AdvancedSecurityOptions
- class aws_cdk.aws_opensearchservice.AdvancedSecurityOptions(*, master_user_arn=None, master_user_name=None, master_user_password=None, saml_authentication_enabled=None, saml_authentication_options=None)
Bases:
object
Specifies options for fine-grained access control.
- Parameters:
master_user_arn (
Optional
[str
]) – ARN for the master user. Only specify this or masterUserName, but not both. Default: - fine-grained access control is disabledmaster_user_name (
Optional
[str
]) – Username for the master user. Only specify this or masterUserArn, but not both. Default: - fine-grained access control is disabledmaster_user_password (
Optional
[SecretValue
]) – Password for the master user. You can useSecretValue.unsafePlainText
to specify a password in plain text or usesecretsmanager.Secret.fromSecretAttributes
to reference a secret in Secrets Manager. Default: - A Secrets Manager generated passwordsaml_authentication_enabled (
Optional
[bool
]) – True to enable SAML authentication for a domain. Default: - SAML authentication is disabled. Enabled ifsamlAuthenticationOptions
is set.saml_authentication_options (
Union
[SAMLOptionsProperty
,Dict
[str
,Any
],None
]) – Container for information about the SAML configuration for OpenSearch Dashboards. If set,samlAuthenticationEnabled
will be enabled. Default: - no SAML authentication options
- ExampleMetadata:
infused
Example:
domain = Domain(self, "Domain", version=EngineVersion.OPENSEARCH_1_0, enforce_https=True, node_to_node_encryption=True, encryption_at_rest=EncryptionAtRestOptions( enabled=True ), fine_grained_access_control=AdvancedSecurityOptions( master_user_name="master-user", saml_authentication_enabled=True, saml_authentication_options=SAMLOptionsProperty( idp_entity_id="entity-id", idp_metadata_content="metadata-content-with-quotes-escaped" ) ) )
Attributes
- master_user_arn
ARN for the master user.
Only specify this or masterUserName, but not both.
- Default:
fine-grained access control is disabled
- master_user_name
Username for the master user.
Only specify this or masterUserArn, but not both.
- Default:
fine-grained access control is disabled
- master_user_password
Password for the master user.
You can use
SecretValue.unsafePlainText
to specify a password in plain text or usesecretsmanager.Secret.fromSecretAttributes
to reference a secret in Secrets Manager.- Default:
A Secrets Manager generated password
- saml_authentication_enabled
True to enable SAML authentication for a domain.
- Default:
SAML authentication is disabled. Enabled if
samlAuthenticationOptions
is set.
- See:
https://docs.aws.amazon.com/opensearch-service/latest/developerguide/saml.html
- saml_authentication_options
Container for information about the SAML configuration for OpenSearch Dashboards.
If set,
samlAuthenticationEnabled
will be enabled.- Default:
no SAML authentication options