awsopensearchservice

package
v2.62.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 26, 2023 License: Apache-2.0 Imports: 14 Imported by: 4

README

Amazon OpenSearch Service Construct Library

See Migrating to OpenSearch for migration instructions from @aws-cdk/aws-elasticsearch to this module, @aws-cdk/aws-opensearchservice.

Quick start

Create a development cluster by simply specifying the version:

devDomain := awscdk.NewDomain(this, jsii.String("Domain"), &domainProps{
	version: awscdk.EngineVersion_OPENSEARCH_1_0(),
})

To perform version upgrades without replacing the entire domain, specify the enableVersionUpgrade property.

devDomain := awscdk.NewDomain(this, jsii.String("Domain"), &domainProps{
	version: awscdk.EngineVersion_OPENSEARCH_1_0(),
	enableVersionUpgrade: jsii.Boolean(true),
})

Create a production grade cluster by also specifying things like capacity and az distribution

prodDomain := awscdk.NewDomain(this, jsii.String("Domain"), &domainProps{
	version: awscdk.EngineVersion_OPENSEARCH_1_0(),
	capacity: &capacityConfig{
		masterNodes: jsii.Number(5),
		dataNodes: jsii.Number(20),
	},
	ebs: &ebsOptions{
		volumeSize: jsii.Number(20),
	},
	zoneAwareness: &zoneAwarenessConfig{
		availabilityZoneCount: jsii.Number(3),
	},
	logging: &loggingOptions{
		slowSearchLogEnabled: jsii.Boolean(true),
		appLogEnabled: jsii.Boolean(true),
		slowIndexLogEnabled: jsii.Boolean(true),
	},
})

This creates an Amazon OpenSearch Service cluster and automatically sets up log groups for logging the domain logs and slow search logs.

A note about SLR

Some cluster configurations (e.g VPC access) require the existence of the AWSServiceRoleForAmazonElasticsearchService Service-Linked Role.

When performing such operations via the AWS Console, this SLR is created automatically when needed. However, this is not the behavior when using CloudFormation. If an SLR is needed, but doesn't exist, you will encounter a failure message similar to:

Before you can proceed, you must enable a service-linked role to give Amazon OpenSearch Service...

To resolve this, you need to create the SLR. We recommend using the AWS CLI:

aws iam create-service-linked-role --aws-service-name es.amazonaws.com

You can also create it using the CDK, but note that only the first application deploying this will succeed:

slr := iam.NewCfnServiceLinkedRole(this, jsii.String("Service Linked Role"), &cfnServiceLinkedRoleProps{
	awsServiceName: jsii.String("es.amazonaws.com"),
})

Importing existing domains

Using a known domain endpoint

To import an existing domain into your CDK application, use the Domain.fromDomainEndpoint factory method. This method accepts a domain endpoint of an already existing domain:

domainEndpoint := "https://my-domain-jcjotrt6f7otem4sqcwbch3c4u.us-east-1.es.amazonaws.com"
domain := awscdk.Domain.fromDomainEndpoint(this, jsii.String("ImportedDomain"), domainEndpoint)
Using the output of another CloudFormation stack

To import an existing domain with the help of an exported value from another CloudFormation stack, use the Domain.fromDomainAttributes factory method. This will accept tokens.

domainArn := awscdk.Fn.importValue(jsii.String("another-cf-stack-export-domain-arn"))
domainEndpoint := awscdk.Fn.importValue(jsii.String("another-cf-stack-export-domain-endpoint"))
domain := awscdk.Domain.fromDomainAttributes(this, jsii.String("ImportedDomain"), &domainAttributes{
	domainArn: jsii.String(domainArn),
	domainEndpoint: jsii.String(domainEndpoint),
})

Permissions

IAM

Helper methods also exist for managing access to the domain.

var fn function
var domain domain


// Grant write access to the app-search index
domain.grantIndexWrite(jsii.String("app-search"), fn)

// Grant read access to the 'app-search/_search' path
domain.grantPathRead(jsii.String("app-search/_search"), fn)

Encryption

The domain can also be created with encryption enabled:

domain := awscdk.NewDomain(this, jsii.String("Domain"), &domainProps{
	version: awscdk.EngineVersion_OPENSEARCH_1_0(),
	ebs: &ebsOptions{
		volumeSize: jsii.Number(100),
		volumeType: ec2.ebsDeviceVolumeType_GENERAL_PURPOSE_SSD,
	},
	nodeToNodeEncryption: jsii.Boolean(true),
	encryptionAtRest: &encryptionAtRestOptions{
		enabled: jsii.Boolean(true),
	},
})

This sets up the domain with node to node encryption and encryption at rest. You can also choose to supply your own KMS key to use for encryption at rest.

VPC Support

Domains can be placed inside a VPC, providing a secure communication between Amazon OpenSearch Service and other services within the VPC without the need for an internet gateway, NAT device, or VPN connection.

Visit VPC Support for Amazon OpenSearch Service Domains for more details.

vpc := ec2.NewVpc(this, jsii.String("Vpc"))
domainProps := &domainProps{
	version: awscdk.EngineVersion_OPENSEARCH_1_0(),
	removalPolicy: awscdk.RemovalPolicy_DESTROY,
	vpc: vpc,
	// must be enabled since our VPC contains multiple private subnets.
	zoneAwareness: &zoneAwarenessConfig{
		enabled: jsii.Boolean(true),
	},
	capacity: &capacityConfig{
		// must be an even number since the default az count is 2.
		dataNodes: jsii.Number(2),
	},
}
awscdk.NewDomain(this, jsii.String("Domain"), domainProps)

In addition, you can use the vpcSubnets property to control which specific subnets will be used, and the securityGroups property to control which security groups will be attached to the domain. By default, CDK will select all private subnets in the VPC, and create one dedicated security group.

Metrics

Helper methods exist to access common domain metrics for example:

var domain domain

freeStorageSpace := domain.metricFreeStorageSpace()
masterSysMemoryUtilization := domain.metric(jsii.String("MasterSysMemoryUtilization"))

This module is part of the AWS Cloud Development Kit project.

Fine grained access control

The domain can also be created with a master user configured. The password can be supplied or dynamically created if not supplied.

domain := awscdk.NewDomain(this, jsii.String("Domain"), &domainProps{
	version: awscdk.EngineVersion_OPENSEARCH_1_0(),
	enforceHttps: jsii.Boolean(true),
	nodeToNodeEncryption: jsii.Boolean(true),
	encryptionAtRest: &encryptionAtRestOptions{
		enabled: jsii.Boolean(true),
	},
	fineGrainedAccessControl: &advancedSecurityOptions{
		masterUserName: jsii.String("master-user"),
	},
})

masterUserPassword := domain.masterUserPassword

Using unsigned basic auth

For convenience, the domain can be configured to allow unsigned HTTP requests that use basic auth. Unless the domain is configured to be part of a VPC this means anyone can access the domain using the configured master username and password.

To enable unsigned basic auth access the domain is configured with an access policy that allows anonymous requests, HTTPS required, node to node encryption, encryption at rest and fine grained access control.

If the above settings are not set they will be configured as part of enabling unsigned basic auth. If they are set with conflicting values, an error will be thrown.

If no master user is configured a default master user is created with the username admin.

If no password is configured a default master user password is created and stored in the AWS Secrets Manager as secret. The secret has the prefix <domain id>MasterUser.

domain := awscdk.NewDomain(this, jsii.String("Domain"), &domainProps{
	version: awscdk.EngineVersion_OPENSEARCH_1_0(),
	useUnsignedBasicAuth: jsii.Boolean(true),
})

masterUserPassword := domain.masterUserPassword

Custom access policies

If the domain requires custom access control it can be configured either as a constructor property, or later by means of a helper method.

For simple permissions the accessPolicies constructor may be sufficient:

domain := awscdk.NewDomain(this, jsii.String("Domain"), &domainProps{
	version: awscdk.EngineVersion_OPENSEARCH_1_0(),
	accessPolicies: []policyStatement{
		iam.NewPolicyStatement(&policyStatementProps{
			actions: []*string{
				jsii.String("es:*ESHttpPost"),
				jsii.String("es:ESHttpPut*"),
			},
			effect: iam.effect_ALLOW,
			principals: []iPrincipal{
				iam.NewAccountPrincipal(jsii.String("123456789012")),
			},
			resources: []*string{
				jsii.String("*"),
			},
		}),
	},
})

For more complex use-cases, for example, to set the domain up to receive data from a cross-account Kinesis Firehose the addAccessPolicies helper method allows for policies that include the explicit domain ARN.

domain := awscdk.NewDomain(this, jsii.String("Domain"), &domainProps{
	version: awscdk.EngineVersion_OPENSEARCH_1_0(),
})
domain.addAccessPolicies(
iam.NewPolicyStatement(&policyStatementProps{
	actions: []*string{
		jsii.String("es:ESHttpPost"),
		jsii.String("es:ESHttpPut"),
	},
	effect: iam.effect_ALLOW,
	principals: []iPrincipal{
		iam.NewAccountPrincipal(jsii.String("123456789012")),
	},
	resources: []*string{
		domain.domainArn,
		fmt.Sprintf("%v/*", domain.domainArn),
	},
}),
iam.NewPolicyStatement(&policyStatementProps{
	actions: []*string{
		jsii.String("es:ESHttpGet"),
	},
	effect: iam.*effect_ALLOW,
	principals: []*iPrincipal{
		iam.NewAccountPrincipal(jsii.String("123456789012")),
	},
	resources: []*string{
		fmt.Sprintf("%v/_all/_settings", domain.domainArn),
		fmt.Sprintf("%v/_cluster/stats", domain.domainArn),
		fmt.Sprintf("%v/index-name*/_mapping/type-name", domain.domainArn),
		fmt.Sprintf("%v/roletest*/_mapping/roletest", domain.domainArn),
		fmt.Sprintf("%v/_nodes", domain.domainArn),
		fmt.Sprintf("%v/_nodes/stats", domain.domainArn),
		fmt.Sprintf("%v/_nodes/*/stats", domain.domainArn),
		fmt.Sprintf("%v/_stats", domain.domainArn),
		fmt.Sprintf("%v/index-name*/_stats", domain.domainArn),
		fmt.Sprintf("%v/roletest*/_stat", domain.domainArn),
	},
}))

Audit logs

Audit logs can be enabled for a domain, but only when fine grained access control is enabled.

domain := awscdk.NewDomain(this, jsii.String("Domain"), &domainProps{
	version: awscdk.EngineVersion_OPENSEARCH_1_0(),
	enforceHttps: jsii.Boolean(true),
	nodeToNodeEncryption: jsii.Boolean(true),
	encryptionAtRest: &encryptionAtRestOptions{
		enabled: jsii.Boolean(true),
	},
	fineGrainedAccessControl: &advancedSecurityOptions{
		masterUserName: jsii.String("master-user"),
	},
	logging: &loggingOptions{
		auditLogEnabled: jsii.Boolean(true),
		slowSearchLogEnabled: jsii.Boolean(true),
		appLogEnabled: jsii.Boolean(true),
		slowIndexLogEnabled: jsii.Boolean(true),
	},
})

UltraWarm

UltraWarm nodes can be enabled to provide a cost-effective way to store large amounts of read-only data.

domain := awscdk.NewDomain(this, jsii.String("Domain"), &domainProps{
	version: awscdk.EngineVersion_OPENSEARCH_1_0(),
	capacity: &capacityConfig{
		masterNodes: jsii.Number(2),
		warmNodes: jsii.Number(2),
		warmInstanceType: jsii.String("ultrawarm1.medium.search"),
	},
})

Custom endpoint

Custom endpoints can be configured to reach the domain under a custom domain name.

awscdk.NewDomain(this, jsii.String("Domain"), &domainProps{
	version: awscdk.EngineVersion_OPENSEARCH_1_0(),
	customEndpoint: &customEndpointOptions{
		domainName: jsii.String("search.example.com"),
	},
})

It is also possible to specify a custom certificate instead of the auto-generated one.

Additionally, an automatic CNAME-Record is created if a hosted zone is provided for the custom endpoint

Advanced options

Advanced options can used to configure additional options.

awscdk.NewDomain(this, jsii.String("Domain"), &domainProps{
	version: awscdk.EngineVersion_OPENSEARCH_1_0(),
	advancedOptions: map[string]*string{
		"rest.action.multi.allow_explicit_index": jsii.String("false"),
		"indices.fielddata.cache.size": jsii.String("25"),
		"indices.query.bool.max_clause_count": jsii.String("2048"),
	},
})

Amazon Cognito authentication for OpenSearch Dashboards

The domain can be configured to use Amazon Cognito authentication for OpenSearch Dashboards.

Visit Configuring Amazon Cognito authentication for OpenSearch Dashboards for more details.

var cognitoConfigurationRole role


domain := awscdk.NewDomain(this, jsii.String("Domain"), &domainProps{
	version: awscdk.EngineVersion_OPENSEARCH_1_0(),
	cognitoDashboardsAuth: &cognitoOptions{
		role: cognitoConfigurationRole,
		identityPoolId: jsii.String("example-identity-pool-id"),
		userPoolId: jsii.String("example-user-pool-id"),
	},
})

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CfnDomain_CFN_RESOURCE_TYPE_NAME

func CfnDomain_CFN_RESOURCE_TYPE_NAME() *string

func CfnDomain_IsCfnElement

func CfnDomain_IsCfnElement(x interface{}) *bool

Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).

Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.

Returns: The construct as a stack element or undefined if it is not a stack element.

func CfnDomain_IsCfnResource

func CfnDomain_IsCfnResource(construct constructs.IConstruct) *bool

Check whether the given construct is a CfnResource.

func CfnDomain_IsConstruct

func CfnDomain_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func Domain_IsConstruct

func Domain_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func Domain_IsOwnedResource added in v2.32.0

func Domain_IsOwnedResource(construct constructs.IConstruct) *bool

Returns true if the construct was created by CDK, and false otherwise.

func Domain_IsResource

func Domain_IsResource(construct constructs.IConstruct) *bool

Check whether the given construct is a Resource.

func NewCfnDomain_Override

func NewCfnDomain_Override(c CfnDomain, scope constructs.Construct, id *string, props *CfnDomainProps)

Create a new `AWS::OpenSearchService::Domain`.

func NewDomain_Override

func NewDomain_Override(d Domain, scope constructs.Construct, id *string, props *DomainProps)

Types

type AdvancedSecurityOptions

type AdvancedSecurityOptions struct {
	// ARN for the master user.
	//
	// Only specify this or masterUserName, but not both.
	MasterUserArn *string `field:"optional" json:"masterUserArn" yaml:"masterUserArn"`
	// Username for the master user.
	//
	// Only specify this or masterUserArn, but not both.
	MasterUserName *string `field:"optional" json:"masterUserName" yaml:"masterUserName"`
	// Password for the master user.
	//
	// You can use `SecretValue.unsafePlainText` to specify a password in plain text or
	// use `secretsmanager.Secret.fromSecretAttributes` to reference a secret in
	// Secrets Manager.
	MasterUserPassword awscdk.SecretValue `field:"optional" json:"masterUserPassword" yaml:"masterUserPassword"`
}

Specifies options for fine-grained access control.

Example:

domain := awscdk.NewDomain(this, jsii.String("Domain"), &domainProps{
	version: awscdk.EngineVersion_OPENSEARCH_1_0(),
	enforceHttps: jsii.Boolean(true),
	nodeToNodeEncryption: jsii.Boolean(true),
	encryptionAtRest: &encryptionAtRestOptions{
		enabled: jsii.Boolean(true),
	},
	fineGrainedAccessControl: &advancedSecurityOptions{
		masterUserName: jsii.String("master-user"),
	},
	logging: &loggingOptions{
		auditLogEnabled: jsii.Boolean(true),
		slowSearchLogEnabled: jsii.Boolean(true),
		appLogEnabled: jsii.Boolean(true),
		slowIndexLogEnabled: jsii.Boolean(true),
	},
})

type CapacityConfig

type CapacityConfig struct {
	// The instance type for your data nodes, such as `m3.medium.search`. For valid values, see [Supported Instance Types](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/supported-instance-types.html) in the Amazon OpenSearch Service Developer Guide.
	DataNodeInstanceType *string `field:"optional" json:"dataNodeInstanceType" yaml:"dataNodeInstanceType"`
	// The number of data nodes (instances) to use in the Amazon OpenSearch Service domain.
	DataNodes *float64 `field:"optional" json:"dataNodes" yaml:"dataNodes"`
	// The hardware configuration of the computer that hosts the dedicated master node, such as `m3.medium.search`. For valid values, see [Supported Instance Types] (https://docs.aws.amazon.com/opensearch-service/latest/developerguide/supported-instance-types.html) in the Amazon OpenSearch Service Developer Guide.
	MasterNodeInstanceType *string `field:"optional" json:"masterNodeInstanceType" yaml:"masterNodeInstanceType"`
	// The number of instances to use for the master node.
	MasterNodes *float64 `field:"optional" json:"masterNodes" yaml:"masterNodes"`
	// The instance type for your UltraWarm node, such as `ultrawarm1.medium.search`. For valid values, see [UltraWarm Storage Limits] (https://docs.aws.amazon.com/opensearch-service/latest/developerguide/limits.html#limits-ultrawarm) in the Amazon OpenSearch Service Developer Guide.
	WarmInstanceType *string `field:"optional" json:"warmInstanceType" yaml:"warmInstanceType"`
	// The number of UltraWarm nodes (instances) to use in the Amazon OpenSearch Service domain.
	WarmNodes *float64 `field:"optional" json:"warmNodes" yaml:"warmNodes"`
}

Configures the capacity of the cluster such as the instance type and the number of instances.

Example:

domain := awscdk.NewDomain(this, jsii.String("Domain"), &domainProps{
	version: awscdk.EngineVersion_OPENSEARCH_1_0(),
	capacity: &capacityConfig{
		masterNodes: jsii.Number(2),
		warmNodes: jsii.Number(2),
		warmInstanceType: jsii.String("ultrawarm1.medium.search"),
	},
})

type CfnDomain

type CfnDomain interface {
	awscdk.CfnResource
	awscdk.IInspectable
	// An AWS Identity and Access Management ( IAM ) policy document that specifies who can access the OpenSearch Service domain and their permissions.
	//
	// For more information, see [Configuring access policies](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/ac.html#ac-creating) in the *Amazon OpenSearch Service Developer Guide* .
	AccessPolicies() interface{}
	SetAccessPolicies(val interface{})
	// Additional options to specify for the OpenSearch Service domain.
	//
	// For more information, see [AdvancedOptions](https://docs.aws.amazon.com/opensearch-service/latest/APIReference/API_CreateDomain.html#API_CreateDomain_RequestBody) in the OpenSearch Service API reference.
	AdvancedOptions() interface{}
	SetAdvancedOptions(val interface{})
	// Specifies options for fine-grained access control.
	//
	// If you specify advanced security options, you must also enable node-to-node encryption ( [NodeToNodeEncryptionOptions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-nodetonodeencryptionoptions.html) ) and encryption at rest ( [EncryptionAtRestOptions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-encryptionatrestoptions.html) ). You must also enable `EnforceHTTPS` within [DomainEndpointOptions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-domainendpointoptions.html) , which requires HTTPS for all traffic to the domain.
	AdvancedSecurityOptions() interface{}
	SetAdvancedSecurityOptions(val interface{})
	// The Amazon Resource Name (ARN) of the domain, such as `arn:aws:es:us-west-2:123456789012:domain/mystack-1ab2cdefghij` .
	AttrArn() *string
	// The domain-specific endpoint used for requests to the OpenSearch APIs, such as `search-mystack-1ab2cdefghij-ab1c2deckoyb3hofw7wpqa3cm.us-west-1.es.amazonaws.com` .
	AttrDomainEndpoint() *string
	AttrDomainEndpoints() awscdk.IResolvable
	// The resource ID.
	//
	// For example, `123456789012/my-domain` .
	AttrId() *string
	// The timestamp, in Epoch time, until which you can manually request a service software update.
	//
	// After this date, we automatically update your service software.
	AttrServiceSoftwareOptionsAutomatedUpdateDate() *string
	// True if you're able to cancel your service software version update.
	//
	// False if you can't cancel your service software update.
	AttrServiceSoftwareOptionsCancellable() awscdk.IResolvable
	// The current service software version present on the domain.
	AttrServiceSoftwareOptionsCurrentVersion() *string
	// A description of the service software update status.
	AttrServiceSoftwareOptionsDescription() *string
	// The new service software version, if one is available.
	AttrServiceSoftwareOptionsNewVersion() *string
	// True if a service software is never automatically updated.
	//
	// False if a service software is automatically updated after the automated update date.
	AttrServiceSoftwareOptionsOptionalDeployment() awscdk.IResolvable
	// True if you're able to update your service software version.
	//
	// False if you can't update your service software version.
	AttrServiceSoftwareOptionsUpdateAvailable() awscdk.IResolvable
	// The status of your service software update.
	AttrServiceSoftwareOptionsUpdateStatus() *string
	// Options for this resource, such as condition, update policy etc.
	CfnOptions() awscdk.ICfnResourceOptions
	CfnProperties() *map[string]interface{}
	// AWS resource type.
	CfnResourceType() *string
	// Container for the cluster configuration of a domain.
	ClusterConfig() interface{}
	SetClusterConfig(val interface{})
	// Configures OpenSearch Service to use Amazon Cognito authentication for OpenSearch Dashboards.
	CognitoOptions() interface{}
	SetCognitoOptions(val interface{})
	// Returns: the stack trace of the point where this Resource was created from, sourced
	// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
	// node +internal+ entries filtered.
	CreationStack() *[]*string
	// Specifies additional options for the domain endpoint, such as whether to require HTTPS for all traffic or whether to use a custom endpoint rather than the default endpoint.
	DomainEndpointOptions() interface{}
	SetDomainEndpointOptions(val interface{})
	// A name for the OpenSearch Service domain.
	//
	// The name must have a minimum length of 3 and a maximum length of 28. If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the domain name. For more information, see [Name Type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html) .
	//
	// Required when creating a new domain.
	//
	// > If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.
	DomainName() *string
	SetDomainName(val *string)
	// The configurations of Amazon Elastic Block Store (Amazon EBS) volumes that are attached to data nodes in the OpenSearch Service domain.
	//
	// For more information, see [EBS volume size limits](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/limits.html#ebsresource) in the *Amazon OpenSearch Service Developer Guide* .
	EbsOptions() interface{}
	SetEbsOptions(val interface{})
	// Whether the domain should encrypt data at rest, and if so, the AWS KMS key to use.
	//
	// See [Encryption of data at rest for Amazon OpenSearch Service](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/encryption-at-rest.html) .
	EncryptionAtRestOptions() interface{}
	SetEncryptionAtRestOptions(val interface{})
	// The version of OpenSearch to use.
	//
	// The value must be in the format `OpenSearch_X.Y` or `Elasticsearch_X.Y` . If not specified, the latest version of OpenSearch is used. For information about the versions that OpenSearch Service supports, see [Supported versions of OpenSearch and Elasticsearch](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/what-is.html#choosing-version) in the *Amazon OpenSearch Service Developer Guide* .
	//
	// If you set the [EnableVersionUpgrade](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-updatepolicy.html#cfn-attributes-updatepolicy-upgradeopensearchdomain) update policy to `true` , you can update `EngineVersion` without interruption. When `EnableVersionUpgrade` is set to `false` , or is not specified, updating `EngineVersion` results in [replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) .
	EngineVersion() *string
	SetEngineVersion(val *string)
	// The logical ID for this CloudFormation stack element.
	//
	// The logical ID of the element
	// is calculated from the path of the resource node in the construct tree.
	//
	// To override this value, use `overrideLogicalId(newLogicalId)`.
	//
	// Returns: the logical ID as a stringified token. This value will only get
	// resolved during synthesis.
	LogicalId() *string
	// An object with one or more of the following keys: `SEARCH_SLOW_LOGS` , `ES_APPLICATION_LOGS` , `INDEX_SLOW_LOGS` , `AUDIT_LOGS` , depending on the types of logs you want to publish.
	//
	// Each key needs a valid `LogPublishingOption` value. For the full syntax, see the [examples](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html#aws-resource-opensearchservice-domain--examples) .
	LogPublishingOptions() interface{}
	SetLogPublishingOptions(val interface{})
	// The tree node.
	Node() constructs.Node
	// Specifies whether node-to-node encryption is enabled.
	//
	// See [Node-to-node encryption for Amazon OpenSearch Service](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/ntn.html) .
	NodeToNodeEncryptionOptions() interface{}
	SetNodeToNodeEncryptionOptions(val interface{})
	// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
	//
	// If, by any chance, the intrinsic reference of a resource is not a string, you could
	// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
	Ref() *string
	// *DEPRECATED* .
	//
	// The automated snapshot configuration for the OpenSearch Service domain indexes.
	SnapshotOptions() interface{}
	SetSnapshotOptions(val interface{})
	// The stack in which this element is defined.
	//
	// CfnElements must be defined within a stack scope (directly or indirectly).
	Stack() awscdk.Stack
	// An arbitrary set of tags (key–value pairs) to associate with the OpenSearch Service domain.
	Tags() awscdk.TagManager
	// Deprecated.
	// Deprecated: use `updatedProperties`
	//
	// Return properties modified after initiation
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperites() *map[string]interface{}
	// Return properties modified after initiation.
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperties() *map[string]interface{}
	// The virtual private cloud (VPC) configuration for the OpenSearch Service domain.
	//
	// For more information, see [Launching your Amazon OpenSearch Service domains within a VPC](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/vpc.html) in the *Amazon OpenSearch Service Developer Guide* .
	//
	// If you remove this entity altogether, along with its associated properties, it causes a replacement. You might encounter this scenario if you're updating your security configuration from a VPC to a public endpoint.
	VpcOptions() interface{}
	SetVpcOptions(val interface{})
	// Syntactic sugar for `addOverride(path, undefined)`.
	AddDeletionOverride(path *string)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	//
	// This can be used for resources across stacks (or nested stack) boundaries
	// and the dependency will automatically be transferred to the relevant scope.
	AddDependency(target awscdk.CfnResource)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	// Deprecated: use addDependency.
	AddDependsOn(target awscdk.CfnResource)
	// Add a value to the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	AddMetadata(key *string, value interface{})
	// Adds an override to the synthesized CloudFormation resource.
	//
	// To add a
	// property override, either use `addPropertyOverride` or prefix `path` with
	// "Properties." (i.e. `Properties.TopicName`).
	//
	// If the override is nested, separate each nested level using a dot (.) in the path parameter.
	// If there is an array as part of the nesting, specify the index in the path.
	//
	// To include a literal `.` in the property name, prefix with a `\`. In most
	// programming languages you will need to write this as `"\\."` because the
	// `\` itself will need to be escaped.
	//
	// For example,
	// “`typescript
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
	// “`
	// would add the overrides
	// “`json
	// "Properties": {
	//    "GlobalSecondaryIndexes": [
	//      {
	//        "Projection": {
	//          "NonKeyAttributes": [ "myattribute" ]
	//          ...
	//        }
	//        ...
	//      },
	//      {
	//        "ProjectionType": "INCLUDE"
	//        ...
	//      },
	//    ]
	//    ...
	// }
	// “`
	//
	// The `value` argument to `addOverride` will not be processed or translated
	// in any way. Pass raw JSON values in here with the correct capitalization
	// for CloudFormation. If you pass CDK classes or structs, they will be
	// rendered with lowercased key names, and CloudFormation will reject the
	// template.
	AddOverride(path *string, value interface{})
	// Adds an override that deletes the value of a property from the resource definition.
	AddPropertyDeletionOverride(propertyPath *string)
	// Adds an override to a resource property.
	//
	// Syntactic sugar for `addOverride("Properties.<...>", value)`.
	AddPropertyOverride(propertyPath *string, value interface{})
	// Sets the deletion policy of the resource based on the removal policy specified.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some
	// cases, a snapshot can be taken of the resource prior to deletion
	// (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy
	// can be found in the following link:.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options
	//
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
	// Returns a token for an runtime attribute of this resource.
	//
	// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
	// in case there is no generated attribute.
	GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference
	// Retrieve a value value from the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	GetMetadata(key *string) interface{}
	// Examines the CloudFormation resource and discloses attributes.
	Inspect(inspector awscdk.TreeInspector)
	// Retrieves an array of resources this resource depends on.
	//
	// This assembles dependencies on resources across stacks (including nested stacks)
	// automatically.
	ObtainDependencies() *[]interface{}
	// Get a shallow copy of dependencies between this resource and other resources in the same stack.
	ObtainResourceDependencies() *[]awscdk.CfnResource
	// Overrides the auto-generated logical ID with a specific ID.
	OverrideLogicalId(newLogicalId *string)
	// Indicates that this resource no longer depends on another resource.
	//
	// This can be used for resources across stacks (including nested stacks)
	// and the dependency will automatically be removed from the relevant scope.
	RemoveDependency(target awscdk.CfnResource)
	RenderProperties(props *map[string]interface{}) *map[string]interface{}
	// Replaces one dependency with another.
	ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource)
	// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
	//
	// Returns: `true` if the resource should be included or `false` is the resource
	// should be omitted.
	ShouldSynthesize() *bool
	// Returns a string representation of this construct.
	//
	// Returns: a string representation of this resource.
	ToString() *string
	ValidateProperties(_properties interface{})
}

A CloudFormation `AWS::OpenSearchService::Domain`.

The AWS::OpenSearchService::Domain resource creates an Amazon OpenSearch Service domain.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

var accessPolicies interface{}

cfnDomain := awscdk.Aws_opensearchservice.NewCfnDomain(this, jsii.String("MyCfnDomain"), &cfnDomainProps{
	accessPolicies: accessPolicies,
	advancedOptions: map[string]*string{
		"advancedOptionsKey": jsii.String("advancedOptions"),
	},
	advancedSecurityOptions: &advancedSecurityOptionsInputProperty{
		enabled: jsii.Boolean(false),
		internalUserDatabaseEnabled: jsii.Boolean(false),
		masterUserOptions: &masterUserOptionsProperty{
			masterUserArn: jsii.String("masterUserArn"),
			masterUserName: jsii.String("masterUserName"),
			masterUserPassword: jsii.String("masterUserPassword"),
		},
	},
	clusterConfig: &clusterConfigProperty{
		dedicatedMasterCount: jsii.Number(123),
		dedicatedMasterEnabled: jsii.Boolean(false),
		dedicatedMasterType: jsii.String("dedicatedMasterType"),
		instanceCount: jsii.Number(123),
		instanceType: jsii.String("instanceType"),
		warmCount: jsii.Number(123),
		warmEnabled: jsii.Boolean(false),
		warmType: jsii.String("warmType"),
		zoneAwarenessConfig: &zoneAwarenessConfigProperty{
			availabilityZoneCount: jsii.Number(123),
		},
		zoneAwarenessEnabled: jsii.Boolean(false),
	},
	cognitoOptions: &cognitoOptionsProperty{
		enabled: jsii.Boolean(false),
		identityPoolId: jsii.String("identityPoolId"),
		roleArn: jsii.String("roleArn"),
		userPoolId: jsii.String("userPoolId"),
	},
	domainEndpointOptions: &domainEndpointOptionsProperty{
		customEndpoint: jsii.String("customEndpoint"),
		customEndpointCertificateArn: jsii.String("customEndpointCertificateArn"),
		customEndpointEnabled: jsii.Boolean(false),
		enforceHttps: jsii.Boolean(false),
		tlsSecurityPolicy: jsii.String("tlsSecurityPolicy"),
	},
	domainName: jsii.String("domainName"),
	ebsOptions: &eBSOptionsProperty{
		ebsEnabled: jsii.Boolean(false),
		iops: jsii.Number(123),
		throughput: jsii.Number(123),
		volumeSize: jsii.Number(123),
		volumeType: jsii.String("volumeType"),
	},
	encryptionAtRestOptions: &encryptionAtRestOptionsProperty{
		enabled: jsii.Boolean(false),
		kmsKeyId: jsii.String("kmsKeyId"),
	},
	engineVersion: jsii.String("engineVersion"),
	logPublishingOptions: map[string]interface{}{
		"logPublishingOptionsKey": &LogPublishingOptionProperty{
			"cloudWatchLogsLogGroupArn": jsii.String("cloudWatchLogsLogGroupArn"),
			"enabled": jsii.Boolean(false),
		},
	},
	nodeToNodeEncryptionOptions: &nodeToNodeEncryptionOptionsProperty{
		enabled: jsii.Boolean(false),
	},
	snapshotOptions: &snapshotOptionsProperty{
		automatedSnapshotStartHour: jsii.Number(123),
	},
	tags: []cfnTag{
		&cfnTag{
			key: jsii.String("key"),
			value: jsii.String("value"),
		},
	},
	vpcOptions: &vPCOptionsProperty{
		securityGroupIds: []*string{
			jsii.String("securityGroupIds"),
		},
		subnetIds: []*string{
			jsii.String("subnetIds"),
		},
	},
})

func NewCfnDomain

func NewCfnDomain(scope constructs.Construct, id *string, props *CfnDomainProps) CfnDomain

Create a new `AWS::OpenSearchService::Domain`.

type CfnDomainProps

type CfnDomainProps struct {
	// An AWS Identity and Access Management ( IAM ) policy document that specifies who can access the OpenSearch Service domain and their permissions.
	//
	// For more information, see [Configuring access policies](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/ac.html#ac-creating) in the *Amazon OpenSearch Service Developer Guide* .
	AccessPolicies interface{} `field:"optional" json:"accessPolicies" yaml:"accessPolicies"`
	// Additional options to specify for the OpenSearch Service domain.
	//
	// For more information, see [AdvancedOptions](https://docs.aws.amazon.com/opensearch-service/latest/APIReference/API_CreateDomain.html#API_CreateDomain_RequestBody) in the OpenSearch Service API reference.
	AdvancedOptions interface{} `field:"optional" json:"advancedOptions" yaml:"advancedOptions"`
	// Specifies options for fine-grained access control.
	//
	// If you specify advanced security options, you must also enable node-to-node encryption ( [NodeToNodeEncryptionOptions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-nodetonodeencryptionoptions.html) ) and encryption at rest ( [EncryptionAtRestOptions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-encryptionatrestoptions.html) ). You must also enable `EnforceHTTPS` within [DomainEndpointOptions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-domainendpointoptions.html) , which requires HTTPS for all traffic to the domain.
	AdvancedSecurityOptions interface{} `field:"optional" json:"advancedSecurityOptions" yaml:"advancedSecurityOptions"`
	// Container for the cluster configuration of a domain.
	ClusterConfig interface{} `field:"optional" json:"clusterConfig" yaml:"clusterConfig"`
	// Configures OpenSearch Service to use Amazon Cognito authentication for OpenSearch Dashboards.
	CognitoOptions interface{} `field:"optional" json:"cognitoOptions" yaml:"cognitoOptions"`
	// Specifies additional options for the domain endpoint, such as whether to require HTTPS for all traffic or whether to use a custom endpoint rather than the default endpoint.
	DomainEndpointOptions interface{} `field:"optional" json:"domainEndpointOptions" yaml:"domainEndpointOptions"`
	// A name for the OpenSearch Service domain.
	//
	// The name must have a minimum length of 3 and a maximum length of 28. If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the domain name. For more information, see [Name Type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html) .
	//
	// Required when creating a new domain.
	//
	// > If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.
	DomainName *string `field:"optional" json:"domainName" yaml:"domainName"`
	// The configurations of Amazon Elastic Block Store (Amazon EBS) volumes that are attached to data nodes in the OpenSearch Service domain.
	//
	// For more information, see [EBS volume size limits](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/limits.html#ebsresource) in the *Amazon OpenSearch Service Developer Guide* .
	EbsOptions interface{} `field:"optional" json:"ebsOptions" yaml:"ebsOptions"`
	// Whether the domain should encrypt data at rest, and if so, the AWS KMS key to use.
	//
	// See [Encryption of data at rest for Amazon OpenSearch Service](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/encryption-at-rest.html) .
	EncryptionAtRestOptions interface{} `field:"optional" json:"encryptionAtRestOptions" yaml:"encryptionAtRestOptions"`
	// The version of OpenSearch to use.
	//
	// The value must be in the format `OpenSearch_X.Y` or `Elasticsearch_X.Y` . If not specified, the latest version of OpenSearch is used. For information about the versions that OpenSearch Service supports, see [Supported versions of OpenSearch and Elasticsearch](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/what-is.html#choosing-version) in the *Amazon OpenSearch Service Developer Guide* .
	//
	// If you set the [EnableVersionUpgrade](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-updatepolicy.html#cfn-attributes-updatepolicy-upgradeopensearchdomain) update policy to `true` , you can update `EngineVersion` without interruption. When `EnableVersionUpgrade` is set to `false` , or is not specified, updating `EngineVersion` results in [replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) .
	EngineVersion *string `field:"optional" json:"engineVersion" yaml:"engineVersion"`
	// An object with one or more of the following keys: `SEARCH_SLOW_LOGS` , `ES_APPLICATION_LOGS` , `INDEX_SLOW_LOGS` , `AUDIT_LOGS` , depending on the types of logs you want to publish.
	//
	// Each key needs a valid `LogPublishingOption` value. For the full syntax, see the [examples](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html#aws-resource-opensearchservice-domain--examples) .
	LogPublishingOptions interface{} `field:"optional" json:"logPublishingOptions" yaml:"logPublishingOptions"`
	// Specifies whether node-to-node encryption is enabled.
	//
	// See [Node-to-node encryption for Amazon OpenSearch Service](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/ntn.html) .
	NodeToNodeEncryptionOptions interface{} `field:"optional" json:"nodeToNodeEncryptionOptions" yaml:"nodeToNodeEncryptionOptions"`
	// *DEPRECATED* .
	//
	// The automated snapshot configuration for the OpenSearch Service domain indexes.
	SnapshotOptions interface{} `field:"optional" json:"snapshotOptions" yaml:"snapshotOptions"`
	// An arbitrary set of tags (key–value pairs) to associate with the OpenSearch Service domain.
	Tags *[]*awscdk.CfnTag `field:"optional" json:"tags" yaml:"tags"`
	// The virtual private cloud (VPC) configuration for the OpenSearch Service domain.
	//
	// For more information, see [Launching your Amazon OpenSearch Service domains within a VPC](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/vpc.html) in the *Amazon OpenSearch Service Developer Guide* .
	//
	// If you remove this entity altogether, along with its associated properties, it causes a replacement. You might encounter this scenario if you're updating your security configuration from a VPC to a public endpoint.
	VpcOptions interface{} `field:"optional" json:"vpcOptions" yaml:"vpcOptions"`
}

Properties for defining a `CfnDomain`.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

var accessPolicies interface{}

cfnDomainProps := &cfnDomainProps{
	accessPolicies: accessPolicies,
	advancedOptions: map[string]*string{
		"advancedOptionsKey": jsii.String("advancedOptions"),
	},
	advancedSecurityOptions: &advancedSecurityOptionsInputProperty{
		enabled: jsii.Boolean(false),
		internalUserDatabaseEnabled: jsii.Boolean(false),
		masterUserOptions: &masterUserOptionsProperty{
			masterUserArn: jsii.String("masterUserArn"),
			masterUserName: jsii.String("masterUserName"),
			masterUserPassword: jsii.String("masterUserPassword"),
		},
	},
	clusterConfig: &clusterConfigProperty{
		dedicatedMasterCount: jsii.Number(123),
		dedicatedMasterEnabled: jsii.Boolean(false),
		dedicatedMasterType: jsii.String("dedicatedMasterType"),
		instanceCount: jsii.Number(123),
		instanceType: jsii.String("instanceType"),
		warmCount: jsii.Number(123),
		warmEnabled: jsii.Boolean(false),
		warmType: jsii.String("warmType"),
		zoneAwarenessConfig: &zoneAwarenessConfigProperty{
			availabilityZoneCount: jsii.Number(123),
		},
		zoneAwarenessEnabled: jsii.Boolean(false),
	},
	cognitoOptions: &cognitoOptionsProperty{
		enabled: jsii.Boolean(false),
		identityPoolId: jsii.String("identityPoolId"),
		roleArn: jsii.String("roleArn"),
		userPoolId: jsii.String("userPoolId"),
	},
	domainEndpointOptions: &domainEndpointOptionsProperty{
		customEndpoint: jsii.String("customEndpoint"),
		customEndpointCertificateArn: jsii.String("customEndpointCertificateArn"),
		customEndpointEnabled: jsii.Boolean(false),
		enforceHttps: jsii.Boolean(false),
		tlsSecurityPolicy: jsii.String("tlsSecurityPolicy"),
	},
	domainName: jsii.String("domainName"),
	ebsOptions: &eBSOptionsProperty{
		ebsEnabled: jsii.Boolean(false),
		iops: jsii.Number(123),
		throughput: jsii.Number(123),
		volumeSize: jsii.Number(123),
		volumeType: jsii.String("volumeType"),
	},
	encryptionAtRestOptions: &encryptionAtRestOptionsProperty{
		enabled: jsii.Boolean(false),
		kmsKeyId: jsii.String("kmsKeyId"),
	},
	engineVersion: jsii.String("engineVersion"),
	logPublishingOptions: map[string]interface{}{
		"logPublishingOptionsKey": &LogPublishingOptionProperty{
			"cloudWatchLogsLogGroupArn": jsii.String("cloudWatchLogsLogGroupArn"),
			"enabled": jsii.Boolean(false),
		},
	},
	nodeToNodeEncryptionOptions: &nodeToNodeEncryptionOptionsProperty{
		enabled: jsii.Boolean(false),
	},
	snapshotOptions: &snapshotOptionsProperty{
		automatedSnapshotStartHour: jsii.Number(123),
	},
	tags: []cfnTag{
		&cfnTag{
			key: jsii.String("key"),
			value: jsii.String("value"),
		},
	},
	vpcOptions: &vPCOptionsProperty{
		securityGroupIds: []*string{
			jsii.String("securityGroupIds"),
		},
		subnetIds: []*string{
			jsii.String("subnetIds"),
		},
	},
}

type CfnDomain_AdvancedSecurityOptionsInputProperty

type CfnDomain_AdvancedSecurityOptionsInputProperty struct {
	// True to enable fine-grained access control.
	//
	// You must also enable encryption of data at rest and node-to-node encryption. See [Fine-grained access control in Amazon OpenSearch Service](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/fgac.html) .
	Enabled interface{} `field:"optional" json:"enabled" yaml:"enabled"`
	// True to enable the internal user database.
	InternalUserDatabaseEnabled interface{} `field:"optional" json:"internalUserDatabaseEnabled" yaml:"internalUserDatabaseEnabled"`
	// Specifies information about the master user.
	MasterUserOptions interface{} `field:"optional" json:"masterUserOptions" yaml:"masterUserOptions"`
}

Specifies options for fine-grained access control.

If you specify advanced security options, you must also enable node-to-node encryption ( [NodeToNodeEncryptionOptions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-nodetonodeencryptionoptions.html) ) and encryption at rest ( EncryptionAtRestOptions(https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-encryptionatrestoptions.html) ). You must also enable `EnforceHTTPS` within [DomainEndpointOptions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-domainendpointoptions.html) , which requires HTTPS for all traffic to the domain.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

advancedSecurityOptionsInputProperty := &advancedSecurityOptionsInputProperty{
	enabled: jsii.Boolean(false),
	internalUserDatabaseEnabled: jsii.Boolean(false),
	masterUserOptions: &masterUserOptionsProperty{
		masterUserArn: jsii.String("masterUserArn"),
		masterUserName: jsii.String("masterUserName"),
		masterUserPassword: jsii.String("masterUserPassword"),
	},
}

type CfnDomain_ClusterConfigProperty

type CfnDomain_ClusterConfigProperty struct {
	// The number of instances to use for the master node.
	//
	// If you specify this property, you must specify `true` for the `DedicatedMasterEnabled` property.
	DedicatedMasterCount *float64 `field:"optional" json:"dedicatedMasterCount" yaml:"dedicatedMasterCount"`
	// Indicates whether to use a dedicated master node for the OpenSearch Service domain.
	//
	// A dedicated master node is a cluster node that performs cluster management tasks, but doesn't hold data or respond to data upload requests. Dedicated master nodes offload cluster management tasks to increase the stability of your search clusters. See [Dedicated master nodes in Amazon OpenSearch Service](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/managedomains-dedicatedmasternodes.html) .
	DedicatedMasterEnabled interface{} `field:"optional" json:"dedicatedMasterEnabled" yaml:"dedicatedMasterEnabled"`
	// The hardware configuration of the computer that hosts the dedicated master node, such as `m3.medium.search` . If you specify this property, you must specify `true` for the `DedicatedMasterEnabled` property. For valid values, see [Supported instance types in Amazon OpenSearch Service](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/supported-instance-types.html) .
	DedicatedMasterType *string `field:"optional" json:"dedicatedMasterType" yaml:"dedicatedMasterType"`
	// The number of data nodes (instances) to use in the OpenSearch Service domain.
	InstanceCount *float64 `field:"optional" json:"instanceCount" yaml:"instanceCount"`
	// The instance type for your data nodes, such as `m3.medium.search` . For valid values, see [Supported instance types in Amazon OpenSearch Service](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/supported-instance-types.html) .
	InstanceType *string `field:"optional" json:"instanceType" yaml:"instanceType"`
	// The number of warm nodes in the cluster.
	WarmCount *float64 `field:"optional" json:"warmCount" yaml:"warmCount"`
	// Whether to enable UltraWarm storage for the cluster.
	//
	// See [UltraWarm storage for Amazon OpenSearch Service](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/ultrawarm.html) .
	WarmEnabled interface{} `field:"optional" json:"warmEnabled" yaml:"warmEnabled"`
	// The instance type for the cluster's warm nodes.
	WarmType *string `field:"optional" json:"warmType" yaml:"warmType"`
	// Specifies zone awareness configuration options.
	//
	// Only use if `ZoneAwarenessEnabled` is `true` .
	ZoneAwarenessConfig interface{} `field:"optional" json:"zoneAwarenessConfig" yaml:"zoneAwarenessConfig"`
	// Indicates whether to enable zone awareness for the OpenSearch Service domain.
	//
	// When you enable zone awareness, OpenSearch Service allocates the nodes and replica index shards that belong to a cluster across two Availability Zones (AZs) in the same region to prevent data loss and minimize downtime in the event of node or data center failure. Don't enable zone awareness if your cluster has no replica index shards or is a single-node cluster. For more information, see [Configuring a multi-AZ domain in Amazon OpenSearch Service](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/managedomains-multiaz.html) .
	ZoneAwarenessEnabled interface{} `field:"optional" json:"zoneAwarenessEnabled" yaml:"zoneAwarenessEnabled"`
}

The cluster configuration for the OpenSearch Service domain.

You can specify options such as the instance type and the number of instances. For more information, see [Creating and managing Amazon OpenSearch Service domains](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/createupdatedomains.html) in the *Amazon OpenSearch Service Developer Guide* .

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

clusterConfigProperty := &clusterConfigProperty{
	dedicatedMasterCount: jsii.Number(123),
	dedicatedMasterEnabled: jsii.Boolean(false),
	dedicatedMasterType: jsii.String("dedicatedMasterType"),
	instanceCount: jsii.Number(123),
	instanceType: jsii.String("instanceType"),
	warmCount: jsii.Number(123),
	warmEnabled: jsii.Boolean(false),
	warmType: jsii.String("warmType"),
	zoneAwarenessConfig: &zoneAwarenessConfigProperty{
		availabilityZoneCount: jsii.Number(123),
	},
	zoneAwarenessEnabled: jsii.Boolean(false),
}

type CfnDomain_CognitoOptionsProperty

type CfnDomain_CognitoOptionsProperty struct {
	// Whether to enable or disable Amazon Cognito authentication for OpenSearch Dashboards.
	//
	// See [Amazon Cognito authentication for OpenSearch Dashboards](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/cognito-auth.html) .
	Enabled interface{} `field:"optional" json:"enabled" yaml:"enabled"`
	// The Amazon Cognito identity pool ID that you want OpenSearch Service to use for OpenSearch Dashboards authentication.
	//
	// Required if you enabled Cognito Authentication for OpenSearch Dashboards.
	IdentityPoolId *string `field:"optional" json:"identityPoolId" yaml:"identityPoolId"`
	// The `AmazonOpenSearchServiceCognitoAccess` role that allows OpenSearch Service to configure your user pool and identity pool.
	//
	// Required if you enabled Cognito Authentication for OpenSearch Dashboards.
	RoleArn *string `field:"optional" json:"roleArn" yaml:"roleArn"`
	// The Amazon Cognito user pool ID that you want OpenSearch Service to use for OpenSearch Dashboards authentication.
	//
	// Required if you enabled Cognito Authentication for OpenSearch Dashboards.
	UserPoolId *string `field:"optional" json:"userPoolId" yaml:"userPoolId"`
}

Configures OpenSearch Service to use Amazon Cognito authentication for OpenSearch Dashboards.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cognitoOptionsProperty := &cognitoOptionsProperty{
	enabled: jsii.Boolean(false),
	identityPoolId: jsii.String("identityPoolId"),
	roleArn: jsii.String("roleArn"),
	userPoolId: jsii.String("userPoolId"),
}

type CfnDomain_DomainEndpointOptionsProperty

type CfnDomain_DomainEndpointOptionsProperty struct {
	// The fully qualified URL for your custom endpoint.
	//
	// Required if you enabled a custom endpoint for the domain.
	CustomEndpoint *string `field:"optional" json:"customEndpoint" yaml:"customEndpoint"`
	// The AWS Certificate Manager ARN for your domain's SSL/TLS certificate.
	//
	// Required if you enabled a custom endpoint for the domain.
	CustomEndpointCertificateArn *string `field:"optional" json:"customEndpointCertificateArn" yaml:"customEndpointCertificateArn"`
	// True to enable a custom endpoint for the domain.
	//
	// If enabled, you must also provide values for `CustomEndpoint` and `CustomEndpointCertificateArn` .
	CustomEndpointEnabled interface{} `field:"optional" json:"customEndpointEnabled" yaml:"customEndpointEnabled"`
	// True to require that all traffic to the domain arrive over HTTPS.
	//
	// Required if you enable fine-grained access control in [AdvancedSecurityOptions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-advancedsecurityoptionsinput.html) .
	EnforceHttps interface{} `field:"optional" json:"enforceHttps" yaml:"enforceHttps"`
	// The minimum TLS version required for traffic to the domain. Valid values are TLS 1.0 (default) or 1.2:.
	//
	// - `Policy-Min-TLS-1-0-2019-07`
	// - `Policy-Min-TLS-1-2-2019-07`.
	TlsSecurityPolicy *string `field:"optional" json:"tlsSecurityPolicy" yaml:"tlsSecurityPolicy"`
}

Specifies additional options for the domain endpoint, such as whether to require HTTPS for all traffic or whether to use a custom endpoint rather than the default endpoint.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

domainEndpointOptionsProperty := &domainEndpointOptionsProperty{
	customEndpoint: jsii.String("customEndpoint"),
	customEndpointCertificateArn: jsii.String("customEndpointCertificateArn"),
	customEndpointEnabled: jsii.Boolean(false),
	enforceHttps: jsii.Boolean(false),
	tlsSecurityPolicy: jsii.String("tlsSecurityPolicy"),
}

type CfnDomain_EBSOptionsProperty

type CfnDomain_EBSOptionsProperty struct {
	// Specifies whether Amazon EBS volumes are attached to data nodes in the OpenSearch Service domain.
	EbsEnabled interface{} `field:"optional" json:"ebsEnabled" yaml:"ebsEnabled"`
	// The number of I/O operations per second (IOPS) that the volume supports.
	//
	// This property applies only to the `gp3` and provisioned IOPS EBS volume types.
	Iops *float64 `field:"optional" json:"iops" yaml:"iops"`
	// The throughput (in MiB/s) of the EBS volumes attached to data nodes.
	//
	// Applies only to the `gp3` volume type.
	Throughput *float64 `field:"optional" json:"throughput" yaml:"throughput"`
	// The size (in GiB) of the EBS volume for each data node.
	//
	// The minimum and maximum size of an EBS volume depends on the EBS volume type and the instance type to which it is attached. For more information, see [EBS volume size limits](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/limits.html#ebsresource) in the *Amazon OpenSearch Service Developer Guide* .
	VolumeSize *float64 `field:"optional" json:"volumeSize" yaml:"volumeSize"`
	// The EBS volume type to use with the OpenSearch Service domain.
	//
	// If you choose `gp3` , you must also specify values for `Iops` and `Throughput` . For more information about each type, see [Amazon EBS volume types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html) in the *Amazon EC2 User Guide for Linux Instances* .
	VolumeType *string `field:"optional" json:"volumeType" yaml:"volumeType"`
}

The configurations of Amazon Elastic Block Store (Amazon EBS) volumes that are attached to data nodes in the OpenSearch Service domain.

For more information, see [EBS volume size limits](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/limits.html#ebsresource) in the *Amazon OpenSearch Service Developer Guide* .

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

eBSOptionsProperty := &eBSOptionsProperty{
	ebsEnabled: jsii.Boolean(false),
	iops: jsii.Number(123),
	throughput: jsii.Number(123),
	volumeSize: jsii.Number(123),
	volumeType: jsii.String("volumeType"),
}

type CfnDomain_EncryptionAtRestOptionsProperty

type CfnDomain_EncryptionAtRestOptionsProperty struct {
	// Specify `true` to enable encryption at rest.
	//
	// Required if you enable fine-grained access control in [AdvancedSecurityOptionsInput](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-advancedsecurityoptionsinput.html) .
	Enabled interface{} `field:"optional" json:"enabled" yaml:"enabled"`
	// The KMS key ID. Takes the form `1a2a3a4-1a2a-3a4a-5a6a-1a2a3a4a5a6a` . Required if you enable encryption at rest.
	//
	// You can also use `keyAlias` as a value.
	KmsKeyId *string `field:"optional" json:"kmsKeyId" yaml:"kmsKeyId"`
}

Whether the domain should encrypt data at rest, and if so, the AWS Key Management Service key to use.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

encryptionAtRestOptionsProperty := &encryptionAtRestOptionsProperty{
	enabled: jsii.Boolean(false),
	kmsKeyId: jsii.String("kmsKeyId"),
}

type CfnDomain_LogPublishingOptionProperty

type CfnDomain_LogPublishingOptionProperty struct {
	// Specifies the CloudWatch log group to publish to.
	//
	// Required if you enable log publishing.
	CloudWatchLogsLogGroupArn *string `field:"optional" json:"cloudWatchLogsLogGroupArn" yaml:"cloudWatchLogsLogGroupArn"`
	// If `true` , enables the publishing of logs to CloudWatch.
	//
	// Default: `false` .
	Enabled interface{} `field:"optional" json:"enabled" yaml:"enabled"`
}

Specifies whether the OpenSearch Service domain publishes application, search slow logs, or index slow logs to Amazon CloudWatch.

Each option must be an object of name `SEARCH_SLOW_LOGS` , `ES_APPLICATION_LOGS` , `INDEX_SLOW_LOGS` , or `AUDIT_LOGS` depending on the type of logs you want to publish. For the full syntax, see the [examples](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html#aws-resource-opensearchservice-domain--examples) .

Before you enable log publishing, you need to create a CloudWatch log group and provide OpenSearch Service the correct permissions to write to it. To learn more, see [Enabling log publishing ( AWS CloudFormation)](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/createdomain-configure-slow-logs.html#createdomain-configure-slow-logs-cfn) .

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

logPublishingOptionProperty := &logPublishingOptionProperty{
	cloudWatchLogsLogGroupArn: jsii.String("cloudWatchLogsLogGroupArn"),
	enabled: jsii.Boolean(false),
}

type CfnDomain_MasterUserOptionsProperty

type CfnDomain_MasterUserOptionsProperty struct {
	// Amazon Resource Name (ARN) for the master user.
	//
	// The ARN can point to an IAM user or role. This property is required for Amazon Cognito to work, and it must match the role configured for Cognito. Only specify if `InternalUserDatabaseEnabled` is false in [AdvancedSecurityOptionsInput](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-advancedsecurityoptionsinput.html) .
	MasterUserArn *string `field:"optional" json:"masterUserArn" yaml:"masterUserArn"`
	// Username for the master user. Only specify if `InternalUserDatabaseEnabled` is true in [AdvancedSecurityOptionsInput](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-advancedsecurityoptionsinput.html) .
	//
	// If you don't want to specify this value directly within the template, you can use a [dynamic reference](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/dynamic-references.html) instead.
	MasterUserName *string `field:"optional" json:"masterUserName" yaml:"masterUserName"`
	// Password for the master user. Only specify if `InternalUserDatabaseEnabled` is true in [AdvancedSecurityOptionsInput](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-advancedsecurityoptionsinput.html) .
	//
	// If you don't want to specify this value directly within the template, you can use a [dynamic reference](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/dynamic-references.html) instead.
	MasterUserPassword *string `field:"optional" json:"masterUserPassword" yaml:"masterUserPassword"`
}

Specifies information about the master user.

Required if if `InternalUserDatabaseEnabled` is true in AdvancedSecurityOptions(https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-advancedsecurityoptionsinput.html) .

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

masterUserOptionsProperty := &masterUserOptionsProperty{
	masterUserArn: jsii.String("masterUserArn"),
	masterUserName: jsii.String("masterUserName"),
	masterUserPassword: jsii.String("masterUserPassword"),
}

type CfnDomain_NodeToNodeEncryptionOptionsProperty

type CfnDomain_NodeToNodeEncryptionOptionsProperty struct {
	// Specifies to enable or disable node-to-node encryption on the domain.
	//
	// Required if you enable fine-grained access control in [AdvancedSecurityOptionsInput](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-advancedsecurityoptionsinput.html) .
	Enabled interface{} `field:"optional" json:"enabled" yaml:"enabled"`
}

Specifies options for node-to-node encryption.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

nodeToNodeEncryptionOptionsProperty := &nodeToNodeEncryptionOptionsProperty{
	enabled: jsii.Boolean(false),
}

type CfnDomain_ServiceSoftwareOptionsProperty added in v2.55.0

type CfnDomain_ServiceSoftwareOptionsProperty struct {
	// The timestamp, in Epoch time, until which you can manually request a service software update.
	//
	// After this date, we automatically update your service software.
	AutomatedUpdateDate *string `field:"optional" json:"automatedUpdateDate" yaml:"automatedUpdateDate"`
	// True if you're able to cancel your service software version update.
	//
	// False if you can't cancel your service software update.
	Cancellable interface{} `field:"optional" json:"cancellable" yaml:"cancellable"`
	// The current service software version present on the domain.
	CurrentVersion *string `field:"optional" json:"currentVersion" yaml:"currentVersion"`
	// A description of the service software update status.
	Description *string `field:"optional" json:"description" yaml:"description"`
	// The new service software version, if one is available.
	NewVersion *string `field:"optional" json:"newVersion" yaml:"newVersion"`
	// True if a service software is never automatically updated.
	//
	// False if a service software is automatically updated after the automated update date.
	OptionalDeployment interface{} `field:"optional" json:"optionalDeployment" yaml:"optionalDeployment"`
	// True if you're able to update your service software version.
	//
	// False if you can't update your service software version.
	UpdateAvailable interface{} `field:"optional" json:"updateAvailable" yaml:"updateAvailable"`
	// The status of your service software update.
	UpdateStatus *string `field:"optional" json:"updateStatus" yaml:"updateStatus"`
}

The current status of the service software for an Amazon OpenSearch Service domain.

For more information, see [Service software updates in Amazon OpenSearch Service](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/service-software.html) .

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

serviceSoftwareOptionsProperty := &serviceSoftwareOptionsProperty{
	automatedUpdateDate: jsii.String("automatedUpdateDate"),
	cancellable: jsii.Boolean(false),
	currentVersion: jsii.String("currentVersion"),
	description: jsii.String("description"),
	newVersion: jsii.String("newVersion"),
	optionalDeployment: jsii.Boolean(false),
	updateAvailable: jsii.Boolean(false),
	updateStatus: jsii.String("updateStatus"),
}

type CfnDomain_SnapshotOptionsProperty

type CfnDomain_SnapshotOptionsProperty struct {
	// The hour in UTC during which the service takes an automated daily snapshot of the indexes in the OpenSearch Service domain.
	//
	// For example, if you specify 0, OpenSearch Service takes an automated snapshot everyday between midnight and 1 am. You can specify a value between 0 and 23.
	AutomatedSnapshotStartHour *float64 `field:"optional" json:"automatedSnapshotStartHour" yaml:"automatedSnapshotStartHour"`
}

*DEPRECATED* .

This setting is only relevant to domains running legacy Elasticsearch OSS versions earlier than 5.3. It does not apply to OpenSearch domains.

The automated snapshot configuration for the OpenSearch Service domain indexes.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

snapshotOptionsProperty := &snapshotOptionsProperty{
	automatedSnapshotStartHour: jsii.Number(123),
}

type CfnDomain_VPCOptionsProperty

type CfnDomain_VPCOptionsProperty struct {
	// The list of security group IDs that are associated with the VPC endpoints for the domain.
	//
	// If you don't provide a security group ID, OpenSearch Service uses the default security group for the VPC. To learn more, see [Security groups for your VPC](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html) in the *Amazon VPC User Guide* .
	SecurityGroupIds *[]*string `field:"optional" json:"securityGroupIds" yaml:"securityGroupIds"`
	// Provide one subnet ID for each Availability Zone that your domain uses.
	//
	// For example, you must specify three subnet IDs for a three-AZ domain. To learn more, see [VPCs and subnets](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html) in the *Amazon VPC User Guide* .
	//
	// If you specify more than one subnet, you must also configure `ZoneAwarenessEnabled` and `ZoneAwarenessConfig` within [ClusterConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-clusterconfig.html) , otherwise you'll see the error "You must specify exactly one subnet" during template creation.
	SubnetIds *[]*string `field:"optional" json:"subnetIds" yaml:"subnetIds"`
}

The virtual private cloud (VPC) configuration for the OpenSearch Service domain.

For more information, see [Launching your Amazon OpenSearch Service domains using a VPC](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/vpc.html) in the *Amazon OpenSearch Service Developer Guide* .

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

vPCOptionsProperty := &vPCOptionsProperty{
	securityGroupIds: []*string{
		jsii.String("securityGroupIds"),
	},
	subnetIds: []*string{
		jsii.String("subnetIds"),
	},
}

type CfnDomain_ZoneAwarenessConfigProperty

type CfnDomain_ZoneAwarenessConfigProperty struct {
	// If you enabled multiple Availability Zones (AZs), the number of AZs that you want the domain to use.
	//
	// Valid values are `2` and `3` . Default is 2.
	AvailabilityZoneCount *float64 `field:"optional" json:"availabilityZoneCount" yaml:"availabilityZoneCount"`
}

Specifies zone awareness configuration options.

Only use if `ZoneAwarenessEnabled` is `true` .

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

zoneAwarenessConfigProperty := &zoneAwarenessConfigProperty{
	availabilityZoneCount: jsii.Number(123),
}

type CognitoOptions

type CognitoOptions struct {
	// The Amazon Cognito identity pool ID that you want Amazon OpenSearch Service to use for OpenSearch Dashboards authentication.
	IdentityPoolId *string `field:"required" json:"identityPoolId" yaml:"identityPoolId"`
	// A role that allows Amazon OpenSearch Service to configure your user pool and identity pool.
	//
	// It must have the `AmazonESCognitoAccess` policy attached to it.
	// See: https://docs.aws.amazon.com/opensearch-service/latest/developerguide/cognito-auth.html#cognito-auth-prereq
	//
	Role awsiam.IRole `field:"required" json:"role" yaml:"role"`
	// The Amazon Cognito user pool ID that you want Amazon OpenSearch Service to use for OpenSearch Dashboards authentication.
	UserPoolId *string `field:"required" json:"userPoolId" yaml:"userPoolId"`
}

Configures Amazon OpenSearch Service to use Amazon Cognito authentication for OpenSearch Dashboards.

Example:

// Example automatically generated from non-compiling source. May contain errors.
opensearch.NewDomain(this, jsii.String("Domain"), &domainProps{
	cognitoDashboardsAuth: &cognitoOptions{
		identityPoolId: jsii.String("test-identity-pool-id"),
		userPoolId: jsii.String("test-user-pool-id"),
		role: role,
	},
	version: openSearchVersion,
})

See: https://docs.aws.amazon.com/opensearch-service/latest/developerguide/cognito-auth.html

type CustomEndpointOptions

type CustomEndpointOptions struct {
	// The custom domain name to assign.
	DomainName *string `field:"required" json:"domainName" yaml:"domainName"`
	// The certificate to use.
	Certificate awscertificatemanager.ICertificate `field:"optional" json:"certificate" yaml:"certificate"`
	// The hosted zone in Route53 to create the CNAME record in.
	HostedZone awsroute53.IHostedZone `field:"optional" json:"hostedZone" yaml:"hostedZone"`
}

Configures a custom domain endpoint for the Amazon OpenSearch Service domain.

Example:

awscdk.NewDomain(this, jsii.String("Domain"), &domainProps{
	version: awscdk.EngineVersion_OPENSEARCH_1_0(),
	customEndpoint: &customEndpointOptions{
		domainName: jsii.String("search.example.com"),
	},
})

type Domain

type Domain interface {
	awscdk.Resource
	awsec2.IConnectable
	IDomain
	// Log group that application logs are logged to.
	AppLogGroup() awslogs.ILogGroup
	// Log group that audit logs are logged to.
	AuditLogGroup() awslogs.ILogGroup
	// Manages network connections to the domain.
	//
	// This will throw an error in case the domain
	// is not placed inside a VPC.
	Connections() awsec2.Connections
	// Arn of the Amazon OpenSearch Service domain.
	DomainArn() *string
	// Endpoint of the Amazon OpenSearch Service domain.
	DomainEndpoint() *string
	// Identifier of the Amazon OpenSearch Service domain.
	DomainId() *string
	// Domain name of the Amazon OpenSearch Service domain.
	DomainName() *string
	// The environment this resource belongs to.
	//
	// For resources that are created and managed by the CDK
	// (generally, those created by creating new class instances like Role, Bucket, etc.),
	// this is always the same as the environment of the stack they belong to;
	// however, for imported resources
	// (those obtained from static methods like fromRoleArn, fromBucketName, etc.),
	// that might be different than the stack they were imported into.
	Env() *awscdk.ResourceEnvironment
	// Master user password if fine grained access control is configured.
	MasterUserPassword() awscdk.SecretValue
	// The tree node.
	Node() constructs.Node
	// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
	//
	// This value will resolve to one of the following:
	// - a concrete value (e.g. `"my-awesome-bucket"`)
	// - `undefined`, when a name should be generated by CloudFormation
	// - a concrete name generated automatically during synthesis, in
	//    cross-environment scenarios.
	PhysicalName() *string
	// Log group that slow indices are logged to.
	SlowIndexLogGroup() awslogs.ILogGroup
	// Log group that slow searches are logged to.
	SlowSearchLogGroup() awslogs.ILogGroup
	// The stack in which this resource is defined.
	Stack() awscdk.Stack
	// Add policy statements to the domain access policy.
	AddAccessPolicies(accessPolicyStatements ...awsiam.PolicyStatement)
	// Apply the given removal policy to this resource.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	GeneratePhysicalName() *string
	// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
	//
	// Normally, this token will resolve to `arnAttr`, but if the resource is
	// referenced across environments, `arnComponents` will be used to synthesize
	// a concrete ARN with the resource's physical name. Make sure to reference
	// `this.physicalName` in `arnComponents`.
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
	//
	// Normally, this token will resolve to `nameAttr`, but if the resource is
	// referenced across environments, it will be resolved to `this.physicalName`,
	// which will be a concrete name.
	GetResourceNameAttribute(nameAttr *string) *string
	// Grant read permissions for an index in this domain to an IAM principal (Role/Group/User).
	GrantIndexRead(index *string, identity awsiam.IGrantable) awsiam.Grant
	// Grant read/write permissions for an index in this domain to an IAM principal (Role/Group/User).
	GrantIndexReadWrite(index *string, identity awsiam.IGrantable) awsiam.Grant
	// Grant write permissions for an index in this domain to an IAM principal (Role/Group/User).
	GrantIndexWrite(index *string, identity awsiam.IGrantable) awsiam.Grant
	// Grant read permissions for a specific path in this domain to an IAM principal (Role/Group/User).
	GrantPathRead(path *string, identity awsiam.IGrantable) awsiam.Grant
	// Grant read/write permissions for a specific path in this domain to an IAM principal (Role/Group/User).
	GrantPathReadWrite(path *string, identity awsiam.IGrantable) awsiam.Grant
	// Grant write permissions for a specific path in this domain to an IAM principal (Role/Group/User).
	GrantPathWrite(path *string, identity awsiam.IGrantable) awsiam.Grant
	// Grant read permissions for this domain and its contents to an IAM principal (Role/Group/User).
	GrantRead(identity awsiam.IGrantable) awsiam.Grant
	// Grant read/write permissions for this domain and its contents to an IAM principal (Role/Group/User).
	GrantReadWrite(identity awsiam.IGrantable) awsiam.Grant
	// Grant write permissions for this domain and its contents to an IAM principal (Role/Group/User).
	GrantWrite(identity awsiam.IGrantable) awsiam.Grant
	// Return the given named metric for this domain.
	Metric(metricName *string, props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// Metric for automated snapshot failures.
	MetricAutomatedSnapshotFailure(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// Metric for the cluster blocking index writes.
	MetricClusterIndexWritesBlocked(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// Metric for the time the cluster status is red.
	MetricClusterStatusRed(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// Metric for the time the cluster status is yellow.
	MetricClusterStatusYellow(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// Metric for CPU utilization.
	MetricCPUUtilization(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// Metric for the storage space of nodes in the cluster.
	MetricFreeStorageSpace(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// Metric for indexing latency.
	MetricIndexingLatency(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// Metric for JVM memory pressure.
	MetricJVMMemoryPressure(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// Metric for KMS key errors.
	MetricKMSKeyError(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// Metric for KMS key being inaccessible.
	MetricKMSKeyInaccessible(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// Metric for master CPU utilization.
	MetricMasterCPUUtilization(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// Metric for master JVM memory pressure.
	MetricMasterJVMMemoryPressure(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// Metric for the number of nodes.
	MetricNodes(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// Metric for number of searchable documents.
	MetricSearchableDocuments(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// Metric for search latency.
	MetricSearchLatency(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// Returns a string representation of this construct.
	ToString() *string
}

Provides an Amazon OpenSearch Service domain.

Example:

domain := awscdk.NewDomain(this, jsii.String("Domain"), &domainProps{
	version: awscdk.EngineVersion_OPENSEARCH_1_0(),
	ebs: &ebsOptions{
		volumeSize: jsii.Number(100),
		volumeType: ec2.ebsDeviceVolumeType_GENERAL_PURPOSE_SSD,
	},
	nodeToNodeEncryption: jsii.Boolean(true),
	encryptionAtRest: &encryptionAtRestOptions{
		enabled: jsii.Boolean(true),
	},
})

func NewDomain

func NewDomain(scope constructs.Construct, id *string, props *DomainProps) Domain

type DomainAttributes

type DomainAttributes struct {
	// The ARN of the Amazon OpenSearch Service domain.
	DomainArn *string `field:"required" json:"domainArn" yaml:"domainArn"`
	// The domain endpoint of the Amazon OpenSearch Service domain.
	DomainEndpoint *string `field:"required" json:"domainEndpoint" yaml:"domainEndpoint"`
}

Reference to an Amazon OpenSearch Service domain.

Example:

domainArn := awscdk.Fn.importValue(jsii.String("another-cf-stack-export-domain-arn"))
domainEndpoint := awscdk.Fn.importValue(jsii.String("another-cf-stack-export-domain-endpoint"))
domain := awscdk.Domain.fromDomainAttributes(this, jsii.String("ImportedDomain"), &domainAttributes{
	domainArn: jsii.String(domainArn),
	domainEndpoint: jsii.String(domainEndpoint),
})

type DomainProps

type DomainProps struct {
	// The Elasticsearch/OpenSearch version that your domain will leverage.
	Version EngineVersion `field:"required" json:"version" yaml:"version"`
	// Domain access policies.
	AccessPolicies *[]awsiam.PolicyStatement `field:"optional" json:"accessPolicies" yaml:"accessPolicies"`
	// Additional options to specify for the Amazon OpenSearch Service domain.
	// See: https://docs.aws.amazon.com/opensearch-service/latest/developerguide/createupdatedomains.html#createdomain-configure-advanced-options
	//
	AdvancedOptions *map[string]*string `field:"optional" json:"advancedOptions" yaml:"advancedOptions"`
	// The hour in UTC during which the service takes an automated daily snapshot of the indices in the Amazon OpenSearch Service domain.
	//
	// Only applies for Elasticsearch versions
	// below 5.3.
	AutomatedSnapshotStartHour *float64 `field:"optional" json:"automatedSnapshotStartHour" yaml:"automatedSnapshotStartHour"`
	// The cluster capacity configuration for the Amazon OpenSearch Service domain.
	Capacity *CapacityConfig `field:"optional" json:"capacity" yaml:"capacity"`
	// Configures Amazon OpenSearch Service to use Amazon Cognito authentication for OpenSearch Dashboards.
	CognitoDashboardsAuth *CognitoOptions `field:"optional" json:"cognitoDashboardsAuth" yaml:"cognitoDashboardsAuth"`
	// To configure a custom domain configure these options.
	//
	// If you specify a Route53 hosted zone it will create a CNAME record and use DNS validation for the certificate.
	CustomEndpoint *CustomEndpointOptions `field:"optional" json:"customEndpoint" yaml:"customEndpoint"`
	// Enforces a particular physical domain name.
	DomainName *string `field:"optional" json:"domainName" yaml:"domainName"`
	// The configurations of Amazon Elastic Block Store (Amazon EBS) volumes that are attached to data nodes in the Amazon OpenSearch Service domain.
	Ebs *EbsOptions `field:"optional" json:"ebs" yaml:"ebs"`
	// To upgrade an Amazon OpenSearch Service domain to a new version, rather than replacing the entire domain resource, use the EnableVersionUpgrade update policy.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-updatepolicy.html#cfn-attributes-updatepolicy-upgradeopensearchdomain
	//
	EnableVersionUpgrade *bool `field:"optional" json:"enableVersionUpgrade" yaml:"enableVersionUpgrade"`
	// Encryption at rest options for the cluster.
	EncryptionAtRest *EncryptionAtRestOptions `field:"optional" json:"encryptionAtRest" yaml:"encryptionAtRest"`
	// True to require that all traffic to the domain arrive over HTTPS.
	EnforceHttps *bool `field:"optional" json:"enforceHttps" yaml:"enforceHttps"`
	// Specifies options for fine-grained access control.
	//
	// Requires Elasticsearch version 6.7 or later or OpenSearch version 1.0 or later. Enabling fine-grained access control
	// also requires encryption of data at rest and node-to-node encryption, along with
	// enforced HTTPS.
	FineGrainedAccessControl *AdvancedSecurityOptions `field:"optional" json:"fineGrainedAccessControl" yaml:"fineGrainedAccessControl"`
	// Configuration log publishing configuration options.
	Logging *LoggingOptions `field:"optional" json:"logging" yaml:"logging"`
	// Specify true to enable node to node encryption.
	//
	// Requires Elasticsearch version 6.0 or later or OpenSearch version 1.0 or later.
	NodeToNodeEncryption *bool `field:"optional" json:"nodeToNodeEncryption" yaml:"nodeToNodeEncryption"`
	// Policy to apply when the domain is removed from the stack.
	RemovalPolicy awscdk.RemovalPolicy `field:"optional" json:"removalPolicy" yaml:"removalPolicy"`
	// The list of security groups that are associated with the VPC endpoints for the domain.
	//
	// Only used if `vpc` is specified.
	// See: https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html
	//
	SecurityGroups *[]awsec2.ISecurityGroup `field:"optional" json:"securityGroups" yaml:"securityGroups"`
	// The minimum TLS version required for traffic to the domain.
	TlsSecurityPolicy TLSSecurityPolicy `field:"optional" json:"tlsSecurityPolicy" yaml:"tlsSecurityPolicy"`
	// Configures the domain so that unsigned basic auth is enabled.
	//
	// If no master user is provided a default master user
	// with username `admin` and a dynamically generated password stored in KMS is created. The password can be retrieved
	// by getting `masterUserPassword` from the domain instance.
	//
	// Setting this to true will also add an access policy that allows unsigned
	// access, enable node to node encryption, encryption at rest. If conflicting
	// settings are encountered (like disabling encryption at rest) enabling this
	// setting will cause a failure.
	UseUnsignedBasicAuth *bool `field:"optional" json:"useUnsignedBasicAuth" yaml:"useUnsignedBasicAuth"`
	// Place the domain inside this VPC.
	// See: https://docs.aws.amazon.com/opensearch-service/latest/developerguide/vpc.html
	//
	Vpc awsec2.IVpc `field:"optional" json:"vpc" yaml:"vpc"`
	// The specific vpc subnets the domain will be placed in.
	//
	// You must provide one subnet for each Availability Zone
	// that your domain uses. For example, you must specify three subnet IDs for a three Availability Zone
	// domain.
	//
	// Only used if `vpc` is specified.
	// See: https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html
	//
	VpcSubnets *[]*awsec2.SubnetSelection `field:"optional" json:"vpcSubnets" yaml:"vpcSubnets"`
	// The cluster zone awareness configuration for the Amazon OpenSearch Service domain.
	ZoneAwareness *ZoneAwarenessConfig `field:"optional" json:"zoneAwareness" yaml:"zoneAwareness"`
}

Properties for an Amazon OpenSearch Service domain.

Example:

domain := awscdk.NewDomain(this, jsii.String("Domain"), &domainProps{
	version: awscdk.EngineVersion_OPENSEARCH_1_0(),
	ebs: &ebsOptions{
		volumeSize: jsii.Number(100),
		volumeType: ec2.ebsDeviceVolumeType_GENERAL_PURPOSE_SSD,
	},
	nodeToNodeEncryption: jsii.Boolean(true),
	encryptionAtRest: &encryptionAtRestOptions{
		enabled: jsii.Boolean(true),
	},
})

type EbsOptions

type EbsOptions struct {
	// Specifies whether Amazon EBS volumes are attached to data nodes in the Amazon OpenSearch Service domain.
	Enabled *bool `field:"optional" json:"enabled" yaml:"enabled"`
	// The number of I/O operations per second (IOPS) that the volume supports.
	//
	// This property applies only to the Provisioned IOPS (SSD) EBS
	// volume type.
	Iops *float64 `field:"optional" json:"iops" yaml:"iops"`
	// The size (in GiB) of the EBS volume for each data node.
	//
	// The minimum and
	// maximum size of an EBS volume depends on the EBS volume type and the
	// instance type to which it is attached.  For  valid values, see
	// [EBS volume size limits]
	// (https://docs.aws.amazon.com/opensearch-service/latest/developerguide/limits.html#ebsresource)
	// in the Amazon OpenSearch Service Developer Guide.
	VolumeSize *float64 `field:"optional" json:"volumeSize" yaml:"volumeSize"`
	// The EBS volume type to use with the Amazon OpenSearch Service domain, such as standard, gp2, io1.
	VolumeType awsec2.EbsDeviceVolumeType `field:"optional" json:"volumeType" yaml:"volumeType"`
}

The configurations of Amazon Elastic Block Store (Amazon EBS) volumes that are attached to data nodes in the Amazon OpenSearch Service domain.

For more information, see [Amazon EBS] (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AmazonEBS.html) in the Amazon Elastic Compute Cloud Developer Guide.

Example:

prodDomain := awscdk.NewDomain(this, jsii.String("Domain"), &domainProps{
	version: awscdk.EngineVersion_OPENSEARCH_1_0(),
	capacity: &capacityConfig{
		masterNodes: jsii.Number(5),
		dataNodes: jsii.Number(20),
	},
	ebs: &ebsOptions{
		volumeSize: jsii.Number(20),
	},
	zoneAwareness: &zoneAwarenessConfig{
		availabilityZoneCount: jsii.Number(3),
	},
	logging: &loggingOptions{
		slowSearchLogEnabled: jsii.Boolean(true),
		appLogEnabled: jsii.Boolean(true),
		slowIndexLogEnabled: jsii.Boolean(true),
	},
})

type EncryptionAtRestOptions

type EncryptionAtRestOptions struct {
	// Specify true to enable encryption at rest.
	Enabled *bool `field:"optional" json:"enabled" yaml:"enabled"`
	// Supply if using KMS key for encryption at rest.
	KmsKey awskms.IKey `field:"optional" json:"kmsKey" yaml:"kmsKey"`
}

Whether the domain should encrypt data at rest, and if so, the AWS Key Management Service (KMS) key to use.

Can only be used to create a new domain, not update an existing one. Requires Elasticsearch version 5.1 or later or OpenSearch version 1.0 or later.

Example:

domain := awscdk.NewDomain(this, jsii.String("Domain"), &domainProps{
	version: awscdk.EngineVersion_OPENSEARCH_1_0(),
	enforceHttps: jsii.Boolean(true),
	nodeToNodeEncryption: jsii.Boolean(true),
	encryptionAtRest: &encryptionAtRestOptions{
		enabled: jsii.Boolean(true),
	},
	fineGrainedAccessControl: &advancedSecurityOptions{
		masterUserName: jsii.String("master-user"),
	},
	logging: &loggingOptions{
		auditLogEnabled: jsii.Boolean(true),
		slowSearchLogEnabled: jsii.Boolean(true),
		appLogEnabled: jsii.Boolean(true),
		slowIndexLogEnabled: jsii.Boolean(true),
	},
})

type EngineVersion

type EngineVersion interface {
	// engine version identifier.
	Version() *string
}

OpenSearch version.

Example:

domain := awscdk.NewDomain(this, jsii.String("Domain"), &domainProps{
	version: awscdk.EngineVersion_OPENSEARCH_1_0(),
	ebs: &ebsOptions{
		volumeSize: jsii.Number(100),
		volumeType: ec2.ebsDeviceVolumeType_GENERAL_PURPOSE_SSD,
	},
	nodeToNodeEncryption: jsii.Boolean(true),
	encryptionAtRest: &encryptionAtRestOptions{
		enabled: jsii.Boolean(true),
	},
})

func EngineVersion_ELASTICSEARCH_1_5

func EngineVersion_ELASTICSEARCH_1_5() EngineVersion

func EngineVersion_ELASTICSEARCH_2_3

func EngineVersion_ELASTICSEARCH_2_3() EngineVersion

func EngineVersion_ELASTICSEARCH_5_1

func EngineVersion_ELASTICSEARCH_5_1() EngineVersion

func EngineVersion_ELASTICSEARCH_5_3

func EngineVersion_ELASTICSEARCH_5_3() EngineVersion

func EngineVersion_ELASTICSEARCH_5_5

func EngineVersion_ELASTICSEARCH_5_5() EngineVersion

func EngineVersion_ELASTICSEARCH_5_6

func EngineVersion_ELASTICSEARCH_5_6() EngineVersion

func EngineVersion_ELASTICSEARCH_6_0

func EngineVersion_ELASTICSEARCH_6_0() EngineVersion

func EngineVersion_ELASTICSEARCH_6_2

func EngineVersion_ELASTICSEARCH_6_2() EngineVersion

func EngineVersion_ELASTICSEARCH_6_3

func EngineVersion_ELASTICSEARCH_6_3() EngineVersion

func EngineVersion_ELASTICSEARCH_6_4

func EngineVersion_ELASTICSEARCH_6_4() EngineVersion

func EngineVersion_ELASTICSEARCH_6_5

func EngineVersion_ELASTICSEARCH_6_5() EngineVersion

func EngineVersion_ELASTICSEARCH_6_7

func EngineVersion_ELASTICSEARCH_6_7() EngineVersion

func EngineVersion_ELASTICSEARCH_6_8

func EngineVersion_ELASTICSEARCH_6_8() EngineVersion

func EngineVersion_ELASTICSEARCH_7_1

func EngineVersion_ELASTICSEARCH_7_1() EngineVersion

func EngineVersion_ELASTICSEARCH_7_10

func EngineVersion_ELASTICSEARCH_7_10() EngineVersion

func EngineVersion_ELASTICSEARCH_7_4

func EngineVersion_ELASTICSEARCH_7_4() EngineVersion

func EngineVersion_ELASTICSEARCH_7_7

func EngineVersion_ELASTICSEARCH_7_7() EngineVersion

func EngineVersion_ELASTICSEARCH_7_8

func EngineVersion_ELASTICSEARCH_7_8() EngineVersion

func EngineVersion_ELASTICSEARCH_7_9

func EngineVersion_ELASTICSEARCH_7_9() EngineVersion

func EngineVersion_Elasticsearch

func EngineVersion_Elasticsearch(version *string) EngineVersion

Custom ElasticSearch version.

func EngineVersion_OPENSEARCH_1_0

func EngineVersion_OPENSEARCH_1_0() EngineVersion

func EngineVersion_OPENSEARCH_1_1 added in v2.9.0

func EngineVersion_OPENSEARCH_1_1() EngineVersion

func EngineVersion_OPENSEARCH_1_2 added in v2.20.0

func EngineVersion_OPENSEARCH_1_2() EngineVersion

func EngineVersion_OPENSEARCH_1_3 added in v2.35.0

func EngineVersion_OPENSEARCH_1_3() EngineVersion

func EngineVersion_OPENSEARCH_2_3 added in v2.61.0

func EngineVersion_OPENSEARCH_2_3() EngineVersion

func EngineVersion_OpenSearch

func EngineVersion_OpenSearch(version *string) EngineVersion

Custom OpenSearch version.

type IDomain

type IDomain interface {
	awscdk.IResource
	// Grant read permissions for an index in this domain to an IAM principal (Role/Group/User).
	GrantIndexRead(index *string, identity awsiam.IGrantable) awsiam.Grant
	// Grant read/write permissions for an index in this domain to an IAM principal (Role/Group/User).
	GrantIndexReadWrite(index *string, identity awsiam.IGrantable) awsiam.Grant
	// Grant write permissions for an index in this domain to an IAM principal (Role/Group/User).
	GrantIndexWrite(index *string, identity awsiam.IGrantable) awsiam.Grant
	// Grant read permissions for a specific path in this domain to an IAM principal (Role/Group/User).
	GrantPathRead(path *string, identity awsiam.IGrantable) awsiam.Grant
	// Grant read/write permissions for a specific path in this domain to an IAM principal (Role/Group/User).
	GrantPathReadWrite(path *string, identity awsiam.IGrantable) awsiam.Grant
	// Grant write permissions for a specific path in this domain to an IAM principal (Role/Group/User).
	GrantPathWrite(path *string, identity awsiam.IGrantable) awsiam.Grant
	// Grant read permissions for this domain and its contents to an IAM principal (Role/Group/User).
	GrantRead(identity awsiam.IGrantable) awsiam.Grant
	// Grant read/write permissions for this domain and its contents to an IAM principal (Role/Group/User).
	GrantReadWrite(identity awsiam.IGrantable) awsiam.Grant
	// Grant write permissions for this domain and its contents to an IAM principal (Role/Group/User).
	GrantWrite(identity awsiam.IGrantable) awsiam.Grant
	// Return the given named metric for this domain.
	Metric(metricName *string, props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// Metric for automated snapshot failures.
	MetricAutomatedSnapshotFailure(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// Metric for the cluster blocking index writes.
	MetricClusterIndexWritesBlocked(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// Metric for the time the cluster status is red.
	MetricClusterStatusRed(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// Metric for the time the cluster status is yellow.
	MetricClusterStatusYellow(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// Metric for CPU utilization.
	MetricCPUUtilization(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// Metric for the storage space of nodes in the cluster.
	MetricFreeStorageSpace(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// Metric for indexing latency.
	MetricIndexingLatency(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// Metric for JVM memory pressure.
	MetricJVMMemoryPressure(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// Metric for KMS key errors.
	MetricKMSKeyError(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// Metric for KMS key being inaccessible.
	MetricKMSKeyInaccessible(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// Metric for master CPU utilization.
	MetricMasterCPUUtilization(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// Metric for master JVM memory pressure.
	MetricMasterJVMMemoryPressure(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// Metric for the number of nodes.
	MetricNodes(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// Metric for number of searchable documents.
	MetricSearchableDocuments(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// Metric for search latency.
	MetricSearchLatency(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// Arn of the Amazon OpenSearch Service domain.
	DomainArn() *string
	// Endpoint of the Amazon OpenSearch Service domain.
	DomainEndpoint() *string
	// Identifier of the Amazon OpenSearch Service domain.
	DomainId() *string
	// Domain name of the Amazon OpenSearch Service domain.
	DomainName() *string
}

An interface that represents an Amazon OpenSearch Service domain - either created with the CDK, or an existing one.

func Domain_FromDomainAttributes

func Domain_FromDomainAttributes(scope constructs.Construct, id *string, attrs *DomainAttributes) IDomain

Creates a domain construct that represents an external domain.

func Domain_FromDomainEndpoint

func Domain_FromDomainEndpoint(scope constructs.Construct, id *string, domainEndpoint *string) IDomain

Creates a domain construct that represents an external domain via domain endpoint.

type LoggingOptions

type LoggingOptions struct {
	// Specify if Amazon OpenSearch Service application logging should be set up.
	//
	// Requires Elasticsearch version 5.1 or later or OpenSearch version 1.0 or later.
	AppLogEnabled *bool `field:"optional" json:"appLogEnabled" yaml:"appLogEnabled"`
	// Log Amazon OpenSearch Service application logs to this log group.
	AppLogGroup awslogs.ILogGroup `field:"optional" json:"appLogGroup" yaml:"appLogGroup"`
	// Specify if Amazon OpenSearch Service audit logging should be set up.
	//
	// Requires Elasticsearch version 6.7 or later or OpenSearch version 1.0 or later and fine grained access control to be enabled.
	AuditLogEnabled *bool `field:"optional" json:"auditLogEnabled" yaml:"auditLogEnabled"`
	// Log Amazon OpenSearch Service audit logs to this log group.
	AuditLogGroup awslogs.ILogGroup `field:"optional" json:"auditLogGroup" yaml:"auditLogGroup"`
	// Specify if slow index logging should be set up.
	//
	// Requires Elasticsearch version 5.1 or later or OpenSearch version 1.0 or later.
	SlowIndexLogEnabled *bool `field:"optional" json:"slowIndexLogEnabled" yaml:"slowIndexLogEnabled"`
	// Log slow indices to this log group.
	SlowIndexLogGroup awslogs.ILogGroup `field:"optional" json:"slowIndexLogGroup" yaml:"slowIndexLogGroup"`
	// Specify if slow search logging should be set up.
	//
	// Requires Elasticsearch version 5.1 or later or OpenSearch version 1.0 or later.
	SlowSearchLogEnabled *bool `field:"optional" json:"slowSearchLogEnabled" yaml:"slowSearchLogEnabled"`
	// Log slow searches to this log group.
	SlowSearchLogGroup awslogs.ILogGroup `field:"optional" json:"slowSearchLogGroup" yaml:"slowSearchLogGroup"`
}

Configures log settings for the domain.

Example:

prodDomain := awscdk.NewDomain(this, jsii.String("Domain"), &domainProps{
	version: awscdk.EngineVersion_OPENSEARCH_1_0(),
	capacity: &capacityConfig{
		masterNodes: jsii.Number(5),
		dataNodes: jsii.Number(20),
	},
	ebs: &ebsOptions{
		volumeSize: jsii.Number(20),
	},
	zoneAwareness: &zoneAwarenessConfig{
		availabilityZoneCount: jsii.Number(3),
	},
	logging: &loggingOptions{
		slowSearchLogEnabled: jsii.Boolean(true),
		appLogEnabled: jsii.Boolean(true),
		slowIndexLogEnabled: jsii.Boolean(true),
	},
})

type TLSSecurityPolicy

type TLSSecurityPolicy string

The minimum TLS version required for traffic to the domain.

const (
	// Cipher suite TLS 1.0.
	TLSSecurityPolicy_TLS_1_0 TLSSecurityPolicy = "TLS_1_0"
	// Cipher suite TLS 1.2.
	TLSSecurityPolicy_TLS_1_2 TLSSecurityPolicy = "TLS_1_2"
)

type ZoneAwarenessConfig

type ZoneAwarenessConfig struct {
	// If you enabled multiple Availability Zones (AZs), the number of AZs that you want the domain to use.
	//
	// Valid values are 2 and 3.
	AvailabilityZoneCount *float64 `field:"optional" json:"availabilityZoneCount" yaml:"availabilityZoneCount"`
	// Indicates whether to enable zone awareness for the Amazon OpenSearch Service domain.
	//
	// When you enable zone awareness, Amazon OpenSearch Service allocates the nodes and replica
	// index shards that belong to a cluster across two Availability Zones (AZs)
	// in the same region to prevent data loss and minimize downtime in the event
	// of node or data center failure. Don't enable zone awareness if your cluster
	// has no replica index shards or is a single-node cluster. For more information,
	// see [Configuring a Multi-AZ Domain]
	// (https://docs.aws.amazon.com/opensearch-service/latest/developerguide/managedomains-multiaz.html)
	// in the Amazon OpenSearch Service Developer Guide.
	Enabled *bool `field:"optional" json:"enabled" yaml:"enabled"`
}

Specifies zone awareness configuration options.

Example:

prodDomain := awscdk.NewDomain(this, jsii.String("Domain"), &domainProps{
	version: awscdk.EngineVersion_OPENSEARCH_1_0(),
	capacity: &capacityConfig{
		masterNodes: jsii.Number(5),
		dataNodes: jsii.Number(20),
	},
	ebs: &ebsOptions{
		volumeSize: jsii.Number(20),
	},
	zoneAwareness: &zoneAwarenessConfig{
		availabilityZoneCount: jsii.Number(3),
	},
	logging: &loggingOptions{
		slowSearchLogEnabled: jsii.Boolean(true),
		appLogEnabled: jsii.Boolean(true),
		slowIndexLogEnabled: jsii.Boolean(true),
	},
})

Source Files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL