EncryptionAtRestOptions

class aws_cdk.aws_elasticsearch.EncryptionAtRestOptions(*, enabled=None, kms_key=None)

Bases: object

(deprecated) Whether the domain should encrypt data at rest, and if so, the AWS Key Management Service (KMS) key to use.

Can only be used to create a new domain, not update an existing one. Requires Elasticsearch version 5.1 or later.

Parameters
  • enabled (Optional[bool]) – (deprecated) Specify true to enable encryption at rest. Default: - encryption at rest is disabled.

  • kms_key (Optional[IKey]) – (deprecated) Supply if using KMS key for encryption at rest. Default: - uses default aws/es KMS key.

Deprecated

use opensearchservice module instead

Stability

deprecated

ExampleMetadata

infused

Example:

domain = es.Domain(self, "Domain",
    version=es.ElasticsearchVersion.V7_1,
    enforce_https=True,
    node_to_node_encryption=True,
    encryption_at_rest=es.EncryptionAtRestOptions(
        enabled=True
    ),
    fine_grained_access_control=es.AdvancedSecurityOptions(
        master_user_name="master-user"
    )
)

master_user_password = domain.master_user_password

Attributes

enabled

(deprecated) Specify true to enable encryption at rest.

Default
  • encryption at rest is disabled.

Deprecated

use opensearchservice module instead

Stability

deprecated

Return type

Optional[bool]

kms_key

(deprecated) Supply if using KMS key for encryption at rest.

Default
  • uses default aws/es KMS key.

Deprecated

use opensearchservice module instead

Stability

deprecated

Return type

Optional[IKey]