Class: AWSCDK::OpenSearchService::CfnDomain::DomainEndpointOptionsProperty

Inherits:
Jsii::Struct
  • Object
show all
Defined in:
open_search_service/cfn_domain.rb

Overview

Specifies additional options for the domain endpoint, such as whether to require HTTPS for all traffic or whether to use a custom endpoint rather than the default endpoint.

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(custom_endpoint: nil, custom_endpoint_certificate_arn: nil, custom_endpoint_enabled: nil, enforce_https: nil, tls_security_policy: nil) ⇒ DomainEndpointOptionsProperty

Returns a new instance of DomainEndpointOptionsProperty.

Parameters:

  • custom_endpoint (String, nil) (defaults to: nil)

    The fully qualified URL for your custom endpoint.

  • custom_endpoint_certificate_arn (String, nil) (defaults to: nil)

    The Certificate Manager ARN for your domain's SSL/TLS certificate.

  • custom_endpoint_enabled (Boolean, AWSCDK::IResolvable, nil) (defaults to: nil)

    True to enable a custom endpoint for the domain.

  • enforce_https (Boolean, AWSCDK::IResolvable, nil) (defaults to: nil)

    True to require that all traffic to the domain arrive over HTTPS.

  • tls_security_policy (String, nil) (defaults to: nil)

    The minimum TLS version required for traffic to the domain. The policy can be one of the following values:.



1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
# File 'open_search_service/cfn_domain.rb', line 1464

def initialize(custom_endpoint: nil, custom_endpoint_certificate_arn: nil, custom_endpoint_enabled: nil, enforce_https: nil, tls_security_policy: nil)
  @custom_endpoint = custom_endpoint
  Jsii::Type.check_type(@custom_endpoint, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "customEndpoint") unless @custom_endpoint.nil?
  @custom_endpoint_certificate_arn = custom_endpoint_certificate_arn
  Jsii::Type.check_type(@custom_endpoint_certificate_arn, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "customEndpointCertificateArn") unless @custom_endpoint_certificate_arn.nil?
  @custom_endpoint_enabled = custom_endpoint_enabled
  Jsii::Type.check_type(@custom_endpoint_enabled, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3sicHJpbWl0aXZlIjoiYm9vbGVhbiJ9LHsiZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifV19fQ==")), "customEndpointEnabled") unless @custom_endpoint_enabled.nil?
  @enforce_https = enforce_https
  Jsii::Type.check_type(@enforce_https, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3sicHJpbWl0aXZlIjoiYm9vbGVhbiJ9LHsiZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifV19fQ==")), "enforceHttps") unless @enforce_https.nil?
  @tls_security_policy = tls_security_policy
  Jsii::Type.check_type(@tls_security_policy, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "tlsSecurityPolicy") unless @tls_security_policy.nil?
end

Instance Attribute Details

#custom_endpointString? (readonly)

The fully qualified URL for your custom endpoint.

Required if you enabled a custom endpoint for the domain.



1483
1484
1485
# File 'open_search_service/cfn_domain.rb', line 1483

def custom_endpoint
  @custom_endpoint
end

#custom_endpoint_certificate_arnString? (readonly)

The Certificate Manager ARN for your domain's SSL/TLS certificate.

Required if you enabled a custom endpoint for the domain.



1490
1491
1492
# File 'open_search_service/cfn_domain.rb', line 1490

def custom_endpoint_certificate_arn
  @custom_endpoint_certificate_arn
end

#custom_endpoint_enabledBoolean, ... (readonly)

True to enable a custom endpoint for the domain.

If enabled, you must also provide values for CustomEndpoint and CustomEndpointCertificateArn .



1497
1498
1499
# File 'open_search_service/cfn_domain.rb', line 1497

def custom_endpoint_enabled
  @custom_endpoint_enabled
end

#enforce_httpsBoolean, ... (readonly)

True to require that all traffic to the domain arrive over HTTPS.

Required if you enable fine-grained access control in AdvancedSecurityOptions .



1504
1505
1506
# File 'open_search_service/cfn_domain.rb', line 1504

def enforce_https
  @enforce_https
end

#tls_security_policyString? (readonly)

The minimum TLS version required for traffic to the domain. The policy can be one of the following values:.

  • Policy-Min-TLS-1-0-2019-07: TLS security policy that supports TLS version 1.0 to TLS version 1.2
  • Policy-Min-TLS-1-2-2019-07: TLS security policy that supports only TLS version 1.2
  • Policy-Min-TLS-1-2-PFS-2023-10: TLS security policy that supports TLS version 1.2 to TLS version 1.3 with perfect forward secrecy cipher suites


1513
1514
1515
# File 'open_search_service/cfn_domain.rb', line 1513

def tls_security_policy
  @tls_security_policy
end

Class Method Details

.jsii_propertiesObject



1515
1516
1517
1518
1519
1520
1521
1522
1523
# File 'open_search_service/cfn_domain.rb', line 1515

def self.jsii_properties
  {
    :custom_endpoint => "customEndpoint",
    :custom_endpoint_certificate_arn => "customEndpointCertificateArn",
    :custom_endpoint_enabled => "customEndpointEnabled",
    :enforce_https => "enforceHttps",
    :tls_security_policy => "tlsSecurityPolicy",
  }
end

Instance Method Details

#to_jsiiObject



1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
# File 'open_search_service/cfn_domain.rb', line 1525

def to_jsii
  result = {}
  result.merge!({
    "customEndpoint" => @custom_endpoint,
    "customEndpointCertificateArn" => @custom_endpoint_certificate_arn,
    "customEndpointEnabled" => @custom_endpoint_enabled,
    "enforceHttps" => @enforce_https,
    "tlsSecurityPolicy" => @tls_security_policy,
  })
  result.compact
end