Class: AWSCDK::OpenSearchService::CfnDomain::AdvancedSecurityOptionsInputProperty
- Inherits:
-
Jsii::Struct
- Object
- Jsii::Struct
- AWSCDK::OpenSearchService::CfnDomain::AdvancedSecurityOptionsInputProperty
- Defined in:
- open_search_service/cfn_domain.rb
Overview
Specifies options for fine-grained access control.
If you specify advanced security options, you must also enable node-to-node encryption ( NodeToNodeEncryptionOptions ) and encryption at rest ( EncryptionAtRestOptions ). You must also enable EnforceHTTPS within DomainEndpointOptions , which requires HTTPS for all traffic to the domain.
Instance Attribute Summary collapse
-
#anonymous_auth_disable_date ⇒ String?
readonly
Date and time when the migration period will be disabled.
-
#anonymous_auth_enabled ⇒ Boolean, ...
readonly
True to enable a 30-day migration period during which administrators can create role mappings.
-
#enabled ⇒ Boolean, ...
readonly
True to enable fine-grained access control.
-
#iam_federation_options ⇒ AWSCDK::IResolvable, ...
readonly
Input configuration for IAM identity federation within advanced security options.
-
#internal_user_database_enabled ⇒ Boolean, ...
readonly
True to enable the internal user database.
-
#jwt_options ⇒ AWSCDK::IResolvable, ...
readonly
Container for information about the JWT configuration of the Amazon OpenSearch Service.
-
#master_user_options ⇒ AWSCDK::IResolvable, ...
readonly
Specifies information about the master user.
-
#saml_options ⇒ AWSCDK::IResolvable, ...
readonly
Container for information about the SAML configuration for OpenSearch Dashboards.
Class Method Summary collapse
Instance Method Summary collapse
-
#initialize(anonymous_auth_disable_date: nil, anonymous_auth_enabled: nil, enabled: nil, iam_federation_options: nil, internal_user_database_enabled: nil, jwt_options: nil, master_user_options: nil, saml_options: nil) ⇒ AdvancedSecurityOptionsInputProperty
constructor
A new instance of AdvancedSecurityOptionsInputProperty.
- #to_jsii ⇒ Object
Constructor Details
#initialize(anonymous_auth_disable_date: nil, anonymous_auth_enabled: nil, enabled: nil, iam_federation_options: nil, internal_user_database_enabled: nil, jwt_options: nil, master_user_options: nil, saml_options: nil) ⇒ AdvancedSecurityOptionsInputProperty
Returns a new instance of AdvancedSecurityOptionsInputProperty.
1009 1010 1011 1012 1013 1014 1015 1016 1017 1018 1019 1020 1021 1022 1023 1024 1025 1026 |
# File 'open_search_service/cfn_domain.rb', line 1009 def initialize(anonymous_auth_disable_date: nil, anonymous_auth_enabled: nil, enabled: nil, iam_federation_options: nil, internal_user_database_enabled: nil, jwt_options: nil, master_user_options: nil, saml_options: nil) @anonymous_auth_disable_date = anonymous_auth_disable_date Jsii::Type.check_type(@anonymous_auth_disable_date, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "anonymousAuthDisableDate") unless @anonymous_auth_disable_date.nil? @anonymous_auth_enabled = anonymous_auth_enabled Jsii::Type.check_type(@anonymous_auth_enabled, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3sicHJpbWl0aXZlIjoiYm9vbGVhbiJ9LHsiZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifV19fQ==")), "anonymousAuthEnabled") unless @anonymous_auth_enabled.nil? @enabled = enabled Jsii::Type.check_type(@enabled, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3sicHJpbWl0aXZlIjoiYm9vbGVhbiJ9LHsiZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifV19fQ==")), "enabled") unless @enabled.nil? @iam_federation_options = .is_a?(Hash) ? ::AWSCDK::OpenSearchService::CfnDomain::IAMFederationOptionsProperty.new(**.transform_keys(&:to_sym)) : Jsii::Type.check_type(@iam_federation_options, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c19vcGVuc2VhcmNoc2VydmljZS5DZm5Eb21haW4uSUFNRmVkZXJhdGlvbk9wdGlvbnNQcm9wZXJ0eSJ9XX19")), "iamFederationOptions") unless @iam_federation_options.nil? @internal_user_database_enabled = internal_user_database_enabled Jsii::Type.check_type(@internal_user_database_enabled, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3sicHJpbWl0aXZlIjoiYm9vbGVhbiJ9LHsiZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifV19fQ==")), "internalUserDatabaseEnabled") unless @internal_user_database_enabled.nil? @jwt_options = .is_a?(Hash) ? ::AWSCDK::OpenSearchService::CfnDomain::JWTOptionsProperty.new(**.transform_keys(&:to_sym)) : Jsii::Type.check_type(@jwt_options, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c19vcGVuc2VhcmNoc2VydmljZS5DZm5Eb21haW4uSldUT3B0aW9uc1Byb3BlcnR5In1dfX0=")), "jwtOptions") unless @jwt_options.nil? @master_user_options = .is_a?(Hash) ? ::AWSCDK::OpenSearchService::CfnDomain::MasterUserOptionsProperty.new(**.transform_keys(&:to_sym)) : Jsii::Type.check_type(@master_user_options, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c19vcGVuc2VhcmNoc2VydmljZS5DZm5Eb21haW4uTWFzdGVyVXNlck9wdGlvbnNQcm9wZXJ0eSJ9XX19")), "masterUserOptions") unless @master_user_options.nil? @saml_options = .is_a?(Hash) ? ::AWSCDK::OpenSearchService::CfnDomain::SAMLOptionsProperty.new(**.transform_keys(&:to_sym)) : Jsii::Type.check_type(@saml_options, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c19vcGVuc2VhcmNoc2VydmljZS5DZm5Eb21haW4uU0FNTE9wdGlvbnNQcm9wZXJ0eSJ9XX19")), "samlOptions") unless @saml_options.nil? end |
Instance Attribute Details
#anonymous_auth_disable_date ⇒ String? (readonly)
Date and time when the migration period will be disabled.
Only necessary when enabling fine-grained access control on an existing domain .
1034 1035 1036 |
# File 'open_search_service/cfn_domain.rb', line 1034 def anonymous_auth_disable_date @anonymous_auth_disable_date end |
#anonymous_auth_enabled ⇒ Boolean, ... (readonly)
True to enable a 30-day migration period during which administrators can create role mappings.
Only necessary when enabling fine-grained access control on an existing domain .
1041 1042 1043 |
# File 'open_search_service/cfn_domain.rb', line 1041 def anonymous_auth_enabled @anonymous_auth_enabled end |
#enabled ⇒ Boolean, ... (readonly)
True to enable fine-grained access control.
You must also enable encryption of data at rest and node-to-node encryption. See Fine-grained access control in Amazon OpenSearch Service .
1048 1049 1050 |
# File 'open_search_service/cfn_domain.rb', line 1048 def enabled @enabled end |
#iam_federation_options ⇒ AWSCDK::IResolvable, ... (readonly)
Input configuration for IAM identity federation within advanced security options.
1053 1054 1055 |
# File 'open_search_service/cfn_domain.rb', line 1053 def @iam_federation_options end |
#internal_user_database_enabled ⇒ Boolean, ... (readonly)
True to enable the internal user database.
1058 1059 1060 |
# File 'open_search_service/cfn_domain.rb', line 1058 def internal_user_database_enabled @internal_user_database_enabled end |
#jwt_options ⇒ AWSCDK::IResolvable, ... (readonly)
Container for information about the JWT configuration of the Amazon OpenSearch Service.
1063 1064 1065 |
# File 'open_search_service/cfn_domain.rb', line 1063 def @jwt_options end |
#master_user_options ⇒ AWSCDK::IResolvable, ... (readonly)
Specifies information about the master user.
1068 1069 1070 |
# File 'open_search_service/cfn_domain.rb', line 1068 def @master_user_options end |
#saml_options ⇒ AWSCDK::IResolvable, ... (readonly)
Container for information about the SAML configuration for OpenSearch Dashboards.
1073 1074 1075 |
# File 'open_search_service/cfn_domain.rb', line 1073 def @saml_options end |
Class Method Details
.jsii_properties ⇒ Object
1075 1076 1077 1078 1079 1080 1081 1082 1083 1084 1085 1086 |
# File 'open_search_service/cfn_domain.rb', line 1075 def self.jsii_properties { :anonymous_auth_disable_date => "anonymousAuthDisableDate", :anonymous_auth_enabled => "anonymousAuthEnabled", :enabled => "enabled", :iam_federation_options => "iamFederationOptions", :internal_user_database_enabled => "internalUserDatabaseEnabled", :jwt_options => "jwtOptions", :master_user_options => "masterUserOptions", :saml_options => "samlOptions", } end |
Instance Method Details
#to_jsii ⇒ Object
1088 1089 1090 1091 1092 1093 1094 1095 1096 1097 1098 1099 1100 1101 |
# File 'open_search_service/cfn_domain.rb', line 1088 def to_jsii result = {} result.merge!({ "anonymousAuthDisableDate" => @anonymous_auth_disable_date, "anonymousAuthEnabled" => @anonymous_auth_enabled, "enabled" => @enabled, "iamFederationOptions" => @iam_federation_options, "internalUserDatabaseEnabled" => @internal_user_database_enabled, "jwtOptions" => @jwt_options, "masterUserOptions" => @master_user_options, "samlOptions" => @saml_options, }) result.compact end |