AWS Cloud Control v1.26.0, Mar 12 25

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.26.0 published on Wednesday, Mar 12, 2025 by Pulumi

pulumi/pulumi-aws-native

aws-native.opensearchservice.Domain

Explore with Pulumi AI

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.26.0 published on Wednesday, Mar 12, 2025 by Pulumi

pulumi/pulumi-aws-native

Create Domain Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new Domain(name: string, args?: DomainArgs, opts?: CustomResourceOptions);

@overload
def Domain(resource_name: str,
           args: Optional[DomainArgs] = None,
           opts: Optional[ResourceOptions] = None)

@overload
def Domain(resource_name: str,
           opts: Optional[ResourceOptions] = None,
           access_policies: Optional[Any] = None,
           advanced_options: Optional[Mapping[str, str]] = None,
           advanced_security_options: Optional[DomainAdvancedSecurityOptionsInputArgs] = None,
           cluster_config: Optional[DomainClusterConfigArgs] = None,
           cognito_options: Optional[DomainCognitoOptionsArgs] = None,
           domain_endpoint_options: Optional[DomainEndpointOptionsArgs] = None,
           domain_name: Optional[str] = None,
           ebs_options: Optional[DomainEbsOptionsArgs] = None,
           encryption_at_rest_options: Optional[DomainEncryptionAtRestOptionsArgs] = None,
           engine_version: Optional[str] = None,
           identity_center_options: Optional[DomainIdentityCenterOptionsArgs] = None,
           ip_address_type: Optional[str] = None,
           log_publishing_options: Optional[Mapping[str, DomainLogPublishingOptionArgs]] = None,
           node_to_node_encryption_options: Optional[DomainNodeToNodeEncryptionOptionsArgs] = None,
           off_peak_window_options: Optional[DomainOffPeakWindowOptionsArgs] = None,
           skip_shard_migration_wait: Optional[bool] = None,
           snapshot_options: Optional[DomainSnapshotOptionsArgs] = None,
           software_update_options: Optional[DomainSoftwareUpdateOptionsArgs] = None,
           tags: Optional[Sequence[_root_inputs.TagArgs]] = None,
           vpc_options: Optional[DomainVpcOptionsArgs] = None)

func NewDomain(ctx *Context, name string, args *DomainArgs, opts ...ResourceOption) (*Domain, error)

public Domain(string name, DomainArgs? args = null, CustomResourceOptions? opts = null)

public Domain(String name, DomainArgs args)
public Domain(String name, DomainArgs args, CustomResourceOptions options)

type: aws-native:opensearchservice:Domain
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args DomainArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args DomainArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args DomainArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args DomainArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args DomainArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Domain Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The Domain resource accepts the following input properties:

AccessPolicies object

An AWS Identity and Access Management ( IAM ) policy document that specifies who can access the OpenSearch Service domain and their permissions. For more information, see Configuring access policies in the Amazon OpenSearch Service Developer Guide .

Search the CloudFormation User Guide for AWS::OpenSearchService::Domain for more information about the expected schema for this property.

AdvancedOptions Dictionary<string, string>

Additional options to specify for the OpenSearch Service domain. For more information, see AdvancedOptions in the OpenSearch Service API reference.

AdvancedSecurityOptions Pulumi.AwsNative.OpenSearchService.Inputs.DomainAdvancedSecurityOptionsInput

Specifies options for fine-grained access control and SAML authentication.

If you specify advanced security options, you must also enable node-to-node encryption ( NodeToNodeEncryptionOptions ) and encryption at rest ( EncryptionAtRestOptions ). You must also enable EnforceHTTPS within DomainEndpointOptions , which requires HTTPS for all traffic to the domain.

ClusterConfig Pulumi.AwsNative.OpenSearchService.Inputs.DomainClusterConfig

Container for the cluster configuration of a domain.

CognitoOptions Pulumi.AwsNative.OpenSearchService.Inputs.DomainCognitoOptions

Configures OpenSearch Service to use Amazon Cognito authentication for OpenSearch Dashboards.

DomainEndpointOptions Pulumi.AwsNative.OpenSearchService.Inputs.DomainEndpointOptions

Specifies additional options for the domain endpoint, such as whether to require HTTPS for all traffic or whether to use a custom endpoint rather than the default endpoint.

DomainName string

A name for the OpenSearch Service domain. The name must have a minimum length of 3 and a maximum length of 28. If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the domain name. For more information, see Name Type .

Required when creating a new domain.

If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.

EbsOptions Pulumi.AwsNative.OpenSearchService.Inputs.DomainEbsOptions

The configurations of Amazon Elastic Block Store (Amazon EBS) volumes that are attached to data nodes in the OpenSearch Service domain. For more information, see EBS volume size limits in the Amazon OpenSearch Service Developer Guide .

EncryptionAtRestOptions Pulumi.AwsNative.OpenSearchService.Inputs.DomainEncryptionAtRestOptions

Whether the domain should encrypt data at rest, and if so, the AWS KMS key to use. See Encryption of data at rest for Amazon OpenSearch Service .

If no encryption at rest options were initially specified in the template, updating this property by adding it causes no interruption. However, if you change this property after it's already been set within a template, the domain is deleted and recreated in order to modify the property.

EngineVersion string

The version of OpenSearch to use. The value must be in the format OpenSearch_X.Y or Elasticsearch_X.Y . If not specified, the latest version of OpenSearch is used. For information about the versions that OpenSearch Service supports, see Supported versions of OpenSearch and Elasticsearch in the Amazon OpenSearch Service Developer Guide .

If you set the EnableVersionUpgrade update policy to true , you can update EngineVersion without interruption. When EnableVersionUpgrade is set to false , or is not specified, updating EngineVersion results in replacement .

IdentityCenterOptions Pulumi.AwsNative.OpenSearchService.Inputs.DomainIdentityCenterOptions

Container for IAM Identity Center Option control for the domain.

IpAddressType string

Choose either dual stack or IPv4 as your IP address type. Dual stack allows you to share domain resources across IPv4 and IPv6 address types, and is the recommended option. If you set your IP address type to dual stack, you can't change your address type later.

LogPublishingOptions Dictionary<string, Pulumi.AwsNative.OpenSearchService.Inputs.DomainLogPublishingOptionArgs>

An object with one or more of the following keys: SEARCH_SLOW_LOGS , ES_APPLICATION_LOGS , INDEX_SLOW_LOGS , AUDIT_LOGS , depending on the types of logs you want to publish. Each key needs a valid LogPublishingOption value. For the full syntax, see the examples .

NodeToNodeEncryptionOptions Pulumi.AwsNative.OpenSearchService.Inputs.DomainNodeToNodeEncryptionOptions

Specifies whether node-to-node encryption is enabled. See Node-to-node encryption for Amazon OpenSearch Service .

OffPeakWindowOptions Pulumi.AwsNative.OpenSearchService.Inputs.DomainOffPeakWindowOptions

Options for a domain's off-peak window, during which OpenSearch Service can perform mandatory configuration changes on the domain.

SkipShardMigrationWait bool

SnapshotOptions Pulumi.AwsNative.OpenSearchService.Inputs.DomainSnapshotOptions

DEPRECATED . The automated snapshot configuration for the OpenSearch Service domain indexes.

SoftwareUpdateOptions Pulumi.AwsNative.OpenSearchService.Inputs.DomainSoftwareUpdateOptions

Service software update options for the domain.

Tags List<Pulumi.AwsNative.Inputs.Tag>

An arbitrary set of tags (key-value pairs) for this Domain.

VpcOptions Pulumi.AwsNative.OpenSearchService.Inputs.DomainVpcOptions

The virtual private cloud (VPC) configuration for the OpenSearch Service domain. For more information, see Launching your Amazon OpenSearch Service domains within a VPC in the Amazon OpenSearch Service Developer Guide .

If you remove this entity altogether, along with its associated properties, it causes a replacement. You might encounter this scenario if you're updating your security configuration from a VPC to a public endpoint.

AccessPolicies interface{}

Search the CloudFormation User Guide for AWS::OpenSearchService::Domain for more information about the expected schema for this property.

AdvancedOptions map[string]string

Additional options to specify for the OpenSearch Service domain. For more information, see AdvancedOptions in the OpenSearch Service API reference.

AdvancedSecurityOptions DomainAdvancedSecurityOptionsInputArgs

Specifies options for fine-grained access control and SAML authentication.

ClusterConfig DomainClusterConfigArgs

Container for the cluster configuration of a domain.

CognitoOptions DomainCognitoOptionsArgs

Configures OpenSearch Service to use Amazon Cognito authentication for OpenSearch Dashboards.

DomainEndpointOptions DomainEndpointOptionsArgs

Specifies additional options for the domain endpoint, such as whether to require HTTPS for all traffic or whether to use a custom endpoint rather than the default endpoint.

DomainName string

Required when creating a new domain.

If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.

EbsOptions DomainEbsOptionsArgs

EncryptionAtRestOptions DomainEncryptionAtRestOptionsArgs

Whether the domain should encrypt data at rest, and if so, the AWS KMS key to use. See Encryption of data at rest for Amazon OpenSearch Service .

EngineVersion string

IdentityCenterOptions DomainIdentityCenterOptionsArgs

Container for IAM Identity Center Option control for the domain.

IpAddressType string

LogPublishingOptions map[string]DomainLogPublishingOptionArgs

NodeToNodeEncryptionOptions DomainNodeToNodeEncryptionOptionsArgs

Specifies whether node-to-node encryption is enabled. See Node-to-node encryption for Amazon OpenSearch Service .

OffPeakWindowOptions DomainOffPeakWindowOptionsArgs

Options for a domain's off-peak window, during which OpenSearch Service can perform mandatory configuration changes on the domain.

SkipShardMigrationWait bool

SnapshotOptions DomainSnapshotOptionsArgs

DEPRECATED . The automated snapshot configuration for the OpenSearch Service domain indexes.

SoftwareUpdateOptions DomainSoftwareUpdateOptionsArgs

Service software update options for the domain.

Tags TagArgs

An arbitrary set of tags (key-value pairs) for this Domain.

VpcOptions DomainVpcOptionsArgs

accessPolicies Object

Search the CloudFormation User Guide for AWS::OpenSearchService::Domain for more information about the expected schema for this property.

advancedOptions Map<String,String>

Additional options to specify for the OpenSearch Service domain. For more information, see AdvancedOptions in the OpenSearch Service API reference.

advancedSecurityOptions DomainAdvancedSecurityOptionsInput

Specifies options for fine-grained access control and SAML authentication.

clusterConfig DomainClusterConfig

Container for the cluster configuration of a domain.

cognitoOptions DomainCognitoOptions

Configures OpenSearch Service to use Amazon Cognito authentication for OpenSearch Dashboards.

domainEndpointOptions DomainEndpointOptions

Specifies additional options for the domain endpoint, such as whether to require HTTPS for all traffic or whether to use a custom endpoint rather than the default endpoint.

domainName String

Required when creating a new domain.

If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.

ebsOptions DomainEbsOptions

encryptionAtRestOptions DomainEncryptionAtRestOptions

Whether the domain should encrypt data at rest, and if so, the AWS KMS key to use. See Encryption of data at rest for Amazon OpenSearch Service .

engineVersion String

identityCenterOptions DomainIdentityCenterOptions

Container for IAM Identity Center Option control for the domain.

ipAddressType String

logPublishingOptions Map<String,DomainLogPublishingOptionArgs>

nodeToNodeEncryptionOptions DomainNodeToNodeEncryptionOptions

Specifies whether node-to-node encryption is enabled. See Node-to-node encryption for Amazon OpenSearch Service .

offPeakWindowOptions DomainOffPeakWindowOptions

Options for a domain's off-peak window, during which OpenSearch Service can perform mandatory configuration changes on the domain.

skipShardMigrationWait Boolean

snapshotOptions DomainSnapshotOptions

DEPRECATED . The automated snapshot configuration for the OpenSearch Service domain indexes.

softwareUpdateOptions DomainSoftwareUpdateOptions

Service software update options for the domain.

tags List<Tag>

An arbitrary set of tags (key-value pairs) for this Domain.

vpcOptions DomainVpcOptions

accessPolicies any

Search the CloudFormation User Guide for AWS::OpenSearchService::Domain for more information about the expected schema for this property.

advancedOptions {[key: string]: string}

Additional options to specify for the OpenSearch Service domain. For more information, see AdvancedOptions in the OpenSearch Service API reference.

advancedSecurityOptions DomainAdvancedSecurityOptionsInput

Specifies options for fine-grained access control and SAML authentication.

clusterConfig DomainClusterConfig

Container for the cluster configuration of a domain.

cognitoOptions DomainCognitoOptions

Configures OpenSearch Service to use Amazon Cognito authentication for OpenSearch Dashboards.

domainEndpointOptions DomainEndpointOptions

Specifies additional options for the domain endpoint, such as whether to require HTTPS for all traffic or whether to use a custom endpoint rather than the default endpoint.

domainName string

Required when creating a new domain.

If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.

ebsOptions DomainEbsOptions

encryptionAtRestOptions DomainEncryptionAtRestOptions

Whether the domain should encrypt data at rest, and if so, the AWS KMS key to use. See Encryption of data at rest for Amazon OpenSearch Service .

engineVersion string

identityCenterOptions DomainIdentityCenterOptions

Container for IAM Identity Center Option control for the domain.

ipAddressType string

logPublishingOptions {[key: string]: DomainLogPublishingOptionArgs}

nodeToNodeEncryptionOptions DomainNodeToNodeEncryptionOptions

Specifies whether node-to-node encryption is enabled. See Node-to-node encryption for Amazon OpenSearch Service .

offPeakWindowOptions DomainOffPeakWindowOptions

Options for a domain's off-peak window, during which OpenSearch Service can perform mandatory configuration changes on the domain.

skipShardMigrationWait boolean

snapshotOptions DomainSnapshotOptions

DEPRECATED . The automated snapshot configuration for the OpenSearch Service domain indexes.

softwareUpdateOptions DomainSoftwareUpdateOptions

Service software update options for the domain.

tags Tag[]

An arbitrary set of tags (key-value pairs) for this Domain.

vpcOptions DomainVpcOptions

access_policies Any

Search the CloudFormation User Guide for AWS::OpenSearchService::Domain for more information about the expected schema for this property.

advanced_options Mapping[str, str]

Additional options to specify for the OpenSearch Service domain. For more information, see AdvancedOptions in the OpenSearch Service API reference.

advanced_security_options DomainAdvancedSecurityOptionsInputArgs

Specifies options for fine-grained access control and SAML authentication.

cluster_config DomainClusterConfigArgs

Container for the cluster configuration of a domain.

cognito_options DomainCognitoOptionsArgs

Configures OpenSearch Service to use Amazon Cognito authentication for OpenSearch Dashboards.

domain_endpoint_options DomainEndpointOptionsArgs

Specifies additional options for the domain endpoint, such as whether to require HTTPS for all traffic or whether to use a custom endpoint rather than the default endpoint.

domain_name str

Required when creating a new domain.

If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.

ebs_options DomainEbsOptionsArgs

encryption_at_rest_options DomainEncryptionAtRestOptionsArgs

Whether the domain should encrypt data at rest, and if so, the AWS KMS key to use. See Encryption of data at rest for Amazon OpenSearch Service .

engine_version str

identity_center_options DomainIdentityCenterOptionsArgs

Container for IAM Identity Center Option control for the domain.

ip_address_type str

log_publishing_options Mapping[str, DomainLogPublishingOptionArgs]

node_to_node_encryption_options DomainNodeToNodeEncryptionOptionsArgs

Specifies whether node-to-node encryption is enabled. See Node-to-node encryption for Amazon OpenSearch Service .

off_peak_window_options DomainOffPeakWindowOptionsArgs

Options for a domain's off-peak window, during which OpenSearch Service can perform mandatory configuration changes on the domain.

skip_shard_migration_wait bool

snapshot_options DomainSnapshotOptionsArgs

DEPRECATED . The automated snapshot configuration for the OpenSearch Service domain indexes.

software_update_options DomainSoftwareUpdateOptionsArgs

Service software update options for the domain.

tags Sequence[TagArgs]

An arbitrary set of tags (key-value pairs) for this Domain.

vpc_options DomainVpcOptionsArgs

accessPolicies Any

Search the CloudFormation User Guide for AWS::OpenSearchService::Domain for more information about the expected schema for this property.

advancedOptions Map<String>

Additional options to specify for the OpenSearch Service domain. For more information, see AdvancedOptions in the OpenSearch Service API reference.

advancedSecurityOptions Property Map

Specifies options for fine-grained access control and SAML authentication.

clusterConfig Property Map

Container for the cluster configuration of a domain.

cognitoOptions Property Map

Configures OpenSearch Service to use Amazon Cognito authentication for OpenSearch Dashboards.

domainEndpointOptions Property Map

Specifies additional options for the domain endpoint, such as whether to require HTTPS for all traffic or whether to use a custom endpoint rather than the default endpoint.

domainName String

Required when creating a new domain.

If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.

ebsOptions Property Map

encryptionAtRestOptions Property Map

Whether the domain should encrypt data at rest, and if so, the AWS KMS key to use. See Encryption of data at rest for Amazon OpenSearch Service .

engineVersion String

identityCenterOptions Property Map

Container for IAM Identity Center Option control for the domain.

ipAddressType String

logPublishingOptions Map<Property Map>

nodeToNodeEncryptionOptions Property Map

Specifies whether node-to-node encryption is enabled. See Node-to-node encryption for Amazon OpenSearch Service .

offPeakWindowOptions Property Map

Options for a domain's off-peak window, during which OpenSearch Service can perform mandatory configuration changes on the domain.

skipShardMigrationWait Boolean

snapshotOptions Property Map

DEPRECATED . The automated snapshot configuration for the OpenSearch Service domain indexes.

softwareUpdateOptions Property Map

Service software update options for the domain.

tags List<Property Map>

An arbitrary set of tags (key-value pairs) for this Domain.

vpcOptions Property Map

Outputs

All input properties are implicitly available as output properties. Additionally, the Domain resource produces the following output properties:

Arn string: The Amazon Resource Name (ARN) of the CloudFormation stack.
AwsId string: The resource ID. For example, 123456789012/my-domain .
DomainArn string: The Amazon Resource Name (ARN) of the domain. See Identifiers for IAM Entities in Using AWS Identity and Access Management for more information.
DomainEndpoint string: The domain-specific endpoint used for requests to the OpenSearch APIs, such as search-mystack-1ab2cdefghij-ab1c2deckoyb3hofw7wpqa3cm.us-west-1.es.amazonaws.com .
DomainEndpointV2 string: If IPAddressType to set to dualstack , a version 2 domain endpoint is provisioned. This endpoint functions like a normal endpoint, except that it works with both IPv4 and IPv6 IP addresses. Normal endpoints work only with IPv4 IP addresses.
DomainEndpoints Dictionary<string, string>
Id string: The provider-assigned unique ID for this managed resource.
ServiceSoftwareOptions Pulumi.AwsNative.OpenSearchService.Outputs.DomainServiceSoftwareOptions

Arn string: The Amazon Resource Name (ARN) of the CloudFormation stack.
AwsId string: The resource ID. For example, 123456789012/my-domain .
DomainArn string: The Amazon Resource Name (ARN) of the domain. See Identifiers for IAM Entities in Using AWS Identity and Access Management for more information.
DomainEndpoint string: The domain-specific endpoint used for requests to the OpenSearch APIs, such as search-mystack-1ab2cdefghij-ab1c2deckoyb3hofw7wpqa3cm.us-west-1.es.amazonaws.com .
DomainEndpointV2 string: If IPAddressType to set to dualstack , a version 2 domain endpoint is provisioned. This endpoint functions like a normal endpoint, except that it works with both IPv4 and IPv6 IP addresses. Normal endpoints work only with IPv4 IP addresses.
DomainEndpoints map[string]string
Id string: The provider-assigned unique ID for this managed resource.
ServiceSoftwareOptions DomainServiceSoftwareOptions

arn String: The Amazon Resource Name (ARN) of the CloudFormation stack.
awsId String: The resource ID. For example, 123456789012/my-domain .
domainArn String: The Amazon Resource Name (ARN) of the domain. See Identifiers for IAM Entities in Using AWS Identity and Access Management for more information.
domainEndpoint String: The domain-specific endpoint used for requests to the OpenSearch APIs, such as search-mystack-1ab2cdefghij-ab1c2deckoyb3hofw7wpqa3cm.us-west-1.es.amazonaws.com .
domainEndpointV2 String: If IPAddressType to set to dualstack , a version 2 domain endpoint is provisioned. This endpoint functions like a normal endpoint, except that it works with both IPv4 and IPv6 IP addresses. Normal endpoints work only with IPv4 IP addresses.
domainEndpoints Map<String,String>
id String: The provider-assigned unique ID for this managed resource.
serviceSoftwareOptions DomainServiceSoftwareOptions

arn string: The Amazon Resource Name (ARN) of the CloudFormation stack.
awsId string: The resource ID. For example, 123456789012/my-domain .
domainArn string: The Amazon Resource Name (ARN) of the domain. See Identifiers for IAM Entities in Using AWS Identity and Access Management for more information.
domainEndpoint string: The domain-specific endpoint used for requests to the OpenSearch APIs, such as search-mystack-1ab2cdefghij-ab1c2deckoyb3hofw7wpqa3cm.us-west-1.es.amazonaws.com .
domainEndpointV2 string: If IPAddressType to set to dualstack , a version 2 domain endpoint is provisioned. This endpoint functions like a normal endpoint, except that it works with both IPv4 and IPv6 IP addresses. Normal endpoints work only with IPv4 IP addresses.
domainEndpoints {[key: string]: string}
id string: The provider-assigned unique ID for this managed resource.
serviceSoftwareOptions DomainServiceSoftwareOptions

arn str: The Amazon Resource Name (ARN) of the CloudFormation stack.
aws_id str: The resource ID. For example, 123456789012/my-domain .
domain_arn str: The Amazon Resource Name (ARN) of the domain. See Identifiers for IAM Entities in Using AWS Identity and Access Management for more information.
domain_endpoint str: The domain-specific endpoint used for requests to the OpenSearch APIs, such as search-mystack-1ab2cdefghij-ab1c2deckoyb3hofw7wpqa3cm.us-west-1.es.amazonaws.com .
domain_endpoint_v2 str: If IPAddressType to set to dualstack , a version 2 domain endpoint is provisioned. This endpoint functions like a normal endpoint, except that it works with both IPv4 and IPv6 IP addresses. Normal endpoints work only with IPv4 IP addresses.
domain_endpoints Mapping[str, str]
id str: The provider-assigned unique ID for this managed resource.
service_software_options DomainServiceSoftwareOptions

arn String: The Amazon Resource Name (ARN) of the CloudFormation stack.
awsId String: The resource ID. For example, 123456789012/my-domain .
domainArn String: The Amazon Resource Name (ARN) of the domain. See Identifiers for IAM Entities in Using AWS Identity and Access Management for more information.
domainEndpoint String: The domain-specific endpoint used for requests to the OpenSearch APIs, such as search-mystack-1ab2cdefghij-ab1c2deckoyb3hofw7wpqa3cm.us-west-1.es.amazonaws.com .
domainEndpointV2 String: If IPAddressType to set to dualstack , a version 2 domain endpoint is provisioned. This endpoint functions like a normal endpoint, except that it works with both IPv4 and IPv6 IP addresses. Normal endpoints work only with IPv4 IP addresses.
domainEndpoints Map<String>
id String: The provider-assigned unique ID for this managed resource.
serviceSoftwareOptions Property Map

Supporting Types

DomainAdvancedSecurityOptionsInput, DomainAdvancedSecurityOptionsInputArgs

AnonymousAuthDisableDate string: Date and time when the migration period will be disabled. Only necessary when enabling fine-grained access control on an existing domain .
AnonymousAuthEnabled bool: True to enable a 30-day migration period during which administrators can create role mappings. Only necessary when enabling fine-grained access control on an existing domain .
Enabled bool: True to enable fine-grained access control. You must also enable encryption of data at rest and node-to-node encryption. See Fine-grained access control in Amazon OpenSearch Service .
InternalUserDatabaseEnabled bool: True to enable the internal user database.
JwtOptions Pulumi.AwsNative.OpenSearchService.Inputs.DomainJwtOptions: Container for information about the JWT configuration of the Amazon OpenSearch Service.
MasterUserOptions Pulumi.AwsNative.OpenSearchService.Inputs.DomainMasterUserOptions: Specifies information about the master user.
SamlOptions Pulumi.AwsNative.OpenSearchService.Inputs.DomainSamlOptions: Container for information about the SAML configuration for OpenSearch Dashboards.

AnonymousAuthDisableDate string: Date and time when the migration period will be disabled. Only necessary when enabling fine-grained access control on an existing domain .
AnonymousAuthEnabled bool: True to enable a 30-day migration period during which administrators can create role mappings. Only necessary when enabling fine-grained access control on an existing domain .
Enabled bool: True to enable fine-grained access control. You must also enable encryption of data at rest and node-to-node encryption. See Fine-grained access control in Amazon OpenSearch Service .
InternalUserDatabaseEnabled bool: True to enable the internal user database.
JwtOptions DomainJwtOptions: Container for information about the JWT configuration of the Amazon OpenSearch Service.
MasterUserOptions DomainMasterUserOptions: Specifies information about the master user.
SamlOptions DomainSamlOptions: Container for information about the SAML configuration for OpenSearch Dashboards.

anonymousAuthDisableDate String: Date and time when the migration period will be disabled. Only necessary when enabling fine-grained access control on an existing domain .
anonymousAuthEnabled Boolean: True to enable a 30-day migration period during which administrators can create role mappings. Only necessary when enabling fine-grained access control on an existing domain .
enabled Boolean: True to enable fine-grained access control. You must also enable encryption of data at rest and node-to-node encryption. See Fine-grained access control in Amazon OpenSearch Service .
internalUserDatabaseEnabled Boolean: True to enable the internal user database.
jwtOptions DomainJwtOptions: Container for information about the JWT configuration of the Amazon OpenSearch Service.
masterUserOptions DomainMasterUserOptions: Specifies information about the master user.
samlOptions DomainSamlOptions: Container for information about the SAML configuration for OpenSearch Dashboards.

anonymousAuthDisableDate string: Date and time when the migration period will be disabled. Only necessary when enabling fine-grained access control on an existing domain .
anonymousAuthEnabled boolean: True to enable a 30-day migration period during which administrators can create role mappings. Only necessary when enabling fine-grained access control on an existing domain .
enabled boolean: True to enable fine-grained access control. You must also enable encryption of data at rest and node-to-node encryption. See Fine-grained access control in Amazon OpenSearch Service .
internalUserDatabaseEnabled boolean: True to enable the internal user database.
jwtOptions DomainJwtOptions: Container for information about the JWT configuration of the Amazon OpenSearch Service.
masterUserOptions DomainMasterUserOptions: Specifies information about the master user.
samlOptions DomainSamlOptions: Container for information about the SAML configuration for OpenSearch Dashboards.

anonymous_auth_disable_date str: Date and time when the migration period will be disabled. Only necessary when enabling fine-grained access control on an existing domain .
anonymous_auth_enabled bool: True to enable a 30-day migration period during which administrators can create role mappings. Only necessary when enabling fine-grained access control on an existing domain .
enabled bool: True to enable fine-grained access control. You must also enable encryption of data at rest and node-to-node encryption. See Fine-grained access control in Amazon OpenSearch Service .
internal_user_database_enabled bool: True to enable the internal user database.
jwt_options DomainJwtOptions: Container for information about the JWT configuration of the Amazon OpenSearch Service.
master_user_options DomainMasterUserOptions: Specifies information about the master user.
saml_options DomainSamlOptions: Container for information about the SAML configuration for OpenSearch Dashboards.

anonymousAuthDisableDate String: Date and time when the migration period will be disabled. Only necessary when enabling fine-grained access control on an existing domain .
anonymousAuthEnabled Boolean: True to enable a 30-day migration period during which administrators can create role mappings. Only necessary when enabling fine-grained access control on an existing domain .
enabled Boolean: True to enable fine-grained access control. You must also enable encryption of data at rest and node-to-node encryption. See Fine-grained access control in Amazon OpenSearch Service .
internalUserDatabaseEnabled Boolean: True to enable the internal user database.
jwtOptions Property Map: Container for information about the JWT configuration of the Amazon OpenSearch Service.
masterUserOptions Property Map: Specifies information about the master user.
samlOptions Property Map: Container for information about the SAML configuration for OpenSearch Dashboards.

DomainClusterConfig, DomainClusterConfigArgs

ColdStorageOptions Pulumi.AwsNative.OpenSearchService.Inputs.DomainColdStorageOptions: Container for cold storage configuration options.
DedicatedMasterCount int: The number of instances to use for the master node. If you specify this property, you must specify true for the DedicatedMasterEnabled property.
DedicatedMasterEnabled bool: Indicates whether to use a dedicated master node for the OpenSearch Service domain. A dedicated master node is a cluster node that performs cluster management tasks, but doesn't hold data or respond to data upload requests. Dedicated master nodes offload cluster management tasks to increase the stability of your search clusters. See Dedicated master nodes in Amazon OpenSearch Service .
DedicatedMasterType string: The hardware configuration of the computer that hosts the dedicated master node, such as m3.medium.search . If you specify this property, you must specify true for the DedicatedMasterEnabled property. For valid values, see Supported instance types in Amazon OpenSearch Service .
InstanceCount int: The number of data nodes (instances) to use in the OpenSearch Service domain.
InstanceType string: The instance type for your data nodes, such as m3.medium.search . For valid values, see Supported instance types in Amazon OpenSearch Service .
MultiAzWithStandbyEnabled bool: Indicates whether Multi-AZ with Standby deployment option is enabled. For more information, see Multi-AZ with Standby .
NodeOptions List<Pulumi.AwsNative.OpenSearchService.Inputs.DomainNodeOption>: List of node options for the domain.
WarmCount int: The number of warm nodes in the cluster.
WarmEnabled bool: Whether to enable UltraWarm storage for the cluster. See UltraWarm storage for Amazon OpenSearch Service .
WarmType string: The instance type for the cluster's warm nodes.
ZoneAwarenessConfig Pulumi.AwsNative.OpenSearchService.Inputs.DomainZoneAwarenessConfig: Specifies zone awareness configuration options. Only use if ZoneAwarenessEnabled is true .
ZoneAwarenessEnabled bool: Indicates whether to enable zone awareness for the OpenSearch Service domain. When you enable zone awareness, OpenSearch Service allocates the nodes and replica index shards that belong to a cluster across two Availability Zones (AZs) in the same region to prevent data loss and minimize downtime in the event of node or data center failure. Don't enable zone awareness if your cluster has no replica index shards or is a single-node cluster. For more information, see Configuring a multi-AZ domain in Amazon OpenSearch Service .

ColdStorageOptions DomainColdStorageOptions: Container for cold storage configuration options.
DedicatedMasterCount int: The number of instances to use for the master node. If you specify this property, you must specify true for the DedicatedMasterEnabled property.
DedicatedMasterEnabled bool: Indicates whether to use a dedicated master node for the OpenSearch Service domain. A dedicated master node is a cluster node that performs cluster management tasks, but doesn't hold data or respond to data upload requests. Dedicated master nodes offload cluster management tasks to increase the stability of your search clusters. See Dedicated master nodes in Amazon OpenSearch Service .
DedicatedMasterType string: The hardware configuration of the computer that hosts the dedicated master node, such as m3.medium.search . If you specify this property, you must specify true for the DedicatedMasterEnabled property. For valid values, see Supported instance types in Amazon OpenSearch Service .
InstanceCount int: The number of data nodes (instances) to use in the OpenSearch Service domain.
InstanceType string: The instance type for your data nodes, such as m3.medium.search . For valid values, see Supported instance types in Amazon OpenSearch Service .
MultiAzWithStandbyEnabled bool: Indicates whether Multi-AZ with Standby deployment option is enabled. For more information, see Multi-AZ with Standby .
NodeOptions []DomainNodeOption: List of node options for the domain.
WarmCount int: The number of warm nodes in the cluster.
WarmEnabled bool: Whether to enable UltraWarm storage for the cluster. See UltraWarm storage for Amazon OpenSearch Service .
WarmType string: The instance type for the cluster's warm nodes.
ZoneAwarenessConfig DomainZoneAwarenessConfig: Specifies zone awareness configuration options. Only use if ZoneAwarenessEnabled is true .
ZoneAwarenessEnabled bool: Indicates whether to enable zone awareness for the OpenSearch Service domain. When you enable zone awareness, OpenSearch Service allocates the nodes and replica index shards that belong to a cluster across two Availability Zones (AZs) in the same region to prevent data loss and minimize downtime in the event of node or data center failure. Don't enable zone awareness if your cluster has no replica index shards or is a single-node cluster. For more information, see Configuring a multi-AZ domain in Amazon OpenSearch Service .

coldStorageOptions DomainColdStorageOptions: Container for cold storage configuration options.
dedicatedMasterCount Integer: The number of instances to use for the master node. If you specify this property, you must specify true for the DedicatedMasterEnabled property.
dedicatedMasterEnabled Boolean: Indicates whether to use a dedicated master node for the OpenSearch Service domain. A dedicated master node is a cluster node that performs cluster management tasks, but doesn't hold data or respond to data upload requests. Dedicated master nodes offload cluster management tasks to increase the stability of your search clusters. See Dedicated master nodes in Amazon OpenSearch Service .
dedicatedMasterType String: The hardware configuration of the computer that hosts the dedicated master node, such as m3.medium.search . If you specify this property, you must specify true for the DedicatedMasterEnabled property. For valid values, see Supported instance types in Amazon OpenSearch Service .
instanceCount Integer: The number of data nodes (instances) to use in the OpenSearch Service domain.
instanceType String: The instance type for your data nodes, such as m3.medium.search . For valid values, see Supported instance types in Amazon OpenSearch Service .
multiAzWithStandbyEnabled Boolean: Indicates whether Multi-AZ with Standby deployment option is enabled. For more information, see Multi-AZ with Standby .
nodeOptions List<DomainNodeOption>: List of node options for the domain.
warmCount Integer: The number of warm nodes in the cluster.
warmEnabled Boolean: Whether to enable UltraWarm storage for the cluster. See UltraWarm storage for Amazon OpenSearch Service .
warmType String: The instance type for the cluster's warm nodes.
zoneAwarenessConfig DomainZoneAwarenessConfig: Specifies zone awareness configuration options. Only use if ZoneAwarenessEnabled is true .
zoneAwarenessEnabled Boolean: Indicates whether to enable zone awareness for the OpenSearch Service domain. When you enable zone awareness, OpenSearch Service allocates the nodes and replica index shards that belong to a cluster across two Availability Zones (AZs) in the same region to prevent data loss and minimize downtime in the event of node or data center failure. Don't enable zone awareness if your cluster has no replica index shards or is a single-node cluster. For more information, see Configuring a multi-AZ domain in Amazon OpenSearch Service .

coldStorageOptions DomainColdStorageOptions: Container for cold storage configuration options.
dedicatedMasterCount number: The number of instances to use for the master node. If you specify this property, you must specify true for the DedicatedMasterEnabled property.
dedicatedMasterEnabled boolean: Indicates whether to use a dedicated master node for the OpenSearch Service domain. A dedicated master node is a cluster node that performs cluster management tasks, but doesn't hold data or respond to data upload requests. Dedicated master nodes offload cluster management tasks to increase the stability of your search clusters. See Dedicated master nodes in Amazon OpenSearch Service .
dedicatedMasterType string: The hardware configuration of the computer that hosts the dedicated master node, such as m3.medium.search . If you specify this property, you must specify true for the DedicatedMasterEnabled property. For valid values, see Supported instance types in Amazon OpenSearch Service .
instanceCount number: The number of data nodes (instances) to use in the OpenSearch Service domain.
instanceType string: The instance type for your data nodes, such as m3.medium.search . For valid values, see Supported instance types in Amazon OpenSearch Service .
multiAzWithStandbyEnabled boolean: Indicates whether Multi-AZ with Standby deployment option is enabled. For more information, see Multi-AZ with Standby .
nodeOptions DomainNodeOption[]: List of node options for the domain.
warmCount number: The number of warm nodes in the cluster.
warmEnabled boolean: Whether to enable UltraWarm storage for the cluster. See UltraWarm storage for Amazon OpenSearch Service .
warmType string: The instance type for the cluster's warm nodes.
zoneAwarenessConfig DomainZoneAwarenessConfig: Specifies zone awareness configuration options. Only use if ZoneAwarenessEnabled is true .
zoneAwarenessEnabled boolean: Indicates whether to enable zone awareness for the OpenSearch Service domain. When you enable zone awareness, OpenSearch Service allocates the nodes and replica index shards that belong to a cluster across two Availability Zones (AZs) in the same region to prevent data loss and minimize downtime in the event of node or data center failure. Don't enable zone awareness if your cluster has no replica index shards or is a single-node cluster. For more information, see Configuring a multi-AZ domain in Amazon OpenSearch Service .

cold_storage_options DomainColdStorageOptions: Container for cold storage configuration options.
dedicated_master_count int: The number of instances to use for the master node. If you specify this property, you must specify true for the DedicatedMasterEnabled property.
dedicated_master_enabled bool: Indicates whether to use a dedicated master node for the OpenSearch Service domain. A dedicated master node is a cluster node that performs cluster management tasks, but doesn't hold data or respond to data upload requests. Dedicated master nodes offload cluster management tasks to increase the stability of your search clusters. See Dedicated master nodes in Amazon OpenSearch Service .
dedicated_master_type str: The hardware configuration of the computer that hosts the dedicated master node, such as m3.medium.search . If you specify this property, you must specify true for the DedicatedMasterEnabled property. For valid values, see Supported instance types in Amazon OpenSearch Service .
instance_count int: The number of data nodes (instances) to use in the OpenSearch Service domain.
instance_type str: The instance type for your data nodes, such as m3.medium.search . For valid values, see Supported instance types in Amazon OpenSearch Service .
multi_az_with_standby_enabled bool: Indicates whether Multi-AZ with Standby deployment option is enabled. For more information, see Multi-AZ with Standby .
node_options Sequence[DomainNodeOption]: List of node options for the domain.
warm_count int: The number of warm nodes in the cluster.
warm_enabled bool: Whether to enable UltraWarm storage for the cluster. See UltraWarm storage for Amazon OpenSearch Service .
warm_type str: The instance type for the cluster's warm nodes.
zone_awareness_config DomainZoneAwarenessConfig: Specifies zone awareness configuration options. Only use if ZoneAwarenessEnabled is true .
zone_awareness_enabled bool: Indicates whether to enable zone awareness for the OpenSearch Service domain. When you enable zone awareness, OpenSearch Service allocates the nodes and replica index shards that belong to a cluster across two Availability Zones (AZs) in the same region to prevent data loss and minimize downtime in the event of node or data center failure. Don't enable zone awareness if your cluster has no replica index shards or is a single-node cluster. For more information, see Configuring a multi-AZ domain in Amazon OpenSearch Service .

coldStorageOptions Property Map: Container for cold storage configuration options.
dedicatedMasterCount Number: The number of instances to use for the master node. If you specify this property, you must specify true for the DedicatedMasterEnabled property.
dedicatedMasterEnabled Boolean: Indicates whether to use a dedicated master node for the OpenSearch Service domain. A dedicated master node is a cluster node that performs cluster management tasks, but doesn't hold data or respond to data upload requests. Dedicated master nodes offload cluster management tasks to increase the stability of your search clusters. See Dedicated master nodes in Amazon OpenSearch Service .
dedicatedMasterType String: The hardware configuration of the computer that hosts the dedicated master node, such as m3.medium.search . If you specify this property, you must specify true for the DedicatedMasterEnabled property. For valid values, see Supported instance types in Amazon OpenSearch Service .
instanceCount Number: The number of data nodes (instances) to use in the OpenSearch Service domain.
instanceType String: The instance type for your data nodes, such as m3.medium.search . For valid values, see Supported instance types in Amazon OpenSearch Service .
multiAzWithStandbyEnabled Boolean: Indicates whether Multi-AZ with Standby deployment option is enabled. For more information, see Multi-AZ with Standby .
nodeOptions List<Property Map>: List of node options for the domain.
warmCount Number: The number of warm nodes in the cluster.
warmEnabled Boolean: Whether to enable UltraWarm storage for the cluster. See UltraWarm storage for Amazon OpenSearch Service .
warmType String: The instance type for the cluster's warm nodes.
zoneAwarenessConfig Property Map: Specifies zone awareness configuration options. Only use if ZoneAwarenessEnabled is true .
zoneAwarenessEnabled Boolean: Indicates whether to enable zone awareness for the OpenSearch Service domain. When you enable zone awareness, OpenSearch Service allocates the nodes and replica index shards that belong to a cluster across two Availability Zones (AZs) in the same region to prevent data loss and minimize downtime in the event of node or data center failure. Don't enable zone awareness if your cluster has no replica index shards or is a single-node cluster. For more information, see Configuring a multi-AZ domain in Amazon OpenSearch Service .

DomainCognitoOptions, DomainCognitoOptionsArgs

Enabled bool

Whether to enable or disable Amazon Cognito authentication for OpenSearch Dashboards. See Amazon Cognito authentication for OpenSearch Dashboards .

IdentityPoolId string

The Amazon Cognito identity pool ID that you want OpenSearch Service to use for OpenSearch Dashboards authentication.