software.amazon.awscdk.services.opensearchservice

Interface DomainProps

All Known Implementing Classes:

DomainProps.Jsii$Proxy

@Generated(value="jsii-pacmak/1.73.0 (build 6faeda3)",
           date="2023-01-31T18:36:57.851Z")
public interface DomainProps

Properties for an Amazon OpenSearch Service domain.

Example:

 Domain domain = Domain.Builder.create(this, "Domain")
         .version(EngineVersion.OPENSEARCH_1_0)
         .ebs(EbsOptions.builder()
                 .volumeSize(100)
                 .volumeType(EbsDeviceVolumeType.GENERAL_PURPOSE_SSD)
                 .build())
         .nodeToNodeEncryption(true)
         .encryptionAtRest(EncryptionAtRestOptions.builder()
                 .enabled(true)
                 .build())
         .build();
 

Nested Class Summary

Nested Classes

Modifier and Type	Interface and Description
static class	DomainProps.Builder A builder for DomainProps
static class	DomainProps.Jsii$Proxy An implementation for DomainProps

Method Summary

Modifier and Type	Method and Description
static DomainProps.Builder	builder()
default java.util.List<PolicyStatement>	getAccessPolicies() Domain access policies.
default java.util.Map<java.lang.String,java.lang.String>	getAdvancedOptions() Additional options to specify for the Amazon OpenSearch Service domain.
default java.lang.Number	getAutomatedSnapshotStartHour() The hour in UTC during which the service takes an automated daily snapshot of the indices in the Amazon OpenSearch Service domain.
default CapacityConfig	getCapacity() The cluster capacity configuration for the Amazon OpenSearch Service domain.
default CognitoOptions	getCognitoDashboardsAuth() Configures Amazon OpenSearch Service to use Amazon Cognito authentication for OpenSearch Dashboards.
default CustomEndpointOptions	getCustomEndpoint() To configure a custom domain configure these options.
default java.lang.String	getDomainName() Enforces a particular physical domain name.
default EbsOptions	getEbs() The configurations of Amazon Elastic Block Store (Amazon EBS) volumes that are attached to data nodes in the Amazon OpenSearch Service domain.
default java.lang.Boolean	getEnableVersionUpgrade() To upgrade an Amazon OpenSearch Service domain to a new version, rather than replacing the entire domain resource, use the EnableVersionUpgrade update policy.
default EncryptionAtRestOptions	getEncryptionAtRest() Encryption at rest options for the cluster.
default java.lang.Boolean	getEnforceHttps() True to require that all traffic to the domain arrive over HTTPS.
default AdvancedSecurityOptions	getFineGrainedAccessControl() Specifies options for fine-grained access control.
default LoggingOptions	getLogging() Configuration log publishing configuration options.
default java.lang.Boolean	getNodeToNodeEncryption() Specify true to enable node to node encryption.
default RemovalPolicy	getRemovalPolicy() Policy to apply when the domain is removed from the stack.
default java.util.List<ISecurityGroup>	getSecurityGroups() The list of security groups that are associated with the VPC endpoints for the domain.
default TLSSecurityPolicy	getTlsSecurityPolicy() The minimum TLS version required for traffic to the domain.
default java.lang.Boolean	getUseUnsignedBasicAuth() Configures the domain so that unsigned basic auth is enabled.
EngineVersion	getVersion() The Elasticsearch/OpenSearch version that your domain will leverage.
default IVpc	getVpc() Place the domain inside this VPC.
default java.util.List<SubnetSelection>	getVpcSubnets() The specific vpc subnets the domain will be placed in.
default ZoneAwarenessConfig	getZoneAwareness() The cluster zone awareness configuration for the Amazon OpenSearch Service domain.

Method Detail

getVersion

EngineVersion getVersion()

The Elasticsearch/OpenSearch version that your domain will leverage.

getAccessPolicies

default java.util.List<PolicyStatement> getAccessPolicies()

Domain access policies.

Default: - No access policies.

getAdvancedOptions

default java.util.Map<java.lang.String,java.lang.String> getAdvancedOptions()

Additional options to specify for the Amazon OpenSearch Service domain.

Default: - no advanced options are specified

See Also:

https://docs.aws.amazon.com/opensearch-service/latest/developerguide/createupdatedomains.html#createdomain-configure-advanced-options

getAutomatedSnapshotStartHour

default java.lang.Number getAutomatedSnapshotStartHour()

The hour in UTC during which the service takes an automated daily snapshot of the indices in the Amazon OpenSearch Service domain.

Only applies for Elasticsearch versions below 5.3.

Default: - Hourly automated snapshots not used

getCapacity

default CapacityConfig getCapacity()

The cluster capacity configuration for the Amazon OpenSearch Service domain.

Default: - 1 r5.large.search data node; no dedicated master nodes.

getCognitoDashboardsAuth

default CognitoOptions getCognitoDashboardsAuth()

Configures Amazon OpenSearch Service to use Amazon Cognito authentication for OpenSearch Dashboards.

Default: - Cognito not used for authentication to OpenSearch Dashboards.

getCustomEndpoint

default CustomEndpointOptions getCustomEndpoint()

To configure a custom domain configure these options.

If you specify a Route53 hosted zone it will create a CNAME record and use DNS validation for the certificate

Default: - no custom domain endpoint will be configured

getDomainName

default java.lang.String getDomainName()

Enforces a particular physical domain name.

Default: - A name will be auto-generated.

getEbs

default EbsOptions getEbs()

The configurations of Amazon Elastic Block Store (Amazon EBS) volumes that are attached to data nodes in the Amazon OpenSearch Service domain.

Default: - 10 GiB General Purpose (SSD) volumes per node.

getEnableVersionUpgrade

default java.lang.Boolean getEnableVersionUpgrade()

To upgrade an Amazon OpenSearch Service domain to a new version, rather than replacing the entire domain resource, use the EnableVersionUpgrade update policy.

Default: - false

See Also:

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-updatepolicy.html#cfn-attributes-updatepolicy-upgradeopensearchdomain

getEncryptionAtRest

default EncryptionAtRestOptions getEncryptionAtRest()

Encryption at rest options for the cluster.

Default: - No encryption at rest

getEnforceHttps

default java.lang.Boolean getEnforceHttps()

True to require that all traffic to the domain arrive over HTTPS.

Default: - false

getFineGrainedAccessControl

default AdvancedSecurityOptions getFineGrainedAccessControl()

Specifies options for fine-grained access control.

Requires Elasticsearch version 6.7 or later or OpenSearch version 1.0 or later. Enabling fine-grained access control also requires encryption of data at rest and node-to-node encryption, along with enforced HTTPS.

Default: - fine-grained access control is disabled

getLogging

default LoggingOptions getLogging()

Configuration log publishing configuration options.

Default: - No logs are published

getNodeToNodeEncryption

default java.lang.Boolean getNodeToNodeEncryption()

Specify true to enable node to node encryption.

Requires Elasticsearch version 6.0 or later or OpenSearch version 1.0 or later.

Default: - Node to node encryption is not enabled.

getRemovalPolicy

default RemovalPolicy getRemovalPolicy()

Policy to apply when the domain is removed from the stack.

Default: RemovalPolicy.RETAIN

getSecurityGroups

default java.util.List<ISecurityGroup> getSecurityGroups()

The list of security groups that are associated with the VPC endpoints for the domain.

Only used if vpc is specified.

Default: - One new security group is created.

See Also:

https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html

getTlsSecurityPolicy

default TLSSecurityPolicy getTlsSecurityPolicy()

The minimum TLS version required for traffic to the domain.

Default: - TLSSecurityPolicy.TLS_1_0

getUseUnsignedBasicAuth

default java.lang.Boolean getUseUnsignedBasicAuth()

Configures the domain so that unsigned basic auth is enabled.

If no master user is provided a default master user with username admin and a dynamically generated password stored in KMS is created. The password can be retrieved by getting masterUserPassword from the domain instance.

Setting this to true will also add an access policy that allows unsigned access, enable node to node encryption, encryption at rest. If conflicting settings are encountered (like disabling encryption at rest) enabling this setting will cause a failure.

Default: - false

getVpc

default IVpc getVpc()

Place the domain inside this VPC.

Default: - Domain is not placed in a VPC.

See Also:

https://docs.aws.amazon.com/opensearch-service/latest/developerguide/vpc.html

getVpcSubnets

default java.util.List<SubnetSelection> getVpcSubnets()

The specific vpc subnets the domain will be placed in.

You must provide one subnet for each Availability Zone that your domain uses. For example, you must specify three subnet IDs for a three Availability Zone domain.

Only used if vpc is specified.

Default: - All private subnets.

See Also:

https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html

getZoneAwareness

default ZoneAwarenessConfig getZoneAwareness()

The cluster zone awareness configuration for the Amazon OpenSearch Service domain.

Default: - no zone awareness (1 AZ)

builder

static DomainProps.Builder builder()

Returns:

a DomainProps.Builder of DomainProps