aws-cdk-lib.aws_elasticsearch.EncryptionAtRestOptions

interface EncryptionAtRestOptions ⚠️

LanguageType name
.NETAmazon.CDK.AWS.Elasticsearch.EncryptionAtRestOptions
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awselasticsearch#EncryptionAtRestOptions
Javasoftware.amazon.awscdk.services.elasticsearch.EncryptionAtRestOptions
Pythonaws_cdk.aws_elasticsearch.EncryptionAtRestOptions
TypeScript (source)aws-cdk-lib » aws_elasticsearch » EncryptionAtRestOptions

⚠️ Deprecated: use opensearchservice module instead

Whether the domain should encrypt data at rest, and if so, the AWS Key Management Service (KMS) key to use.

Can only be used to create a new domain, not update an existing one. Requires Elasticsearch version 5.1 or later.

Example

const domain = new es.Domain(this, 'Domain', {
  version: es.ElasticsearchVersion.V7_1,
  enforceHttps: true,
  nodeToNodeEncryption: true,
  encryptionAtRest: {
    enabled: true,
  },
  fineGrainedAccessControl: {
    masterUserName: 'master-user',
  },
});

const masterUserPassword = domain.masterUserPassword;

Properties

NameTypeDescription
enabled?⚠️booleanSpecify true to enable encryption at rest.
kmsKey?⚠️IKeySupply if using KMS key for encryption at rest.

enabled?⚠️

⚠️ Deprecated: use opensearchservice module instead

Type: boolean (optional, default: encryption at rest is disabled.)

Specify true to enable encryption at rest.


kmsKey?⚠️

⚠️ Deprecated: use opensearchservice module instead

Type: IKey (optional, default: uses default aws/es KMS key.)

Supply if using KMS key for encryption at rest.