AWS::OpenSearchService::Domain AdvancedSecurityOptionsInput
Specifies options for fine-grained access control.
If you specify advanced security options,
you must also enable node-to-node encryption (NodeToNodeEncryptionOptions) and encryption at rest (EncryptionAtRestOptions). You must also enable EnforceHTTPS within
DomainEndpointOptions, which requires HTTPS for all traffic to the domain.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "AnonymousAuthDisableDate" :String, "AnonymousAuthEnabled" :Boolean, "Enabled" :Boolean, "InternalUserDatabaseEnabled" :Boolean, "MasterUserOptions" :MasterUserOptions, "SAMLOptions" :SAMLOptions}
YAML
AnonymousAuthDisableDate:StringAnonymousAuthEnabled:BooleanEnabled:BooleanInternalUserDatabaseEnabled:BooleanMasterUserOptions:MasterUserOptionsSAMLOptions:SAMLOptions
Properties
AnonymousAuthDisableDate-
Date and time when the migration period will be disabled. Only necessary when enabling fine-grained access control on an existing domain.
Required: No
Type: String
Update requires: No interruption
AnonymousAuthEnabled-
True to enable a 30-day migration period during which administrators can create role mappings. Only necessary when enabling fine-grained access control on an existing domain.
Required: No
Type: Boolean
Update requires: No interruption
Enabled-
True to enable fine-grained access control. You must also enable encryption of data at rest and node-to-node encryption. See Fine-grained access control in Amazon OpenSearch Service.
Required: No
Type: Boolean
Update requires: No interruption
InternalUserDatabaseEnabled-
True to enable the internal user database.
Required: No
Type: Boolean
Update requires: No interruption
MasterUserOptions-
Specifies information about the master user.
Required: No
Type: MasterUserOptions
Update requires: No interruption
SAMLOptions-
Container for information about the SAML configuration for OpenSearch Dashboards.
Required: No
Type: SAMLOptions
Update requires: No interruption
