Interface CfnDomain.AdvancedSecurityOptionsInputProperty
- All Superinterfaces:
software.amazon.jsii.JsiiSerializable
- All Known Implementing Classes:
CfnDomain.AdvancedSecurityOptionsInputProperty.Jsii$Proxy
- Enclosing class:
CfnDomain
@Stability(Stable)
public static interface CfnDomain.AdvancedSecurityOptionsInputProperty
extends software.amazon.jsii.JsiiSerializable
Specifies options for fine-grained access control.
If you specify advanced security options, you must also enable node-to-node encryption ( NodeToNodeEncryptionOptions ) and encryption at rest ( EncryptionAtRestOptions ). You must also enable EnforceHTTPS within DomainEndpointOptions , which requires HTTPS for all traffic to the domain.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import software.amazon.awscdk.services.opensearchservice.*;
AdvancedSecurityOptionsInputProperty advancedSecurityOptionsInputProperty = AdvancedSecurityOptionsInputProperty.builder()
.anonymousAuthDisableDate("anonymousAuthDisableDate")
.anonymousAuthEnabled(false)
.enabled(false)
.internalUserDatabaseEnabled(false)
.jwtOptions(JWTOptionsProperty.builder()
.enabled(false)
.publicKey("publicKey")
.rolesKey("rolesKey")
.subjectKey("subjectKey")
.build())
.masterUserOptions(MasterUserOptionsProperty.builder()
.masterUserArn("masterUserArn")
.masterUserName("masterUserName")
.masterUserPassword("masterUserPassword")
.build())
.samlOptions(SAMLOptionsProperty.builder()
.enabled(false)
.idp(IdpProperty.builder()
.entityId("entityId")
.metadataContent("metadataContent")
.build())
.masterBackendRole("masterBackendRole")
.masterUserName("masterUserName")
.rolesKey("rolesKey")
.sessionTimeoutMinutes(123)
.subjectKey("subjectKey")
.build())
.build();
- See Also:
-
Nested Class Summary
Nested ClassesModifier and TypeInterfaceDescriptionstatic final classA builder forCfnDomain.AdvancedSecurityOptionsInputPropertystatic final classAn implementation forCfnDomain.AdvancedSecurityOptionsInputProperty -
Method Summary
Modifier and TypeMethodDescriptionbuilder()default StringDate and time when the migration period will be disabled.default ObjectTrue to enable a 30-day migration period during which administrators can create role mappings.default ObjectTrue to enable fine-grained access control.default ObjectTrue to enable the internal user database.default ObjectContainer for information about the JWT configuration of the Amazon OpenSearch Service.default ObjectSpecifies information about the master user.default ObjectContainer for information about the SAML configuration for OpenSearch Dashboards.Methods inherited from interface software.amazon.jsii.JsiiSerializable
$jsii$toJson
-
Method Details
-
getAnonymousAuthDisableDate
Date and time when the migration period will be disabled.Only necessary when enabling fine-grained access control on an existing domain .
- See Also:
-
getAnonymousAuthEnabled
True to enable a 30-day migration period during which administrators can create role mappings.Only necessary when enabling fine-grained access control on an existing domain .
- See Also:
-
getEnabled
True to enable fine-grained access control.You must also enable encryption of data at rest and node-to-node encryption. See Fine-grained access control in Amazon OpenSearch Service .
- See Also:
-
getInternalUserDatabaseEnabled
True to enable the internal user database.- See Also:
-
getJwtOptions
Container for information about the JWT configuration of the Amazon OpenSearch Service.- See Also:
-
getMasterUserOptions
Specifies information about the master user.- See Also:
-
getSamlOptions
Container for information about the SAML configuration for OpenSearch Dashboards.- See Also:
-
builder
-