aws-cdk-lib.aws_elasticsearch.Domain

class Domain (construct) ⚠️

LanguageType name
.NETAmazon.CDK.AWS.Elasticsearch.Domain
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awselasticsearch#Domain
Javasoftware.amazon.awscdk.services.elasticsearch.Domain
Pythonaws_cdk.aws_elasticsearch.Domain
TypeScript (source)aws-cdk-lib » aws_elasticsearch » Domain

⚠️ Deprecated: use opensearchservice module instead

Implements IConstruct, IDependable, IResource, IDomain, IConnectable

Provides an Elasticsearch domain.

Example

const domain = new es.Domain(this, 'Domain', {
  version: es.ElasticsearchVersion.V7_4,
  ebs: {
    volumeSize: 100,
    volumeType: ec2.EbsDeviceVolumeType.GENERAL_PURPOSE_SSD,
  },
  nodeToNodeEncryption: true,
  encryptionAtRest: {
    enabled: true,
  },
});

Initializer

new Domain(scope: Construct, id: string, props: DomainProps)

⚠️ Deprecated: use opensearchservice module instead

Parameters

  • scope Construct
  • id string
  • props DomainProps

Construct Props

NameTypeDescription
version⚠️ElasticsearchVersionThe Elasticsearch version that your domain will leverage.
accessPolicies?⚠️PolicyStatement[]Domain Access policies.
advancedOptions?⚠️{ [string]: string }Additional options to specify for the Amazon ES domain.
automatedSnapshotStartHour?⚠️numberThe hour in UTC during which the service takes an automated daily snapshot of the indices in the Amazon ES domain.
capacity?⚠️CapacityConfigThe cluster capacity configuration for the Amazon ES domain.
cognitoKibanaAuth?⚠️CognitoOptionsConfigures Amazon ES to use Amazon Cognito authentication for Kibana.
customEndpoint?⚠️CustomEndpointOptionsTo configure a custom domain configure these options.
domainName?⚠️stringEnforces a particular physical domain name.
ebs?⚠️EbsOptionsThe configurations of Amazon Elastic Block Store (Amazon EBS) volumes that are attached to data nodes in the Amazon ES domain.
enableVersionUpgrade?⚠️booleanTo upgrade an Amazon ES domain to a new version of Elasticsearch rather than replacing the entire domain resource, use the EnableVersionUpgrade update policy.
encryptionAtRest?⚠️EncryptionAtRestOptionsEncryption at rest options for the cluster.
enforceHttps?⚠️booleanTrue to require that all traffic to the domain arrive over HTTPS.
fineGrainedAccessControl?⚠️AdvancedSecurityOptionsSpecifies options for fine-grained access control.
logging?⚠️LoggingOptionsConfiguration log publishing configuration options.
nodeToNodeEncryption?⚠️booleanSpecify true to enable node to node encryption.
removalPolicy?⚠️RemovalPolicyPolicy to apply when the domain is removed from the stack.
securityGroups?⚠️ISecurityGroup[]The list of security groups that are associated with the VPC endpoints for the domain.
tlsSecurityPolicy?⚠️TLSSecurityPolicyThe minimum TLS version required for traffic to the domain.
useUnsignedBasicAuth?⚠️booleanConfigures the domain so that unsigned basic auth is enabled.
vpc?⚠️IVpcPlace the domain inside this VPC.
vpcSubnets?⚠️SubnetSelection[]The specific vpc subnets the domain will be placed in.
zoneAwareness?⚠️ZoneAwarenessConfigThe cluster zone awareness configuration for the Amazon ES domain.

version⚠️

⚠️ Deprecated: use opensearchservice module instead

Type: ElasticsearchVersion

The Elasticsearch version that your domain will leverage.


accessPolicies?⚠️

⚠️ Deprecated: use opensearchservice module instead

Type: PolicyStatement[] (optional, default: No access policies.)

Domain Access policies.


advancedOptions?⚠️

⚠️ Deprecated: use opensearchservice module instead

Type: { [string]: string } (optional, default: no advanced options are specified)

Additional options to specify for the Amazon ES domain.

See also: https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/es-createupdatedomains.html#es-createdomain-configure-advanced-options


automatedSnapshotStartHour?⚠️

⚠️ Deprecated: use opensearchservice module instead

Type: number (optional, default: Hourly automated snapshots not used)

The hour in UTC during which the service takes an automated daily snapshot of the indices in the Amazon ES domain.

Only applies for Elasticsearch versions below 5.3.


capacity?⚠️

⚠️ Deprecated: use opensearchservice module instead

Type: CapacityConfig (optional, default: 1 r5.large.elasticsearch data node; no dedicated master nodes.)

The cluster capacity configuration for the Amazon ES domain.


cognitoKibanaAuth?⚠️

⚠️ Deprecated: use opensearchservice module instead

Type: CognitoOptions (optional, default: Cognito not used for authentication to Kibana.)

Configures Amazon ES to use Amazon Cognito authentication for Kibana.


customEndpoint?⚠️

⚠️ Deprecated: use opensearchservice module instead

Type: CustomEndpointOptions (optional, default: no custom domain endpoint will be configured)

To configure a custom domain configure these options.

If you specify a Route53 hosted zone it will create a CNAME record and use DNS validation for the certificate


domainName?⚠️

⚠️ Deprecated: use opensearchservice module instead

Type: string (optional, default: A name will be auto-generated.)

Enforces a particular physical domain name.


ebs?⚠️

⚠️ Deprecated: use opensearchservice module instead

Type: EbsOptions (optional, default: 10 GiB General Purpose (SSD) volumes per node.)

The configurations of Amazon Elastic Block Store (Amazon EBS) volumes that are attached to data nodes in the Amazon ES domain.

For more information, see [Configuring EBS-based Storage] (https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/es-createupdatedomains.html#es-createdomain-configure-ebs) in the Amazon Elasticsearch Service Developer Guide.


enableVersionUpgrade?⚠️

⚠️ Deprecated: use opensearchservice module instead

Type: boolean (optional, default: false)

To upgrade an Amazon ES domain to a new version of Elasticsearch rather than replacing the entire domain resource, use the EnableVersionUpgrade update policy.

See also: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-updatepolicy.html#cfn-attributes-updatepolicy-upgradeelasticsearchdomain


encryptionAtRest?⚠️

⚠️ Deprecated: use opensearchservice module instead

Type: EncryptionAtRestOptions (optional, default: No encryption at rest)

Encryption at rest options for the cluster.


enforceHttps?⚠️

⚠️ Deprecated: use opensearchservice module instead

Type: boolean (optional, default: false)

True to require that all traffic to the domain arrive over HTTPS.


fineGrainedAccessControl?⚠️

⚠️ Deprecated: use opensearchservice module instead

Type: AdvancedSecurityOptions (optional, default: fine-grained access control is disabled)

Specifies options for fine-grained access control.

Requires Elasticsearch version 6.7 or later. Enabling fine-grained access control also requires encryption of data at rest and node-to-node encryption, along with enforced HTTPS.


logging?⚠️

⚠️ Deprecated: use opensearchservice module instead

Type: LoggingOptions (optional, default: No logs are published)

Configuration log publishing configuration options.


nodeToNodeEncryption?⚠️

⚠️ Deprecated: use opensearchservice module instead

Type: boolean (optional, default: Node to node encryption is not enabled.)

Specify true to enable node to node encryption.

Requires Elasticsearch version 6.0 or later.


removalPolicy?⚠️

⚠️ Deprecated: use opensearchservice module instead

Type: RemovalPolicy (optional, default: RemovalPolicy.RETAIN)

Policy to apply when the domain is removed from the stack.


securityGroups?⚠️

⚠️ Deprecated: use opensearchservice module instead

Type: ISecurityGroup[] (optional, default: One new security group is created.)

The list of security groups that are associated with the VPC endpoints for the domain.

Only used if vpc is specified.

See also: https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html


tlsSecurityPolicy?⚠️

⚠️ Deprecated: use opensearchservice module instead

Type: TLSSecurityPolicy (optional, default: TLSSecurityPolicy.TLS_1_0)

The minimum TLS version required for traffic to the domain.


useUnsignedBasicAuth?⚠️

⚠️ Deprecated: use opensearchservice module instead

Type: boolean (optional, default: false)

Configures the domain so that unsigned basic auth is enabled.

If no master user is provided a default master user with username admin and a dynamically generated password stored in KMS is created. The password can be retrieved by getting masterUserPassword from the domain instance.

Setting this to true will also add an access policy that allows unsigned access, enable node to node encryption, encryption at rest. If conflicting settings are encountered (like disabling encryption at rest) enabling this setting will cause a failure.


vpc?⚠️

⚠️ Deprecated: use opensearchservice module instead

Type: IVpc (optional, default: Domain is not placed in a VPC.)

Place the domain inside this VPC.

See also: https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/es-vpc.html


vpcSubnets?⚠️

⚠️ Deprecated: use opensearchservice module instead

Type: SubnetSelection[] (optional, default: All private subnets.)

The specific vpc subnets the domain will be placed in.

You must provide one subnet for each Availability Zone that your domain uses. For example, you must specify three subnet IDs for a three Availability Zone domain.

Only used if vpc is specified.

See also: https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html


zoneAwareness?⚠️

⚠️ Deprecated: use opensearchservice module instead

Type: ZoneAwarenessConfig (optional, default: no zone awareness (1 AZ))

The cluster zone awareness configuration for the Amazon ES domain.

Properties

NameTypeDescription
connections⚠️ConnectionsManages network connections to the domain.
domainArn⚠️stringArn of the Elasticsearch domain.
domainEndpoint⚠️stringEndpoint of the Elasticsearch domain.
domainName⚠️stringDomain name of the Elasticsearch domain.
env⚠️ResourceEnvironmentThe environment this resource belongs to.
node⚠️NodeThe tree node.
stack⚠️StackThe stack in which this resource is defined.
appLogGroup?⚠️ILogGroupLog group that application logs are logged to.
auditLogGroup?⚠️ILogGroupLog group that audit logs are logged to.
masterUserPassword?⚠️SecretValueMaster user password if fine grained access control is configured.
slowIndexLogGroup?⚠️ILogGroupLog group that slow indices are logged to.
slowSearchLogGroup?⚠️ILogGroupLog group that slow searches are logged to.

connections⚠️

⚠️ Deprecated: use opensearchservice module instead

Type: Connections

Manages network connections to the domain.

This will throw an error in case the domain is not placed inside a VPC.


domainArn⚠️

⚠️ Deprecated: use opensearchservice module instead

Type: string

Arn of the Elasticsearch domain.


domainEndpoint⚠️

⚠️ Deprecated: use opensearchservice module instead

Type: string

Endpoint of the Elasticsearch domain.


domainName⚠️

⚠️ Deprecated: use opensearchservice module instead

Type: string

Domain name of the Elasticsearch domain.


env⚠️

⚠️ Deprecated: use opensearchservice module instead

Type: ResourceEnvironment

The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.


node⚠️

⚠️ Deprecated: use opensearchservice module instead

Type: Node

The tree node.


stack⚠️

⚠️ Deprecated: use opensearchservice module instead

Type: Stack

The stack in which this resource is defined.


appLogGroup?⚠️

⚠️ Deprecated: use opensearchservice module instead

Type: ILogGroup (optional)

Log group that application logs are logged to.


auditLogGroup?⚠️

⚠️ Deprecated: use opensearchservice module instead

Type: ILogGroup (optional)

Log group that audit logs are logged to.


masterUserPassword?⚠️

⚠️ Deprecated: use opensearchservice module instead

Type: SecretValue (optional)

Master user password if fine grained access control is configured.


slowIndexLogGroup?⚠️

⚠️ Deprecated: use opensearchservice module instead

Type: ILogGroup (optional)

Log group that slow indices are logged to.


slowSearchLogGroup?⚠️

⚠️ Deprecated: use opensearchservice module instead

Type: ILogGroup (optional)

Log group that slow searches are logged to.

Methods

NameDescription
addAccessPolicies(...accessPolicyStatements)⚠️Add policy statements to the domain access policy.
applyRemovalPolicy(policy)⚠️Apply the given removal policy to this resource.
grantIndexRead(index, identity)⚠️Grant read permissions for an index in this domain to an IAM principal (Role/Group/User).
grantIndexReadWrite(index, identity)⚠️Grant read/write permissions for an index in this domain to an IAM principal (Role/Group/User).
grantIndexWrite(index, identity)⚠️Grant write permissions for an index in this domain to an IAM principal (Role/Group/User).
grantPathRead(path, identity)⚠️Grant read permissions for a specific path in this domain to an IAM principal (Role/Group/User).
grantPathReadWrite(path, identity)⚠️Grant read/write permissions for a specific path in this domain to an IAM principal (Role/Group/User).
grantPathWrite(path, identity)⚠️Grant write permissions for a specific path in this domain to an IAM principal (Role/Group/User).
grantRead(identity)⚠️Grant read permissions for this domain and its contents to an IAM principal (Role/Group/User).
grantReadWrite(identity)⚠️Grant read/write permissions for this domain and its contents to an IAM principal (Role/Group/User).
grantWrite(identity)⚠️Grant write permissions for this domain and its contents to an IAM principal (Role/Group/User).
metric(metricName, props?)⚠️Return the given named metric for this Domain.
metricAutomatedSnapshotFailure(props?)⚠️Metric for automated snapshot failures.
metricCPUUtilization(props?)⚠️Metric for CPU utilization.
metricClusterIndexWritesBlocked(props?)⚠️Metric for the cluster blocking index writes.
metricClusterStatusRed(props?)⚠️Metric for the time the cluster status is red.
metricClusterStatusYellow(props?)⚠️Metric for the time the cluster status is yellow.
metricFreeStorageSpace(props?)⚠️Metric for the storage space of nodes in the cluster.
metricIndexingLatency(props?)⚠️Metric for indexing latency.
metricJVMMemoryPressure(props?)⚠️Metric for JVM memory pressure.
metricKMSKeyError(props?)⚠️Metric for KMS key errors.
metricKMSKeyInaccessible(props?)⚠️Metric for KMS key being inaccessible.
metricMasterCPUUtilization(props?)⚠️Metric for master CPU utilization.
metricMasterJVMMemoryPressure(props?)⚠️Metric for master JVM memory pressure.
metricNodes(props?)⚠️Metric for the number of nodes.
metricSearchLatency(props?)⚠️Metric for search latency.
metricSearchableDocuments(props?)⚠️Metric for number of searchable documents.
toString()⚠️Returns a string representation of this construct.
static fromDomainAttributes(scope, id, attrs)⚠️Creates a Domain construct that represents an external domain.
static fromDomainEndpoint(scope, id, domainEndpoint)⚠️Creates a Domain construct that represents an external domain via domain endpoint.

addAccessPolicies(...accessPolicyStatements)⚠️

public addAccessPolicies(...accessPolicyStatements: PolicyStatement[]): void

⚠️ Deprecated: use opensearchservice module instead

Parameters

  • accessPolicyStatements PolicyStatement

Add policy statements to the domain access policy.


applyRemovalPolicy(policy)⚠️

public applyRemovalPolicy(policy: RemovalPolicy): void

⚠️ Deprecated: use opensearchservice module instead

Parameters

  • policy RemovalPolicy

Apply the given removal policy to this resource.

The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.

The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN).


grantIndexRead(index, identity)⚠️

public grantIndexRead(index: string, identity: IGrantable): Grant

⚠️ Deprecated: use opensearchservice module instead

Parameters

  • index string — The index to grant permissions for.
  • identity IGrantable — The principal.

Returns

  • Grant

Grant read permissions for an index in this domain to an IAM principal (Role/Group/User).


grantIndexReadWrite(index, identity)⚠️

public grantIndexReadWrite(index: string, identity: IGrantable): Grant

⚠️ Deprecated: use opensearchservice module instead

Parameters

  • index string — The index to grant permissions for.
  • identity IGrantable — The principal.

Returns

  • Grant

Grant read/write permissions for an index in this domain to an IAM principal (Role/Group/User).


grantIndexWrite(index, identity)⚠️

public grantIndexWrite(index: string, identity: IGrantable): Grant

⚠️ Deprecated: use opensearchservice module instead

Parameters

  • index string — The index to grant permissions for.
  • identity IGrantable — The principal.

Returns

  • Grant

Grant write permissions for an index in this domain to an IAM principal (Role/Group/User).


grantPathRead(path, identity)⚠️

public grantPathRead(path: string, identity: IGrantable): Grant

⚠️ Deprecated: use opensearchservice module instead

Parameters

  • path string — The path to grant permissions for.
  • identity IGrantable — The principal.

Returns

  • Grant

Grant read permissions for a specific path in this domain to an IAM principal (Role/Group/User).


grantPathReadWrite(path, identity)⚠️

public grantPathReadWrite(path: string, identity: IGrantable): Grant

⚠️ Deprecated: use opensearchservice module instead

Parameters

  • path string — The path to grant permissions for.
  • identity IGrantable — The principal.

Returns

  • Grant

Grant read/write permissions for a specific path in this domain to an IAM principal (Role/Group/User).


grantPathWrite(path, identity)⚠️

public grantPathWrite(path: string, identity: IGrantable): Grant

⚠️ Deprecated: use opensearchservice module instead

Parameters

  • path string — The path to grant permissions for.
  • identity IGrantable — The principal.

Returns

  • Grant

Grant write permissions for a specific path in this domain to an IAM principal (Role/Group/User).


grantRead(identity)⚠️

public grantRead(identity: IGrantable): Grant

⚠️ Deprecated: use opensearchservice module instead

Parameters

  • identity IGrantable — The principal.

Returns

  • Grant

Grant read permissions for this domain and its contents to an IAM principal (Role/Group/User).


grantReadWrite(identity)⚠️

public grantReadWrite(identity: IGrantable): Grant

⚠️ Deprecated: use opensearchservice module instead

Parameters

  • identity IGrantable — The principal.

Returns

  • Grant

Grant read/write permissions for this domain and its contents to an IAM principal (Role/Group/User).


grantWrite(identity)⚠️

public grantWrite(identity: IGrantable): Grant

⚠️ Deprecated: use opensearchservice module instead

Parameters

  • identity IGrantable — The principal.

Returns

  • Grant

Grant write permissions for this domain and its contents to an IAM principal (Role/Group/User).


metric(metricName, props?)⚠️

public metric(metricName: string, props?: MetricOptions): Metric

⚠️ Deprecated: use opensearchservice module instead

Parameters

  • metricName string
  • props MetricOptions

Returns

  • Metric

Return the given named metric for this Domain.


metricAutomatedSnapshotFailure(props?)⚠️

public metricAutomatedSnapshotFailure(props?: MetricOptions): Metric

⚠️ Deprecated: use opensearchservice module instead

Parameters

  • props MetricOptions

Returns

  • Metric

Metric for automated snapshot failures.


metricCPUUtilization(props?)⚠️

public metricCPUUtilization(props?: MetricOptions): Metric

⚠️ Deprecated: use opensearchservice module instead

Parameters

  • props MetricOptions

Returns

  • Metric

Metric for CPU utilization.


metricClusterIndexWritesBlocked(props?)⚠️

public metricClusterIndexWritesBlocked(props?: MetricOptions): Metric

⚠️ Deprecated: use opensearchservice module instead

Parameters

  • props MetricOptions

Returns

  • Metric

Metric for the cluster blocking index writes.


metricClusterStatusRed(props?)⚠️

public metricClusterStatusRed(props?: MetricOptions): Metric

⚠️ Deprecated: use opensearchservice module instead

Parameters

  • props MetricOptions

Returns

  • Metric

Metric for the time the cluster status is red.


metricClusterStatusYellow(props?)⚠️

public metricClusterStatusYellow(props?: MetricOptions): Metric

⚠️ Deprecated: use opensearchservice module instead

Parameters

  • props MetricOptions

Returns

  • Metric

Metric for the time the cluster status is yellow.


metricFreeStorageSpace(props?)⚠️

public metricFreeStorageSpace(props?: MetricOptions): Metric

⚠️ Deprecated: use opensearchservice module instead

Parameters

  • props MetricOptions

Returns

  • Metric

Metric for the storage space of nodes in the cluster.


metricIndexingLatency(props?)⚠️

public metricIndexingLatency(props?: MetricOptions): Metric

⚠️ Deprecated: use opensearchservice module instead

Parameters

  • props MetricOptions

Returns

  • Metric

Metric for indexing latency.


metricJVMMemoryPressure(props?)⚠️

public metricJVMMemoryPressure(props?: MetricOptions): Metric

⚠️ Deprecated: use opensearchservice module instead

Parameters

  • props MetricOptions

Returns

  • Metric

Metric for JVM memory pressure.


metricKMSKeyError(props?)⚠️

public metricKMSKeyError(props?: MetricOptions): Metric

⚠️ Deprecated: use opensearchservice module instead

Parameters

  • props MetricOptions

Returns

  • Metric

Metric for KMS key errors.


metricKMSKeyInaccessible(props?)⚠️

public metricKMSKeyInaccessible(props?: MetricOptions): Metric

⚠️ Deprecated: use opensearchservice module instead

Parameters

  • props MetricOptions

Returns

  • Metric

Metric for KMS key being inaccessible.


metricMasterCPUUtilization(props?)⚠️

public metricMasterCPUUtilization(props?: MetricOptions): Metric

⚠️ Deprecated: use opensearchservice module instead

Parameters

  • props MetricOptions

Returns

  • Metric

Metric for master CPU utilization.


metricMasterJVMMemoryPressure(props?)⚠️

public metricMasterJVMMemoryPressure(props?: MetricOptions): Metric

⚠️ Deprecated: use opensearchservice module instead

Parameters

  • props MetricOptions

Returns

  • Metric

Metric for master JVM memory pressure.


metricNodes(props?)⚠️

public metricNodes(props?: MetricOptions): Metric

⚠️ Deprecated: use opensearchservice module instead

Parameters

  • props MetricOptions

Returns

  • Metric

Metric for the number of nodes.


metricSearchLatency(props?)⚠️

public metricSearchLatency(props?: MetricOptions): Metric

⚠️ Deprecated: use opensearchservice module instead

Parameters

  • props MetricOptions

Returns

  • Metric

Metric for search latency.


metricSearchableDocuments(props?)⚠️

public metricSearchableDocuments(props?: MetricOptions): Metric

⚠️ Deprecated: use opensearchservice module instead

Parameters

  • props MetricOptions

Returns

  • Metric

Metric for number of searchable documents.


toString()⚠️

public toString(): string

⚠️ Deprecated: use opensearchservice module instead

Returns

  • string

Returns a string representation of this construct.


static fromDomainAttributes(scope, id, attrs)⚠️

public static fromDomainAttributes(scope: Construct, id: string, attrs: DomainAttributes): IDomain

⚠️ Deprecated: use opensearchservice module instead

Parameters

  • scope Construct — The parent creating construct (usually this).
  • id string — The construct's name.
  • attrs DomainAttributes — A DomainAttributes object.

Returns

  • IDomain

Creates a Domain construct that represents an external domain.


static fromDomainEndpoint(scope, id, domainEndpoint)⚠️

public static fromDomainEndpoint(scope: Construct, id: string, domainEndpoint: string): IDomain

⚠️ Deprecated: use opensearchservice module instead

Parameters

  • scope Construct — The parent creating construct (usually this).
  • id string — The construct's name.
  • domainEndpoint string — The domain's endpoint.

Returns

  • IDomain

Creates a Domain construct that represents an external domain via domain endpoint.