngineVersion_ELASTICSEARCH_6_7() EngineVersion
func EngineVersion_ELASTICSEARCH_6_8 ¶
func EngineVersion_ELASTICSEARCH_6_8() EngineVersion
func EngineVersion_ELASTICSEARCH_7_1 ¶
func EngineVersion_ELASTICSEARCH_7_1() EngineVersion
func EngineVersion_ELASTICSEARCH_7_10 ¶
func EngineVersion_ELASTICSEARCH_7_10() EngineVersion
func EngineVersion_ELASTICSEARCH_7_4 ¶
func EngineVersion_ELASTICSEARCH_7_4() EngineVersion
func EngineVersion_ELASTICSEARCH_7_7 ¶
func EngineVersion_ELASTICSEARCH_7_7() EngineVersion
func EngineVersion_ELASTICSEARCH_7_8 ¶
func EngineVersion_ELASTICSEARCH_7_8() EngineVersion
func EngineVersion_ELASTICSEARCH_7_9 ¶
func EngineVersion_ELASTICSEARCH_7_9() EngineVersion
func EngineVersion_Elasticsearch ¶
func EngineVersion_Elasticsearch(version *string) EngineVersion
Custom ElasticSearch version.
func EngineVersion_OPENSEARCH_1_0 ¶
func EngineVersion_OPENSEARCH_1_0() EngineVersion
func EngineVersion_OPENSEARCH_1_1 ¶ added in v2.9.0
func EngineVersion_OPENSEARCH_1_1() EngineVersion
func EngineVersion_OPENSEARCH_1_2 ¶ added in v2.20.0
func EngineVersion_OPENSEARCH_1_2() EngineVersion
func EngineVersion_OPENSEARCH_1_3 ¶ added in v2.35.0
func EngineVersion_OPENSEARCH_1_3() EngineVersion
func EngineVersion_OpenSearch ¶
func EngineVersion_OpenSearch(version *string) EngineVersion
Custom OpenSearch version.
type IDomain ¶
type IDomain interface {
awscdk.IResource
// Grant read permissions for an index in this domain to an IAM principal (Role/Group/User).
GrantIndexRead(index *string, identity awsiam.IGrantable) awsiam.Grant
// Grant read/write permissions for an index in this domain to an IAM principal (Role/Group/User).
GrantIndexReadWrite(index *string, identity awsiam.IGrantable) awsiam.Grant
// Grant write permissions for an index in this domain to an IAM principal (Role/Group/User).
GrantIndexWrite(index *string, identity awsiam.IGrantable) awsiam.Grant
// Grant read permissions for a specific path in this domain to an IAM principal (Role/Group/User).
GrantPathRead(path *string, identity awsiam.IGrantable) awsiam.Grant
// Grant read/write permissions for a specific path in this domain to an IAM principal (Role/Group/User).
GrantPathReadWrite(path *string, identity awsiam.IGrantable) awsiam.Grant
// Grant write permissions for a specific path in this domain to an IAM principal (Role/Group/User).
GrantPathWrite(path *string, identity awsiam.IGrantable) awsiam.Grant
// Grant read permissions for this domain and its contents to an IAM principal (Role/Group/User).
GrantRead(identity awsiam.IGrantable) awsiam.Grant
// Grant read/write permissions for this domain and its contents to an IAM principal (Role/Group/User).
GrantReadWrite(identity awsiam.IGrantable) awsiam.Grant
// Grant write permissions for this domain and its contents to an IAM principal (Role/Group/User).
GrantWrite(identity awsiam.IGrantable) awsiam.Grant
// Return the given named metric for this domain.
Metric(metricName *string, props *awscloudwatch.MetricOptions) awscloudwatch.Metric
// Metric for automated snapshot failures.
MetricAutomatedSnapshotFailure(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
// Metric for the cluster blocking index writes.
MetricClusterIndexWritesBlocked(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
// Metric for the time the cluster status is red.
MetricClusterStatusRed(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
// Metric for the time the cluster status is yellow.
MetricClusterStatusYellow(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
// Metric for CPU utilization.
MetricCPUUtilization(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
// Metric for the storage space of nodes in the cluster.
MetricFreeStorageSpace(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
// Metric for indexing latency.
MetricIndexingLatency(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
// Metric for JVM memory pressure.
MetricJVMMemoryPressure(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
// Metric for KMS key errors.
MetricKMSKeyError(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
// Metric for KMS key being inaccessible.
MetricKMSKeyInaccessible(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
// Metric for master CPU utilization.
MetricMasterCPUUtilization(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
// Metric for master JVM memory pressure.
MetricMasterJVMMemoryPressure(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
// Metric for the number of nodes.
MetricNodes(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
// Metric for number of searchable documents.
MetricSearchableDocuments(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
// Metric for search latency.
MetricSearchLatency(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
// Arn of the Amazon OpenSearch Service domain.
DomainArn() *string
// Endpoint of the Amazon OpenSearch Service domain.
DomainEndpoint() *string
// Identifier of the Amazon OpenSearch Service domain.
DomainId() *string
// Domain name of the Amazon OpenSearch Service domain.
DomainName() *string
}
An interface that represents an Amazon OpenSearch Service domain - either created with the CDK, or an existing one.
func Domain_FromDomainAttributes ¶
func Domain_FromDomainAttributes(scope constructs.Construct, id *string, attrs *DomainAttributes) IDomain
Creates a domain construct that represents an external domain.
func Domain_FromDomainEndpoint ¶
func Domain_FromDomainEndpoint(scope constructs.Construct, id *string, domainEndpoint *string) IDomain
Creates a domain construct that represents an external domain via domain endpoint.
type LoggingOptions ¶
type LoggingOptions struct {
// Specify if Amazon OpenSearch Service application logging should be set up.
//
// Requires Elasticsearch version 5.1 or later or OpenSearch version 1.0 or later.
AppLogEnabled *bool `field:"optional" json:"appLogEnabled" yaml:"appLogEnabled"`
// Log Amazon OpenSearch Service application logs to this log group.
AppLogGroup awslogs.ILogGroup `field:"optional" json:"appLogGroup" yaml:"appLogGroup"`
// Specify if Amazon OpenSearch Service audit logging should be set up.
//
// Requires Elasticsearch version 6.7 or later or OpenSearch version 1.0 or later and fine grained access control to be enabled.
AuditLogEnabled *bool `field:"optional" json:"auditLogEnabled" yaml:"auditLogEnabled"`
// Log Amazon OpenSearch Service audit logs to this log group.
AuditLogGroup awslogs.ILogGroup `field:"optional" json:"auditLogGroup" yaml:"auditLogGroup"`
// Specify if slow index logging should be set up.
//
// Requires Elasticsearch version 5.1 or later or OpenSearch version 1.0 or later.
SlowIndexLogEnabled *bool `field:"optional" json:"slowIndexLogEnabled" yaml:"slowIndexLogEnabled"`
// Log slow indices to this log group.
SlowIndexLogGroup awslogs.ILogGroup `field:"optional" json:"slowIndexLogGroup" yaml:"slowIndexLogGroup"`
// Specify if slow search logging should be set up.
//
// Requires Elasticsearch version 5.1 or later or OpenSearch version 1.0 or later.
SlowSearchLogEnabled *bool `field:"optional" json:"slowSearchLogEnabled" yaml:"slowSearchLogEnabled"`
// Log slow searches to this log group.
SlowSearchLogGroup awslogs.ILogGroup `field:"optional" json:"slowSearchLogGroup" yaml:"slowSearchLogGroup"`
}
Configures log settings for the domain.
Example:
prodDomain := awscdk.NewDomain(this, jsii.String("Domain"), &domainProps{
version: awscdk.EngineVersion_OPENSEARCH_1_0(),
capacity: &capacityConfig{
masterNodes: jsii.Number(5),
dataNodes: jsii.Number(20),
},
ebs: &ebsOptions{
volumeSize: jsii.Number(20),
},
zoneAwareness: &zoneAwarenessConfig{
availabilityZoneCount: jsii.Number(3),
},
logging: &loggingOptions{
slowSearchLogEnabled: jsii.Boolean(true),
appLogEnabled: jsii.Boolean(true),
slowIndexLogEnabled: jsii.Boolean(true),
},
})
type TLSSecurityPolicy ¶
type TLSSecurityPolicy string
The minimum TLS version required for traffic to the domain.
const ( // Cipher suite TLS 1.0. TLSSecurityPolicy_TLS_1_0 TLSSecurityPolicy = "TLS_1_0" // Cipher suite TLS 1.2. TLSSecurityPolicy_TLS_1_2 TLSSecurityPolicy = "TLS_1_2" )
type ZoneAwarenessConfig ¶
type ZoneAwarenessConfig struct {
// If you enabled multiple Availability Zones (AZs), the number of AZs that you want the domain to use.
//
// Valid values are 2 and 3.
AvailabilityZoneCount *float64 `field:"optional" json:"availabilityZoneCount" yaml:"availabilityZoneCount"`
// Indicates whether to enable zone awareness for the Amazon OpenSearch Service domain.
//
// When you enable zone awareness, Amazon OpenSearch Service allocates the nodes and replica
// index shards that belong to a cluster across two Availability Zones (AZs)
// in the same region to prevent data loss and minimize downtime in the event
// of node or data center failure. Don't enable zone awareness if your cluster
// has no replica index shards or is a single-node cluster. For more information,
// see [Configuring a Multi-AZ Domain]
// (https://docs.aws.amazon.com/opensearch-service/latest/developerguide/managedomains-multiaz.html)
// in the Amazon OpenSearch Service Developer Guide.
Enabled *bool `field:"optional" json:"enabled" yaml:"enabled"`
}
Specifies zone awareness configuration options.
Example:
prodDomain := awscdk.NewDomain(this, jsii.String("Domain"), &domainProps{
version: awscdk.EngineVersion_OPENSEARCH_1_0(),
capacity: &capacityConfig{
masterNodes: jsii.Number(5),
dataNodes: jsii.Number(20),
},
ebs: &ebsOptions{
volumeSize: jsii.Number(20),
},
zoneAwareness: &zoneAwarenessConfig{
availabilityZoneCount: jsii.Number(3),
},
logging: &loggingOptions{
slowSearchLogEnabled: jsii.Boolean(true),
appLogEnabled: jsii.Boolean(true),
slowIndexLogEnabled: jsii.Boolean(true),
},
})
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.