aws-cdk-lib.aws_opensearchservice.AdvancedSecurityOptions

interface AdvancedSecurityOptions

LanguageType name
.NETAmazon.CDK.AWS.OpenSearchService.AdvancedSecurityOptions
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awsopensearchservice#AdvancedSecurityOptions
Javasoftware.amazon.awscdk.services.opensearchservice.AdvancedSecurityOptions
Pythonaws_cdk.aws_opensearchservice.AdvancedSecurityOptions
TypeScript (source)aws-cdk-lib » aws_opensearchservice » AdvancedSecurityOptions

Specifies options for fine-grained access control.

Example

const domain = new Domain(this, 'Domain', {
  version: EngineVersion.OPENSEARCH_1_0,
  enforceHttps: true,
  nodeToNodeEncryption: true,
  encryptionAtRest: {
    enabled: true,
  },
  fineGrainedAccessControl: {
    masterUserName: 'master-user',
  },
  logging: {
    auditLogEnabled: true,
    slowSearchLogEnabled: true,
    appLogEnabled: true,
    slowIndexLogEnabled: true,
  },
});

Properties

NameTypeDescription
masterUserArn?stringARN for the master user.
masterUserName?stringUsername for the master user.
masterUserPassword?SecretValuePassword for the master user.

masterUserArn?

Type: string (optional, default: fine-grained access control is disabled)

ARN for the master user.

Only specify this or masterUserName, but not both.


masterUserName?

Type: string (optional, default: fine-grained access control is disabled)

Username for the master user.

Only specify this or masterUserArn, but not both.


masterUserPassword?

Type: SecretValue (optional, default: A Secrets Manager generated password)

Password for the master user.

You can use SecretValue.unsafePlainText to specify a password in plain text or use secretsmanager.Secret.fromSecretAttributes to reference a secret in Secrets Manager.