Terraform resource for managing an AWS OpenSearch Serverless Access Policy. See AWS documentation for data access policies and supported data access policy permissions.
data "aws_caller_identity" "current" {}
resource "aws_opensearchserverless_access_policy" "example" {
name = "example"
type = "data"
description = "read and write permissions"
policy = jsonencode([
{
Rules = [
{
ResourceType = "index",
Resource = [
"index/example-collection/*"
],
Permission = [
"aoss:*"
]
},
{
ResourceType = "collection",
Resource = [
"collection/example-collection"
],
Permission = [
"aoss:*"
]
}
],
Principal = [
data.aws_caller_identity.current.arn
]
}
])
}
data "aws_caller_identity" "current" {}
resource "aws_opensearchserverless_access_policy" "example" {
name = "example"
type = "data"
description = "read-only permissions"
policy = jsonencode([
{
Rules = [
{
ResourceType = "index",
Resource = [
"index/example-collection/*"
],
Permission = [
"aoss:DescribeIndex",
"aoss:ReadDocument",
]
},
{
ResourceType = "collection",
Resource = [
"collection/example-collection"
],
Permission = [
"aoss:DescribeCollectionItems"
]
}
],
Principal = [
data.aws_caller_identity.current.arn
]
}
])
}
resource "aws_opensearchserverless_access_policy" "example" {
name = "example"
type = "data"
description = "saml permissions"
policy = jsonencode([
{
Rules = [
{
ResourceType = "index",
Resource = [
"index/example-collection/*"
],
Permission = [
"aoss:*"
]
},
{
ResourceType = "collection",
Resource = [
"collection/example-collection"
],
Permission = [
"aoss:*"
]
}
],
Principal = [
"saml/123456789012/myprovider/user/Annie",
"saml/123456789012/anotherprovider/group/Accounting"
]
}
])
}
The following arguments are required:
name
- (Required) Name of the policy.policy
- (Required) JSON policy document to use as the content for the new policytype
- (Required) Type of access policy. Must be data
.The following arguments are optional:
description
- (Optional) Description of the policy. Typically used to store information about the permissions defined in the policy.This resource exports the following attributes in addition to the arguments above:
policy_version
- Version of the policy.In Terraform v1.5.0 and later, use an import
block to import OpenSearchServerless Access Policy using the name
and type
arguments separated by a slash (/
). For example:
import {
to = aws_opensearchserverless_access_policy.example
id = "example/data"
}
Using terraform import
, import OpenSearchServerless Access Policy using the name
and type
arguments separated by a slash (/
). For example:
% terraform import aws_opensearchserverless_access_policy.example example/data