Docs Home
AWS v6.73.0 published on Wednesday, Mar 19, 2025 by Pulumi
aws.opensearch.ServerlessSecurityPolicy
Explore with Pulumi AI
Resource for managing an AWS OpenSearch Serverless Security Policy. See AWS documentation for encryption policies and network policies.
Example Usage
Encryption Security Policy
Applies to a single collection
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.opensearch.ServerlessSecurityPolicy("example", {
name: "example",
type: "encryption",
description: "encryption security policy for example-collection",
policy: JSON.stringify({
Rules: [{
Resource: ["collection/example-collection"],
ResourceType: "collection",
}],
AWSOwnedKey: true,
}),
});
import pulumi
import json
import pulumi_aws as aws
example = aws.opensearch.ServerlessSecurityPolicy("example",
name="example",
type="encryption",
description="encryption security policy for example-collection",
policy=json.dumps({
"Rules": [{
"Resource": ["collection/example-collection"],
"ResourceType": "collection",
}],
"AWSOwnedKey": True,
}))
package main
import (
"encoding/json"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
tmpJSON0, err := json.Marshal(map[string]interface{}{
"Rules": []map[string]interface{}{
map[string]interface{}{
"Resource": []string{
"collection/example-collection",
},
"ResourceType": "collection",
},
},
"AWSOwnedKey": true,
})
if err != nil {
return err
}
json0 := string(tmpJSON0)
_, err = opensearch.NewServerlessSecurityPolicy(ctx, "example", &opensearch.ServerlessSecurityPolicyArgs{
Name: pulumi.String("example"),
Type: pulumi.String("encryption"),
Description: pulumi.String("encryption security policy for example-collection"),
Policy: pulumi.String(json0),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.OpenSearch.ServerlessSecurityPolicy("example", new()
{
Name = "example",
Type = "encryption",
Description = "encryption security policy for example-collection",
Policy = JsonSerializer.Serialize(new Dictionary<string, object?>
{
["Rules"] = new[]
{
new Dictionary<string, object?>
{
["Resource"] = new[]
{
"collection/example-collection",
},
["ResourceType"] = "collection",
},
},
["AWSOwnedKey"] = true,
}),
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.opensearch.ServerlessSecurityPolicy;
import com.pulumi.aws.opensearch.ServerlessSecurityPolicyArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new ServerlessSecurityPolicy("example", ServerlessSecurityPolicyArgs.builder()
.name("example")
.type("encryption")
.description("encryption security policy for example-collection")
.policy(serializeJson(
jsonObject(
jsonProperty("Rules", jsonArray(jsonObject(
jsonProperty("Resource", jsonArray("collection/example-collection")),
jsonProperty("ResourceType", "collection")
))),
jsonProperty("AWSOwnedKey", true)
)))
.build());
}
}
resources:
example:
type: aws:opensearch:ServerlessSecurityPolicy
properties:
name: example
type: encryption
description: encryption security policy for example-collection
policy:
fn::toJSON:
Rules:
- Resource:
- collection/example-collection
ResourceType: collection
AWSOwnedKey: true
Applies to multiple collections
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.opensearch.ServerlessSecurityPolicy("example", {
name: "example",
type: "encryption",
description: "encryption security policy for collections that begin with \"example\"",
policy: JSON.stringify({
Rules: [{
Resource: ["collection/example*"],
ResourceType: "collection",
}],
AWSOwnedKey: true,
}),
});
import pulumi
import json
import pulumi_aws as aws
example = aws.opensearch.ServerlessSecurityPolicy("example",
name="example",
type="encryption",
description="encryption security policy for collections that begin with \"example\"",
policy=json.dumps({
"Rules": [{
"Resource": ["collection/example*"],
"ResourceType": "collection",
}],
"AWSOwnedKey": True,
}))
package main
import (
"encoding/json"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
tmpJSON0, err := json.Marshal(map[string]interface{}{
"Rules": []map[string]interface{}{
map[string]interface{}{
"Resource": []string{
"collection/example*",
},
"ResourceType": "collection",
},
},
"AWSOwnedKey": true,
})
if err != nil {
return err
}
json0 := string(tmpJSON0)
_, err = opensearch.NewServerlessSecurityPolicy(ctx, "example", &opensearch.ServerlessSecurityPolicyArgs{
Name: pulumi.String("example"),
Type: pulumi.String("encryption"),
Description: pulumi.String("encryption security policy for collections that begin with \"example\""),
Policy: pulumi.String(json0),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.OpenSearch.ServerlessSecurityPolicy("example", new()
{
Name = "example",
Type = "encryption",
Description = "encryption security policy for collections that begin with \"example\"",
Policy = JsonSerializer.Serialize(new Dictionary<string, object?>
{
["Rules"] = new[]
{
new Dictionary<string, object?>
{
["Resource"] = new[]
{
"collection/example*",
},
["ResourceType"] = "collection",
},
},
["AWSOwnedKey"] = true,
}),
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.opensearch.ServerlessSecurityPolicy;
import com.pulumi.aws.opensearch.ServerlessSecurityPolicyArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new ServerlessSecurityPolicy("example", ServerlessSecurityPolicyArgs.builder()
.name("example")
.type("encryption")
.description("encryption security policy for collections that begin with \"example\"")
.policy(serializeJson(
jsonObject(
jsonProperty("Rules", jsonArray(jsonObject(
jsonProperty("Resource", jsonArray("collection/example*")),
jsonProperty("ResourceType", "collection")
))),
jsonProperty("AWSOwnedKey", true)
)))
.build());
}
}
resources:
example:
type: aws:opensearch:ServerlessSecurityPolicy
properties:
name: example
type: encryption
description: encryption security policy for collections that begin with "example"
policy:
fn::toJSON:
Rules:
- Resource:
- collection/example*
ResourceType: collection
AWSOwnedKey: true
Using a customer managed key
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.opensearch.ServerlessSecurityPolicy("example", {
name: "example",
type: "encryption",
description: "encryption security policy using customer KMS key",
policy: JSON.stringify({
Rules: [{
Resource: ["collection/customer-managed-key-collection"],
ResourceType: "collection",
}],
AWSOwnedKey: false,
KmsARN: "arn:aws:kms:us-east-1:123456789012:key/93fd6da4-a317-4c17-bfe9-382b5d988b36",
}),
});
import pulumi
import json
import pulumi_aws as aws
example = aws.opensearch.ServerlessSecurityPolicy("example",
name="example",
type="encryption",
description="encryption security policy using customer KMS key",
policy=json.dumps({
"Rules": [{
"Resource": ["collection/customer-managed-key-collection"],
"ResourceType": "collection",
}],
"AWSOwnedKey": False,
"KmsARN": "arn:aws:kms:us-east-1:123456789012:key/93fd6da4-a317-4c17-bfe9-382b5d988b36",
}))
package main
import (
"encoding/json"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
tmpJSON0, err := json.Marshal(map[string]interface{}{
"Rules": []map[string]interface{}{
map[string]interface{}{
"Resource": []string{
"collection/customer-managed-key-collection",
},
"ResourceType": "collection",
},
},
"AWSOwnedKey": false,
"KmsARN": "arn:aws:kms:us-east-1:123456789012:key/93fd6da4-a317-4c17-bfe9-382b5d988b36",
})
if err != nil {
return err
}
json0 := string(tmpJSON0)
_, err = opensearch.NewServerlessSecurityPolicy(ctx, "example", &opensearch.ServerlessSecurityPolicyArgs{
Name: pulumi.String("example"),
Type: pulumi.String("encryption"),
Description: pulumi.String("encryption security policy using customer KMS key"),
Policy: pulumi.String(json0),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.OpenSearch.ServerlessSecurityPolicy("example", new()
{
Name = "example",
Type = "encryption",
Description = "encryption security policy using customer KMS key",
Policy = JsonSerializer.Serialize(new Dictionary<string, object?>
{
["Rules"] = new[]
{
new Dictionary<string, object?>
{
["Resource"] = new[]
{
"collection/customer-managed-key-collection",
},
["ResourceType"] = "collection",
},
},
["AWSOwnedKey"] = false,
["KmsARN"] = "arn:aws:kms:us-east-1:123456789012:key/93fd6da4-a317-4c17-bfe9-382b5d988b36",
}),
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.opensearch.ServerlessSecurityPolicy;
import com.pulumi.aws.opensearch.ServerlessSecurityPolicyArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new ServerlessSecurityPolicy("example", ServerlessSecurityPolicyArgs.builder()
.name("example")
.type("encryption")
.description("encryption security policy using customer KMS key")
.policy(serializeJson(
jsonObject(
jsonProperty("Rules", jsonArray(jsonObject(
jsonProperty("Resource", jsonArray("collection/customer-managed-key-collection")),
jsonProperty("ResourceType", "collection")
))),
jsonProperty("AWSOwnedKey", false),
jsonProperty("KmsARN", "arn:aws:kms:us-east-1:123456789012:key/93fd6da4-a317-4c17-bfe9-382b5d988b36")
)))
.build());
}
}
resources:
example:
type: aws:opensearch:ServerlessSecurityPolicy
properties:
name: example
type: encryption
description: encryption security policy using customer KMS key
policy:
fn::toJSON:
Rules:
- Resource:
- collection/customer-managed-key-collection
ResourceType: collection
AWSOwnedKey: false
KmsARN: arn:aws:kms:us-east-1:123456789012:key/93fd6da4-a317-4c17-bfe9-382b5d988b36
Network Security Policy
Allow public access to the collection endpoint and the Dashboards endpoint
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.opensearch.ServerlessSecurityPolicy("example", {
name: "example",
type: "network",
description: "Public access",
policy: JSON.stringify([{
Description: "Public access to collection and Dashboards endpoint for example collection",
Rules: [
{
ResourceType: "collection",
Resource: ["collection/example-collection"],
},
{
ResourceType: "dashboard",
Resource: ["collection/example-collection"],
},
],
AllowFromPublic: true,
}]),
});
import pulumi
import json
import pulumi_aws as aws
example = aws.opensearch.ServerlessSecurityPolicy("example",
name="example",
type="network",
description="Public access",
policy=json.dumps([{
"Description": "Public access to collection and Dashboards endpoint for example collection",
"Rules": [
{
"ResourceType": "collection",
"Resource": ["collection/example-collection"],
},
{
"ResourceType": "dashboard",
"Resource": ["collection/example-collection"],
},
],
"AllowFromPublic": True,
}]))
package main
import (
"encoding/json"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
tmpJSON0, err := json.Marshal([]map[string]interface{}{
map[string]interface{}{
"Description": "Public access to collection and Dashboards endpoint for example collection",
"Rules": []map[string]interface{}{
map[string]interface{}{
"ResourceType": "collection",
"Resource": []string{
"collection/example-collection",
},
},
map[string]interface{}{
"ResourceType": "dashboard",
"Resource": []string{
"collection/example-collection",
},
},
},
"AllowFromPublic": true,
},
})
if err != nil {
return err
}
json0 := string(tmpJSON0)
_, err = opensearch.NewServerlessSecurityPolicy(ctx, "example", &opensearch.ServerlessSecurityPolicyArgs{
Name: pulumi.String("example"),
Type: pulumi.String("network"),
Description: pulumi.String("Public access"),
Policy: pulumi.String(json0),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.OpenSearch.ServerlessSecurityPolicy("example", new()
{
Name = "example",
Type = "network",
Description = "Public access",
Policy = JsonSerializer.Serialize(new[]
{
new Dictionary<string, object?>
{
["Description"] = "Public access to collection and Dashboards endpoint for example collection",
["Rules"] = new[]
{
new Dictionary<string, object?>
{
["ResourceType"] = "collection",
["Resource"] = new[]
{
"collection/example-collection",
},
},
new Dictionary<string, object?>
{
["ResourceType"] = "dashboard",
["Resource"] = new[]
{
"collection/example-collection",
},
},
},
["AllowFromPublic"] = true,
},
}),
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.opensearch.ServerlessSecurityPolicy;
import com.pulumi.aws.opensearch.ServerlessSecurityPolicyArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new ServerlessSecurityPolicy("example", ServerlessSecurityPolicyArgs.builder()
.name("example")
.type("network")
.description("Public access")
.policy(serializeJson(
jsonArray(jsonObject(
jsonProperty("Description", "Public access to collection and Dashboards endpoint for example collection"),
jsonProperty("Rules", jsonArray(
jsonObject(
jsonProperty("ResourceType", "collection"),
jsonProperty("Resource", jsonArray("collection/example-collection"))
),
jsonObject(
jsonProperty("ResourceType", "dashboard"),
jsonProperty("Resource", jsonArray("collection/example-collection"))
)
)),
jsonProperty("AllowFromPublic", true)
))))
.build());
}
}
resources:
example:
type: aws:opensearch:ServerlessSecurityPolicy
properties:
name: example
type: network
description: Public access
policy:
fn::toJSON:
- Description: Public access to collection and Dashboards endpoint for example collection
Rules:
- ResourceType: collection
Resource:
- collection/example-collection
- ResourceType: dashboard
Resource:
- collection/example-collection
AllowFromPublic: true
Allow VPC access to the collection endpoint and the Dashboards endpoint
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.opensearch.ServerlessSecurityPolicy("example", {
name: "example",
type: "network",
description: "VPC access",
policy: JSON.stringify([{
Description: "VPC access to collection and Dashboards endpoint for example collection",
Rules: [
{
ResourceType: "collection",
Resource: ["collection/example-collection"],
},
{
ResourceType: "dashboard",
Resource: ["collection/example-collection"],
},
],
AllowFromPublic: false,
SourceVPCEs: ["vpce-050f79086ee71ac05"],
}]),
});
import pulumi
import json
import pulumi_aws as aws
example = aws.opensearch.ServerlessSecurityPolicy("example",
name="example",
type="network",
description="VPC access",
policy=json.dumps([{
"Description": "VPC access to collection and Dashboards endpoint for example collection",
"Rules": [
{
"ResourceType": "collection",
"Resource": ["collection/example-collection"],
},
{
"ResourceType": "dashboard",
"Resource": ["collection/example-collection"],
},
],
"AllowFromPublic": False,
"SourceVPCEs": ["vpce-050f79086ee71ac05"],
}]))
package main
import (
"encoding/json"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
tmpJSON0, err := json.Marshal([]map[string]interface{}{
map[string]interface{}{
"Description": "VPC access to collection and Dashboards endpoint for example collection",
"Rules": []map[string]interface{}{
map[string]interface{}{
"ResourceType": "collection",
"Resource": []string{
"collection/example-collection",
},
},
map[string]interface{}{
"ResourceType": "dashboard",
"Resource": []string{
"collection/example-collection",
},
},
},
"AllowFromPublic": false,
"SourceVPCEs": []string{
"vpce-050f79086ee71ac05",
},
},
})
if err != nil {
return err
}
json0 := string(tmpJSON0)
_, err = opensearch.NewServerlessSecurityPolicy(ctx, "example", &opensearch.ServerlessSecurityPolicyArgs{
Name: pulumi.String("example"),
Type: pulumi.String("network"),
Description: pulumi.String("VPC access"),
Policy: pulumi.String(json0),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.OpenSearch.ServerlessSecurityPolicy("example", new()
{
Name = "example",
Type = "network",
Description = "VPC access",
Policy = JsonSerializer.Serialize(new[]
{
new Dictionary<string, object?>
{
["Description"] = "VPC access to collection and Dashboards endpoint for example collection",
["Rules"] = new[]
{
new Dictionary<string, object?>
{
["ResourceType"] = "collection",
["Resource"] = new[]
{
"collection/example-collection",
},
},
new Dictionary<string, object?>
{
["ResourceType"] = "dashboard",
["Resource"] = new[]
{
"collection/example-collection",
},
},
},
["AllowFromPublic"] = false,
["SourceVPCEs"] = new[]
{
"vpce-050f79086ee71ac05",
},
},
}),
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.opensearch.ServerlessSecurityPolicy;
import com.pulumi.aws.opensearch.ServerlessSecurityPolicyArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new ServerlessSecurityPolicy("example", ServerlessSecurityPolicyArgs.builder()
.name("example")
.type("network")
.description("VPC access")
.policy(serializeJson(
jsonArray(jsonObject(
jsonProperty("Description", "VPC access to collection and Dashboards endpoint for example collection"),
jsonProperty("Rules", jsonArray(
jsonObject(
jsonProperty("ResourceType", "collection"),
jsonProperty("Resource", jsonArray("collection/example-collection"))
),
jsonObject(
jsonProperty("ResourceType", "dashboard"),
jsonProperty("Resource", jsonArray("collection/example-collection"))
)
)),
jsonProperty("AllowFromPublic", false),
jsonProperty("SourceVPCEs", jsonArray("vpce-050f79086ee71ac05"))
))))
.build());
}
}
resources:
example:
type: aws:opensearch:ServerlessSecurityPolicy
properties:
name: example
type: network
description: VPC access
policy:
fn::toJSON:
- Description: VPC access to collection and Dashboards endpoint for example collection
Rules:
- ResourceType: collection
Resource:
- collection/example-collection
- ResourceType: dashboard
Resource:
- collection/example-collection
AllowFromPublic: false
SourceVPCEs:
- vpce-050f79086ee71ac05
Mixed access for different collections
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.opensearch.ServerlessSecurityPolicy("example", {
name: "example",
type: "network",
description: "Mixed access for marketing and sales",
policy: JSON.stringify([
{
Description: "Marketing access",
Rules: [
{
ResourceType: "collection",
Resource: ["collection/marketing*"],
},
{
ResourceType: "dashboard",
Resource: ["collection/marketing*"],
},
],
AllowFromPublic: false,
SourceVPCEs: ["vpce-050f79086ee71ac05"],
},
{
Description: "Sales access",
Rules: [{
ResourceType: "collection",
Resource: ["collection/finance"],
}],
AllowFromPublic: true,
},
]),
});
import pulumi
import json
import pulumi_aws as aws
example = aws.opensearch.ServerlessSecurityPolicy("example",
name="example",
type="network",
description="Mixed access for marketing and sales",
policy=json.dumps([
{
"Description": "Marketing access",
"Rules": [
{
"ResourceType": "collection",
"Resource": ["collection/marketing*"],
},
{
"ResourceType": "dashboard",
"Resource": ["collection/marketing*"],
},
],
"AllowFromPublic": False,
"SourceVPCEs": ["vpce-050f79086ee71ac05"],
},
{
"Description": "Sales access",
"Rules": [{
"ResourceType": "collection",
"Resource": ["collection/finance"],
}],
"AllowFromPublic": True,
},
]))
package main
import (
"encoding/json"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
tmpJSON0, err := json.Marshal([]interface{}{
map[string]interface{}{
"Description": "Marketing access",
"Rules": []map[string]interface{}{
map[string]interface{}{
"ResourceType": "collection",
"Resource": []string{
"collection/marketing*",
},
},
map[string]interface{}{
"ResourceType": "dashboard",
"Resource": []string{
"collection/marketing*",
},
},
},
"AllowFromPublic": false,
"SourceVPCEs": []string{
"vpce-050f79086ee71ac05",
},
},
map[string]interface{}{
"Description": "Sales access",
"Rules": []map[string]interface{}{
map[string]interface{}{
"ResourceType": "collection",
"Resource": []string{
"collection/finance",
},
},
},
"AllowFromPublic": true,
},
})
if err != nil {
return err
}
json0 := string(tmpJSON0)
_, err = opensearch.NewServerlessSecurityPolicy(ctx, "example", &opensearch.ServerlessSecurityPolicyArgs{
Name: pulumi.String("example"),
Type: pulumi.String("network"),
Description: pulumi.String("Mixed access for marketing and sales"),
Policy: pulumi.String(json0),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.OpenSearch.ServerlessSecurityPolicy("example", new()
{
Name = "example",
Type = "network",
Description = "Mixed access for marketing and sales",
Policy = JsonSerializer.Serialize(new[]
{
new Dictionary<string, object?>
{
["Description"] = "Marketing access",
["Rules"] = new[]
{
new Dictionary<string, object?>
{
["ResourceType"] = "collection",
["Resource"] = new[]
{
"collection/marketing*",
},
},
new Dictionary<string, object?>
{
["ResourceType"] = "dashboard",
["Resource"] = new[]
{
"collection/marketing*",
},
},
},
["AllowFromPublic"] = false,
["SourceVPCEs"] = new[]
{
"vpce-050f79086ee71ac05",
},
},
new Dictionary<string, object?>
{
["Description"] = "Sales access",
["Rules"] = new[]
{
new Dictionary<string, object?>
{
["ResourceType"] = "collection",
["Resource"] = new[]
{
"collection/finance",
},
},
},
["AllowFromPublic"] = true,
},
}),
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.opensearch.ServerlessSecurityPolicy;
import com.pulumi.aws.opensearch.ServerlessSecurityPolicyArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new ServerlessSecurityPolicy("example", ServerlessSecurityPolicyArgs.builder()
.name("example")
.type("network")
.description("Mixed access for marketing and sales")
.policy(serializeJson(
jsonArray(
jsonObject(
jsonProperty("Description", "Marketing access"),
jsonProperty("Rules", jsonArray(
jsonObject(
jsonProperty("ResourceType", "collection"),
jsonProperty("Resource", jsonArray("collection/marketing*"))
),
jsonObject(
jsonProperty("ResourceType", "dashboard"),
jsonProperty("Resource", jsonArray("collection/marketing*"))
)
)),
jsonProperty("AllowFromPublic", false),
jsonProperty("SourceVPCEs", jsonArray("vpce-050f79086ee71ac05"))
),
jsonObject(
jsonProperty("Description", "Sales access"),
jsonProperty("Rules", jsonArray(jsonObject(
jsonProperty("ResourceType", "collection"),
jsonProperty("Resource", jsonArray("collection/finance"))
))),
jsonProperty("AllowFromPublic", true)
)
)))
.build());
}
}
resources:
example:
type: aws:opensearch:ServerlessSecurityPolicy
properties:
name: example
type: network
description: Mixed access for marketing and sales
policy:
fn::toJSON:
- Description: Marketing access
Rules:
- ResourceType: collection
Resource:
- collection/marketing*
- ResourceType: dashboard
Resource:
- collection/marketing*
AllowFromPublic: false
SourceVPCEs:
- vpce-050f79086ee71ac05
- Description: Sales access
Rules:
- ResourceType: collection
Resource:
- collection/finance
AllowFromPublic: true
Create ServerlessSecurityPolicy Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ServerlessSecurityPolicy(name: string, args: ServerlessSecurityPolicyArgs, opts?: CustomResourceOptions);@overload
def ServerlessSecurityPolicy(resource_name: str,
args: ServerlessSecurityPolicyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def ServerlessSecurityPolicy(resource_name: str,
opts: Optional[ResourceOptions] = None,
policy: Optional[str] = None,
type: Optional[str] = None,
description: Optional[str] = None,
name: Optional[str] = None)func NewServerlessSecurityPolicy(ctx *Context, name string, args ServerlessSecurityPolicyArgs, opts ...ResourceOption) (*ServerlessSecurityPolicy, error)public ServerlessSecurityPolicy(string name, ServerlessSecurityPolicyArgs args, CustomResourceOptions? opts = null)
public ServerlessSecurityPolicy(String name, ServerlessSecurityPolicyArgs args)
public ServerlessSecurityPolicy(String name, ServerlessSecurityPolicyArgs args, CustomResourceOptions options)
type: aws:opensearch:ServerlessSecurityPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ServerlessSecurityPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ServerlessSecurityPolicyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ServerlessSecurityPolicyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ServerlessSecurityPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ServerlessSecurityPolicyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var serverlessSecurityPolicyResource = new Aws.OpenSearch.ServerlessSecurityPolicy("serverlessSecurityPolicyResource", new()
{
Policy = "string",
Type = "string",
Description = "string",
Name = "string",
});
example, err := opensearch.NewServerlessSecurityPolicy(ctx, "serverlessSecurityPolicyResource", &opensearch.ServerlessSecurityPolicyArgs{
Policy: pulumi.String("string"),
Type: pulumi.String("string"),
Description: pulumi.String("string"),
Name: pulumi.String("string"),
})
var serverlessSecurityPolicyResource = new ServerlessSecurityPolicy("serverlessSecurityPolicyResource", ServerlessSecurityPolicyArgs.builder()
.policy("string")
.type("string")
.description("string")
.name("string")
.build());
serverless_security_policy_resource = aws.opensearch.ServerlessSecurityPolicy("serverlessSecurityPolicyResource",
policy="string",
type="string",
description="string",
name="string")
const serverlessSecurityPolicyResource = new aws.opensearch.ServerlessSecurityPolicy("serverlessSecurityPolicyResource", {
policy: "string",
type: "string",
description: "string",
name: "string",
});
type: aws:opensearch:ServerlessSecurityPolicy
properties:
description: string
name: string
policy: string
type: string
ServerlessSecurityPolicy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The ServerlessSecurityPolicy resource accepts the following input properties:
- Policy string
- JSON policy document to use as the content for the new policy
- Type string
Type of security policy. One of
encryptionornetwork.The following arguments are optional:
- Description string
- Description of the policy. Typically used to store information about the permissions defined in the policy.
- Name string
- Name of the policy.
- Policy string
- JSON policy document to use as the content for the new policy
- Type string
Type of security policy. One of
encryptionornetwork.The following arguments are optional:
- Description string
- Description of the policy. Typically used to store information about the permissions defined in the policy.
- Name string
- Name of the policy.
- policy String
- JSON policy document to use as the content for the new policy
- type String
Type of security policy. One of
encryptionornetwork.The following arguments are optional:
- description String
- Description of the policy. Typically used to store information about the permissions defined in the policy.
- name String
- Name of the policy.
- policy string
- JSON policy document to use as the content for the new policy
- type string
Type of security policy. One of
encryptionornetwork.The following arguments are optional:
- description string
- Description of the policy. Typically used to store information about the permissions defined in the policy.
- name string
- Name of the policy.
- policy str
- JSON policy document to use as the content for the new policy
- type str
Type of security policy. One of
encryptionornetwork.The following arguments are optional:
- description str
- Description of the policy. Typically used to store information about the permissions defined in the policy.
- name str
- Name of the policy.
- policy String
- JSON policy document to use as the content for the new policy
- type String
Type of security policy. One of
encryptionornetwork.The following arguments are optional:
- description String
- Description of the policy. Typically used to store information about the permissions defined in the policy.
- name String
- Name of the policy.
Outputs
All input properties are implicitly available as output properties. Additionally, the ServerlessSecurityPolicy resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Policy
Version string - Version of the policy.
- Id string
- The provider-assigned unique ID for this managed resource.
- Policy
Version string - Version of the policy.
- id String
- The provider-assigned unique ID for this managed resource.
- policy
Version String - Version of the policy.
- id string
- The provider-assigned unique ID for this managed resource.
- policy
Version string - Version of the policy.
- id str
- The provider-assigned unique ID for this managed resource.
- policy_
version str - Version of the policy.
- id String
- The provider-assigned unique ID for this managed resource.
- policy
Version String - Version of the policy.
Look up Existing ServerlessSecurityPolicy Resource
Get an existing ServerlessSecurityPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ServerlessSecurityPolicyState, opts?: CustomResourceOptions): ServerlessSecurityPolicy@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
description: Optional[str] = None,
name: Optional[str] = None,
policy: Optional[str] = None,
policy_version: Optional[str] = None,
type: Optional[str] = None) -> ServerlessSecurityPolicyfunc GetServerlessSecurityPolicy(ctx *Context, name string, id IDInput, state *ServerlessSecurityPolicyState, opts ...ResourceOption) (*ServerlessSecurityPolicy, error)public static ServerlessSecurityPolicy Get(string name, Input<string> id, ServerlessSecurityPolicyState? state, CustomResourceOptions? opts = null)public static ServerlessSecurityPolicy get(String name, Output<String> id, ServerlessSecurityPolicyState state, CustomResourceOptions options)resources: _: type: aws:opensearch:ServerlessSecurityPolicy get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Description string
- Description of the policy. Typically used to store information about the permissions defined in the policy.
- Name string
- Name of the policy.
- Policy string
- JSON policy document to use as the content for the new policy
- Policy
Version string - Version of the policy.
- Type string
Type of security policy. One of
encryptionornetwork.The following arguments are optional:
- Description string
- Description of the policy. Typically used to store information about the permissions defined in the policy.
- Name string
- Name of the policy.
- Policy string
- JSON policy document to use as the content for the new policy
- Policy
Version string - Version of the policy.
- Type string
Type of security policy. One of
encryptionornetwork.The following arguments are optional:
- description String
- Description of the policy. Typically used to store information about the permissions defined in the policy.
- name String
- Name of the policy.
- policy String
- JSON policy document to use as the content for the new policy
- policy
Version String - Version of the policy.
- type String
Type of security policy. One of
encryptionornetwork.The following arguments are optional:
- description string
- Description of the policy. Typically used to store information about the permissions defined in the policy.
- name string
- Name of the policy.
- policy string
- JSON policy document to use as the content for the new policy
- policy
Version string - Version of the policy.
- type string
Type of security policy. One of
encryptionornetwork.The following arguments are optional:
- description str
- Description of the policy. Typically used to store information about the permissions defined in the policy.
- name str
- Name of the policy.
- policy str
- JSON policy document to use as the content for the new policy
- policy_
version str - Version of the policy.
- type str
Type of security policy. One of
encryptionornetwork.The following arguments are optional:
- description String
- Description of the policy. Typically used to store information about the permissions defined in the policy.
- name String
- Name of the policy.
- policy String
- JSON policy document to use as the content for the new policy
- policy
Version String - Version of the policy.
- type String
Type of security policy. One of
encryptionornetwork.The following arguments are optional:
Import
Using pulumi import, import OpenSearchServerless Security Policy using the name and type arguments separated by a slash (/). For example:
$ pulumi import aws:opensearch/serverlessSecurityPolicy:ServerlessSecurityPolicy example example/encryption
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
awsTerraform Provider.