Seleziona le tue preferenze relative ai cookie

Utilizziamo cookie essenziali e strumenti simili necessari per fornire il nostro sito e i nostri servizi. Utilizziamo i cookie prestazionali per raccogliere statistiche anonime in modo da poter capire come i clienti utilizzano il nostro sito e apportare miglioramenti. I cookie essenziali non possono essere disattivati, ma puoi fare clic su \"Personalizza\" o \"Rifiuta\" per rifiutare i cookie prestazionali.

Se sei d'accordo, AWS e le terze parti approvate utilizzeranno i cookie anche per fornire utili funzionalità del sito, ricordare le tue preferenze e visualizzare contenuti pertinenti, inclusa la pubblicità pertinente. Per continuare senza accettare questi cookie, fai clic su \"Continua\" o \"Rifiuta\". Per effettuare scelte più dettagliate o saperne di più, fai clic su \"Personalizza\".

Preferenze
Contattaci
Feedback
AWS Documentation
Crea un Account AWS

AWS::OpenSearchServerless::SecurityConfig

RSS
Modalità Focus
AWS::OpenSearchServerless::SecurityConfig - AWS CloudFormation
SyntaxPropertiesReturn valuesExamples
Questa pagina non è tradotta nella tua lingua. Richiedi traduzione
Filtro Visualizza

Specifies a security configuration for OpenSearch Serverless. For more information, see SAML authentication for Amazon OpenSearch Serverless.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{
  "Type" : "AWS::OpenSearchServerless::SecurityConfig",
  "Properties" : {
      "Description" : String,
      "IamIdentityCenterOptions" : IamIdentityCenterConfigOptions,
      "Name" : String,
      "SamlOptions" : SamlConfigOptions,
      "Type" : String
    }
}

YAML

Type: AWS::OpenSearchServerless::SecurityConfig
Properties:
  Description: String
  IamIdentityCenterOptions: 
    IamIdentityCenterConfigOptions
  Name: String
  SamlOptions: 
    SamlConfigOptions
  Type: String

Properties

Description

The description of the security configuration.

Required: No

Type: String

Minimum: 1

Maximum: 1000

Update requires: No interruption

IamIdentityCenterOptions

Describes IAM Identity Center options in the form of a key-value map.

Required: No

Type: IamIdentityCenterConfigOptions

Update requires: No interruption

Name

The name of the security configuration.

Required: No

Type: String

Pattern: ^[a-z][a-z0-9-]{2,31}$

Minimum: 3

Maximum: 32

Update requires: Replacement

SamlOptions

SAML options for the security configuration in the form of a key-value map.

Required: No

Type: SamlConfigOptions

Update requires: No interruption

Type

The type of security configuration. Currently the only option is saml.

Required: No

Type: String

Allowed values: saml | iamidentitycenter

Update requires: Replacement

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the name of the ID of the security configuration. For more information about using the Ref function, see Ref.

Fn::GetAtt

GetAtt returns a value for a specified attribute of this type. For more information, see Fn::GetAtt. The following are the available attributes and sample return values.

IamIdentityCenterOptions.ApplicationArn

Property description not available.

IamIdentityCenterOptions.ApplicationDescription

Property description not available.

IamIdentityCenterOptions.ApplicationName

Property description not available.

Id

The unique identifier of the security configuration. For example, saml/123456789012/myprovider.

Examples

Create a security configuration that specifies a YAML provider

The following example specifies an OpenSearch Serverless SAML provider named my-provider with a custom group attribute ALLGroups.

JSON

{
   "AWSTemplateFormatVersion":"2010-09-09",
   "Description":"OpenSearch Serverless security policy template",
   "Resources":{
      "TestSecurityConfig":{
         "Type":"AWS::OpenSearchServerless::SecurityConfig",
         "Properties":{
            "Name":"my-provider",
            "Type":"saml",
            "Description":"Serverless SAML configuration",
            "SamlOptions":{
               "Metadata":"<?xml version=\"1.0\"
                encoding=\"UTF-8\"?><md:EntityDescriptor
                entityID=\"http://www.okta.com/foobar\"
                xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\"><md:IDPSSODescriptor
                WantAuthnRequestsSigned=\"false\"
                protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\"><md:KeyDescriptor
                use=\"signing\"><ds:KeyInfo
                xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"><ds:X509Data><ds:X509Certificate>Mfoobar</ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat><md:SingleSignOnService
                Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\"
                Location=\"https://trial-1234567.okta.com/app/trial-1234567_saml2_1/foobar/sso/saml\"/><md:SingleSignOnService
                Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\"
                Location=\"https://trial-1234567.okta.com/app/trial-1234567_saml2_1/foobar/sso/saml\"/></md:IDPSSODescriptor></md:EntityDescriptor>",
               "UserAttribute":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier",
               "GroupAttribute":"ALLGroups",
               "SessionTimeout":120
            }
         }
      }
   }
}

YAML

Description: OpenSearch Serverless security policy template
Resources:
  TestSecurityConfig:
      Type: 'AWS::OpenSearchService::Domain'
      Properties:
        Name: my-provider
        Type: saml
        Description: Serverless SAML configuration
        SamlOptions:
          Metadata: >- 
             <?xml
             version="1.0" encoding="UTF-8"?><md:EntityDescriptor
             entityID="http://www.okta.com/foobar"
             xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"><md:IDPSSODescriptor
             WantAuthnRequestsSigned="false"
             protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"><md:KeyDescriptor
             use="signing"><ds:KeyInfo
             xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:X509Data><ds:X509Certificate>Mfoobar</ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat><md:SingleSignOnService
             Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
             Location="https://trial-1234567.okta.com/app/trial-1234567_saml2_1/foobar/sso/saml"/><md:SingleSignOnService
             Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
             Location="https://trial-1234567.okta.com/app/trial-1234567_saml2_1/foobar/sso/saml"/></md:IDPSSODescriptor></md:EntityDescriptor>
             UserAttribute: 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier'
             GroupAttribute: ALLGroups SessionTimeout: 120

In questa pagina

PrivacyCondizioni del sitoPreferenze cookie
© 2025, Amazon Web Services, Inc. o società affiliate. Tutti i diritti riservati.