Sign In to the Console
AWS CloudFormation
User Guide (Version )

AWS Documentation » AWS CloudFormation » User Guide » Elasticsearch Resource Type Reference » AWS::Elasticsearch::Domain

AWS::Elasticsearch::Domain

The AWS::Elasticsearch::Domain resource creates an Amazon Elasticsearch Service (Amazon ES) domain that encapsulates the Amazon ES engine instances.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

Properties

AccessPolicies

An AWS Identity and Access Management (IAM) policy document that specifies who can access the Amazon ES domain and their permissions. For more information, see Configuring Access Policies in the Amazon Elasticsearch Service Developer Guide.

Required: No

Type: Json

Update requires: No interruption

AdvancedOptions

Additional options to specify for the Amazon ES domain. For more information, see Configuring Advanced Options in the Amazon Elasticsearch Service Developer Guide.

Required: No

Type: Map of String

Update requires: No interruption

DomainName

A name for the Amazon ES domain. For valid values, see the DomainName data type in the Amazon Elasticsearch Service Developer Guide. If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the domain name. For more information, see Name Type.

Important

If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.

Required: No

Type: String

Update requires: Replacement

EBSOptions

The configurations of Amazon Elastic Block Store (Amazon EBS) volumes that are attached to data nodes in the Amazon ES domain. For more information, see Configuring EBS-based Storage in the Amazon Elasticsearch Service Developer Guide.

Required: No

Type: EBSOptions

Update requires: No interruption

ElasticsearchClusterConfig

ElasticsearchClusterConfig is a property of the AWS::Elasticsearch::Domain resource that configures the cluster of an Amazon Elasticsearch Service (Amazon ES) domain.

Required: No

Type: ElasticsearchClusterConfig

Update requires: No interruption

ElasticsearchVersion

The version of Elasticsearch to use, such as 2.3. If not specified, 1.5 is used as the default. For information about the versions that Amazon ES supports, see the Elasticsearch-Version parameter for the CreateElasticsearchDomain action in the Amazon Elasticsearch Service Developer Guide.

Required: No

Type: String

Update requires: Replacement

EncryptionAtRestOptions

Whether the domain should encrypt data at rest, and if so, the AWS Key Management Service (KMS) key to use. Can only be used to create a new domain, not update an existing one.

Required: No

Type: EncryptionAtRestOptions

Update requires: Replacement

NodeToNodeEncryptionOptions

Specifies whether node-to-node encryption is enabled.

Required: No

Type: NodeToNodeEncryptionOptions

Update requires: Replacement

SnapshotOptions

The automated snapshot configuration for the Amazon ES domain indices.

Required: No

Type: SnapshotOptions

Update requires: No interruption

Tags

An arbitrary set of tags (key–value pairs) to associate with the Amazon ES domain.

Required: No

Type: List of Tag

Update requires: No interruption

VPCOptions

The virtual private cloud (VPC) configuration for the Amazon ES domain. For more information, see VPC Support for Amazon Elasticsearch Service Domains in the Amazon Elasticsearch Service Developer Guide.

Required: No

Type: VPCOptions

Update requires: No interruption

Return Values

Ref

When the logical ID of this resource is provided to the Ref intrinsic function, Ref returns the resource name, such as mystack-elasticsea-abc1d2efg3h4. For more information about using the Ref function, see Ref.

Fn::GetAtt

Fn::GetAtt returns a value for a specified attribute of this type. For more information, see Fn::GetAtt. The following are the available attributes and sample return values.

Arn

The Amazon Resource Name (ARN) of the domain, such as arn:aws:es:us-west-2:123456789012:domain/mystack-elasti-1ab2cdefghij. This returned value is the same as the one returned by AWS::Elasticsearch::Domain.DomainArn.

DomainArn

The Amazon Resource Name (ARN) of the domain, such as arn:aws:es:us-west-2:123456789012:domain/mystack-elasti-1ab2cdefghij. This returned value is the same as the one returned by AWS::Elasticsearch::Domain.Arn.

DomainEndpoint

The domain-specific endpoint that's used to submit index, search, and data upload requests to an Amazon ES domain, such as search-mystack-elasti-1ab2cdefghij-ab1c2deckoyb3hofw7wpqa3cm.us-west-2.es.amazonaws.com.

Examples

Create an Amazon ES domain that contains two data nodes and three master nodes

The following example create an Amazon ES domain that contains two data nodes and three master nodes. Automated snapshots of the indices are taken daily between midnight and 1:00 AM (UTC). The access policy permits the IAM user es-user to take all Amazon ES actions on the domain, such as es:UpdateElasticsearchDomainConfig.

JSON

"ElasticsearchDomain":{
   "Type":"AWS::Elasticsearch::Domain",
   "Properties":{
      "DomainName":"test",
      "ElasticsearchClusterConfig":{
         "DedicatedMasterEnabled":"true",
         "InstanceCount":"2",
         "ZoneAwarenessEnabled":"true",
         "InstanceType":"m3.medium.elasticsearch",
         "DedicatedMasterType":"m3.medium.elasticsearch",
         "DedicatedMasterCount":"3"
      },
      "EBSOptions":{
         "EBSEnabled":true,
         "Iops":0,
         "VolumeSize":20,
         "VolumeType":"gp2"
      },
      "SnapshotOptions":{
         "AutomatedSnapshotStartHour":"0"
      },
      "AccessPolicies":{
         "Version":"2012-10-17",
         "Statement":[
            {
               "Effect":"Allow",
               "Principal":{
                  "AWS":"arn:aws:iam::123456789012:user/es-user"
               },
               "Action":"es:*",
               "Resource":"arn:aws:es:us-east-1:123456789012:domain/test/*"
            }
         ]
      },
      "AdvancedOptions":{
         "rest.action.multi.allow_explicit_index":"true"
      }
   }
}

YAML

ElasticsearchDomain:
  Type: AWS::Elasticsearch::Domain
  Properties:
    DomainName: "test"
    ElasticsearchClusterConfig:
      DedicatedMasterEnabled: "true"
      InstanceCount: "2"
      ZoneAwarenessEnabled: "true"
      InstanceType: "m3.medium.elasticsearch"
      DedicatedMasterType: "m3.medium.elasticsearch"
      DedicatedMasterCount: "3"
    EBSOptions:
      EBSEnabled: true
      Iops: 0
      VolumeSize: 20
      VolumeType: "gp2"
    SnapshotOptions:
      AutomatedSnapshotStartHour: "0"
    AccessPolicies:
      Version: "2012-10-17"
      Statement:
        -
          Effect: "Allow"
          Principal:
            AWS: "arn:aws:iam::123456789012:user/es-user"
          Action: "es:*"
          Resource: "arn:aws:es:us-east-1:846973539254:domain/test/*"
    AdvancedOptions:
      rest.action.multi.allow_explicit_index: "true"

Create a domain with VPC options

The following example creates a domain with VPC options.

JSON

{
  "AWSTemplateFormatVersion": "2010-09-09",
  "Description": "ElasticsearchDomain resource",
  "Parameters": {
    "DomainName" : {
      "Description" : "User defined Elasticsearch Domain name",
      "Type" : "String"
    },
    "ElasticsearchVersion" : {
      "Description" : "User defined Elasticsearch Version",
      "Type" : "String"
    },
    "InstanceType" : {
      "Type" : "String"
    },
    "AvailabilityZone" : {
      "Type" : "String"
    },
    "CidrBlock" : {
      "Type" : "String"
    },
    "GroupDescription" : {
      "Type" : "String"
    },
    "SGName" : {
      "Type" : "String"
    }
  },
  "Resources": {
    "ElasticsearchDomain": {
      "Type": "AWS::Elasticsearch::Domain",
      "Properties": {
        "DomainName": { "Ref": "DomainName" },
        "ElasticsearchVersion": { "Ref": "ElasticsearchVersion" },
        "ElasticsearchClusterConfig": {
          "InstanceCount": "1",
          "InstanceType": { "Ref": "InstanceType" }
        },
        "EBSOptions": {
          "EBSEnabled" : "true",
          "Iops" : 0,
          "VolumeSize" : 10,
          "VolumeType" : "standard"
        },
        "SnapshotOptions": {
          "AutomatedSnapshotStartHour": "0"
        },
        "AccessPolicies": {
          "Version": "2012-10-17",
          "Statement": [{
            "Effect": "Deny",
            "Principal": {
              "AWS": "*"
            },
            "Action": "es:*",
            "Resource": "*"
          }]
        },
        "AdvancedOptions": {
          "rest.action.multi.allow_explicit_index": "true"
        },
        "Tags": [{
          "Key": "foo",
          "Value": "bar"
        }],
        "VPCOptions" : {
          "SubnetIds" : [
            {"Ref" : "subnet"}
          ],
          "SecurityGroupIds" : [
            {"Ref" : "mySecurityGroup"}
          ]
        }
      }
    },
    "vpc" : {
      "Type" : "AWS::EC2::VPC",
      "Properties" : {
        "CidrBlock" : "10.0.0.0/16"
      }
    },
    "subnet" : {
      "Type" : "AWS::EC2::Subnet",
      "Properties" : {
        "VpcId" : {"Ref": "vpc"},
        "CidrBlock" : {"Ref" : "CidrBlock"},
        "AvailabilityZone" : {"Ref" : "AvailabilityZone"}
      }
    },
    "mySecurityGroup": {
      "Type": "AWS::EC2::SecurityGroup",
      "Properties": {
        "GroupDescription": {"Ref" : "GroupDescription"},
        "VpcId" : {"Ref" : "vpc"},
        "GroupName": {"Ref" : "SGName"},
        "SecurityGroupIngress": [
          {
            "FromPort": "443",
            "IpProtocol": "tcp",
            "ToPort": "443",
            "CidrIp": "0.0.0.0/0"
          }
        ]
      }
    }
  },
  "Outputs": {
    "DomainArn": {
      "Value": {
        "Fn::GetAtt": ["ElasticsearchDomain", "DomainArn"]
      }
    },
    "DomainEndpoint": {
      "Value": {
        "Fn::GetAtt": ["ElasticsearchDomain", "DomainEndpoint"]
      }
    },
    "SecurityGroupId": {
      "Value": {
        "Ref": "mySecurityGroup"
      }
    },
    "SubnetId": {
      "Value": {
        "Ref": "subnet"
      }
    }
  }
}

YAML

AWSTemplateFormatVersion: 2010-09-09
Description: ElasticsearchDomain resource
Parameters:
  DomainName:
    Description: User defined Elasticsearch Domain name
    Type: String
  ElasticsearchVersion:
    Description: User defined Elasticsearch Version
    Type: String
  InstanceType:
    Type: String
  AvailabilityZone:
    Type: String
  CidrBlock:
    Type: String
  GroupDescription:
    Type: String
  SGName:
    Type: String
Resources:
  ElasticsearchDomain:
    Type: AWS::Elasticsearch::Domain
    Properties:
      DomainName: !Ref DomainName
      ElasticsearchVersion: !Ref ElasticsearchVersion
      ElasticsearchClusterConfig:
        InstanceCount: '1'
        InstanceType: !Ref InstanceType
      EBSOptions:
        EBSEnabled: 'true'
        Iops: 0
        VolumeSize: 10
        VolumeType: standard
      SnapshotOptions:
        AutomatedSnapshotStartHour: '0'
      AccessPolicies:
        Version: 2012-10-17
        Statement:
          - Effect: Deny
            Principal:
              AWS: '*'
            Action: 'es:*'
            Resource: '*'
      AdvancedOptions:
        rest.action.multi.allow_explicit_index: 'true'
      Tags:
        - Key: foo
          Value: bar
      VPCOptions:
        SubnetIds:
          - !Ref subnet
        SecurityGroupIds:
          - !Ref mySecurityGroup
  vpc:
    Type: AWS::EC2::VPC
    Properties:
      CidrBlock: 10.0.0.0/16
  subnet:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref vpc
      CidrBlock: !Ref CidrBlock
      AvailabilityZone: !Ref AvailabilityZone
  mySecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: !Ref GroupDescription
      VpcId: !Ref vpc
      GroupName: !Ref SGName
      SecurityGroupIngress:
        - FromPort: '443'
          IpProtocol: tcp
          ToPort: '443'
          CidrIp: 0.0.0.0/0
Outputs:
  DomainArn:
    Value: !GetAtt ElasticsearchDomain.DomainArn
  DomainEndpoint:
    Value: !GetAtt ElasticsearchDomain.DomainEndpoint
  SecurityGroupId:
    Value: !Ref mySecurityGroup
  SubnetId:
    Value: !Ref subnet