aws-cdk-lib.aws_opensearchservice.CfnDomain.AdvancedSecurityOptionsInputProperty

interface AdvancedSecurityOptionsInputProperty

LanguageType name
.NETAmazon.CDK.AWS.OpenSearchService.CfnDomain.AdvancedSecurityOptionsInputProperty
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awsopensearchservice#CfnDomain_AdvancedSecurityOptionsInputProperty
Javasoftware.amazon.awscdk.services.opensearchservice.CfnDomain.AdvancedSecurityOptionsInputProperty
Pythonaws_cdk.aws_opensearchservice.CfnDomain.AdvancedSecurityOptionsInputProperty
TypeScript aws-cdk-lib » aws_opensearchservice » CfnDomain » AdvancedSecurityOptionsInputProperty

Specifies options for fine-grained access control.

If you specify advanced security options, you must also enable node-to-node encryption ( NodeToNodeEncryptionOptions ) and encryption at rest ( EncryptionAtRestOptions ). You must also enable EnforceHTTPS within DomainEndpointOptions , which requires HTTPS for all traffic to the domain.

Example

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import { aws_opensearchservice as opensearchservice } from 'aws-cdk-lib';
const advancedSecurityOptionsInputProperty: opensearchservice.CfnDomain.AdvancedSecurityOptionsInputProperty = {
  anonymousAuthDisableDate: 'anonymousAuthDisableDate',
  anonymousAuthEnabled: false,
  enabled: false,
  internalUserDatabaseEnabled: false,
  masterUserOptions: {
    masterUserArn: 'masterUserArn',
    masterUserName: 'masterUserName',
    masterUserPassword: 'masterUserPassword',
  },
  samlOptions: {
    enabled: false,
    idp: {
      entityId: 'entityId',
      metadataContent: 'metadataContent',
    },
    masterBackendRole: 'masterBackendRole',
    masterUserName: 'masterUserName',
    rolesKey: 'rolesKey',
    sessionTimeoutMinutes: 123,
    subjectKey: 'subjectKey',
  },
};

Properties

NameTypeDescription
anonymousAuthDisableDate?stringDate and time when the migration period will be disabled.
anonymousAuthEnabled?boolean | IResolvableTrue to enable a 30-day migration period during which administrators can create role mappings.
enabled?boolean | IResolvableTrue to enable fine-grained access control.
internalUserDatabaseEnabled?boolean | IResolvableTrue to enable the internal user database.
masterUserOptions?IResolvable | MasterUserOptionsPropertySpecifies information about the master user.
samlOptions?IResolvable | SAMLOptionsPropertyContainer for information about the SAML configuration for OpenSearch Dashboards.

anonymousAuthDisableDate?

Type: string (optional)

Date and time when the migration period will be disabled.

Only necessary when enabling fine-grained access control on an existing domain .


anonymousAuthEnabled?

Type: boolean | IResolvable (optional)

True to enable a 30-day migration period during which administrators can create role mappings.

Only necessary when enabling fine-grained access control on an existing domain .


enabled?

Type: boolean | IResolvable (optional)

True to enable fine-grained access control.

You must also enable encryption of data at rest and node-to-node encryption. See Fine-grained access control in Amazon OpenSearch Service .


internalUserDatabaseEnabled?

Type: boolean | IResolvable (optional)

True to enable the internal user database.


masterUserOptions?

Type: IResolvable | MasterUserOptionsProperty (optional)

Specifies information about the master user.


samlOptions?

Type: IResolvable | SAMLOptionsProperty (optional)

Container for information about the SAML configuration for OpenSearch Dashboards.