Select your cookie preferences

We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

Preferences
Contact Us
Feedback
AWS Documentation
Create an AWS Account

AWS::OpenSearchService::Domain AdvancedSecurityOptionsInput

RSS
Focus mode
AWS::OpenSearchService::Domain AdvancedSecurityOptionsInput - AWS CloudFormation
SyntaxProperties
Filter View

Specifies options for fine-grained access control.

If you specify advanced security options, you must also enable node-to-node encryption (NodeToNodeEncryptionOptions) and encryption at rest (EncryptionAtRestOptions). You must also enable EnforceHTTPS within DomainEndpointOptions, which requires HTTPS for all traffic to the domain.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

Properties

AnonymousAuthDisableDate

Date and time when the migration period will be disabled. Only necessary when enabling fine-grained access control on an existing domain.

Required: No

Type: String

Update requires: No interruption

AnonymousAuthEnabled

True to enable a 30-day migration period during which administrators can create role mappings. Only necessary when enabling fine-grained access control on an existing domain.

Required: No

Type: Boolean

Update requires: No interruption

Enabled

True to enable fine-grained access control. You must also enable encryption of data at rest and node-to-node encryption. See Fine-grained access control in Amazon OpenSearch Service.

Required: No

Type: Boolean

Update requires: No interruption

InternalUserDatabaseEnabled

True to enable the internal user database.

Required: No

Type: Boolean

Update requires: No interruption

JWTOptions

Container for information about the JWT configuration of the Amazon OpenSearch Service.

Required: No

Type: JWTOptions

Update requires: No interruption

MasterUserOptions

Specifies information about the master user.

Required: No

Type: MasterUserOptions

Update requires: No interruption

SAMLOptions

Container for information about the SAML configuration for OpenSearch Dashboards.

Required: No

Type: SAMLOptions

Update requires: No interruption

On this page

PrivacySite termsCookie preferences
© 2025, Amazon Web Services, Inc. or its affiliates. All rights reserved.