interface AdvancedSecurityOptions
Language | Type name |
---|---|
![]() | Amazon.CDK.AWS.OpenSearchService.AdvancedSecurityOptions |
![]() | github.com/aws/aws-cdk-go/awscdk/v2/awsopensearchservice#AdvancedSecurityOptions |
![]() | software.amazon.awscdk.services.opensearchservice.AdvancedSecurityOptions |
![]() | aws_cdk.aws_opensearchservice.AdvancedSecurityOptions |
![]() | aws-cdk-lib » aws_opensearchservice » AdvancedSecurityOptions |
Specifies options for fine-grained access control.
Example
const domain = new Domain(this, 'Domain', {
version: EngineVersion.OPENSEARCH_1_0,
enforceHttps: true,
nodeToNodeEncryption: true,
encryptionAtRest: {
enabled: true,
},
fineGrainedAccessControl: {
masterUserName: 'master-user',
samlAuthenticationEnabled: true,
samlAuthenticationOptions: {
idpEntityId: 'entity-id',
idpMetadataContent: 'metadata-content-with-quotes-escaped',
},
},
});
Properties
Name | Type | Description |
---|---|---|
master | string | ARN for the master user. |
master | string | Username for the master user. |
master | Secret | Password for the master user. |
saml | boolean | True to enable SAML authentication for a domain. |
saml | SAMLOptions | Container for information about the SAML configuration for OpenSearch Dashboards. |
masterUserArn?
Type:
string
(optional, default: fine-grained access control is disabled)
ARN for the master user.
Only specify this or masterUserName, but not both.
masterUserName?
Type:
string
(optional, default: fine-grained access control is disabled)
Username for the master user.
Only specify this or masterUserArn, but not both.
masterUserPassword?
Type:
Secret
(optional, default: A Secrets Manager generated password)
Password for the master user.
You can use SecretValue.unsafePlainText
to specify a password in plain text or
use secretsmanager.Secret.fromSecretAttributes
to reference a secret in
Secrets Manager.
samlAuthenticationEnabled?
Type:
boolean
(optional, default: SAML authentication is disabled. Enabled if samlAuthenticationOptions
is set.)
True to enable SAML authentication for a domain.
See also: https://docs.aws.amazon.com/opensearch-service/latest/developerguide/saml.html
samlAuthenticationOptions?
Type:
SAMLOptions
(optional, default: no SAML authentication options)
Container for information about the SAML configuration for OpenSearch Dashboards.
If set, samlAuthenticationEnabled
will be enabled.