1. Packages
  2. AWS Native
  3. API Docs
  4. opensearchservice
  5. getDomain

We recommend new projects start with resources from the AWS provider.

AWS Native v0.126.0 published on Monday, Sep 30, 2024 by Pulumi

aws-native.opensearchservice.getDomain

Explore with Pulumi AI

aws-native logo

We recommend new projects start with resources from the AWS provider.

AWS Native v0.126.0 published on Monday, Sep 30, 2024 by Pulumi

    An example resource schema demonstrating some basic constructs and validation rules.

    Using getDomain

    Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

    function getDomain(args: GetDomainArgs, opts?: InvokeOptions): Promise<GetDomainResult>
    function getDomainOutput(args: GetDomainOutputArgs, opts?: InvokeOptions): Output<GetDomainResult>
    def get_domain(domain_name: Optional[str] = None,
                   opts: Optional[InvokeOptions] = None) -> GetDomainResult
    def get_domain_output(domain_name: Optional[pulumi.Input[str]] = None,
                   opts: Optional[InvokeOptions] = None) -> Output[GetDomainResult]
    func LookupDomain(ctx *Context, args *LookupDomainArgs, opts ...InvokeOption) (*LookupDomainResult, error)
    func LookupDomainOutput(ctx *Context, args *LookupDomainOutputArgs, opts ...InvokeOption) LookupDomainResultOutput

    > Note: This function is named LookupDomain in the Go SDK.

    public static class GetDomain 
    {
        public static Task<GetDomainResult> InvokeAsync(GetDomainArgs args, InvokeOptions? opts = null)
        public static Output<GetDomainResult> Invoke(GetDomainInvokeArgs args, InvokeOptions? opts = null)
    }
    public static CompletableFuture<GetDomainResult> getDomain(GetDomainArgs args, InvokeOptions options)
    // Output-based functions aren't available in Java yet
    
    fn::invoke:
      function: aws-native:opensearchservice:getDomain
      arguments:
        # arguments dictionary

    The following arguments are supported:

    DomainName string

    A name for the OpenSearch Service domain. The name must have a minimum length of 3 and a maximum length of 28. If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the domain name. For more information, see Name Type .

    Required when creating a new domain.

    If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.

    DomainName string

    A name for the OpenSearch Service domain. The name must have a minimum length of 3 and a maximum length of 28. If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the domain name. For more information, see Name Type .

    Required when creating a new domain.

    If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.

    domainName String

    A name for the OpenSearch Service domain. The name must have a minimum length of 3 and a maximum length of 28. If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the domain name. For more information, see Name Type .

    Required when creating a new domain.

    If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.

    domainName string

    A name for the OpenSearch Service domain. The name must have a minimum length of 3 and a maximum length of 28. If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the domain name. For more information, see Name Type .

    Required when creating a new domain.

    If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.

    domain_name str

    A name for the OpenSearch Service domain. The name must have a minimum length of 3 and a maximum length of 28. If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the domain name. For more information, see Name Type .

    Required when creating a new domain.

    If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.

    domainName String

    A name for the OpenSearch Service domain. The name must have a minimum length of 3 and a maximum length of 28. If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the domain name. For more information, see Name Type .

    Required when creating a new domain.

    If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.

    getDomain Result

    The following output properties are available:

    AccessPolicies object

    An AWS Identity and Access Management ( IAM ) policy document that specifies who can access the OpenSearch Service domain and their permissions. For more information, see Configuring access policies in the Amazon OpenSearch Service Developer Guide .

    Search the CloudFormation User Guide for AWS::OpenSearchService::Domain for more information about the expected schema for this property.

    AdvancedOptions Dictionary<string, string>
    Additional options to specify for the OpenSearch Service domain. For more information, see AdvancedOptions in the OpenSearch Service API reference.
    AdvancedSecurityOptions Pulumi.AwsNative.OpenSearchService.Outputs.DomainAdvancedSecurityOptionsInput

    Specifies options for fine-grained access control and SAML authentication.

    If you specify advanced security options, you must also enable node-to-node encryption ( NodeToNodeEncryptionOptions ) and encryption at rest ( EncryptionAtRestOptions ). You must also enable EnforceHTTPS within DomainEndpointOptions , which requires HTTPS for all traffic to the domain.

    Arn string
    The Amazon Resource Name (ARN) of the CloudFormation stack.
    ClusterConfig Pulumi.AwsNative.OpenSearchService.Outputs.DomainClusterConfig
    Container for the cluster configuration of a domain.
    CognitoOptions Pulumi.AwsNative.OpenSearchService.Outputs.DomainCognitoOptions
    Configures OpenSearch Service to use Amazon Cognito authentication for OpenSearch Dashboards.
    DomainArn string
    The Amazon Resource Name (ARN) of the domain. See Identifiers for IAM Entities in Using AWS Identity and Access Management for more information.
    DomainEndpoint string
    The domain-specific endpoint used for requests to the OpenSearch APIs, such as search-mystack-1ab2cdefghij-ab1c2deckoyb3hofw7wpqa3cm.us-west-1.es.amazonaws.com .
    DomainEndpointOptions Pulumi.AwsNative.OpenSearchService.Outputs.DomainEndpointOptions
    Specifies additional options for the domain endpoint, such as whether to require HTTPS for all traffic or whether to use a custom endpoint rather than the default endpoint.
    DomainEndpointV2 string
    If IPAddressType to set to dualstack , a version 2 domain endpoint is provisioned. This endpoint functions like a normal endpoint, except that it works with both IPv4 and IPv6 IP addresses. Normal endpoints work only with IPv4 IP addresses.
    DomainEndpoints Dictionary<string, string>
    EbsOptions Pulumi.AwsNative.OpenSearchService.Outputs.DomainEbsOptions
    The configurations of Amazon Elastic Block Store (Amazon EBS) volumes that are attached to data nodes in the OpenSearch Service domain. For more information, see EBS volume size limits in the Amazon OpenSearch Service Developer Guide .
    EncryptionAtRestOptions Pulumi.AwsNative.OpenSearchService.Outputs.DomainEncryptionAtRestOptions

    Whether the domain should encrypt data at rest, and if so, the AWS KMS key to use. See Encryption of data at rest for Amazon OpenSearch Service .

    If no encryption at rest options were initially specified in the template, updating this property by adding it causes no interruption. However, if you change this property after it's already been set within a template, the domain is deleted and recreated in order to modify the property.

    EngineVersion string

    The version of OpenSearch to use. The value must be in the format OpenSearch_X.Y or Elasticsearch_X.Y . If not specified, the latest version of OpenSearch is used. For information about the versions that OpenSearch Service supports, see Supported versions of OpenSearch and Elasticsearch in the Amazon OpenSearch Service Developer Guide .

    If you set the EnableVersionUpgrade update policy to true , you can update EngineVersion without interruption. When EnableVersionUpgrade is set to false , or is not specified, updating EngineVersion results in replacement .

    Id string
    The resource ID. For example, 123456789012/my-domain .
    IpAddressType string
    Choose either dual stack or IPv4 as your IP address type. Dual stack allows you to share domain resources across IPv4 and IPv6 address types, and is the recommended option. If you set your IP address type to dual stack, you can't change your address type later.
    LogPublishingOptions Dictionary<string, Pulumi.AwsNative.OpenSearchService.Outputs.DomainLogPublishingOption>
    An object with one or more of the following keys: SEARCH_SLOW_LOGS , ES_APPLICATION_LOGS , INDEX_SLOW_LOGS , AUDIT_LOGS , depending on the types of logs you want to publish. Each key needs a valid LogPublishingOption value. For the full syntax, see the examples .
    NodeToNodeEncryptionOptions Pulumi.AwsNative.OpenSearchService.Outputs.DomainNodeToNodeEncryptionOptions
    Specifies whether node-to-node encryption is enabled. See Node-to-node encryption for Amazon OpenSearch Service .
    OffPeakWindowOptions Pulumi.AwsNative.OpenSearchService.Outputs.DomainOffPeakWindowOptions
    Options for a domain's off-peak window, during which OpenSearch Service can perform mandatory configuration changes on the domain.
    ServiceSoftwareOptions Pulumi.AwsNative.OpenSearchService.Outputs.DomainServiceSoftwareOptions
    SkipShardMigrationWait bool
    SnapshotOptions Pulumi.AwsNative.OpenSearchService.Outputs.DomainSnapshotOptions
    DEPRECATED . The automated snapshot configuration for the OpenSearch Service domain indexes.
    SoftwareUpdateOptions Pulumi.AwsNative.OpenSearchService.Outputs.DomainSoftwareUpdateOptions
    Service software update options for the domain.
    Tags List<Pulumi.AwsNative.Outputs.Tag>
    An arbitrary set of tags (key-value pairs) for this Domain.
    VpcOptions Pulumi.AwsNative.OpenSearchService.Outputs.DomainVpcOptions

    The virtual private cloud (VPC) configuration for the OpenSearch Service domain. For more information, see Launching your Amazon OpenSearch Service domains within a VPC in the Amazon OpenSearch Service Developer Guide .

    If you remove this entity altogether, along with its associated properties, it causes a replacement. You might encounter this scenario if you're updating your security configuration from a VPC to a public endpoint.

    AccessPolicies interface{}

    An AWS Identity and Access Management ( IAM ) policy document that specifies who can access the OpenSearch Service domain and their permissions. For more information, see Configuring access policies in the Amazon OpenSearch Service Developer Guide .

    Search the CloudFormation User Guide for AWS::OpenSearchService::Domain for more information about the expected schema for this property.

    AdvancedOptions map[string]string
    Additional options to specify for the OpenSearch Service domain. For more information, see AdvancedOptions in the OpenSearch Service API reference.
    AdvancedSecurityOptions DomainAdvancedSecurityOptionsInput

    Specifies options for fine-grained access control and SAML authentication.

    If you specify advanced security options, you must also enable node-to-node encryption ( NodeToNodeEncryptionOptions ) and encryption at rest ( EncryptionAtRestOptions ). You must also enable EnforceHTTPS within DomainEndpointOptions , which requires HTTPS for all traffic to the domain.

    Arn string
    The Amazon Resource Name (ARN) of the CloudFormation stack.
    ClusterConfig DomainClusterConfig
    Container for the cluster configuration of a domain.
    CognitoOptions DomainCognitoOptions
    Configures OpenSearch Service to use Amazon Cognito authentication for OpenSearch Dashboards.
    DomainArn string
    The Amazon Resource Name (ARN) of the domain. See Identifiers for IAM Entities in Using AWS Identity and Access Management for more information.
    DomainEndpoint string
    The domain-specific endpoint used for requests to the OpenSearch APIs, such as search-mystack-1ab2cdefghij-ab1c2deckoyb3hofw7wpqa3cm.us-west-1.es.amazonaws.com .
    DomainEndpointOptions DomainEndpointOptions
    Specifies additional options for the domain endpoint, such as whether to require HTTPS for all traffic or whether to use a custom endpoint rather than the default endpoint.
    DomainEndpointV2 string
    If IPAddressType to set to dualstack , a version 2 domain endpoint is provisioned. This endpoint functions like a normal endpoint, except that it works with both IPv4 and IPv6 IP addresses. Normal endpoints work only with IPv4 IP addresses.
    DomainEndpoints map[string]string
    EbsOptions DomainEbsOptions
    The configurations of Amazon Elastic Block Store (Amazon EBS) volumes that are attached to data nodes in the OpenSearch Service domain. For more information, see EBS volume size limits in the Amazon OpenSearch Service Developer Guide .
    EncryptionAtRestOptions DomainEncryptionAtRestOptions

    Whether the domain should encrypt data at rest, and if so, the AWS KMS key to use. See Encryption of data at rest for Amazon OpenSearch Service .

    If no encryption at rest options were initially specified in the template, updating this property by adding it causes no interruption. However, if you change this property after it's already been set within a template, the domain is deleted and recreated in order to modify the property.

    EngineVersion string

    The version of OpenSearch to use. The value must be in the format OpenSearch_X.Y or Elasticsearch_X.Y . If not specified, the latest version of OpenSearch is used. For information about the versions that OpenSearch Service supports, see Supported versions of OpenSearch and Elasticsearch in the Amazon OpenSearch Service Developer Guide .

    If you set the EnableVersionUpgrade update policy to true , you can update EngineVersion without interruption. When EnableVersionUpgrade is set to false , or is not specified, updating EngineVersion results in replacement .

    Id string
    The resource ID. For example, 123456789012/my-domain .
    IpAddressType string
    Choose either dual stack or IPv4 as your IP address type. Dual stack allows you to share domain resources across IPv4 and IPv6 address types, and is the recommended option. If you set your IP address type to dual stack, you can't change your address type later.
    LogPublishingOptions map[string]DomainLogPublishingOption
    An object with one or more of the following keys: SEARCH_SLOW_LOGS , ES_APPLICATION_LOGS , INDEX_SLOW_LOGS , AUDIT_LOGS , depending on the types of logs you want to publish. Each key needs a valid LogPublishingOption value. For the full syntax, see the examples .
    NodeToNodeEncryptionOptions DomainNodeToNodeEncryptionOptions
    Specifies whether node-to-node encryption is enabled. See Node-to-node encryption for Amazon OpenSearch Service .
    OffPeakWindowOptions DomainOffPeakWindowOptions
    Options for a domain's off-peak window, during which OpenSearch Service can perform mandatory configuration changes on the domain.
    ServiceSoftwareOptions DomainServiceSoftwareOptions
    SkipShardMigrationWait bool
    SnapshotOptions DomainSnapshotOptions
    DEPRECATED . The automated snapshot configuration for the OpenSearch Service domain indexes.
    SoftwareUpdateOptions DomainSoftwareUpdateOptions
    Service software update options for the domain.
    Tags Tag
    An arbitrary set of tags (key-value pairs) for this Domain.
    VpcOptions DomainVpcOptions

    The virtual private cloud (VPC) configuration for the OpenSearch Service domain. For more information, see Launching your Amazon OpenSearch Service domains within a VPC in the Amazon OpenSearch Service Developer Guide .

    If you remove this entity altogether, along with its associated properties, it causes a replacement. You might encounter this scenario if you're updating your security configuration from a VPC to a public endpoint.

    accessPolicies Object

    An AWS Identity and Access Management ( IAM ) policy document that specifies who can access the OpenSearch Service domain and their permissions. For more information, see Configuring access policies in the Amazon OpenSearch Service Developer Guide .

    Search the CloudFormation User Guide for AWS::OpenSearchService::Domain for more information about the expected schema for this property.

    advancedOptions Map<String,String>
    Additional options to specify for the OpenSearch Service domain. For more information, see AdvancedOptions in the OpenSearch Service API reference.
    advancedSecurityOptions DomainAdvancedSecurityOptionsInput

    Specifies options for fine-grained access control and SAML authentication.

    If you specify advanced security options, you must also enable node-to-node encryption ( NodeToNodeEncryptionOptions ) and encryption at rest ( EncryptionAtRestOptions ). You must also enable EnforceHTTPS within DomainEndpointOptions , which requires HTTPS for all traffic to the domain.

    arn String
    The Amazon Resource Name (ARN) of the CloudFormation stack.
    clusterConfig DomainClusterConfig
    Container for the cluster configuration of a domain.
    cognitoOptions DomainCognitoOptions
    Configures OpenSearch Service to use Amazon Cognito authentication for OpenSearch Dashboards.
    domainArn String
    The Amazon Resource Name (ARN) of the domain. See Identifiers for IAM Entities in Using AWS Identity and Access Management for more information.
    domainEndpoint String
    The domain-specific endpoint used for requests to the OpenSearch APIs, such as search-mystack-1ab2cdefghij-ab1c2deckoyb3hofw7wpqa3cm.us-west-1.es.amazonaws.com .
    domainEndpointOptions DomainEndpointOptions
    Specifies additional options for the domain endpoint, such as whether to require HTTPS for all traffic or whether to use a custom endpoint rather than the default endpoint.
    domainEndpointV2 String
    If IPAddressType to set to dualstack , a version 2 domain endpoint is provisioned. This endpoint functions like a normal endpoint, except that it works with both IPv4 and IPv6 IP addresses. Normal endpoints work only with IPv4 IP addresses.
    domainEndpoints Map<String,String>
    ebsOptions DomainEbsOptions
    The configurations of Amazon Elastic Block Store (Amazon EBS) volumes that are attached to data nodes in the OpenSearch Service domain. For more information, see EBS volume size limits in the Amazon OpenSearch Service Developer Guide .
    encryptionAtRestOptions DomainEncryptionAtRestOptions

    Whether the domain should encrypt data at rest, and if so, the AWS KMS key to use. See Encryption of data at rest for Amazon OpenSearch Service .

    If no encryption at rest options were initially specified in the template, updating this property by adding it causes no interruption. However, if you change this property after it's already been set within a template, the domain is deleted and recreated in order to modify the property.

    engineVersion String

    The version of OpenSearch to use. The value must be in the format OpenSearch_X.Y or Elasticsearch_X.Y . If not specified, the latest version of OpenSearch is used. For information about the versions that OpenSearch Service supports, see Supported versions of OpenSearch and Elasticsearch in the Amazon OpenSearch Service Developer Guide .

    If you set the EnableVersionUpgrade update policy to true , you can update EngineVersion without interruption. When EnableVersionUpgrade is set to false , or is not specified, updating EngineVersion results in replacement .

    id String
    The resource ID. For example, 123456789012/my-domain .
    ipAddressType String
    Choose either dual stack or IPv4 as your IP address type. Dual stack allows you to share domain resources across IPv4 and IPv6 address types, and is the recommended option. If you set your IP address type to dual stack, you can't change your address type later.
    logPublishingOptions Map<String,DomainLogPublishingOption>
    An object with one or more of the following keys: SEARCH_SLOW_LOGS , ES_APPLICATION_LOGS , INDEX_SLOW_LOGS , AUDIT_LOGS , depending on the types of logs you want to publish. Each key needs a valid LogPublishingOption value. For the full syntax, see the examples .
    nodeToNodeEncryptionOptions DomainNodeToNodeEncryptionOptions
    Specifies whether node-to-node encryption is enabled. See Node-to-node encryption for Amazon OpenSearch Service .
    offPeakWindowOptions DomainOffPeakWindowOptions
    Options for a domain's off-peak window, during which OpenSearch Service can perform mandatory configuration changes on the domain.
    serviceSoftwareOptions DomainServiceSoftwareOptions
    skipShardMigrationWait Boolean
    snapshotOptions DomainSnapshotOptions
    DEPRECATED . The automated snapshot configuration for the OpenSearch Service domain indexes.
    softwareUpdateOptions DomainSoftwareUpdateOptions
    Service software update options for the domain.
    tags List<Tag>
    An arbitrary set of tags (key-value pairs) for this Domain.
    vpcOptions DomainVpcOptions

    The virtual private cloud (VPC) configuration for the OpenSearch Service domain. For more information, see Launching your Amazon OpenSearch Service domains within a VPC in the Amazon OpenSearch Service Developer Guide .

    If you remove this entity altogether, along with its associated properties, it causes a replacement. You might encounter this scenario if you're updating your security configuration from a VPC to a public endpoint.

    accessPolicies any

    An AWS Identity and Access Management ( IAM ) policy document that specifies who can access the OpenSearch Service domain and their permissions. For more information, see Configuring access policies in the Amazon OpenSearch Service Developer Guide .

    Search the CloudFormation User Guide for AWS::OpenSearchService::Domain for more information about the expected schema for this property.

    advancedOptions {[key: string]: string}
    Additional options to specify for the OpenSearch Service domain. For more information, see AdvancedOptions in the OpenSearch Service API reference.
    advancedSecurityOptions DomainAdvancedSecurityOptionsInput

    Specifies options for fine-grained access control and SAML authentication.

    If you specify advanced security options, you must also enable node-to-node encryption ( NodeToNodeEncryptionOptions ) and encryption at rest ( EncryptionAtRestOptions ). You must also enable EnforceHTTPS within DomainEndpointOptions , which requires HTTPS for all traffic to the domain.

    arn string
    The Amazon Resource Name (ARN) of the CloudFormation stack.
    clusterConfig DomainClusterConfig
    Container for the cluster configuration of a domain.
    cognitoOptions DomainCognitoOptions
    Configures OpenSearch Service to use Amazon Cognito authentication for OpenSearch Dashboards.
    domainArn string
    The Amazon Resource Name (ARN) of the domain. See Identifiers for IAM Entities in Using AWS Identity and Access Management for more information.
    domainEndpoint string
    The domain-specific endpoint used for requests to the OpenSearch APIs, such as search-mystack-1ab2cdefghij-ab1c2deckoyb3hofw7wpqa3cm.us-west-1.es.amazonaws.com .
    domainEndpointOptions DomainEndpointOptions
    Specifies additional options for the domain endpoint, such as whether to require HTTPS for all traffic or whether to use a custom endpoint rather than the default endpoint.
    domainEndpointV2 string
    If IPAddressType to set to dualstack , a version 2 domain endpoint is provisioned. This endpoint functions like a normal endpoint, except that it works with both IPv4 and IPv6 IP addresses. Normal endpoints work only with IPv4 IP addresses.
    domainEndpoints {[key: string]: string}
    ebsOptions DomainEbsOptions
    The configurations of Amazon Elastic Block Store (Amazon EBS) volumes that are attached to data nodes in the OpenSearch Service domain. For more information, see EBS volume size limits in the Amazon OpenSearch Service Developer Guide .
    encryptionAtRestOptions DomainEncryptionAtRestOptions

    Whether the domain should encrypt data at rest, and if so, the AWS KMS key to use. See Encryption of data at rest for Amazon OpenSearch Service .

    If no encryption at rest options were initially specified in the template, updating this property by adding it causes no interruption. However, if you change this property after it's already been set within a template, the domain is deleted and recreated in order to modify the property.

    engineVersion string

    The version of OpenSearch to use. The value must be in the format OpenSearch_X.Y or Elasticsearch_X.Y . If not specified, the latest version of OpenSearch is used. For information about the versions that OpenSearch Service supports, see Supported versions of OpenSearch and Elasticsearch in the Amazon OpenSearch Service Developer Guide .

    If you set the EnableVersionUpgrade update policy to true , you can update EngineVersion without interruption. When EnableVersionUpgrade is set to false , or is not specified, updating EngineVersion results in replacement .

    id string
    The resource ID. For example, 123456789012/my-domain .
    ipAddressType string
    Choose either dual stack or IPv4 as your IP address type. Dual stack allows you to share domain resources across IPv4 and IPv6 address types, and is the recommended option. If you set your IP address type to dual stack, you can't change your address type later.
    logPublishingOptions {[key: string]: DomainLogPublishingOption}
    An object with one or more of the following keys: SEARCH_SLOW_LOGS , ES_APPLICATION_LOGS , INDEX_SLOW_LOGS , AUDIT_LOGS , depending on the types of logs you want to publish. Each key needs a valid LogPublishingOption value. For the full syntax, see the examples .
    nodeToNodeEncryptionOptions DomainNodeToNodeEncryptionOptions
    Specifies whether node-to-node encryption is enabled. See Node-to-node encryption for Amazon OpenSearch Service .
    offPeakWindowOptions DomainOffPeakWindowOptions
    Options for a domain's off-peak window, during which OpenSearch Service can perform mandatory configuration changes on the domain.
    serviceSoftwareOptions DomainServiceSoftwareOptions
    skipShardMigrationWait boolean
    snapshotOptions DomainSnapshotOptions
    DEPRECATED . The automated snapshot configuration for the OpenSearch Service domain indexes.
    softwareUpdateOptions DomainSoftwareUpdateOptions
    Service software update options for the domain.
    tags Tag[]
    An arbitrary set of tags (key-value pairs) for this Domain.
    vpcOptions DomainVpcOptions

    The virtual private cloud (VPC) configuration for the OpenSearch Service domain. For more information, see Launching your Amazon OpenSearch Service domains within a VPC in the Amazon OpenSearch Service Developer Guide .

    If you remove this entity altogether, along with its associated properties, it causes a replacement. You might encounter this scenario if you're updating your security configuration from a VPC to a public endpoint.

    access_policies Any

    An AWS Identity and Access Management ( IAM ) policy document that specifies who can access the OpenSearch Service domain and their permissions. For more information, see Configuring access policies in the Amazon OpenSearch Service Developer Guide .

    Search the CloudFormation User Guide for AWS::OpenSearchService::Domain for more information about the expected schema for this property.

    advanced_options Mapping[str, str]
    Additional options to specify for the OpenSearch Service domain. For more information, see AdvancedOptions in the OpenSearch Service API reference.
    advanced_security_options DomainAdvancedSecurityOptionsInput

    Specifies options for fine-grained access control and SAML authentication.

    If you specify advanced security options, you must also enable node-to-node encryption ( NodeToNodeEncryptionOptions ) and encryption at rest ( EncryptionAtRestOptions ). You must also enable EnforceHTTPS within DomainEndpointOptions , which requires HTTPS for all traffic to the domain.

    arn str
    The Amazon Resource Name (ARN) of the CloudFormation stack.
    cluster_config DomainClusterConfig
    Container for the cluster configuration of a domain.
    cognito_options DomainCognitoOptions
    Configures OpenSearch Service to use Amazon Cognito authentication for OpenSearch Dashboards.
    domain_arn str
    The Amazon Resource Name (ARN) of the domain. See Identifiers for IAM Entities in Using AWS Identity and Access Management for more information.
    domain_endpoint str
    The domain-specific endpoint used for requests to the OpenSearch APIs, such as search-mystack-1ab2cdefghij-ab1c2deckoyb3hofw7wpqa3cm.us-west-1.es.amazonaws.com .
    domain_endpoint_options DomainEndpointOptions
    Specifies additional options for the domain endpoint, such as whether to require HTTPS for all traffic or whether to use a custom endpoint rather than the default endpoint.
    domain_endpoint_v2 str
    If IPAddressType to set to dualstack , a version 2 domain endpoint is provisioned. This endpoint functions like a normal endpoint, except that it works with both IPv4 and IPv6 IP addresses. Normal endpoints work only with IPv4 IP addresses.
    domain_endpoints Mapping[str, str]
    ebs_options DomainEbsOptions
    The configurations of Amazon Elastic Block Store (Amazon EBS) volumes that are attached to data nodes in the OpenSearch Service domain. For more information, see EBS volume size limits in the Amazon OpenSearch Service Developer Guide .
    encryption_at_rest_options DomainEncryptionAtRestOptions

    Whether the domain should encrypt data at rest, and if so, the AWS KMS key to use. See Encryption of data at rest for Amazon OpenSearch Service .

    If no encryption at rest options were initially specified in the template, updating this property by adding it causes no interruption. However, if you change this property after it's already been set within a template, the domain is deleted and recreated in order to modify the property.

    engine_version str

    The version of OpenSearch to use. The value must be in the format OpenSearch_X.Y or Elasticsearch_X.Y . If not specified, the latest version of OpenSearch is used. For information about the versions that OpenSearch Service supports, see Supported versions of OpenSearch and Elasticsearch in the Amazon OpenSearch Service Developer Guide .

    If you set the EnableVersionUpgrade update policy to true , you can update EngineVersion without interruption. When EnableVersionUpgrade is set to false , or is not specified, updating EngineVersion results in replacement .

    id str
    The resource ID. For example, 123456789012/my-domain .
    ip_address_type str
    Choose either dual stack or IPv4 as your IP address type. Dual stack allows you to share domain resources across IPv4 and IPv6 address types, and is the recommended option. If you set your IP address type to dual stack, you can't change your address type later.
    log_publishing_options Mapping[str, DomainLogPublishingOption]
    An object with one or more of the following keys: SEARCH_SLOW_LOGS , ES_APPLICATION_LOGS , INDEX_SLOW_LOGS , AUDIT_LOGS , depending on the types of logs you want to publish. Each key needs a valid LogPublishingOption value. For the full syntax, see the examples .
    node_to_node_encryption_options DomainNodeToNodeEncryptionOptions
    Specifies whether node-to-node encryption is enabled. See Node-to-node encryption for Amazon OpenSearch Service .
    off_peak_window_options DomainOffPeakWindowOptions
    Options for a domain's off-peak window, during which OpenSearch Service can perform mandatory configuration changes on the domain.
    service_software_options DomainServiceSoftwareOptions
    skip_shard_migration_wait bool
    snapshot_options DomainSnapshotOptions
    DEPRECATED . The automated snapshot configuration for the OpenSearch Service domain indexes.
    software_update_options DomainSoftwareUpdateOptions
    Service software update options for the domain.
    tags Sequence[root_Tag]
    An arbitrary set of tags (key-value pairs) for this Domain.
    vpc_options DomainVpcOptions

    The virtual private cloud (VPC) configuration for the OpenSearch Service domain. For more information, see Launching your Amazon OpenSearch Service domains within a VPC in the Amazon OpenSearch Service Developer Guide .

    If you remove this entity altogether, along with its associated properties, it causes a replacement. You might encounter this scenario if you're updating your security configuration from a VPC to a public endpoint.

    accessPolicies Any

    An AWS Identity and Access Management ( IAM ) policy document that specifies who can access the OpenSearch Service domain and their permissions. For more information, see Configuring access policies in the Amazon OpenSearch Service Developer Guide .

    Search the CloudFormation User Guide for AWS::OpenSearchService::Domain for more information about the expected schema for this property.

    advancedOptions Map<String>
    Additional options to specify for the OpenSearch Service domain. For more information, see AdvancedOptions in the OpenSearch Service API reference.
    advancedSecurityOptions Property Map

    Specifies options for fine-grained access control and SAML authentication.

    If you specify advanced security options, you must also enable node-to-node encryption ( NodeToNodeEncryptionOptions ) and encryption at rest ( EncryptionAtRestOptions ). You must also enable EnforceHTTPS within DomainEndpointOptions , which requires HTTPS for all traffic to the domain.

    arn String
    The Amazon Resource Name (ARN) of the CloudFormation stack.
    clusterConfig Property Map
    Container for the cluster configuration of a domain.
    cognitoOptions Property Map
    Configures OpenSearch Service to use Amazon Cognito authentication for OpenSearch Dashboards.
    domainArn String
    The Amazon Resource Name (ARN) of the domain. See Identifiers for IAM Entities in Using AWS Identity and Access Management for more information.
    domainEndpoint String
    The domain-specific endpoint used for requests to the OpenSearch APIs, such as search-mystack-1ab2cdefghij-ab1c2deckoyb3hofw7wpqa3cm.us-west-1.es.amazonaws.com .
    domainEndpointOptions Property Map
    Specifies additional options for the domain endpoint, such as whether to require HTTPS for all traffic or whether to use a custom endpoint rather than the default endpoint.
    domainEndpointV2 String
    If IPAddressType to set to dualstack , a version 2 domain endpoint is provisioned. This endpoint functions like a normal endpoint, except that it works with both IPv4 and IPv6 IP addresses. Normal endpoints work only with IPv4 IP addresses.
    domainEndpoints Map<String>
    ebsOptions Property Map
    The configurations of Amazon Elastic Block Store (Amazon EBS) volumes that are attached to data nodes in the OpenSearch Service domain. For more information, see EBS volume size limits in the Amazon OpenSearch Service Developer Guide .
    encryptionAtRestOptions Property Map

    Whether the domain should encrypt data at rest, and if so, the AWS KMS key to use. See Encryption of data at rest for Amazon OpenSearch Service .

    If no encryption at rest options were initially specified in the template, updating this property by adding it causes no interruption. However, if you change this property after it's already been set within a template, the domain is deleted and recreated in order to modify the property.

    engineVersion String

    The version of OpenSearch to use. The value must be in the format OpenSearch_X.Y or Elasticsearch_X.Y . If not specified, the latest version of OpenSearch is used. For information about the versions that OpenSearch Service supports, see Supported versions of OpenSearch and Elasticsearch in the Amazon OpenSearch Service Developer Guide .

    If you set the EnableVersionUpgrade update policy to true , you can update EngineVersion without interruption. When EnableVersionUpgrade is set to false , or is not specified, updating EngineVersion results in replacement .

    id String
    The resource ID. For example, 123456789012/my-domain .
    ipAddressType String
    Choose either dual stack or IPv4 as your IP address type. Dual stack allows you to share domain resources across IPv4 and IPv6 address types, and is the recommended option. If you set your IP address type to dual stack, you can't change your address type later.
    logPublishingOptions Map<Property Map>
    An object with one or more of the following keys: SEARCH_SLOW_LOGS , ES_APPLICATION_LOGS , INDEX_SLOW_LOGS , AUDIT_LOGS , depending on the types of logs you want to publish. Each key needs a valid LogPublishingOption value. For the full syntax, see the examples .
    nodeToNodeEncryptionOptions Property Map
    Specifies whether node-to-node encryption is enabled. See Node-to-node encryption for Amazon OpenSearch Service .
    offPeakWindowOptions Property Map
    Options for a domain's off-peak window, during which OpenSearch Service can perform mandatory configuration changes on the domain.
    serviceSoftwareOptions Property Map
    skipShardMigrationWait Boolean
    snapshotOptions Property Map
    DEPRECATED . The automated snapshot configuration for the OpenSearch Service domain indexes.
    softwareUpdateOptions Property Map
    Service software update options for the domain.
    tags List<Property Map>
    An arbitrary set of tags (key-value pairs) for this Domain.
    vpcOptions Property Map

    The virtual private cloud (VPC) configuration for the OpenSearch Service domain. For more information, see Launching your Amazon OpenSearch Service domains within a VPC in the Amazon OpenSearch Service Developer Guide .

    If you remove this entity altogether, along with its associated properties, it causes a replacement. You might encounter this scenario if you're updating your security configuration from a VPC to a public endpoint.

    Supporting Types

    DomainAdvancedSecurityOptionsInput

    AnonymousAuthDisableDate string
    Date and time when the migration period will be disabled. Only necessary when enabling fine-grained access control on an existing domain .
    AnonymousAuthEnabled bool
    True to enable a 30-day migration period during which administrators can create role mappings. Only necessary when enabling fine-grained access control on an existing domain .
    Enabled bool
    True to enable fine-grained access control. You must also enable encryption of data at rest and node-to-node encryption. See Fine-grained access control in Amazon OpenSearch Service .
    InternalUserDatabaseEnabled bool
    True to enable the internal user database.
    JwtOptions Pulumi.AwsNative.OpenSearchService.Inputs.DomainJwtOptions
    Container for information about the JWT configuration of the Amazon OpenSearch Service.
    MasterUserOptions Pulumi.AwsNative.OpenSearchService.Inputs.DomainMasterUserOptions
    Specifies information about the master user.
    SamlOptions Pulumi.AwsNative.OpenSearchService.Inputs.DomainSamlOptions
    Container for information about the SAML configuration for OpenSearch Dashboards.
    AnonymousAuthDisableDate string
    Date and time when the migration period will be disabled. Only necessary when enabling fine-grained access control on an existing domain .
    AnonymousAuthEnabled bool
    True to enable a 30-day migration period during which administrators can create role mappings. Only necessary when enabling fine-grained access control on an existing domain .
    Enabled bool
    True to enable fine-grained access control. You must also enable encryption of data at rest and node-to-node encryption. See Fine-grained access control in Amazon OpenSearch Service .
    InternalUserDatabaseEnabled bool
    True to enable the internal user database.
    JwtOptions DomainJwtOptions
    Container for information about the JWT configuration of the Amazon OpenSearch Service.
    MasterUserOptions DomainMasterUserOptions
    Specifies information about the master user.
    SamlOptions DomainSamlOptions
    Container for information about the SAML configuration for OpenSearch Dashboards.
    anonymousAuthDisableDate String
    Date and time when the migration period will be disabled. Only necessary when enabling fine-grained access control on an existing domain .
    anonymousAuthEnabled Boolean
    True to enable a 30-day migration period during which administrators can create role mappings. Only necessary when enabling fine-grained access control on an existing domain .
    enabled Boolean
    True to enable fine-grained access control. You must also enable encryption of data at rest and node-to-node encryption. See Fine-grained access control in Amazon OpenSearch Service .
    internalUserDatabaseEnabled Boolean
    True to enable the internal user database.
    jwtOptions DomainJwtOptions
    Container for information about the JWT configuration of the Amazon OpenSearch Service.
    masterUserOptions DomainMasterUserOptions
    Specifies information about the master user.
    samlOptions DomainSamlOptions
    Container for information about the SAML configuration for OpenSearch Dashboards.
    anonymousAuthDisableDate string
    Date and time when the migration period will be disabled. Only necessary when enabling fine-grained access control on an existing domain .
    anonymousAuthEnabled boolean
    True to enable a 30-day migration period during which administrators can create role mappings. Only necessary when enabling fine-grained access control on an existing domain .
    enabled boolean
    True to enable fine-grained access control. You must also enable encryption of data at rest and node-to-node encryption. See Fine-grained access control in Amazon OpenSearch Service .
    internalUserDatabaseEnabled boolean
    True to enable the internal user database.
    jwtOptions DomainJwtOptions
    Container for information about the JWT configuration of the Amazon OpenSearch Service.
    masterUserOptions DomainMasterUserOptions
    Specifies information about the master user.
    samlOptions DomainSamlOptions
    Container for information about the SAML configuration for OpenSearch Dashboards.
    anonymous_auth_disable_date str
    Date and time when the migration period will be disabled. Only necessary when enabling fine-grained access control on an existing domain .
    anonymous_auth_enabled bool
    True to enable a 30-day migration period during which administrators can create role mappings. Only necessary when enabling fine-grained access control on an existing domain .
    enabled bool
    True to enable fine-grained access control. You must also enable encryption of data at rest and node-to-node encryption. See Fine-grained access control in Amazon OpenSearch Service .
    internal_user_database_enabled bool
    True to enable the internal user database.
    jwt_options DomainJwtOptions
    Container for information about the JWT configuration of the Amazon OpenSearch Service.
    master_user_options DomainMasterUserOptions
    Specifies information about the master user.
    saml_options DomainSamlOptions
    Container for information about the SAML configuration for OpenSearch Dashboards.
    anonymousAuthDisableDate String
    Date and time when the migration period will be disabled. Only necessary when enabling fine-grained access control on an existing domain .
    anonymousAuthEnabled Boolean
    True to enable a 30-day migration period during which administrators can create role mappings. Only necessary when enabling fine-grained access control on an existing domain .
    enabled Boolean
    True to enable fine-grained access control. You must also enable encryption of data at rest and node-to-node encryption. See Fine-grained access control in Amazon OpenSearch Service .
    internalUserDatabaseEnabled Boolean
    True to enable the internal user database.
    jwtOptions Property Map
    Container for information about the JWT configuration of the Amazon OpenSearch Service.
    masterUserOptions Property Map
    Specifies information about the master user.
    samlOptions Property Map
    Container for information about the SAML configuration for OpenSearch Dashboards.

    DomainClusterConfig

    ColdStorageOptions Pulumi.AwsNative.OpenSearchService.Inputs.DomainColdStorageOptions
    Container for cold storage configuration options.
    DedicatedMasterCount int
    The number of instances to use for the master node. If you specify this property, you must specify true for the DedicatedMasterEnabled property.
    DedicatedMasterEnabled bool
    Indicates whether to use a dedicated master node for the OpenSearch Service domain. A dedicated master node is a cluster node that performs cluster management tasks, but doesn't hold data or respond to data upload requests. Dedicated master nodes offload cluster management tasks to increase the stability of your search clusters. See Dedicated master nodes in Amazon OpenSearch Service .
    DedicatedMasterType string
    The hardware configuration of the computer that hosts the dedicated master node, such as m3.medium.search . If you specify this property, you must specify true for the DedicatedMasterEnabled property. For valid values, see Supported instance types in Amazon OpenSearch Service .
    InstanceCount int
    The number of data nodes (instances) to use in the OpenSearch Service domain.
    InstanceType string
    The instance type for your data nodes, such as m3.medium.search . For valid values, see Supported instance types in Amazon OpenSearch Service .
    MultiAzWithStandbyEnabled bool
    Indicates whether Multi-AZ with Standby deployment option is enabled. For more information, see Multi-AZ with Standby .
    WarmCount int
    The number of warm nodes in the cluster.
    WarmEnabled bool
    Whether to enable UltraWarm storage for the cluster. See UltraWarm storage for Amazon OpenSearch Service .
    WarmType string
    The instance type for the cluster's warm nodes.
    ZoneAwarenessConfig Pulumi.AwsNative.OpenSearchService.Inputs.DomainZoneAwarenessConfig
    Specifies zone awareness configuration options. Only use if ZoneAwarenessEnabled is true .
    ZoneAwarenessEnabled bool
    Indicates whether to enable zone awareness for the OpenSearch Service domain. When you enable zone awareness, OpenSearch Service allocates the nodes and replica index shards that belong to a cluster across two Availability Zones (AZs) in the same region to prevent data loss and minimize downtime in the event of node or data center failure. Don't enable zone awareness if your cluster has no replica index shards or is a single-node cluster. For more information, see Configuring a multi-AZ domain in Amazon OpenSearch Service .
    ColdStorageOptions DomainColdStorageOptions
    Container for cold storage configuration options.
    DedicatedMasterCount int
    The number of instances to use for the master node. If you specify this property, you must specify true for the DedicatedMasterEnabled property.
    DedicatedMasterEnabled bool
    Indicates whether to use a dedicated master node for the OpenSearch Service domain. A dedicated master node is a cluster node that performs cluster management tasks, but doesn't hold data or respond to data upload requests. Dedicated master nodes offload cluster management tasks to increase the stability of your search clusters. See Dedicated master nodes in Amazon OpenSearch Service .
    DedicatedMasterType string
    The hardware configuration of the computer that hosts the dedicated master node, such as m3.medium.search . If you specify this property, you must specify true for the DedicatedMasterEnabled property. For valid values, see Supported instance types in Amazon OpenSearch Service .
    InstanceCount int
    The number of data nodes (instances) to use in the OpenSearch Service domain.
    InstanceType string
    The instance type for your data nodes, such as m3.medium.search . For valid values, see Supported instance types in Amazon OpenSearch Service .
    MultiAzWithStandbyEnabled bool
    Indicates whether Multi-AZ with Standby deployment option is enabled. For more information, see Multi-AZ with Standby .
    WarmCount int
    The number of warm nodes in the cluster.
    WarmEnabled bool
    Whether to enable UltraWarm storage for the cluster. See UltraWarm storage for Amazon OpenSearch Service .
    WarmType string
    The instance type for the cluster's warm nodes.
    ZoneAwarenessConfig DomainZoneAwarenessConfig
    Specifies zone awareness configuration options. Only use if ZoneAwarenessEnabled is true .
    ZoneAwarenessEnabled bool
    Indicates whether to enable zone awareness for the OpenSearch Service domain. When you enable zone awareness, OpenSearch Service allocates the nodes and replica index shards that belong to a cluster across two Availability Zones (AZs) in the same region to prevent data loss and minimize downtime in the event of node or data center failure. Don't enable zone awareness if your cluster has no replica index shards or is a single-node cluster. For more information, see Configuring a multi-AZ domain in Amazon OpenSearch Service .
    coldStorageOptions DomainColdStorageOptions
    Container for cold storage configuration options.
    dedicatedMasterCount Integer
    The number of instances to use for the master node. If you specify this property, you must specify true for the DedicatedMasterEnabled property.
    dedicatedMasterEnabled Boolean
    Indicates whether to use a dedicated master node for the OpenSearch Service domain. A dedicated master node is a cluster node that performs cluster management tasks, but doesn't hold data or respond to data upload requests. Dedicated master nodes offload cluster management tasks to increase the stability of your search clusters. See Dedicated master nodes in Amazon OpenSearch Service .
    dedicatedMasterType String
    The hardware configuration of the computer that hosts the dedicated master node, such as m3.medium.search . If you specify this property, you must specify true for the DedicatedMasterEnabled property. For valid values, see Supported instance types in Amazon OpenSearch Service .
    instanceCount Integer
    The number of data nodes (instances) to use in the OpenSearch Service domain.
    instanceType String
    The instance type for your data nodes, such as m3.medium.search . For valid values, see Supported instance types in Amazon OpenSearch Service .
    multiAzWithStandbyEnabled Boolean
    Indicates whether Multi-AZ with Standby deployment option is enabled. For more information, see Multi-AZ with Standby .
    warmCount Integer
    The number of warm nodes in the cluster.
    warmEnabled Boolean
    Whether to enable UltraWarm storage for the cluster. See UltraWarm storage for Amazon OpenSearch Service .
    warmType String
    The instance type for the cluster's warm nodes.
    zoneAwarenessConfig DomainZoneAwarenessConfig
    Specifies zone awareness configuration options. Only use if ZoneAwarenessEnabled is true .
    zoneAwarenessEnabled Boolean
    Indicates whether to enable zone awareness for the OpenSearch Service domain. When you enable zone awareness, OpenSearch Service allocates the nodes and replica index shards that belong to a cluster across two Availability Zones (AZs) in the same region to prevent data loss and minimize downtime in the event of node or data center failure. Don't enable zone awareness if your cluster has no replica index shards or is a single-node cluster. For more information, see Configuring a multi-AZ domain in Amazon OpenSearch Service .
    coldStorageOptions DomainColdStorageOptions
    Container for cold storage configuration options.
    dedicatedMasterCount number
    The number of instances to use for the master node. If you specify this property, you must specify true for the DedicatedMasterEnabled property.
    dedicatedMasterEnabled boolean
    Indicates whether to use a dedicated master node for the OpenSearch Service domain. A dedicated master node is a cluster node that performs cluster management tasks, but doesn't hold data or respond to data upload requests. Dedicated master nodes offload cluster management tasks to increase the stability of your search clusters. See Dedicated master nodes in Amazon OpenSearch Service .
    dedicatedMasterType string
    The hardware configuration of the computer that hosts the dedicated master node, such as m3.medium.search . If you specify this property, you must specify true for the DedicatedMasterEnabled property. For valid values, see Supported instance types in Amazon OpenSearch Service .
    instanceCount number
    The number of data nodes (instances) to use in the OpenSearch Service domain.
    instanceType string
    The instance type for your data nodes, such as m3.medium.search . For valid values, see Supported instance types in Amazon OpenSearch Service .
    multiAzWithStandbyEnabled boolean
    Indicates whether Multi-AZ with Standby deployment option is enabled. For more information, see Multi-AZ with Standby .
    warmCount number
    The number of warm nodes in the cluster.
    warmEnabled boolean
    Whether to enable UltraWarm storage for the cluster. See UltraWarm storage for Amazon OpenSearch Service .
    warmType string
    The instance type for the cluster's warm nodes.
    zoneAwarenessConfig DomainZoneAwarenessConfig
    Specifies zone awareness configuration options. Only use if ZoneAwarenessEnabled is true .
    zoneAwarenessEnabled boolean
    Indicates whether to enable zone awareness for the OpenSearch Service domain. When you enable zone awareness, OpenSearch Service allocates the nodes and replica index shards that belong to a cluster across two Availability Zones (AZs) in the same region to prevent data loss and minimize downtime in the event of node or data center failure. Don't enable zone awareness if your cluster has no replica index shards or is a single-node cluster. For more information, see Configuring a multi-AZ domain in Amazon OpenSearch Service .
    cold_storage_options DomainColdStorageOptions
    Container for cold storage configuration options.
    dedicated_master_count int
    The number of instances to use for the master node. If you specify this property, you must specify true for the DedicatedMasterEnabled property.
    dedicated_master_enabled bool
    Indicates whether to use a dedicated master node for the OpenSearch Service domain. A dedicated master node is a cluster node that performs cluster management tasks, but doesn't hold data or respond to data upload requests. Dedicated master nodes offload cluster management tasks to increase the stability of your search clusters. See Dedicated master nodes in Amazon OpenSearch Service .
    dedicated_master_type str
    The hardware configuration of the computer that hosts the dedicated master node, such as m3.medium.search . If you specify this property, you must specify true for the DedicatedMasterEnabled property. For valid values, see Supported instance types in Amazon OpenSearch Service .
    instance_count int
    The number of data nodes (instances) to use in the OpenSearch Service domain.
    instance_type str
    The instance type for your data nodes, such as m3.medium.search . For valid values, see Supported instance types in Amazon OpenSearch Service .
    multi_az_with_standby_enabled bool
    Indicates whether Multi-AZ with Standby deployment option is enabled. For more information, see Multi-AZ with Standby .
    warm_count int
    The number of warm nodes in the cluster.
    warm_enabled bool
    Whether to enable UltraWarm storage for the cluster. See UltraWarm storage for Amazon OpenSearch Service .
    warm_type str
    The instance type for the cluster's warm nodes.
    zone_awareness_config DomainZoneAwarenessConfig
    Specifies zone awareness configuration options. Only use if ZoneAwarenessEnabled is true .
    zone_awareness_enabled bool
    Indicates whether to enable zone awareness for the OpenSearch Service domain. When you enable zone awareness, OpenSearch Service allocates the nodes and replica index shards that belong to a cluster across two Availability Zones (AZs) in the same region to prevent data loss and minimize downtime in the event of node or data center failure. Don't enable zone awareness if your cluster has no replica index shards or is a single-node cluster. For more information, see Configuring a multi-AZ domain in Amazon OpenSearch Service .
    coldStorageOptions Property Map
    Container for cold storage configuration options.
    dedicatedMasterCount Number
    The number of instances to use for the master node. If you specify this property, you must specify true for the DedicatedMasterEnabled property.
    dedicatedMasterEnabled Boolean
    Indicates whether to use a dedicated master node for the OpenSearch Service domain. A dedicated master node is a cluster node that performs cluster management tasks, but doesn't hold data or respond to data upload requests. Dedicated master nodes offload cluster management tasks to increase the stability of your search clusters. See Dedicated master nodes in Amazon OpenSearch Service .
    dedicatedMasterType String
    The hardware configuration of the computer that hosts the dedicated master node, such as m3.medium.search . If you specify this property, you must specify true for the DedicatedMasterEnabled property. For valid values, see Supported instance types in Amazon OpenSearch Service .
    instanceCount Number
    The number of data nodes (instances) to use in the OpenSearch Service domain.
    instanceType String
    The instance type for your data nodes, such as m3.medium.search . For valid values, see Supported instance types in Amazon OpenSearch Service .
    multiAzWithStandbyEnabled Boolean
    Indicates whether Multi-AZ with Standby deployment option is enabled. For more information, see Multi-AZ with Standby .
    warmCount Number
    The number of warm nodes in the cluster.
    warmEnabled Boolean
    Whether to enable UltraWarm storage for the cluster. See UltraWarm storage for Amazon OpenSearch Service .
    warmType String
    The instance type for the cluster's warm nodes.
    zoneAwarenessConfig Property Map
    Specifies zone awareness configuration options. Only use if ZoneAwarenessEnabled is true .
    zoneAwarenessEnabled Boolean
    Indicates whether to enable zone awareness for the OpenSearch Service domain. When you enable zone awareness, OpenSearch Service allocates the nodes and replica index shards that belong to a cluster across two Availability Zones (AZs) in the same region to prevent data loss and minimize downtime in the event of node or data center failure. Don't enable zone awareness if your cluster has no replica index shards or is a single-node cluster. For more information, see Configuring a multi-AZ domain in Amazon OpenSearch Service .

    DomainCognitoOptions

    Enabled bool
    Whether to enable or disable Amazon Cognito authentication for OpenSearch Dashboards. See Amazon Cognito authentication for OpenSearch Dashboards .
    IdentityPoolId string

    The Amazon Cognito identity pool ID that you want OpenSearch Service to use for OpenSearch Dashboards authentication.

    Required if you enabled Cognito Authentication for OpenSearch Dashboards.

    RoleArn string

    The AmazonOpenSearchServiceCognitoAccess role that allows OpenSearch Service to configure your user pool and identity pool.

    Required if you enabled Cognito Authentication for OpenSearch Dashboards.

    UserPoolId string

    The Amazon Cognito user pool ID that you want OpenSearch Service to use for OpenSearch Dashboards authentication.

    Required if you enabled Cognito Authentication for OpenSearch Dashboards.

    Enabled bool
    Whether to enable or disable Amazon Cognito authentication for OpenSearch Dashboards. See Amazon Cognito authentication for OpenSearch Dashboards .
    IdentityPoolId string

    The Amazon Cognito identity pool ID that you want OpenSearch Service to use for OpenSearch Dashboards authentication.

    Required if you enabled Cognito Authentication for OpenSearch Dashboards.

    RoleArn string

    The AmazonOpenSearchServiceCognitoAccess role that allows OpenSearch Service to configure your user pool and identity pool.

    Required if you enabled Cognito Authentication for OpenSearch Dashboards.

    UserPoolId string

    The Amazon Cognito user pool ID that you want OpenSearch Service to use for OpenSearch Dashboards authentication.

    Required if you enabled Cognito Authentication for OpenSearch Dashboards.

    enabled Boolean
    Whether to enable or disable Amazon Cognito authentication for OpenSearch Dashboards. See Amazon Cognito authentication for OpenSearch Dashboards .
    identityPoolId String

    The Amazon Cognito identity pool ID that you want OpenSearch Service to use for OpenSearch Dashboards authentication.

    Required if you enabled Cognito Authentication for OpenSearch Dashboards.

    roleArn String

    The AmazonOpenSearchServiceCognitoAccess role that allows OpenSearch Service to configure your user pool and identity pool.

    Required if you enabled Cognito Authentication for OpenSearch Dashboards.

    userPoolId String

    The Amazon Cognito user pool ID that you want OpenSearch Service to use for OpenSearch Dashboards authentication.

    Required if you enabled Cognito Authentication for OpenSearch Dashboards.

    enabled boolean
    Whether to enable or disable Amazon Cognito authentication for OpenSearch Dashboards. See Amazon Cognito authentication for OpenSearch Dashboards .
    identityPoolId string

    The Amazon Cognito identity pool ID that you want OpenSearch Service to use for OpenSearch Dashboards authentication.

    Required if you enabled Cognito Authentication for OpenSearch Dashboards.

    roleArn string

    The AmazonOpenSearchServiceCognitoAccess role that allows OpenSearch Service to configure your user pool and identity pool.

    Required if you enabled Cognito Authentication for OpenSearch Dashboards.

    userPoolId string

    The Amazon Cognito user pool ID that you want OpenSearch Service to use for OpenSearch Dashboards authentication.

    Required if you enabled Cognito Authentication for OpenSearch Dashboards.

    enabled bool
    Whether to enable or disable Amazon Cognito authentication for OpenSearch Dashboards. See Amazon Cognito authentication for OpenSearch Dashboards .
    identity_pool_id str

    The Amazon Cognito identity pool ID that you want OpenSearch Service to use for OpenSearch Dashboards authentication.

    Required if you enabled Cognito Authentication for OpenSearch Dashboards.

    role_arn str

    The AmazonOpenSearchServiceCognitoAccess role that allows OpenSearch Service to configure your user pool and identity pool.

    Required if you enabled Cognito Authentication for OpenSearch Dashboards.

    user_pool_id str

    The Amazon Cognito user pool ID that you want OpenSearch Service to use for OpenSearch Dashboards authentication.

    Required if you enabled Cognito Authentication for OpenSearch Dashboards.

    enabled Boolean
    Whether to enable or disable Amazon Cognito authentication for OpenSearch Dashboards. See Amazon Cognito authentication for OpenSearch Dashboards .
    identityPoolId String

    The Amazon Cognito identity pool ID that you want OpenSearch Service to use for OpenSearch Dashboards authentication.

    Required if you enabled Cognito Authentication for OpenSearch Dashboards.

    roleArn String

    The AmazonOpenSearchServiceCognitoAccess role that allows OpenSearch Service to configure your user pool and identity pool.

    Required if you enabled Cognito Authentication for OpenSearch Dashboards.

    userPoolId String

    The Amazon Cognito user pool ID that you want OpenSearch Service to use for OpenSearch Dashboards authentication.

    Required if you enabled Cognito Authentication for OpenSearch Dashboards.

    DomainColdStorageOptions

    Enabled bool
    Whether to enable or disable cold storage on the domain. You must enable UltraWarm storage to enable cold storage.
    Enabled bool
    Whether to enable or disable cold storage on the domain. You must enable UltraWarm storage to enable cold storage.
    enabled Boolean
    Whether to enable or disable cold storage on the domain. You must enable UltraWarm storage to enable cold storage.
    enabled boolean
    Whether to enable or disable cold storage on the domain. You must enable UltraWarm storage to enable cold storage.
    enabled bool
    Whether to enable or disable cold storage on the domain. You must enable UltraWarm storage to enable cold storage.
    enabled Boolean
    Whether to enable or disable cold storage on the domain. You must enable UltraWarm storage to enable cold storage.

    DomainEbsOptions

    EbsEnabled bool
    Specifies whether Amazon EBS volumes are attached to data nodes in the OpenSearch Service domain.
    Iops int
    The number of I/O operations per second (IOPS) that the volume supports. This property applies only to the gp3 and provisioned IOPS EBS volume types.
    Throughput int
    The throughput (in MiB/s) of the EBS volumes attached to data nodes. Applies only to the gp3 volume type.
    VolumeSize int
    The size (in GiB) of the EBS volume for each data node. The minimum and maximum size of an EBS volume depends on the EBS volume type and the instance type to which it is attached. For more information, see EBS volume size limits in the Amazon OpenSearch Service Developer Guide .
    VolumeType string
    The EBS volume type to use with the OpenSearch Service domain. If you choose gp3 , you must also specify values for Iops and Throughput . For more information about each type, see Amazon EBS volume types in the Amazon EC2 User Guide for Linux Instances .
    EbsEnabled bool
    Specifies whether Amazon EBS volumes are attached to data nodes in the OpenSearch Service domain.
    Iops int
    The number of I/O operations per second (IOPS) that the volume supports. This property applies only to the gp3 and provisioned IOPS EBS volume types.
    Throughput int
    The throughput (in MiB/s) of the EBS volumes attached to data nodes. Applies only to the gp3 volume type.
    VolumeSize int
    The size (in GiB) of the EBS volume for each data node. The minimum and maximum size of an EBS volume depends on the EBS volume type and the instance type to which it is attached. For more information, see EBS volume size limits in the Amazon OpenSearch Service Developer Guide .
    VolumeType string
    The EBS volume type to use with the OpenSearch Service domain. If you choose gp3 , you must also specify values for Iops and Throughput . For more information about each type, see Amazon EBS volume types in the Amazon EC2 User Guide for Linux Instances .
    ebsEnabled Boolean
    Specifies whether Amazon EBS volumes are attached to data nodes in the OpenSearch Service domain.
    iops Integer
    The number of I/O operations per second (IOPS) that the volume supports. This property applies only to the gp3 and provisioned IOPS EBS volume types.
    throughput Integer
    The throughput (in MiB/s) of the EBS volumes attached to data nodes. Applies only to the gp3 volume type.
    volumeSize Integer
    The size (in GiB) of the EBS volume for each data node. The minimum and maximum size of an EBS volume depends on the EBS volume type and the instance type to which it is attached. For more information, see EBS volume size limits in the Amazon OpenSearch Service Developer Guide .
    volumeType String
    The EBS volume type to use with the OpenSearch Service domain. If you choose gp3 , you must also specify values for Iops and Throughput . For more information about each type, see Amazon EBS volume types in the Amazon EC2 User Guide for Linux Instances .
    ebsEnabled boolean
    Specifies whether Amazon EBS volumes are attached to data nodes in the OpenSearch Service domain.
    iops number
    The number of I/O operations per second (IOPS) that the volume supports. This property applies only to the gp3 and provisioned IOPS EBS volume types.
    throughput number
    The throughput (in MiB/s) of the EBS volumes attached to data nodes. Applies only to the gp3 volume type.
    volumeSize number
    The size (in GiB) of the EBS volume for each data node. The minimum and maximum size of an EBS volume depends on the EBS volume type and the instance type to which it is attached. For more information, see EBS volume size limits in the Amazon OpenSearch Service Developer Guide .
    volumeType string
    The EBS volume type to use with the OpenSearch Service domain. If you choose gp3 , you must also specify values for Iops and Throughput . For more information about each type, see Amazon EBS volume types in the Amazon EC2 User Guide for Linux Instances .
    ebs_enabled bool
    Specifies whether Amazon EBS volumes are attached to data nodes in the OpenSearch Service domain.
    iops int
    The number of I/O operations per second (IOPS) that the volume supports. This property applies only to the gp3 and provisioned IOPS EBS volume types.
    throughput int
    The throughput (in MiB/s) of the EBS volumes attached to data nodes. Applies only to the gp3 volume type.
    volume_size int
    The size (in GiB) of the EBS volume for each data node. The minimum and maximum size of an EBS volume depends on the EBS volume type and the instance type to which it is attached. For more information, see EBS volume size limits in the Amazon OpenSearch Service Developer Guide .
    volume_type str
    The EBS volume type to use with the OpenSearch Service domain. If you choose gp3 , you must also specify values for Iops and Throughput . For more information about each type, see Amazon EBS volume types in the Amazon EC2 User Guide for Linux Instances .
    ebsEnabled Boolean
    Specifies whether Amazon EBS volumes are attached to data nodes in the OpenSearch Service domain.
    iops Number
    The number of I/O operations per second (IOPS) that the volume supports. This property applies only to the gp3 and provisioned IOPS EBS volume types.
    throughput Number
    The throughput (in MiB/s) of the EBS volumes attached to data nodes. Applies only to the gp3 volume type.
    volumeSize Number
    The size (in GiB) of the EBS volume for each data node. The minimum and maximum size of an EBS volume depends on the EBS volume type and the instance type to which it is attached. For more information, see EBS volume size limits in the Amazon OpenSearch Service Developer Guide .
    volumeType String
    The EBS volume type to use with the OpenSearch Service domain. If you choose gp3 , you must also specify values for Iops and Throughput . For more information about each type, see Amazon EBS volume types in the Amazon EC2 User Guide for Linux Instances .

    DomainEncryptionAtRestOptions

    Enabled bool

    Specify true to enable encryption at rest. Required if you enable fine-grained access control in AdvancedSecurityOptionsInput .

    If no encryption at rest options were initially specified in the template, updating this property by adding it causes no interruption. However, if you change this property after it's already been set within a template, the domain is deleted and recreated in order to modify the property.

    KmsKeyId string

    The KMS key ID. Takes the form 1a2a3a4-1a2a-3a4a-5a6a-1a2a3a4a5a6a . Required if you enable encryption at rest.

    You can also use keyAlias as a value.

    If no encryption at rest options were initially specified in the template, updating this property by adding it causes no interruption. However, if you change this property after it's already been set within a template, the domain is deleted and recreated in order to modify the property.

    Enabled bool

    Specify true to enable encryption at rest. Required if you enable fine-grained access control in AdvancedSecurityOptionsInput .

    If no encryption at rest options were initially specified in the template, updating this property by adding it causes no interruption. However, if you change this property after it's already been set within a template, the domain is deleted and recreated in order to modify the property.

    KmsKeyId string

    The KMS key ID. Takes the form 1a2a3a4-1a2a-3a4a-5a6a-1a2a3a4a5a6a . Required if you enable encryption at rest.

    You can also use keyAlias as a value.

    If no encryption at rest options were initially specified in the template, updating this property by adding it causes no interruption. However, if you change this property after it's already been set within a template, the domain is deleted and recreated in order to modify the property.

    enabled Boolean

    Specify true to enable encryption at rest. Required if you enable fine-grained access control in AdvancedSecurityOptionsInput .

    If no encryption at rest options were initially specified in the template, updating this property by adding it causes no interruption. However, if you change this property after it's already been set within a template, the domain is deleted and recreated in order to modify the property.

    kmsKeyId String

    The KMS key ID. Takes the form 1a2a3a4-1a2a-3a4a-5a6a-1a2a3a4a5a6a . Required if you enable encryption at rest.

    You can also use keyAlias as a value.

    If no encryption at rest options were initially specified in the template, updating this property by adding it causes no interruption. However, if you change this property after it's already been set within a template, the domain is deleted and recreated in order to modify the property.

    enabled boolean

    Specify true to enable encryption at rest. Required if you enable fine-grained access control in AdvancedSecurityOptionsInput .

    If no encryption at rest options were initially specified in the template, updating this property by adding it causes no interruption. However, if you change this property after it's already been set within a template, the domain is deleted and recreated in order to modify the property.

    kmsKeyId string

    The KMS key ID. Takes the form 1a2a3a4-1a2a-3a4a-5a6a-1a2a3a4a5a6a . Required if you enable encryption at rest.

    You can also use keyAlias as a value.

    If no encryption at rest options were initially specified in the template, updating this property by adding it causes no interruption. However, if you change this property after it's already been set within a template, the domain is deleted and recreated in order to modify the property.

    enabled bool

    Specify true to enable encryption at rest. Required if you enable fine-grained access control in AdvancedSecurityOptionsInput .

    If no encryption at rest options were initially specified in the template, updating this property by adding it causes no interruption. However, if you change this property after it's already been set within a template, the domain is deleted and recreated in order to modify the property.

    kms_key_id str

    The KMS key ID. Takes the form 1a2a3a4-1a2a-3a4a-5a6a-1a2a3a4a5a6a . Required if you enable encryption at rest.

    You can also use keyAlias as a value.

    If no encryption at rest options were initially specified in the template, updating this property by adding it causes no interruption. However, if you change this property after it's already been set within a template, the domain is deleted and recreated in order to modify the property.

    enabled Boolean

    Specify true to enable encryption at rest. Required if you enable fine-grained access control in AdvancedSecurityOptionsInput .

    If no encryption at rest options were initially specified in the template, updating this property by adding it causes no interruption. However, if you change this property after it's already been set within a template, the domain is deleted and recreated in order to modify the property.

    kmsKeyId String

    The KMS key ID. Takes the form 1a2a3a4-1a2a-3a4a-5a6a-1a2a3a4a5a6a . Required if you enable encryption at rest.

    You can also use keyAlias as a value.

    If no encryption at rest options were initially specified in the template, updating this property by adding it causes no interruption. However, if you change this property after it's already been set within a template, the domain is deleted and recreated in order to modify the property.

    DomainEndpointOptions

    CustomEndpoint string
    The fully qualified URL for your custom endpoint. Required if you enabled a custom endpoint for the domain.
    CustomEndpointCertificateArn string
    The AWS Certificate Manager ARN for your domain's SSL/TLS certificate. Required if you enabled a custom endpoint for the domain.
    CustomEndpointEnabled bool
    True to enable a custom endpoint for the domain. If enabled, you must also provide values for CustomEndpoint and CustomEndpointCertificateArn .
    EnforceHttps bool
    True to require that all traffic to the domain arrive over HTTPS. Required if you enable fine-grained access control in AdvancedSecurityOptions .
    TlsSecurityPolicy string
    The minimum TLS version required for traffic to the domain. The policy can be one of the following values:

    • Policy-Min-TLS-1-0-2019-07: TLS security policy that supports TLS version 1.0 to TLS version 1.2
    • Policy-Min-TLS-1-2-2019-07: TLS security policy that supports only TLS version 1.2
    • Policy-Min-TLS-1-2-PFS-2023-10: TLS security policy that supports TLS version 1.2 to TLS version 1.3 with perfect forward secrecy cipher suites
    CustomEndpoint string
    The fully qualified URL for your custom endpoint. Required if you enabled a custom endpoint for the domain.
    CustomEndpointCertificateArn string
    The AWS Certificate Manager ARN for your domain's SSL/TLS certificate. Required if you enabled a custom endpoint for the domain.
    CustomEndpointEnabled bool
    True to enable a custom endpoint for the domain. If enabled, you must also provide values for CustomEndpoint and CustomEndpointCertificateArn .
    EnforceHttps bool
    True to require that all traffic to the domain arrive over HTTPS. Required if you enable fine-grained access control in AdvancedSecurityOptions .
    TlsSecurityPolicy string
    The minimum TLS version required for traffic to the domain. The policy can be one of the following values:

    • Policy-Min-TLS-1-0-2019-07: TLS security policy that supports TLS version 1.0 to TLS version 1.2
    • Policy-Min-TLS-1-2-2019-07: TLS security policy that supports only TLS version 1.2
    • Policy-Min-TLS-1-2-PFS-2023-10: TLS security policy that supports TLS version 1.2 to TLS version 1.3 with perfect forward secrecy cipher suites
    customEndpoint String
    The fully qualified URL for your custom endpoint. Required if you enabled a custom endpoint for the domain.
    customEndpointCertificateArn String
    The AWS Certificate Manager ARN for your domain's SSL/TLS certificate. Required if you enabled a custom endpoint for the domain.
    customEndpointEnabled Boolean
    True to enable a custom endpoint for the domain. If enabled, you must also provide values for CustomEndpoint and CustomEndpointCertificateArn .
    enforceHttps Boolean
    True to require that all traffic to the domain arrive over HTTPS. Required if you enable fine-grained access control in AdvancedSecurityOptions .
    tlsSecurityPolicy String
    The minimum TLS version required for traffic to the domain. The policy can be one of the following values:

    • Policy-Min-TLS-1-0-2019-07: TLS security policy that supports TLS version 1.0 to TLS version 1.2
    • Policy-Min-TLS-1-2-2019-07: TLS security policy that supports only TLS version 1.2
    • Policy-Min-TLS-1-2-PFS-2023-10: TLS security policy that supports TLS version 1.2 to TLS version 1.3 with perfect forward secrecy cipher suites
    customEndpoint string
    The fully qualified URL for your custom endpoint. Required if you enabled a custom endpoint for the domain.
    customEndpointCertificateArn string
    The AWS Certificate Manager ARN for your domain's SSL/TLS certificate. Required if you enabled a custom endpoint for the domain.
    customEndpointEnabled boolean
    True to enable a custom endpoint for the domain. If enabled, you must also provide values for CustomEndpoint and CustomEndpointCertificateArn .
    enforceHttps boolean
    True to require that all traffic to the domain arrive over HTTPS. Required if you enable fine-grained access control in AdvancedSecurityOptions .
    tlsSecurityPolicy string
    The minimum TLS version required for traffic to the domain. The policy can be one of the following values:

    • Policy-Min-TLS-1-0-2019-07: TLS security policy that supports TLS version 1.0 to TLS version 1.2
    • Policy-Min-TLS-1-2-2019-07: TLS security policy that supports only TLS version 1.2
    • Policy-Min-TLS-1-2-PFS-2023-10: TLS security policy that supports TLS version 1.2 to TLS version 1.3 with perfect forward secrecy cipher suites
    custom_endpoint str
    The fully qualified URL for your custom endpoint. Required if you enabled a custom endpoint for the domain.
    custom_endpoint_certificate_arn str
    The AWS Certificate Manager ARN for your domain's SSL/TLS certificate. Required if you enabled a custom endpoint for the domain.
    custom_endpoint_enabled bool
    True to enable a custom endpoint for the domain. If enabled, you must also provide values for CustomEndpoint and CustomEndpointCertificateArn .
    enforce_https bool
    True to require that all traffic to the domain arrive over HTTPS. Required if you enable fine-grained access control in AdvancedSecurityOptions .
    tls_security_policy str
    The minimum TLS version required for traffic to the domain. The policy can be one of the following values:

    • Policy-Min-TLS-1-0-2019-07: TLS security policy that supports TLS version 1.0 to TLS version 1.2
    • Policy-Min-TLS-1-2-2019-07: TLS security policy that supports only TLS version 1.2
    • Policy-Min-TLS-1-2-PFS-2023-10: TLS security policy that supports TLS version 1.2 to TLS version 1.3 with perfect forward secrecy cipher suites
    customEndpoint String
    The fully qualified URL for your custom endpoint. Required if you enabled a custom endpoint for the domain.
    customEndpointCertificateArn String
    The AWS Certificate Manager ARN for your domain's SSL/TLS certificate. Required if you enabled a custom endpoint for the domain.
    customEndpointEnabled Boolean
    True to enable a custom endpoint for the domain. If enabled, you must also provide values for CustomEndpoint and CustomEndpointCertificateArn .
    enforceHttps Boolean
    True to require that all traffic to the domain arrive over HTTPS. Required if you enable fine-grained access control in AdvancedSecurityOptions .
    tlsSecurityPolicy String
    The minimum TLS version required for traffic to the domain. The policy can be one of the following values:

    • Policy-Min-TLS-1-0-2019-07: TLS security policy that supports TLS version 1.0 to TLS version 1.2
    • Policy-Min-TLS-1-2-2019-07: TLS security policy that supports only TLS version 1.2
    • Policy-Min-TLS-1-2-PFS-2023-10: TLS security policy that supports TLS version 1.2 to TLS version 1.3 with perfect forward secrecy cipher suites

    DomainIdp

    EntityId string
    The unique entity ID of the application in the SAML identity provider.
    MetadataContent string
    The metadata of the SAML application, in XML format.
    EntityId string
    The unique entity ID of the application in the SAML identity provider.
    MetadataContent string
    The metadata of the SAML application, in XML format.
    entityId String
    The unique entity ID of the application in the SAML identity provider.
    metadataContent String
    The metadata of the SAML application, in XML format.
    entityId string
    The unique entity ID of the application in the SAML identity provider.
    metadataContent string
    The metadata of the SAML application, in XML format.
    entity_id str
    The unique entity ID of the application in the SAML identity provider.
    metadata_content str
    The metadata of the SAML application, in XML format.
    entityId String
    The unique entity ID of the application in the SAML identity provider.
    metadataContent String
    The metadata of the SAML application, in XML format.

    DomainJwtOptions

    Enabled bool
    PublicKey string
    RolesKey string
    SubjectKey string
    Enabled bool
    PublicKey string
    RolesKey string
    SubjectKey string
    enabled Boolean
    publicKey String
    rolesKey String
    subjectKey String
    enabled boolean
    publicKey string
    rolesKey string
    subjectKey string
    enabled Boolean
    publicKey String
    rolesKey String
    subjectKey String

    DomainLogPublishingOption

    DomainMasterUserOptions

    MasterUserArn string
    Amazon Resource Name (ARN) for the master user. The ARN can point to an IAM user or role. This property is required for Amazon Cognito to work, and it must match the role configured for Cognito. Only specify if InternalUserDatabaseEnabled is false in AdvancedSecurityOptionsInput .
    MasterUserName string

    Username for the master user. Only specify if InternalUserDatabaseEnabled is true in AdvancedSecurityOptionsInput .

    If you don't want to specify this value directly within the template, you can use a dynamic reference instead.

    MasterUserPassword string

    Password for the master user. Only specify if InternalUserDatabaseEnabled is true in AdvancedSecurityOptionsInput .

    If you don't want to specify this value directly within the template, you can use a dynamic reference instead.

    MasterUserArn string
    Amazon Resource Name (ARN) for the master user. The ARN can point to an IAM user or role. This property is required for Amazon Cognito to work, and it must match the role configured for Cognito. Only specify if InternalUserDatabaseEnabled is false in AdvancedSecurityOptionsInput .
    MasterUserName string

    Username for the master user. Only specify if InternalUserDatabaseEnabled is true in AdvancedSecurityOptionsInput .

    If you don't want to specify this value directly within the template, you can use a dynamic reference instead.

    MasterUserPassword string

    Password for the master user. Only specify if InternalUserDatabaseEnabled is true in AdvancedSecurityOptionsInput .

    If you don't want to specify this value directly within the template, you can use a dynamic reference instead.

    masterUserArn String
    Amazon Resource Name (ARN) for the master user. The ARN can point to an IAM user or role. This property is required for Amazon Cognito to work, and it must match the role configured for Cognito. Only specify if InternalUserDatabaseEnabled is false in AdvancedSecurityOptionsInput .
    masterUserName String

    Username for the master user. Only specify if InternalUserDatabaseEnabled is true in AdvancedSecurityOptionsInput .

    If you don't want to specify this value directly within the template, you can use a dynamic reference instead.

    masterUserPassword String

    Password for the master user. Only specify if InternalUserDatabaseEnabled is true in AdvancedSecurityOptionsInput .

    If you don't want to specify this value directly within the template, you can use a dynamic reference instead.

    masterUserArn string
    Amazon Resource Name (ARN) for the master user. The ARN can point to an IAM user or role. This property is required for Amazon Cognito to work, and it must match the role configured for Cognito. Only specify if InternalUserDatabaseEnabled is false in AdvancedSecurityOptionsInput .
    masterUserName string

    Username for the master user. Only specify if InternalUserDatabaseEnabled is true in AdvancedSecurityOptionsInput .

    If you don't want to specify this value directly within the template, you can use a dynamic reference instead.

    masterUserPassword string

    Password for the master user. Only specify if InternalUserDatabaseEnabled is true in AdvancedSecurityOptionsInput .

    If you don't want to specify this value directly within the template, you can use a dynamic reference instead.

    master_user_arn str
    Amazon Resource Name (ARN) for the master user. The ARN can point to an IAM user or role. This property is required for Amazon Cognito to work, and it must match the role configured for Cognito. Only specify if InternalUserDatabaseEnabled is false in AdvancedSecurityOptionsInput .
    master_user_name str

    Username for the master user. Only specify if InternalUserDatabaseEnabled is true in AdvancedSecurityOptionsInput .

    If you don't want to specify this value directly within the template, you can use a dynamic reference instead.

    master_user_password str

    Password for the master user. Only specify if InternalUserDatabaseEnabled is true in AdvancedSecurityOptionsInput .

    If you don't want to specify this value directly within the template, you can use a dynamic reference instead.

    masterUserArn String
    Amazon Resource Name (ARN) for the master user. The ARN can point to an IAM user or role. This property is required for Amazon Cognito to work, and it must match the role configured for Cognito. Only specify if InternalUserDatabaseEnabled is false in AdvancedSecurityOptionsInput .
    masterUserName String

    Username for the master user. Only specify if InternalUserDatabaseEnabled is true in AdvancedSecurityOptionsInput .

    If you don't want to specify this value directly within the template, you can use a dynamic reference instead.

    masterUserPassword String

    Password for the master user. Only specify if InternalUserDatabaseEnabled is true in AdvancedSecurityOptionsInput .

    If you don't want to specify this value directly within the template, you can use a dynamic reference instead.

    DomainNodeToNodeEncryptionOptions

    Enabled bool
    Specifies to enable or disable node-to-node encryption on the domain. Required if you enable fine-grained access control in AdvancedSecurityOptionsInput .
    Enabled bool
    Specifies to enable or disable node-to-node encryption on the domain. Required if you enable fine-grained access control in AdvancedSecurityOptionsInput .
    enabled Boolean
    Specifies to enable or disable node-to-node encryption on the domain. Required if you enable fine-grained access control in AdvancedSecurityOptionsInput .
    enabled boolean
    Specifies to enable or disable node-to-node encryption on the domain. Required if you enable fine-grained access control in AdvancedSecurityOptionsInput .
    enabled bool
    Specifies to enable or disable node-to-node encryption on the domain. Required if you enable fine-grained access control in AdvancedSecurityOptionsInput .
    enabled Boolean
    Specifies to enable or disable node-to-node encryption on the domain. Required if you enable fine-grained access control in AdvancedSecurityOptionsInput .

    DomainOffPeakWindow

    WindowStartTime Pulumi.AwsNative.OpenSearchService.Inputs.DomainWindowStartTime
    The desired start time for an off-peak maintenance window.
    WindowStartTime DomainWindowStartTime
    The desired start time for an off-peak maintenance window.
    windowStartTime DomainWindowStartTime
    The desired start time for an off-peak maintenance window.
    windowStartTime DomainWindowStartTime
    The desired start time for an off-peak maintenance window.
    window_start_time DomainWindowStartTime
    The desired start time for an off-peak maintenance window.
    windowStartTime Property Map
    The desired start time for an off-peak maintenance window.

    DomainOffPeakWindowOptions

    Enabled bool
    Specifies whether off-peak window settings are enabled for the domain.
    OffPeakWindow Pulumi.AwsNative.OpenSearchService.Inputs.DomainOffPeakWindow
    Off-peak window settings for the domain.
    Enabled bool
    Specifies whether off-peak window settings are enabled for the domain.
    OffPeakWindow DomainOffPeakWindow
    Off-peak window settings for the domain.
    enabled Boolean
    Specifies whether off-peak window settings are enabled for the domain.
    offPeakWindow DomainOffPeakWindow
    Off-peak window settings for the domain.
    enabled boolean
    Specifies whether off-peak window settings are enabled for the domain.
    offPeakWindow DomainOffPeakWindow
    Off-peak window settings for the domain.
    enabled bool
    Specifies whether off-peak window settings are enabled for the domain.
    off_peak_window DomainOffPeakWindow
    Off-peak window settings for the domain.
    enabled Boolean
    Specifies whether off-peak window settings are enabled for the domain.
    offPeakWindow Property Map
    Off-peak window settings for the domain.

    DomainSamlOptions

    Enabled bool
    True to enable SAML authentication for a domain.
    Idp Pulumi.AwsNative.OpenSearchService.Inputs.DomainIdp
    The SAML Identity Provider's information.
    MasterBackendRole string
    The backend role that the SAML master user is mapped to.
    MasterUserName string
    The SAML master user name, which is stored in the domain's internal user database.
    RolesKey string
    Element of the SAML assertion to use for backend roles. Default is roles .
    SessionTimeoutMinutes int
    The duration, in minutes, after which a user session becomes inactive. Acceptable values are between 1 and 1440, and the default value is 60.
    SubjectKey string
    Element of the SAML assertion to use for the user name. Default is NameID .
    Enabled bool
    True to enable SAML authentication for a domain.
    Idp DomainIdp
    The SAML Identity Provider's information.
    MasterBackendRole string
    The backend role that the SAML master user is mapped to.
    MasterUserName string
    The SAML master user name, which is stored in the domain's internal user database.
    RolesKey string
    Element of the SAML assertion to use for backend roles. Default is roles .
    SessionTimeoutMinutes int
    The duration, in minutes, after which a user session becomes inactive. Acceptable values are between 1 and 1440, and the default value is 60.
    SubjectKey string
    Element of the SAML assertion to use for the user name. Default is NameID .
    enabled Boolean
    True to enable SAML authentication for a domain.
    idp DomainIdp
    The SAML Identity Provider's information.
    masterBackendRole String
    The backend role that the SAML master user is mapped to.
    masterUserName String
    The SAML master user name, which is stored in the domain's internal user database.
    rolesKey String
    Element of the SAML assertion to use for backend roles. Default is roles .
    sessionTimeoutMinutes Integer
    The duration, in minutes, after which a user session becomes inactive. Acceptable values are between 1 and 1440, and the default value is 60.
    subjectKey String
    Element of the SAML assertion to use for the user name. Default is NameID .
    enabled boolean
    True to enable SAML authentication for a domain.
    idp DomainIdp
    The SAML Identity Provider's information.
    masterBackendRole string
    The backend role that the SAML master user is mapped to.
    masterUserName string
    The SAML master user name, which is stored in the domain's internal user database.
    rolesKey string
    Element of the SAML assertion to use for backend roles. Default is roles .
    sessionTimeoutMinutes number
    The duration, in minutes, after which a user session becomes inactive. Acceptable values are between 1 and 1440, and the default value is 60.
    subjectKey string
    Element of the SAML assertion to use for the user name. Default is NameID .
    enabled bool
    True to enable SAML authentication for a domain.
    idp DomainIdp
    The SAML Identity Provider's information.
    master_backend_role str
    The backend role that the SAML master user is mapped to.
    master_user_name str
    The SAML master user name, which is stored in the domain's internal user database.
    roles_key str
    Element of the SAML assertion to use for backend roles. Default is roles .
    session_timeout_minutes int
    The duration, in minutes, after which a user session becomes inactive. Acceptable values are between 1 and 1440, and the default value is 60.
    subject_key str
    Element of the SAML assertion to use for the user name. Default is NameID .
    enabled Boolean
    True to enable SAML authentication for a domain.
    idp Property Map
    The SAML Identity Provider's information.
    masterBackendRole String
    The backend role that the SAML master user is mapped to.
    masterUserName String
    The SAML master user name, which is stored in the domain's internal user database.
    rolesKey String
    Element of the SAML assertion to use for backend roles. Default is roles .
    sessionTimeoutMinutes Number
    The duration, in minutes, after which a user session becomes inactive. Acceptable values are between 1 and 1440, and the default value is 60.
    subjectKey String
    Element of the SAML assertion to use for the user name. Default is NameID .

    DomainServiceSoftwareOptions

    AutomatedUpdateDate string
    The timestamp, in Epoch time, until which you can manually request a service software update. After this date, we automatically update your service software.
    Cancellable bool
    True if you're able to cancel your service software version update. False if you can't cancel your service software update.
    CurrentVersion string
    The current service software version present on the domain.
    Description string
    A description of the service software update status.
    NewVersion string
    The new service software version, if one is available.
    OptionalDeployment bool
    True if a service software is never automatically updated. False if a service software is automatically updated after the automated update date.
    UpdateAvailable bool
    True if you're able to update your service software version. False if you can't update your service software version.
    UpdateStatus string
    The status of your service software update.
    AutomatedUpdateDate string
    The timestamp, in Epoch time, until which you can manually request a service software update. After this date, we automatically update your service software.
    Cancellable bool
    True if you're able to cancel your service software version update. False if you can't cancel your service software update.
    CurrentVersion string
    The current service software version present on the domain.
    Description string
    A description of the service software update status.
    NewVersion string
    The new service software version, if one is available.
    OptionalDeployment bool
    True if a service software is never automatically updated. False if a service software is automatically updated after the automated update date.
    UpdateAvailable bool
    True if you're able to update your service software version. False if you can't update your service software version.
    UpdateStatus string
    The status of your service software update.
    automatedUpdateDate String
    The timestamp, in Epoch time, until which you can manually request a service software update. After this date, we automatically update your service software.
    cancellable Boolean
    True if you're able to cancel your service software version update. False if you can't cancel your service software update.
    currentVersion String
    The current service software version present on the domain.
    description String
    A description of the service software update status.
    newVersion String
    The new service software version, if one is available.
    optionalDeployment Boolean
    True if a service software is never automatically updated. False if a service software is automatically updated after the automated update date.
    updateAvailable Boolean
    True if you're able to update your service software version. False if you can't update your service software version.
    updateStatus String
    The status of your service software update.
    automatedUpdateDate string
    The timestamp, in Epoch time, until which you can manually request a service software update. After this date, we automatically update your service software.
    cancellable boolean
    True if you're able to cancel your service software version update. False if you can't cancel your service software update.
    currentVersion string
    The current service software version present on the domain.
    description string
    A description of the service software update status.
    newVersion string
    The new service software version, if one is available.
    optionalDeployment boolean
    True if a service software is never automatically updated. False if a service software is automatically updated after the automated update date.
    updateAvailable boolean
    True if you're able to update your service software version. False if you can't update your service software version.
    updateStatus string
    The status of your service software update.
    automated_update_date str
    The timestamp, in Epoch time, until which you can manually request a service software update. After this date, we automatically update your service software.
    cancellable bool
    True if you're able to cancel your service software version update. False if you can't cancel your service software update.
    current_version str
    The current service software version present on the domain.
    description str
    A description of the service software update status.
    new_version str
    The new service software version, if one is available.
    optional_deployment bool
    True if a service software is never automatically updated. False if a service software is automatically updated after the automated update date.
    update_available bool
    True if you're able to update your service software version. False if you can't update your service software version.
    update_status str
    The status of your service software update.
    automatedUpdateDate String
    The timestamp, in Epoch time, until which you can manually request a service software update. After this date, we automatically update your service software.
    cancellable Boolean
    True if you're able to cancel your service software version update. False if you can't cancel your service software update.
    currentVersion String
    The current service software version present on the domain.
    description String
    A description of the service software update status.
    newVersion String
    The new service software version, if one is available.
    optionalDeployment Boolean
    True if a service software is never automatically updated. False if a service software is automatically updated after the automated update date.
    updateAvailable Boolean
    True if you're able to update your service software version. False if you can't update your service software version.
    updateStatus String
    The status of your service software update.

    DomainSnapshotOptions

    AutomatedSnapshotStartHour int
    The hour in UTC during which the service takes an automated daily snapshot of the indexes in the OpenSearch Service domain. For example, if you specify 0, OpenSearch Service takes an automated snapshot everyday between midnight and 1 am. You can specify a value between 0 and 23.
    AutomatedSnapshotStartHour int
    The hour in UTC during which the service takes an automated daily snapshot of the indexes in the OpenSearch Service domain. For example, if you specify 0, OpenSearch Service takes an automated snapshot everyday between midnight and 1 am. You can specify a value between 0 and 23.
    automatedSnapshotStartHour Integer
    The hour in UTC during which the service takes an automated daily snapshot of the indexes in the OpenSearch Service domain. For example, if you specify 0, OpenSearch Service takes an automated snapshot everyday between midnight and 1 am. You can specify a value between 0 and 23.
    automatedSnapshotStartHour number
    The hour in UTC during which the service takes an automated daily snapshot of the indexes in the OpenSearch Service domain. For example, if you specify 0, OpenSearch Service takes an automated snapshot everyday between midnight and 1 am. You can specify a value between 0 and 23.
    automated_snapshot_start_hour int
    The hour in UTC during which the service takes an automated daily snapshot of the indexes in the OpenSearch Service domain. For example, if you specify 0, OpenSearch Service takes an automated snapshot everyday between midnight and 1 am. You can specify a value between 0 and 23.
    automatedSnapshotStartHour Number
    The hour in UTC during which the service takes an automated daily snapshot of the indexes in the OpenSearch Service domain. For example, if you specify 0, OpenSearch Service takes an automated snapshot everyday between midnight and 1 am. You can specify a value between 0 and 23.

    DomainSoftwareUpdateOptions

    AutoSoftwareUpdateEnabled bool
    Specifies whether automatic service software updates are enabled for the domain.
    AutoSoftwareUpdateEnabled bool
    Specifies whether automatic service software updates are enabled for the domain.
    autoSoftwareUpdateEnabled Boolean
    Specifies whether automatic service software updates are enabled for the domain.
    autoSoftwareUpdateEnabled boolean
    Specifies whether automatic service software updates are enabled for the domain.
    auto_software_update_enabled bool
    Specifies whether automatic service software updates are enabled for the domain.
    autoSoftwareUpdateEnabled Boolean
    Specifies whether automatic service software updates are enabled for the domain.

    DomainVpcOptions

    SecurityGroupIds List<string>
    The list of security group IDs that are associated with the VPC endpoints for the domain. If you don't provide a security group ID, OpenSearch Service uses the default security group for the VPC. To learn more, see Security groups for your VPC in the Amazon VPC User Guide .
    SubnetIds List<string>

    Provide one subnet ID for each Availability Zone that your domain uses. For example, you must specify three subnet IDs for a three-AZ domain. To learn more, see VPCs and subnets in the Amazon VPC User Guide .

    If you specify more than one subnet, you must also configure ZoneAwarenessEnabled and ZoneAwarenessConfig within ClusterConfig , otherwise you'll see the error "You must specify exactly one subnet" during template creation.

    SecurityGroupIds []string
    The list of security group IDs that are associated with the VPC endpoints for the domain. If you don't provide a security group ID, OpenSearch Service uses the default security group for the VPC. To learn more, see Security groups for your VPC in the Amazon VPC User Guide .
    SubnetIds []string

    Provide one subnet ID for each Availability Zone that your domain uses. For example, you must specify three subnet IDs for a three-AZ domain. To learn more, see VPCs and subnets in the Amazon VPC User Guide .

    If you specify more than one subnet, you must also configure ZoneAwarenessEnabled and ZoneAwarenessConfig within ClusterConfig , otherwise you'll see the error "You must specify exactly one subnet" during template creation.

    securityGroupIds List<String>
    The list of security group IDs that are associated with the VPC endpoints for the domain. If you don't provide a security group ID, OpenSearch Service uses the default security group for the VPC. To learn more, see Security groups for your VPC in the Amazon VPC User Guide .
    subnetIds List<String>

    Provide one subnet ID for each Availability Zone that your domain uses. For example, you must specify three subnet IDs for a three-AZ domain. To learn more, see VPCs and subnets in the Amazon VPC User Guide .

    If you specify more than one subnet, you must also configure ZoneAwarenessEnabled and ZoneAwarenessConfig within ClusterConfig , otherwise you'll see the error "You must specify exactly one subnet" during template creation.

    securityGroupIds string[]
    The list of security group IDs that are associated with the VPC endpoints for the domain. If you don't provide a security group ID, OpenSearch Service uses the default security group for the VPC. To learn more, see Security groups for your VPC in the Amazon VPC User Guide .
    subnetIds string[]

    Provide one subnet ID for each Availability Zone that your domain uses. For example, you must specify three subnet IDs for a three-AZ domain. To learn more, see VPCs and subnets in the Amazon VPC User Guide .

    If you specify more than one subnet, you must also configure ZoneAwarenessEnabled and ZoneAwarenessConfig within ClusterConfig , otherwise you'll see the error "You must specify exactly one subnet" during template creation.

    security_group_ids Sequence[str]
    The list of security group IDs that are associated with the VPC endpoints for the domain. If you don't provide a security group ID, OpenSearch Service uses the default security group for the VPC. To learn more, see Security groups for your VPC in the Amazon VPC User Guide .
    subnet_ids Sequence[str]

    Provide one subnet ID for each Availability Zone that your domain uses. For example, you must specify three subnet IDs for a three-AZ domain. To learn more, see VPCs and subnets in the Amazon VPC User Guide .

    If you specify more than one subnet, you must also configure ZoneAwarenessEnabled and ZoneAwarenessConfig within ClusterConfig , otherwise you'll see the error "You must specify exactly one subnet" during template creation.

    securityGroupIds List<String>
    The list of security group IDs that are associated with the VPC endpoints for the domain. If you don't provide a security group ID, OpenSearch Service uses the default security group for the VPC. To learn more, see Security groups for your VPC in the Amazon VPC User Guide .
    subnetIds List<String>

    Provide one subnet ID for each Availability Zone that your domain uses. For example, you must specify three subnet IDs for a three-AZ domain. To learn more, see VPCs and subnets in the Amazon VPC User Guide .

    If you specify more than one subnet, you must also configure ZoneAwarenessEnabled and ZoneAwarenessConfig within ClusterConfig , otherwise you'll see the error "You must specify exactly one subnet" during template creation.

    DomainWindowStartTime

    Hours int
    The start hour of the window in Coordinated Universal Time (UTC), using 24-hour time. For example, 17 refers to 5:00 P.M. UTC. The minimum value is 0 and the maximum value is 23.
    Minutes int
    The start minute of the window, in UTC. The minimum value is 0 and the maximum value is 59.
    Hours int
    The start hour of the window in Coordinated Universal Time (UTC), using 24-hour time. For example, 17 refers to 5:00 P.M. UTC. The minimum value is 0 and the maximum value is 23.
    Minutes int
    The start minute of the window, in UTC. The minimum value is 0 and the maximum value is 59.
    hours Integer
    The start hour of the window in Coordinated Universal Time (UTC), using 24-hour time. For example, 17 refers to 5:00 P.M. UTC. The minimum value is 0 and the maximum value is 23.
    minutes Integer
    The start minute of the window, in UTC. The minimum value is 0 and the maximum value is 59.
    hours number
    The start hour of the window in Coordinated Universal Time (UTC), using 24-hour time. For example, 17 refers to 5:00 P.M. UTC. The minimum value is 0 and the maximum value is 23.
    minutes number
    The start minute of the window, in UTC. The minimum value is 0 and the maximum value is 59.
    hours int
    The start hour of the window in Coordinated Universal Time (UTC), using 24-hour time. For example, 17 refers to 5:00 P.M. UTC. The minimum value is 0 and the maximum value is 23.
    minutes int
    The start minute of the window, in UTC. The minimum value is 0 and the maximum value is 59.
    hours Number
    The start hour of the window in Coordinated Universal Time (UTC), using 24-hour time. For example, 17 refers to 5:00 P.M. UTC. The minimum value is 0 and the maximum value is 23.
    minutes Number
    The start minute of the window, in UTC. The minimum value is 0 and the maximum value is 59.

    DomainZoneAwarenessConfig

    AvailabilityZoneCount int

    If you enabled multiple Availability Zones (AZs), the number of AZs that you want the domain to use.

    Valid values are 2 and 3 . Default is 2.

    AvailabilityZoneCount int

    If you enabled multiple Availability Zones (AZs), the number of AZs that you want the domain to use.

    Valid values are 2 and 3 . Default is 2.

    availabilityZoneCount Integer

    If you enabled multiple Availability Zones (AZs), the number of AZs that you want the domain to use.

    Valid values are 2 and 3 . Default is 2.

    availabilityZoneCount number

    If you enabled multiple Availability Zones (AZs), the number of AZs that you want the domain to use.

    Valid values are 2 and 3 . Default is 2.

    availability_zone_count int

    If you enabled multiple Availability Zones (AZs), the number of AZs that you want the domain to use.

    Valid values are 2 and 3 . Default is 2.

    availabilityZoneCount Number

    If you enabled multiple Availability Zones (AZs), the number of AZs that you want the domain to use.

    Valid values are 2 and 3 . Default is 2.

    Tag

    Key string
    The key name of the tag
    Value string
    The value of the tag
    Key string
    The key name of the tag
    Value string
    The value of the tag
    key String
    The key name of the tag
    value String
    The value of the tag
    key string
    The key name of the tag
    value string
    The value of the tag
    key str
    The key name of the tag
    value str
    The value of the tag
    key String
    The key name of the tag
    value String
    The value of the tag

    Package Details

    Repository
    AWS Native pulumi/pulumi-aws-native
    License
    Apache-2.0
    aws-native logo

    We recommend new projects start with resources from the AWS provider.

    AWS Native v0.126.0 published on Monday, Sep 30, 2024 by Pulumi