AdvancedSecurityOptions

class aws_cdk.aws_opensearchservice.AdvancedSecurityOptions(*, master_user_arn=None, master_user_name=None, master_user_password=None, saml_authentication_enabled=None, saml_authentication_options=None)

Bases: object

Specifies options for fine-grained access control.

Parameters:
  • master_user_arn (Optional[str]) – ARN for the master user. Only specify this or masterUserName, but not both. Default: - fine-grained access control is disabled

  • master_user_name (Optional[str]) – Username for the master user. Only specify this or masterUserArn, but not both. Default: - fine-grained access control is disabled

  • master_user_password (Optional[SecretValue]) – Password for the master user. You can use SecretValue.unsafePlainText to specify a password in plain text or use secretsmanager.Secret.fromSecretAttributes to reference a secret in Secrets Manager. Default: - A Secrets Manager generated password

  • saml_authentication_enabled (Optional[bool]) – True to enable SAML authentication for a domain. Default: - SAML authentication is disabled. Enabled if samlAuthenticationOptions is set.

  • saml_authentication_options (Union[SAMLOptionsProperty, Dict[str, Any], None]) – Container for information about the SAML configuration for OpenSearch Dashboards. If set, samlAuthenticationEnabled will be enabled. Default: - no SAML authentication options

ExampleMetadata:

infused

Example:

domain = Domain(self, "Domain",
    version=EngineVersion.OPENSEARCH_1_0,
    enforce_https=True,
    node_to_node_encryption=True,
    encryption_at_rest=EncryptionAtRestOptions(
        enabled=True
    ),
    fine_grained_access_control=AdvancedSecurityOptions(
        master_user_name="master-user",
        saml_authentication_enabled=True,
        saml_authentication_options=SAMLOptionsProperty(
            idp_entity_id="entity-id",
            idp_metadata_content="metadata-content-with-quotes-escaped"
        )
    )
)

Attributes

master_user_arn

ARN for the master user.

Only specify this or masterUserName, but not both.

Default:
  • fine-grained access control is disabled

master_user_name

Username for the master user.

Only specify this or masterUserArn, but not both.

Default:
  • fine-grained access control is disabled

master_user_password

Password for the master user.

You can use SecretValue.unsafePlainText to specify a password in plain text or use secretsmanager.Secret.fromSecretAttributes to reference a secret in Secrets Manager.

Default:
  • A Secrets Manager generated password

saml_authentication_enabled

True to enable SAML authentication for a domain.

Default:
  • SAML authentication is disabled. Enabled if samlAuthenticationOptions is set.

See:

https://docs.aws.amazon.com/opensearch-service/latest/developerguide/saml.html

saml_authentication_options

Container for information about the SAML configuration for OpenSearch Dashboards.

If set, samlAuthenticationEnabled will be enabled.

Default:
  • no SAML authentication options