EncryptionAtRestOptions
- class aws_cdk.aws_elasticsearch.EncryptionAtRestOptions(*, enabled=None, kms_key=None)
Bases:
object(deprecated) Whether the domain should encrypt data at rest, and if so, the AWS Key Management Service (KMS) key to use.
Can only be used to create a new domain, not update an existing one. Requires Elasticsearch version 5.1 or later.
- Parameters:
enabled (
Optional[bool]) – (deprecated) Specify true to enable encryption at rest. Default: - encryption at rest is disabled.kms_key (
Optional[IKey]) – (deprecated) Supply if using KMS key for encryption at rest. Default: - uses default aws/es KMS key.
- Deprecated:
use opensearchservice module instead
- Stability:
deprecated
- ExampleMetadata:
infused
Example:
domain = es.Domain(self, "Domain", version=es.ElasticsearchVersion.V7_1, enforce_https=True, node_to_node_encryption=True, encryption_at_rest=es.EncryptionAtRestOptions( enabled=True ), fine_grained_access_control=es.AdvancedSecurityOptions( master_user_name="master-user" ) ) master_user_password = domain.master_user_password
Attributes
- enabled
(deprecated) Specify true to enable encryption at rest.
- Default:
encryption at rest is disabled.
- Deprecated:
use opensearchservice module instead
- Stability:
deprecated
- kms_key
(deprecated) Supply if using KMS key for encryption at rest.
- Default:
uses default aws/es KMS key.
- Deprecated:
use opensearchservice module instead
- Stability:
deprecated