Syntax Properties Return values Examples

AWS::OpenSearchServerless::SecurityConfig

Specifies a security configuration for OpenSearch Serverless. For more information, see SAML authentication for Amazon OpenSearch Serverless.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON


{
  "Type" : "AWS::OpenSearchServerless::SecurityConfig",
  "Properties" : {
      "Description" : String,
      "Name" : String,
      "SamlOptions" : SamlConfigOptions,
      "Type" : String
    }
}

YAML


Type: AWS::OpenSearchServerless::SecurityConfig
Properties:
  Description: String
  Name: String
  SamlOptions: 
    SamlConfigOptions
  Type: String

Properties

Description

The description of the security configuration.

Required: No

Type: String

Minimum: 1

Maximum: 1000

Update requires: No interruption

Name

The name of the security configuration.

Required: No

Type: String

Pattern: ^[a-z][a-z0-9-]{2,31}$

Minimum: 3

Maximum: 32

Update requires: Replacement

SamlOptions

SAML options for the security configuration in the form of a key-value map.

Required: No

Type: SamlConfigOptions

Update requires: No interruption

Type

The type of security configuration. Currently the only option is saml.

Required: No

Type: String

Allowed values: saml

Update requires: Replacement

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the name of the ID of the security configuration. For more information about using the Ref function, see Ref.

Fn::GetAtt

GetAtt returns a value for a specified attribute of this type. For more information, see Fn::GetAtt. The following are the available attributes and sample return values.

Id: The unique identifier of the security configuration. For example, saml/123456789012/myprovider.

Examples

Create a security configuration that specifies a YAML provider

The following example specifies an OpenSearch Serverless SAML provider named my-provider with a custom group attribute ALLGroups.

JSON


{
   "AWSTemplateFormatVersion":"2010-09-09",
   "Description":"OpenSearch Serverless security policy template",
   "Resources":{
      "TestSecurityConfig":{
         "Type":"AWS::OpenSearchServerless::SecurityConfig",
         "Properties":{
            "Name":"my-provider",
            "Type":"saml",
            "Description":"Serverless SAML configuration",
            "SamlOptions":{
               "Metadata":"<?xml version=\"1.0\"
                encoding=\"UTF-8\"?><md:EntityDescriptor
                entityID=\"http://www.okta.com/foobar\"
                xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\"><md:IDPSSODescriptor
                WantAuthnRequestsSigned=\"false\"
                protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\"><md:KeyDescriptor
                use=\"signing\"><ds:KeyInfo
                xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"><ds:X509Data><ds:X509Certificate>Mfoobar</ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat><md:SingleSignOnService
                Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\"
                Location=\"https://trial-1234567.okta.com/app/trial-1234567_saml2_1/foobar/sso/saml\"/><md:SingleSignOnService
                Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\"
                Location=\"https://trial-1234567.okta.com/app/trial-1234567_saml2_1/foobar/sso/saml\"/></md:IDPSSODescriptor></md:EntityDescriptor>",
               "UserAttribute":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier",
               "GroupAttribute":"ALLGroups",
               "SessionTimeout":120
            }
         }
      }
   }
}

YAML


Description: OpenSearch Serverless security policy template
Resources:
  TestSecurityConfig:
      Type: 'AWS::OpenSearchService::Domain'
      Properties:
        Name: my-provider
        Type: saml
        Description: Serverless SAML configuration
        SamlOptions:
          Metadata: >- 
             <?xml
             version="1.0" encoding="UTF-8"?><md:EntityDescriptor
             entityID="http://www.okta.com/foobar"
             xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"><md:IDPSSODescriptor
             WantAuthnRequestsSigned="false"
             protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"><md:KeyDescriptor
             use="signing"><ds:KeyInfo
             xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:X509Data><ds:X509Certificate>Mfoobar</ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat><md:SingleSignOnService
             Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
             Location="https://trial-1234567.okta.com/app/trial-1234567_saml2_1/foobar/sso/saml"/><md:SingleSignOnService
             Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
             Location="https://trial-1234567.okta.com/app/trial-1234567_saml2_1/foobar/sso/saml"/></md:IDPSSODescriptor></md:EntityDescriptor>
             UserAttribute: 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier'
             GroupAttribute: ALLGroups SessionTimeout: 120

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

AWS::OpenSearchServerless::LifecyclePolicy

SamlConfigOptions