aws-cdk-lib.aws_opensearchservice.EncryptionAtRestOptions

interface EncryptionAtRestOptions

LanguageType name
.NETAmazon.CDK.AWS.OpenSearchService.EncryptionAtRestOptions
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awsopensearchservice#EncryptionAtRestOptions
Javasoftware.amazon.awscdk.services.opensearchservice.EncryptionAtRestOptions
Pythonaws_cdk.aws_opensearchservice.EncryptionAtRestOptions
TypeScript (source)aws-cdk-lib » aws_opensearchservice » EncryptionAtRestOptions

Whether the domain should encrypt data at rest, and if so, the AWS Key Management Service (KMS) key to use.

Can only be used to create a new domain, not update an existing one. Requires Elasticsearch version 5.1 or later or OpenSearch version 1.0 or later.

Example

const domain = new Domain(this, 'Domain', {
  version: EngineVersion.OPENSEARCH_1_0,
  enforceHttps: true,
  nodeToNodeEncryption: true,
  encryptionAtRest: {
    enabled: true,
  },
  fineGrainedAccessControl: {
    masterUserName: 'master-user',
  },
  logging: {
    auditLogEnabled: true,
    slowSearchLogEnabled: true,
    appLogEnabled: true,
    slowIndexLogEnabled: true,
  },
});

Properties

NameTypeDescription
enabled?booleanSpecify true to enable encryption at rest.
kmsKey?IKeySupply if using KMS key for encryption at rest.

enabled?

Type: boolean (optional, default: encryption at rest is disabled.)

Specify true to enable encryption at rest.


kmsKey?

Type: IKey (optional, default: uses default aws/es KMS key.)

Supply if using KMS key for encryption at rest.