interface EncryptionAtRestOptions
Language | Type name |
---|---|
![]() | Amazon.CDK.AWS.Elasticsearch.EncryptionAtRestOptions |
![]() | github.com/aws/aws-cdk-go/awscdk/v2/awselasticsearch#EncryptionAtRestOptions |
![]() | software.amazon.awscdk.services.elasticsearch.EncryptionAtRestOptions |
![]() | aws_cdk.aws_elasticsearch.EncryptionAtRestOptions |
![]() | aws-cdk-lib » aws_elasticsearch » EncryptionAtRestOptions |
⚠️ Deprecated: use opensearchservice module instead
Whether the domain should encrypt data at rest, and if so, the AWS Key Management Service (KMS) key to use.
Can only be used to create a new domain, not update an existing one. Requires Elasticsearch version 5.1 or later.
Example
const domain = new es.Domain(this, 'Domain', {
version: es.ElasticsearchVersion.V7_1,
enforceHttps: true,
nodeToNodeEncryption: true,
encryptionAtRest: {
enabled: true,
},
fineGrainedAccessControl: {
masterUserName: 'master-user',
},
});
const masterUserPassword = domain.masterUserPassword;
Properties
Name | Type | Description |
---|---|---|
enabled? | boolean | Specify true to enable encryption at rest. |
kms | IKey | Supply if using KMS key for encryption at rest. |
enabled?
⚠️ Deprecated: use opensearchservice module instead
Type:
boolean
(optional, default: encryption at rest is disabled.)
Specify true to enable encryption at rest.
kmsKey?
⚠️ Deprecated: use opensearchservice module instead
Type:
IKey
(optional, default: uses default aws/es KMS key.)
Supply if using KMS key for encryption at rest.