interface AdvancedSecurityOptionsInputProperty
Language | Type name |
---|---|
![]() | Amazon.CDK.AWS.OpenSearchService.CfnDomain.AdvancedSecurityOptionsInputProperty |
![]() | github.com/aws/aws-cdk-go/awscdk/v2/awsopensearchservice#CfnDomain_AdvancedSecurityOptionsInputProperty |
![]() | software.amazon.awscdk.services.opensearchservice.CfnDomain.AdvancedSecurityOptionsInputProperty |
![]() | aws_cdk.aws_opensearchservice.CfnDomain.AdvancedSecurityOptionsInputProperty |
![]() | aws-cdk-lib » aws_opensearchservice » CfnDomain » AdvancedSecurityOptionsInputProperty |
Specifies options for fine-grained access control.
If you specify advanced security options, you must also enable node-to-node encryption ( NodeToNodeEncryptionOptions ) and encryption at rest ( EncryptionAtRestOptions ). You must also enable EnforceHTTPS
within DomainEndpointOptions , which requires HTTPS for all traffic to the domain.
Example
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import { aws_opensearchservice as opensearchservice } from 'aws-cdk-lib';
const advancedSecurityOptionsInputProperty: opensearchservice.CfnDomain.AdvancedSecurityOptionsInputProperty = {
anonymousAuthDisableDate: 'anonymousAuthDisableDate',
anonymousAuthEnabled: false,
enabled: false,
internalUserDatabaseEnabled: false,
jwtOptions: {
enabled: false,
publicKey: 'publicKey',
rolesKey: 'rolesKey',
subjectKey: 'subjectKey',
},
masterUserOptions: {
masterUserArn: 'masterUserArn',
masterUserName: 'masterUserName',
masterUserPassword: 'masterUserPassword',
},
samlOptions: {
enabled: false,
idp: {
entityId: 'entityId',
metadataContent: 'metadataContent',
},
masterBackendRole: 'masterBackendRole',
masterUserName: 'masterUserName',
rolesKey: 'rolesKey',
sessionTimeoutMinutes: 123,
subjectKey: 'subjectKey',
},
};
Properties
Name | Type | Description |
---|---|---|
anonymous | string | Date and time when the migration period will be disabled. |
anonymous | boolean | IResolvable | True to enable a 30-day migration period during which administrators can create role mappings. |
enabled? | boolean | IResolvable | True to enable fine-grained access control. |
internal | boolean | IResolvable | True to enable the internal user database. |
jwt | IResolvable | JWTOptions | Container for information about the JWT configuration of the Amazon OpenSearch Service. |
master | IResolvable | Master | Specifies information about the master user. |
saml | IResolvable | SAMLOptions | Container for information about the SAML configuration for OpenSearch Dashboards. |
anonymousAuthDisableDate?
Type:
string
(optional)
Date and time when the migration period will be disabled.
Only necessary when enabling fine-grained access control on an existing domain .
anonymousAuthEnabled?
Type:
boolean |
IResolvable
(optional)
True to enable a 30-day migration period during which administrators can create role mappings.
Only necessary when enabling fine-grained access control on an existing domain .
enabled?
Type:
boolean |
IResolvable
(optional)
True to enable fine-grained access control.
You must also enable encryption of data at rest and node-to-node encryption. See Fine-grained access control in Amazon OpenSearch Service .
internalUserDatabaseEnabled?
Type:
boolean |
IResolvable
(optional)
True to enable the internal user database.
jwtOptions?
Type:
IResolvable
|
JWTOptions
(optional)
Container for information about the JWT configuration of the Amazon OpenSearch Service.
masterUserOptions?
Type:
IResolvable
|
Master
(optional)
Specifies information about the master user.
samlOptions?
Type:
IResolvable
|
SAMLOptions
(optional)
Container for information about the SAML configuration for OpenSearch Dashboards.