AWS::OpenSearchService::Domain DomainEndpointOptions - AWS CloudFormation
SyntaxProperties

AWS::OpenSearchService::Domain DomainEndpointOptions

Specifies additional options for the domain endpoint, such as whether to require HTTPS for all traffic or whether to use a custom endpoint rather than the default endpoint.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{
  "CustomEndpoint" : String,
  "CustomEndpointCertificateArn" : String,
  "CustomEndpointEnabled" : Boolean,
  "EnforceHTTPS" : Boolean,
  "TLSSecurityPolicy" : String
}

Properties

CustomEndpoint

The fully qualified URL for your custom endpoint. Required if you enabled a custom endpoint for the domain.

Required: Conditional

Type: String

Pattern: ^(((?!-)[A-Za-z0-9-]{0,62}[A-Za-z0-9])\.)+((?!-)[A-Za-z0-9-]{1,62}[A-Za-z0-9])$

Minimum: 1

Maximum: 255

Update requires: No interruption

CustomEndpointCertificateArn

The AWS Certificate Manager ARN for your domain's SSL/TLS certificate. Required if you enabled a custom endpoint for the domain.

Required: Conditional

Type: String

Update requires: No interruption

CustomEndpointEnabled

True to enable a custom endpoint for the domain. If enabled, you must also provide values for CustomEndpoint and CustomEndpointCertificateArn.

Required: No

Type: Boolean

Update requires: No interruption

EnforceHTTPS

True to require that all traffic to the domain arrive over HTTPS. Required if you enable fine-grained access control in AdvancedSecurityOptions.

Required: Conditional

Type: Boolean

Update requires: Some interruptions

TLSSecurityPolicy

The minimum TLS version required for traffic to the domain. The policy can be one of the following values:

  • Policy-Min-TLS-1-0-2019-07: TLS security policy that supports TLS version 1.0 to TLS version 1.2

  • Policy-Min-TLS-1-2-2019-07: TLS security policy that supports only TLS version 1.2

  • Policy-Min-TLS-1-2-PFS-2023-10: TLS security policy that supports TLS version 1.2 to TLS version 1.3 with perfect forward secrecy cipher suites

Required: No

Type: String

Allowed values: Policy-Min-TLS-1-0-2019-07 | Policy-Min-TLS-1-2-2019-07 | Policy-Min-TLS-1-2-PFS-2023-10

Update requires: No interruption