AWS::OpenSearchService::Domain AdvancedSecurityOptionsInput - AWS CloudFormation

AWS::OpenSearchService::Domain AdvancedSecurityOptionsInput

Specifies options for fine-grained access control.

If you specify advanced security options, you must also enable node-to-node encryption (NodeToNodeEncryptionOptions) and encryption at rest (EncryptionAtRestOptions). You must also enable EnforceHTTPS within DomainEndpointOptions, which requires HTTPS for all traffic to the domain.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

Properties

AnonymousAuthDisableDate

Date and time when the migration period will be disabled. Only necessary when enabling fine-grained access control on an existing domain.

Required: No

Type: String

Update requires: No interruption

AnonymousAuthEnabled

True to enable a 30-day migration period during which administrators can create role mappings. Only necessary when enabling fine-grained access control on an existing domain.

Required: No

Type: Boolean

Update requires: No interruption

Enabled

True to enable fine-grained access control. You must also enable encryption of data at rest and node-to-node encryption. See Fine-grained access control in Amazon OpenSearch Service.

Required: No

Type: Boolean

Update requires: No interruption

InternalUserDatabaseEnabled

True to enable the internal user database.

Required: No

Type: Boolean

Update requires: No interruption

JWTOptions

Container for information about the JWT configuration of the Amazon OpenSearch Service.

Required: No

Type: JWTOptions

Update requires: No interruption

MasterUserOptions

Specifies information about the master user.

Required: No

Type: MasterUserOptions

Update requires: No interruption

SAMLOptions

Container for information about the SAML configuration for OpenSearch Dashboards.

Required: No

Type: SAMLOptions

Update requires: No interruption