Class: AWSCDK::OpenSearchService::CfnDomain::AdvancedSecurityOptionsInputProperty

Inherits:
Jsii::Struct
  • Object
show all
Defined in:
open_search_service/cfn_domain.rb

Overview

Specifies options for fine-grained access control.

If you specify advanced security options, you must also enable node-to-node encryption ( NodeToNodeEncryptionOptions ) and encryption at rest ( EncryptionAtRestOptions ). You must also enable EnforceHTTPS within DomainEndpointOptions , which requires HTTPS for all traffic to the domain.

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(anonymous_auth_disable_date: nil, anonymous_auth_enabled: nil, enabled: nil, iam_federation_options: nil, internal_user_database_enabled: nil, jwt_options: nil, master_user_options: nil, saml_options: nil) ⇒ AdvancedSecurityOptionsInputProperty

Returns a new instance of AdvancedSecurityOptionsInputProperty.

Parameters:



1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
# File 'open_search_service/cfn_domain.rb', line 1009

def initialize(anonymous_auth_disable_date: nil, anonymous_auth_enabled: nil, enabled: nil, iam_federation_options: nil, internal_user_database_enabled: nil, jwt_options: nil, master_user_options: nil, saml_options: nil)
  @anonymous_auth_disable_date = anonymous_auth_disable_date
  Jsii::Type.check_type(@anonymous_auth_disable_date, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "anonymousAuthDisableDate") unless @anonymous_auth_disable_date.nil?
  @anonymous_auth_enabled = anonymous_auth_enabled
  Jsii::Type.check_type(@anonymous_auth_enabled, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3sicHJpbWl0aXZlIjoiYm9vbGVhbiJ9LHsiZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifV19fQ==")), "anonymousAuthEnabled") unless @anonymous_auth_enabled.nil?
  @enabled = enabled
  Jsii::Type.check_type(@enabled, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3sicHJpbWl0aXZlIjoiYm9vbGVhbiJ9LHsiZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifV19fQ==")), "enabled") unless @enabled.nil?
  @iam_federation_options = iam_federation_options.is_a?(Hash) ? ::AWSCDK::OpenSearchService::CfnDomain::IAMFederationOptionsProperty.new(**iam_federation_options.transform_keys(&:to_sym)) : iam_federation_options
  Jsii::Type.check_type(@iam_federation_options, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c19vcGVuc2VhcmNoc2VydmljZS5DZm5Eb21haW4uSUFNRmVkZXJhdGlvbk9wdGlvbnNQcm9wZXJ0eSJ9XX19")), "iamFederationOptions") unless @iam_federation_options.nil?
  @internal_user_database_enabled = internal_user_database_enabled
  Jsii::Type.check_type(@internal_user_database_enabled, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3sicHJpbWl0aXZlIjoiYm9vbGVhbiJ9LHsiZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifV19fQ==")), "internalUserDatabaseEnabled") unless @internal_user_database_enabled.nil?
  @jwt_options = jwt_options.is_a?(Hash) ? ::AWSCDK::OpenSearchService::CfnDomain::JWTOptionsProperty.new(**jwt_options.transform_keys(&:to_sym)) : jwt_options
  Jsii::Type.check_type(@jwt_options, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c19vcGVuc2VhcmNoc2VydmljZS5DZm5Eb21haW4uSldUT3B0aW9uc1Byb3BlcnR5In1dfX0=")), "jwtOptions") unless @jwt_options.nil?
  @master_user_options = master_user_options.is_a?(Hash) ? ::AWSCDK::OpenSearchService::CfnDomain::MasterUserOptionsProperty.new(**master_user_options.transform_keys(&:to_sym)) : master_user_options
  Jsii::Type.check_type(@master_user_options, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c19vcGVuc2VhcmNoc2VydmljZS5DZm5Eb21haW4uTWFzdGVyVXNlck9wdGlvbnNQcm9wZXJ0eSJ9XX19")), "masterUserOptions") unless @master_user_options.nil?
  @saml_options = saml_options.is_a?(Hash) ? ::AWSCDK::OpenSearchService::CfnDomain::SAMLOptionsProperty.new(**saml_options.transform_keys(&:to_sym)) : saml_options
  Jsii::Type.check_type(@saml_options, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c19vcGVuc2VhcmNoc2VydmljZS5DZm5Eb21haW4uU0FNTE9wdGlvbnNQcm9wZXJ0eSJ9XX19")), "samlOptions") unless @saml_options.nil?
end

Instance Attribute Details

#anonymous_auth_disable_dateString? (readonly)

Date and time when the migration period will be disabled.

Only necessary when enabling fine-grained access control on an existing domain .



1034
1035
1036
# File 'open_search_service/cfn_domain.rb', line 1034

def anonymous_auth_disable_date
  @anonymous_auth_disable_date
end

#anonymous_auth_enabledBoolean, ... (readonly)

True to enable a 30-day migration period during which administrators can create role mappings.

Only necessary when enabling fine-grained access control on an existing domain .



1041
1042
1043
# File 'open_search_service/cfn_domain.rb', line 1041

def anonymous_auth_enabled
  @anonymous_auth_enabled
end

#enabledBoolean, ... (readonly)

True to enable fine-grained access control.

You must also enable encryption of data at rest and node-to-node encryption. See Fine-grained access control in Amazon OpenSearch Service .



1048
1049
1050
# File 'open_search_service/cfn_domain.rb', line 1048

def enabled
  @enabled
end

#iam_federation_optionsAWSCDK::IResolvable, ... (readonly)

Input configuration for IAM identity federation within advanced security options.



1053
1054
1055
# File 'open_search_service/cfn_domain.rb', line 1053

def iam_federation_options
  @iam_federation_options
end

#internal_user_database_enabledBoolean, ... (readonly)

True to enable the internal user database.



1058
1059
1060
# File 'open_search_service/cfn_domain.rb', line 1058

def internal_user_database_enabled
  @internal_user_database_enabled
end

#jwt_optionsAWSCDK::IResolvable, ... (readonly)

Container for information about the JWT configuration of the Amazon OpenSearch Service.



1063
1064
1065
# File 'open_search_service/cfn_domain.rb', line 1063

def jwt_options
  @jwt_options
end

#master_user_optionsAWSCDK::IResolvable, ... (readonly)

Specifies information about the master user.



1068
1069
1070
# File 'open_search_service/cfn_domain.rb', line 1068

def master_user_options
  @master_user_options
end

#saml_optionsAWSCDK::IResolvable, ... (readonly)

Container for information about the SAML configuration for OpenSearch Dashboards.



1073
1074
1075
# File 'open_search_service/cfn_domain.rb', line 1073

def saml_options
  @saml_options
end

Class Method Details

.jsii_propertiesObject



1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
# File 'open_search_service/cfn_domain.rb', line 1075

def self.jsii_properties
  {
    :anonymous_auth_disable_date => "anonymousAuthDisableDate",
    :anonymous_auth_enabled => "anonymousAuthEnabled",
    :enabled => "enabled",
    :iam_federation_options => "iamFederationOptions",
    :internal_user_database_enabled => "internalUserDatabaseEnabled",
    :jwt_options => "jwtOptions",
    :master_user_options => "masterUserOptions",
    :saml_options => "samlOptions",
  }
end

Instance Method Details

#to_jsiiObject



1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
# File 'open_search_service/cfn_domain.rb', line 1088

def to_jsii
  result = {}
  result.merge!({
    "anonymousAuthDisableDate" => @anonymous_auth_disable_date,
    "anonymousAuthEnabled" => @anonymous_auth_enabled,
    "enabled" => @enabled,
    "iamFederationOptions" => @iam_federation_options,
    "internalUserDatabaseEnabled" => @internal_user_database_enabled,
    "jwtOptions" => @jwt_options,
    "masterUserOptions" => @master_user_options,
    "samlOptions" => @saml_options,
  })
  result.compact
end