DomainProps

class aws_cdk.aws_elasticsearch.DomainProps(*, version, access_policies=None, advanced_options=None, automated_snapshot_start_hour=None, capacity=None, cognito_kibana_auth=None, custom_endpoint=None, domain_name=None, ebs=None, enable_version_upgrade=None, encryption_at_rest=None, enforce_https=None, fine_grained_access_control=None, logging=None, node_to_node_encryption=None, removal_policy=None, security_groups=None, tls_security_policy=None, use_unsigned_basic_auth=None, vpc=None, vpc_subnets=None, zone_awareness=None)

Bases: object

(deprecated) Properties for an AWS Elasticsearch Domain.

Parameters
  • version (ElasticsearchVersion) – (deprecated) The Elasticsearch version that your domain will leverage.

  • access_policies (Optional[Sequence[PolicyStatement]]) – (deprecated) Domain Access policies. Default: - No access policies.

  • advanced_options (Optional[Mapping[str, str]]) – (deprecated) Additional options to specify for the Amazon ES domain. Default: - no advanced options are specified

  • automated_snapshot_start_hour (Union[int, float, None]) – (deprecated) The hour in UTC during which the service takes an automated daily snapshot of the indices in the Amazon ES domain. Only applies for Elasticsearch versions below 5.3. Default: - Hourly automated snapshots not used

  • capacity (Union[CapacityConfig, Dict[str, Any], None]) – (deprecated) The cluster capacity configuration for the Amazon ES domain. Default: - 1 r5.large.elasticsearch data node; no dedicated master nodes.

  • cognito_kibana_auth (Union[CognitoOptions, Dict[str, Any], None]) – (deprecated) Configures Amazon ES to use Amazon Cognito authentication for Kibana. Default: - Cognito not used for authentication to Kibana.

  • custom_endpoint (Union[CustomEndpointOptions, Dict[str, Any], None]) – (deprecated) To configure a custom domain configure these options. If you specify a Route53 hosted zone it will create a CNAME record and use DNS validation for the certificate Default: - no custom domain endpoint will be configured

  • domain_name (Optional[str]) – (deprecated) Enforces a particular physical domain name. Default: - A name will be auto-generated.

  • ebs (Union[EbsOptions, Dict[str, Any], None]) – (deprecated) The configurations of Amazon Elastic Block Store (Amazon EBS) volumes that are attached to data nodes in the Amazon ES domain. For more information, see [Configuring EBS-based Storage] (https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/es-createupdatedomains.html#es-createdomain-configure-ebs) in the Amazon Elasticsearch Service Developer Guide. Default: - 10 GiB General Purpose (SSD) volumes per node.

  • enable_version_upgrade (Optional[bool]) – (deprecated) To upgrade an Amazon ES domain to a new version of Elasticsearch rather than replacing the entire domain resource, use the EnableVersionUpgrade update policy. Default: - false

  • encryption_at_rest (Union[EncryptionAtRestOptions, Dict[str, Any], None]) – (deprecated) Encryption at rest options for the cluster. Default: - No encryption at rest

  • enforce_https (Optional[bool]) – (deprecated) True to require that all traffic to the domain arrive over HTTPS. Default: - false

  • fine_grained_access_control (Union[AdvancedSecurityOptions, Dict[str, Any], None]) – (deprecated) Specifies options for fine-grained access control. Requires Elasticsearch version 6.7 or later. Enabling fine-grained access control also requires encryption of data at rest and node-to-node encryption, along with enforced HTTPS. Default: - fine-grained access control is disabled

  • logging (Union[LoggingOptions, Dict[str, Any], None]) – (deprecated) Configuration log publishing configuration options. Default: - No logs are published

  • node_to_node_encryption (Optional[bool]) – (deprecated) Specify true to enable node to node encryption. Requires Elasticsearch version 6.0 or later. Default: - Node to node encryption is not enabled.

  • removal_policy (Optional[RemovalPolicy]) – (deprecated) Policy to apply when the domain is removed from the stack. Default: RemovalPolicy.RETAIN

  • security_groups (Optional[Sequence[ISecurityGroup]]) – (deprecated) The list of security groups that are associated with the VPC endpoints for the domain. Only used if vpc is specified. Default: - One new security group is created.

  • tls_security_policy (Optional[TLSSecurityPolicy]) – (deprecated) The minimum TLS version required for traffic to the domain. Default: - TLSSecurityPolicy.TLS_1_0

  • use_unsigned_basic_auth (Optional[bool]) – (deprecated) Configures the domain so that unsigned basic auth is enabled. If no master user is provided a default master user with username admin and a dynamically generated password stored in KMS is created. The password can be retrieved by getting masterUserPassword from the domain instance. Setting this to true will also add an access policy that allows unsigned access, enable node to node encryption, encryption at rest. If conflicting settings are encountered (like disabling encryption at rest) enabling this setting will cause a failure. Default: - false

  • vpc (Optional[IVpc]) – (deprecated) Place the domain inside this VPC. Default: - Domain is not placed in a VPC.

  • vpc_subnets (Optional[Sequence[Union[SubnetSelection, Dict[str, Any]]]]) – (deprecated) The specific vpc subnets the domain will be placed in. You must provide one subnet for each Availability Zone that your domain uses. For example, you must specify three subnet IDs for a three Availability Zone domain. Only used if vpc is specified. Default: - All private subnets.

  • zone_awareness (Union[ZoneAwarenessConfig, Dict[str, Any], None]) – (deprecated) The cluster zone awareness configuration for the Amazon ES domain. Default: - no zone awareness (1 AZ)

Deprecated

use opensearchservice module instead

Stability

deprecated

ExampleMetadata

infused

Example:

domain = es.Domain(self, "Domain",
    version=es.ElasticsearchVersion.V7_4,
    ebs=es.EbsOptions(
        volume_size=100,
        volume_type=ec2.EbsDeviceVolumeType.GENERAL_PURPOSE_SSD
    ),
    node_to_node_encryption=True,
    encryption_at_rest=es.EncryptionAtRestOptions(
        enabled=True
    )
)

Attributes

access_policies

(deprecated) Domain Access policies.

Default
  • No access policies.

Deprecated

use opensearchservice module instead

Stability

deprecated

Return type

Optional[List[PolicyStatement]]

advanced_options

(deprecated) Additional options to specify for the Amazon ES domain.

Default
  • no advanced options are specified

Deprecated

use opensearchservice module instead

See

https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/es-createupdatedomains.html#es-createdomain-configure-advanced-options

Stability

deprecated

Return type

Optional[Mapping[str, str]]

automated_snapshot_start_hour

(deprecated) The hour in UTC during which the service takes an automated daily snapshot of the indices in the Amazon ES domain.

Only applies for Elasticsearch versions below 5.3.

Default
  • Hourly automated snapshots not used

Deprecated

use opensearchservice module instead

Stability

deprecated

Return type

Union[int, float, None]

capacity

(deprecated) The cluster capacity configuration for the Amazon ES domain.

Default
  • 1 r5.large.elasticsearch data node; no dedicated master nodes.

Deprecated

use opensearchservice module instead

Stability

deprecated

Return type

Optional[CapacityConfig]

cognito_kibana_auth

(deprecated) Configures Amazon ES to use Amazon Cognito authentication for Kibana.

Default
  • Cognito not used for authentication to Kibana.

Deprecated

use opensearchservice module instead

Stability

deprecated

Return type

Optional[CognitoOptions]

custom_endpoint

(deprecated) To configure a custom domain configure these options.

If you specify a Route53 hosted zone it will create a CNAME record and use DNS validation for the certificate

Default
  • no custom domain endpoint will be configured

Deprecated

use opensearchservice module instead

Stability

deprecated

Return type

Optional[CustomEndpointOptions]

domain_name

(deprecated) Enforces a particular physical domain name.

Default
  • A name will be auto-generated.

Deprecated

use opensearchservice module instead

Stability

deprecated

Return type

Optional[str]

ebs

(deprecated) The configurations of Amazon Elastic Block Store (Amazon EBS) volumes that are attached to data nodes in the Amazon ES domain.

For more information, see [Configuring EBS-based Storage] (https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/es-createupdatedomains.html#es-createdomain-configure-ebs) in the Amazon Elasticsearch Service Developer Guide.

Default
  • 10 GiB General Purpose (SSD) volumes per node.

Deprecated

use opensearchservice module instead

Stability

deprecated

Return type

Optional[EbsOptions]

enable_version_upgrade

(deprecated) To upgrade an Amazon ES domain to a new version of Elasticsearch rather than replacing the entire domain resource, use the EnableVersionUpgrade update policy.

Default
  • false

Deprecated

use opensearchservice module instead

See

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-updatepolicy.html#cfn-attributes-updatepolicy-upgradeelasticsearchdomain

Stability

deprecated

Return type

Optional[bool]

encryption_at_rest

(deprecated) Encryption at rest options for the cluster.

Default
  • No encryption at rest

Deprecated

use opensearchservice module instead

Stability

deprecated

Return type

Optional[EncryptionAtRestOptions]

enforce_https

(deprecated) True to require that all traffic to the domain arrive over HTTPS.

Default
  • false

Deprecated

use opensearchservice module instead

Stability

deprecated

Return type

Optional[bool]

fine_grained_access_control

(deprecated) Specifies options for fine-grained access control.

Requires Elasticsearch version 6.7 or later. Enabling fine-grained access control also requires encryption of data at rest and node-to-node encryption, along with enforced HTTPS.

Default
  • fine-grained access control is disabled

Deprecated

use opensearchservice module instead

Stability

deprecated

Return type

Optional[AdvancedSecurityOptions]

logging

(deprecated) Configuration log publishing configuration options.

Default
  • No logs are published

Deprecated

use opensearchservice module instead

Stability

deprecated

Return type

Optional[LoggingOptions]

node_to_node_encryption

(deprecated) Specify true to enable node to node encryption.

Requires Elasticsearch version 6.0 or later.

Default
  • Node to node encryption is not enabled.

Deprecated

use opensearchservice module instead

Stability

deprecated

Return type

Optional[bool]

removal_policy

(deprecated) Policy to apply when the domain is removed from the stack.

Default

RemovalPolicy.RETAIN

Deprecated

use opensearchservice module instead

Stability

deprecated

Return type

Optional[RemovalPolicy]

security_groups

(deprecated) The list of security groups that are associated with the VPC endpoints for the domain.

Only used if vpc is specified.

Default
  • One new security group is created.

Deprecated

use opensearchservice module instead

See

https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html

Stability

deprecated

Return type

Optional[List[ISecurityGroup]]

tls_security_policy

(deprecated) The minimum TLS version required for traffic to the domain.

Default
  • TLSSecurityPolicy.TLS_1_0

Deprecated

use opensearchservice module instead

Stability

deprecated

Return type

Optional[TLSSecurityPolicy]

use_unsigned_basic_auth

(deprecated) Configures the domain so that unsigned basic auth is enabled.

If no master user is provided a default master user with username admin and a dynamically generated password stored in KMS is created. The password can be retrieved by getting masterUserPassword from the domain instance.

Setting this to true will also add an access policy that allows unsigned access, enable node to node encryption, encryption at rest. If conflicting settings are encountered (like disabling encryption at rest) enabling this setting will cause a failure.

Default
  • false

Deprecated

use opensearchservice module instead

Stability

deprecated

Return type

Optional[bool]

version

(deprecated) The Elasticsearch version that your domain will leverage.

Deprecated

use opensearchservice module instead

Stability

deprecated

Return type

ElasticsearchVersion

vpc

(deprecated) Place the domain inside this VPC.

Default
  • Domain is not placed in a VPC.

Deprecated

use opensearchservice module instead

See

https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/es-vpc.html

Stability

deprecated

Return type

Optional[IVpc]

vpc_subnets

(deprecated) The specific vpc subnets the domain will be placed in.

You must provide one subnet for each Availability Zone that your domain uses. For example, you must specify three subnet IDs for a three Availability Zone domain.

Only used if vpc is specified.

Default
  • All private subnets.

Deprecated

use opensearchservice module instead

See

https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html

Stability

deprecated

Return type

Optional[List[SubnetSelection]]

zone_awareness

(deprecated) The cluster zone awareness configuration for the Amazon ES domain.

Default
  • no zone awareness (1 AZ)

Deprecated

use opensearchservice module instead

Stability

deprecated

Return type

Optional[ZoneAwarenessConfig]