AWS Tools for Windows PowerShell
Command Reference

AWS services or capabilities described in AWS Documentation may vary by region/location. Click Getting Started with Amazon AWS to see specific differences applicable to the China (Beijing) Region.

Synopsis

Calls the Amazon OpenSearch Service CreateDomain API operation.

Syntax

New-OSDomain
-AccessPolicy <String>
-AdvancedOption <Hashtable>
-AdvancedSecurityOptions_AnonymousAuthEnabled <Boolean>
-SnapshotOptions_AutomatedSnapshotStartHour <Int32>
-SoftwareUpdateOptions_AutoSoftwareUpdateEnabled <Boolean>
-ZoneAwarenessConfig_AvailabilityZoneCount <Int32>
-DomainEndpointOptions_CustomEndpoint <String>
-DomainEndpointOptions_CustomEndpointCertificateArn <String>
-DomainEndpointOptions_CustomEndpointEnabled <Boolean>
-ClusterConfig_DedicatedMasterCount <Int32>
-ClusterConfig_DedicatedMasterEnabled <Boolean>
-ClusterConfig_DedicatedMasterType <OpenSearchPartitionInstanceType>
-AutoTuneOptions_DesiredState <AutoTuneDesiredState>
-DomainName <String>
-EBSOptions_EBSEnabled <Boolean>
-AdvancedSecurityOptions_Enabled <Boolean>
-SAMLOptions_Enabled <Boolean>
-ColdStorageOptions_Enabled <Boolean>
-CognitoOptions_Enabled <Boolean>
-EncryptionAtRestOptions_Enabled <Boolean>
-NodeToNodeEncryptionOptions_Enabled <Boolean>
-OffPeakWindowOptions_Enabled <Boolean>
-DomainEndpointOptions_EnforceHTTPS <Boolean>
-EngineVersion <String>
-Idp_EntityId <String>
-WindowStartTime_Hour <Int64>
-CognitoOptions_IdentityPoolId <String>
-ClusterConfig_InstanceCount <Int32>
-ClusterConfig_InstanceType <OpenSearchPartitionInstanceType>
-AdvancedSecurityOptions_InternalUserDatabaseEnabled <Boolean>
-EBSOptions_Iops <Int32>
-IPAddressType <IPAddressType>
-EncryptionAtRestOptions_KmsKeyId <String>
-LogPublishingOption <Hashtable>
-AutoTuneOptions_MaintenanceSchedule <AutoTuneMaintenanceSchedule[]>
-SAMLOptions_MasterBackendRole <String>
-MasterUserOptions_MasterUserARN <String>
-MasterUserOptions_MasterUserName <String>
-SAMLOptions_MasterUserName <String>
-MasterUserOptions_MasterUserPassword <String>
-Idp_MetadataContent <String>
-WindowStartTime_Minute <Int64>
-ClusterConfig_MultiAZWithStandbyEnabled <Boolean>
-CognitoOptions_RoleArn <String>
-SAMLOptions_RolesKey <String>
-VPCOptions_SecurityGroupId <String[]>
-SAMLOptions_SessionTimeoutMinute <Int32>
-SAMLOptions_SubjectKey <String>
-VPCOptions_SubnetId <String[]>
-TagList <Tag[]>
-EBSOptions_Throughput <Int32>
-DomainEndpointOptions_TLSSecurityPolicy <TLSSecurityPolicy>
-AutoTuneOptions_UseOffPeakWindow <Boolean>
-CognitoOptions_UserPoolId <String>
-EBSOptions_VolumeSize <Int32>
-EBSOptions_VolumeType <VolumeType>
-ClusterConfig_WarmCount <Int32>
-ClusterConfig_WarmEnabled <Boolean>
-ClusterConfig_WarmType <OpenSearchWarmPartitionInstanceType>
-ClusterConfig_ZoneAwarenessEnabled <Boolean>
-Select <String>
-Force <SwitchParameter>
-ClientConfig <AmazonOpenSearchServiceConfig>

Description

Creates an Amazon OpenSearch Service domain. For more information, see Creating and managing Amazon OpenSearch Service domains.

Parameters

-AccessPolicy <String>
Identity and Access Management (IAM) policy document specifying the access policies for the new domain.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
AliasesAccessPolicies
-AdvancedOption <Hashtable>
Key-value pairs to specify advanced configuration options. The following key-value pairs are supported:
  • "rest.action.multi.allow_explicit_index": "true" | "false" - Note the use of a string rather than a boolean. Specifies whether explicit references to indexes are allowed inside the body of HTTP requests. If you want to configure access policies for domain sub-resources, such as specific indexes and domain APIs, you must disable this property. Default is true.
  • "indices.fielddata.cache.size": "80" - Note the use of a string rather than a boolean. Specifies the percentage of heap space allocated to field data. Default is unbounded.
  • "indices.query.bool.max_clause_count": "1024" - Note the use of a string rather than a boolean. Specifies the maximum number of clauses allowed in a Lucene boolean query. Default is 1,024. Queries with more than the permitted number of clauses result in a TooManyClauses error.
  • "override_main_response_version": "true" | "false" - Note the use of a string rather than a boolean. Specifies whether the domain reports its version as 7.10 to allow Elasticsearch OSS clients and plugins to continue working with it. Default is false when creating a domain and true when upgrading a domain.
For more information, see Advanced cluster parameters.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
AliasesAdvancedOptions
-AdvancedSecurityOptions_AnonymousAuthEnabled <Boolean>
True to enable a 30-day migration period during which administrators can create role mappings. Only necessary when enabling fine-grained access control on an existing domain.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-AdvancedSecurityOptions_Enabled <Boolean>
True to enable fine-grained access control.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-AdvancedSecurityOptions_InternalUserDatabaseEnabled <Boolean>
True to enable the internal user database.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-AutoTuneOptions_DesiredState <AutoTuneDesiredState>
Whether Auto-Tune is enabled or disabled.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-AutoTuneOptions_MaintenanceSchedule <AutoTuneMaintenanceSchedule[]>
A list of maintenance schedules during which Auto-Tune can deploy changes. Maintenance windows are deprecated and have been replaced with off-peak windows.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
AliasesAutoTuneOptions_MaintenanceSchedules
-AutoTuneOptions_UseOffPeakWindow <Boolean>
Whether to schedule Auto-Tune optimizations that require blue/green deployments during the domain's configured daily off-peak window.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
Amazon.PowerShell.Cmdlets.OS.AmazonOpenSearchServiceClientCmdlet.ClientConfig
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-ClusterConfig_DedicatedMasterCount <Int32>
Number of dedicated master nodes in the cluster. This number must be greater than 2 and not 4, otherwise you receive a validation exception.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-ClusterConfig_DedicatedMasterEnabled <Boolean>
Indicates whether dedicated master nodes are enabled for the cluster.True if the cluster will use a dedicated master node.False if the cluster will not.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-ClusterConfig_DedicatedMasterType <OpenSearchPartitionInstanceType>
OpenSearch Service instance type of the dedicated master nodes in the cluster.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-ClusterConfig_InstanceCount <Int32>
Number of data nodes in the cluster. This number must be greater than 1, otherwise you receive a validation exception.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-ClusterConfig_InstanceType <OpenSearchPartitionInstanceType>
Instance type of data nodes in the cluster.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-ClusterConfig_MultiAZWithStandbyEnabled <Boolean>
A boolean that indicates whether a multi-AZ domain is turned on with a standby AZ. For more information, see Configuring a multi-AZ domain in Amazon OpenSearch Service.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-ClusterConfig_WarmCount <Int32>
The number of warm nodes in the cluster.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-ClusterConfig_WarmEnabled <Boolean>
Whether to enable warm storage for the cluster.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-ClusterConfig_WarmType <OpenSearchWarmPartitionInstanceType>
The instance type for the cluster's warm nodes.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-ClusterConfig_ZoneAwarenessEnabled <Boolean>
Indicates whether multiple Availability Zones are enabled. For more information, see Configuring a multi-AZ domain in Amazon OpenSearch Service.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-CognitoOptions_Enabled <Boolean>
Whether to enable or disable Amazon Cognito authentication for OpenSearch Dashboards.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-CognitoOptions_IdentityPoolId <String>
The Amazon Cognito identity pool ID that you want OpenSearch Service to use for OpenSearch Dashboards authentication.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-CognitoOptions_RoleArn <String>
The AmazonOpenSearchServiceCognitoAccess role that allows OpenSearch Service to configure your user pool and identity pool.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-CognitoOptions_UserPoolId <String>
The Amazon Cognito user pool ID that you want OpenSearch Service to use for OpenSearch Dashboards authentication.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-ColdStorageOptions_Enabled <Boolean>
Whether to enable or disable cold storage on the domain. You must enable UltraWarm storage to enable cold storage.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
AliasesClusterConfig_ColdStorageOptions_Enabled
-DomainEndpointOptions_CustomEndpoint <String>
The fully qualified URL for the custom endpoint.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-DomainEndpointOptions_CustomEndpointCertificateArn <String>
The ARN for your security certificate, managed in Amazon Web Services Certificate Manager (ACM).
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-DomainEndpointOptions_CustomEndpointEnabled <Boolean>
Whether to enable a custom endpoint for the domain.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-DomainEndpointOptions_EnforceHTTPS <Boolean>
True to require that all traffic to the domain arrive over HTTPS.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-DomainEndpointOptions_TLSSecurityPolicy <TLSSecurityPolicy>
Specify the TLS security policy to apply to the HTTPS endpoint of the domain. The policy can be one of the following values:
  • Policy-Min-TLS-1-0-2019-07: TLS security policy that supports TLS version 1.0 to TLS version 1.2
  • Policy-Min-TLS-1-2-2019-07: TLS security policy that supports only TLS version 1.2
  • Policy-Min-TLS-1-2-PFS-2023-10: TLS security policy that supports TLS version 1.2 to TLS version 1.3 with perfect forward secrecy cipher suites
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-DomainName <String>
Name of the OpenSearch Service domain to create. Domain names are unique across the domains owned by an account within an Amazon Web Services Region.
Required?True
Position?Named
Accept pipeline input?True (ByPropertyName)
-EBSOptions_EBSEnabled <Boolean>
Indicates whether EBS volumes are attached to data nodes in an OpenSearch Service domain.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-EBSOptions_Iops <Int32>
Specifies the baseline input/output (I/O) performance of EBS volumes attached to data nodes. Applicable only for the gp3 and provisioned IOPS EBS volume types.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-EBSOptions_Throughput <Int32>
Specifies the throughput (in MiB/s) of the EBS volumes attached to data nodes. Applicable only for the gp3 volume type.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-EBSOptions_VolumeSize <Int32>
Specifies the size (in GiB) of EBS volumes attached to data nodes.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-EBSOptions_VolumeType <VolumeType>
Specifies the type of EBS volumes attached to data nodes.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-EncryptionAtRestOptions_Enabled <Boolean>
True to enable encryption at rest.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-EncryptionAtRestOptions_KmsKeyId <String>
The KMS key ID. Takes the form 1a2a3a4-1a2a-3a4a-5a6a-1a2a3a4a5a6a.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-EngineVersion <String>
String of format Elasticsearch_X.Y or OpenSearch_X.Y to specify the engine version for the OpenSearch Service domain. For example, OpenSearch_1.0 or Elasticsearch_7.9. For more information, see Creating and managing Amazon OpenSearch Service domains.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
This parameter overrides confirmation prompts to force the cmdlet to continue its operation. This parameter should always be used with caution.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Idp_EntityId <String>
The unique entity ID of the application in the SAML identity provider.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
AliasesAdvancedSecurityOptions_SAMLOptions_Idp_EntityId
-Idp_MetadataContent <String>
The metadata of the SAML application, in XML format.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
AliasesAdvancedSecurityOptions_SAMLOptions_Idp_MetadataContent
-IPAddressType <IPAddressType>
Specify either dual stack or IPv4 as your IP address type. Dual stack allows you to share domain resources across IPv4 and IPv6 address types, and is the recommended option. If you set your IP address type to dual stack, you can't change your address type later.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-LogPublishingOption <Hashtable>
Key-value pairs to configure log publishing.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
AliasesLogPublishingOptions
-MasterUserOptions_MasterUserARN <String>
Amazon Resource Name (ARN) for the master user. Only specify if InternalUserDatabaseEnabled is false.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
AliasesAdvancedSecurityOptions_MasterUserOptions_MasterUserARN
-MasterUserOptions_MasterUserName <String>
User name for the master user. Only specify if InternalUserDatabaseEnabled is true.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
AliasesAdvancedSecurityOptions_MasterUserOptions_MasterUserName
-MasterUserOptions_MasterUserPassword <String>
Password for the master user. Only specify if InternalUserDatabaseEnabled is true.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
AliasesAdvancedSecurityOptions_MasterUserOptions_MasterUserPassword
-NodeToNodeEncryptionOptions_Enabled <Boolean>
True to enable node-to-node encryption.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-OffPeakWindowOptions_Enabled <Boolean>
Whether to enable an off-peak window.This option is only available when modifying a domain created prior to February 16, 2023, not when creating a new domain. All domains created after this date have the off-peak window enabled by default. You can't disable the off-peak window after it's enabled for a domain.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-SAMLOptions_Enabled <Boolean>
True to enable SAML authentication for a domain.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
AliasesAdvancedSecurityOptions_SAMLOptions_Enabled
-SAMLOptions_MasterBackendRole <String>
The backend role that the SAML master user is mapped to.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
AliasesAdvancedSecurityOptions_SAMLOptions_MasterBackendRole
-SAMLOptions_MasterUserName <String>
The SAML master user name, which is stored in the domain's internal user database.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
AliasesAdvancedSecurityOptions_SAMLOptions_MasterUserName
-SAMLOptions_RolesKey <String>
Element of the SAML assertion to use for backend roles. Default is roles.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
AliasesAdvancedSecurityOptions_SAMLOptions_RolesKey
-SAMLOptions_SessionTimeoutMinute <Int32>
The duration, in minutes, after which a user session becomes inactive. Acceptable values are between 1 and 1440, and the default value is 60.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
AliasesAdvancedSecurityOptions_SAMLOptions_SessionTimeoutMinutes
-SAMLOptions_SubjectKey <String>
Element of the SAML assertion to use for the user name. Default is NameID.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
AliasesAdvancedSecurityOptions_SAMLOptions_SubjectKey
-Select <String>
Use the -Select parameter to control the cmdlet output. The default value is 'DomainStatus'. Specifying -Select '*' will result in the cmdlet returning the whole service response (Amazon.OpenSearchService.Model.CreateDomainResponse). Specifying the name of a property of type Amazon.OpenSearchService.Model.CreateDomainResponse will result in that property being returned. Specifying -Select '^ParameterName' will result in the cmdlet returning the selected cmdlet parameter value.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-SnapshotOptions_AutomatedSnapshotStartHour <Int32>
The time, in UTC format, when OpenSearch Service takes a daily automated snapshot of the specified domain. Default is 0 hours.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-SoftwareUpdateOptions_AutoSoftwareUpdateEnabled <Boolean>
Whether automatic service software updates are enabled for the domain.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-TagList <Tag[]>
List of tags to add to the domain upon creation.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-VPCOptions_SecurityGroupId <String[]>
The list of security group IDs associated with the VPC endpoints for the domain. If you do not provide a security group ID, OpenSearch Service uses the default security group for the VPC.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
AliasesVPCOptions_SecurityGroupIds
-VPCOptions_SubnetId <String[]>
A list of subnet IDs associated with the VPC endpoints for the domain. If your domain uses multiple Availability Zones, you need to provide two subnet IDs, one per zone. Otherwise, provide only one.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
AliasesVPCOptions_SubnetIds
-WindowStartTime_Hour <Int64>
The start hour of the window in Coordinated Universal Time (UTC), using 24-hour time. For example, 17 refers to 5:00 P.M. UTC.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
AliasesOffPeakWindowOptions_OffPeakWindow_WindowStartTime_Hours
-WindowStartTime_Minute <Int64>
The start minute of the window, in UTC.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
AliasesOffPeakWindowOptions_OffPeakWindow_WindowStartTime_Minutes
-ZoneAwarenessConfig_AvailabilityZoneCount <Int32>
If you enabled multiple Availability Zones, this value is the number of zones that you want the domain to use. Valid values are 2 and 3. If your domain is provisioned within a VPC, this value be equal to number of subnets.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
AliasesClusterConfig_ZoneAwarenessConfig_AvailabilityZoneCount

Common Credential and Region Parameters

-AccessKey <String>
The AWS access key for the user account. This can be a temporary access key if the corresponding session token is supplied to the -SessionToken parameter.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
AliasesAK
-Credential <AWSCredentials>
An AWSCredentials object instance containing access and secret key information, and optionally a token for session-based credentials.
Required?False
Position?Named
Accept pipeline input?True (ByValue, ByPropertyName)
-EndpointUrl <String>
The endpoint to make the call against.Note: This parameter is primarily for internal AWS use and is not required/should not be specified for normal usage. The cmdlets normally determine which endpoint to call based on the region specified to the -Region parameter or set as default in the shell (via Set-DefaultAWSRegion). Only specify this parameter if you must direct the call to a specific custom endpoint.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-NetworkCredential <PSCredential>
Used with SAML-based authentication when ProfileName references a SAML role profile. Contains the network credentials to be supplied during authentication with the configured identity provider's endpoint. This parameter is not required if the user's default network identity can or should be used during authentication.
Required?False
Position?Named
Accept pipeline input?True (ByValue, ByPropertyName)
-ProfileLocation <String>
Used to specify the name and location of the ini-format credential file (shared with the AWS CLI and other AWS SDKs)If this optional parameter is omitted this cmdlet will search the encrypted credential file used by the AWS SDK for .NET and AWS Toolkit for Visual Studio first. If the profile is not found then the cmdlet will search in the ini-format credential file at the default location: (user's home directory)\.aws\credentials.If this parameter is specified then this cmdlet will only search the ini-format credential file at the location given.As the current folder can vary in a shell or during script execution it is advised that you use specify a fully qualified path instead of a relative path.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
AliasesAWSProfilesLocation, ProfilesLocation
-ProfileName <String>
The user-defined name of an AWS credentials or SAML-based role profile containing credential information. The profile is expected to be found in the secure credential file shared with the AWS SDK for .NET and AWS Toolkit for Visual Studio. You can also specify the name of a profile stored in the .ini-format credential file used with the AWS CLI and other AWS SDKs.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
AliasesStoredCredentials, AWSProfileName
-Region <Object>
The system name of an AWS region or an AWSRegion instance. This governs the endpoint that will be used when calling service operations. Note that the AWS resources referenced in a call are usually region-specific.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
AliasesRegionToCall
-SecretKey <String>
The AWS secret key for the user account. This can be a temporary secret key if the corresponding session token is supplied to the -SessionToken parameter.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
AliasesSK, SecretAccessKey
-SessionToken <String>
The session token if the access and secret keys are temporary session-based credentials.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
AliasesST

Outputs

This cmdlet returns an Amazon.OpenSearchService.Model.DomainStatus object. The service call response (type Amazon.OpenSearchService.Model.CreateDomainResponse) can also be referenced from properties attached to the cmdlet entry in the $AWSHistory stack.

Supported Version

AWS Tools for PowerShell: 2.x.y.z