Class: AWSCDK::OpenSearchService::DomainProps
- Inherits:
-
Jsii::Struct
- Object
- Jsii::Struct
- AWSCDK::OpenSearchService::DomainProps
- Defined in:
- open_search_service/domain_props.rb
Overview
Properties for an Amazon OpenSearch Service domain.
Instance Attribute Summary collapse
-
#access_policies ⇒ Array<AWSCDK::IAM::PolicyStatement>?
readonly
Domain access policies.
-
#advanced_options ⇒ Hash{String => String}?
readonly
Additional options to specify for the Amazon OpenSearch Service domain.
-
#automated_snapshot_start_hour ⇒ Numeric?
readonly
The hour in UTC during which the service takes an automated daily snapshot of the indices in the Amazon OpenSearch Service domain.
-
#capacity ⇒ AWSCDK::OpenSearchService::CapacityConfig?
readonly
The cluster capacity configuration for the Amazon OpenSearch Service domain.
-
#cognito_dashboards_auth ⇒ AWSCDK::OpenSearchService::CognitoOptions?
readonly
Configures Amazon OpenSearch Service to use Amazon Cognito authentication for OpenSearch Dashboards.
-
#cold_storage_enabled ⇒ Boolean?
readonly
Whether to enable or disable cold storage on the domain.
-
#custom_endpoint ⇒ AWSCDK::OpenSearchService::CustomEndpointOptions?
readonly
To configure a custom domain configure these options.
-
#domain_name ⇒ String?
readonly
Enforces a particular physical domain name.
-
#ebs ⇒ AWSCDK::OpenSearchService::EbsOptions?
readonly
The configurations of Amazon Elastic Block Store (Amazon EBS) volumes that are attached to data nodes in the Amazon OpenSearch Service domain.
-
#enable_auto_software_update ⇒ Boolean?
readonly
Specifies whether automatic service software updates are enabled for the domain.
-
#enable_version_upgrade ⇒ Boolean?
readonly
To upgrade an Amazon OpenSearch Service domain to a new version, rather than replacing the entire domain resource, use the EnableVersionUpgrade update policy.
-
#encryption_at_rest ⇒ AWSCDK::OpenSearchService::EncryptionAtRestOptions?
readonly
Encryption at rest options for the cluster.
-
#enforce_https ⇒ Boolean?
readonly
True to require that all traffic to the domain arrive over HTTPS.
-
#fine_grained_access_control ⇒ AWSCDK::OpenSearchService::AdvancedSecurityOptions?
readonly
Specifies options for fine-grained access control.
-
#ip_address_type ⇒ AWSCDK::OpenSearchService::IPAddressType?
readonly
Specify either dual stack or IPv4 as your IP address type.
-
#logging ⇒ AWSCDK::OpenSearchService::LoggingOptions?
readonly
Configuration log publishing configuration options.
-
#node_to_node_encryption ⇒ Boolean?
readonly
Specify true to enable node to node encryption.
-
#off_peak_window_enabled ⇒ Boolean?
readonly
Options for enabling a domain's off-peak window, during which OpenSearch Service can perform mandatory configuration changes on the domain.
-
#off_peak_window_start ⇒ AWSCDK::OpenSearchService::WindowStartTime?
readonly
Start time for the off-peak window, in Coordinated Universal Time (UTC).
-
#removal_policy ⇒ AWSCDK::RemovalPolicy?
readonly
Policy to apply when the domain is removed from the stack.
-
#s3_vectors_engine_enabled ⇒ Boolean?
readonly
Whether to enable S3 vectors engine.
-
#security_groups ⇒ Array<AWSCDK::EC2::ISecurityGroup>?
readonly
The list of security groups that are associated with the VPC endpoints for the domain.
-
#suppress_logs_resource_policy ⇒ Boolean?
readonly
Specify whether to create a CloudWatch Logs resource policy or not.
-
#tls_security_policy ⇒ AWSCDK::OpenSearchService::TLSSecurityPolicy?
readonly
The minimum TLS version required for traffic to the domain.
-
#use_unsigned_basic_auth ⇒ Boolean?
readonly
Configures the domain so that unsigned basic auth is enabled.
-
#version ⇒ AWSCDK::OpenSearchService::EngineVersion
readonly
The Elasticsearch/OpenSearch version that your domain will leverage.
-
#vpc ⇒ AWSCDK::EC2::IVPC?
readonly
Place the domain inside this VPC.
-
#vpc_subnets ⇒ Array<AWSCDK::EC2::SubnetSelection>?
readonly
The specific vpc subnets the domain will be placed in.
-
#zone_awareness ⇒ AWSCDK::OpenSearchService::ZoneAwarenessConfig?
readonly
The cluster zone awareness configuration for the Amazon OpenSearch Service domain.
Class Method Summary collapse
Instance Method Summary collapse
-
#initialize(version:, access_policies: nil, advanced_options: nil, automated_snapshot_start_hour: nil, capacity: nil, cognito_dashboards_auth: nil, cold_storage_enabled: nil, custom_endpoint: nil, domain_name: nil, ebs: nil, enable_auto_software_update: nil, enable_version_upgrade: nil, encryption_at_rest: nil, enforce_https: nil, fine_grained_access_control: nil, ip_address_type: nil, logging: nil, node_to_node_encryption: nil, off_peak_window_enabled: nil, off_peak_window_start: nil, removal_policy: nil, s3_vectors_engine_enabled: nil, security_groups: nil, suppress_logs_resource_policy: nil, tls_security_policy: nil, use_unsigned_basic_auth: nil, vpc: nil, vpc_subnets: nil, zone_awareness: nil) ⇒ DomainProps
constructor
A new instance of DomainProps.
- #to_jsii ⇒ Object
Constructor Details
#initialize(version:, access_policies: nil, advanced_options: nil, automated_snapshot_start_hour: nil, capacity: nil, cognito_dashboards_auth: nil, cold_storage_enabled: nil, custom_endpoint: nil, domain_name: nil, ebs: nil, enable_auto_software_update: nil, enable_version_upgrade: nil, encryption_at_rest: nil, enforce_https: nil, fine_grained_access_control: nil, ip_address_type: nil, logging: nil, node_to_node_encryption: nil, off_peak_window_enabled: nil, off_peak_window_start: nil, removal_policy: nil, s3_vectors_engine_enabled: nil, security_groups: nil, suppress_logs_resource_policy: nil, tls_security_policy: nil, use_unsigned_basic_auth: nil, vpc: nil, vpc_subnets: nil, zone_awareness: nil) ⇒ DomainProps
Returns a new instance of DomainProps.
36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 |
# File 'open_search_service/domain_props.rb', line 36 def initialize(version:, access_policies: nil, advanced_options: nil, automated_snapshot_start_hour: nil, capacity: nil, cognito_dashboards_auth: nil, cold_storage_enabled: nil, custom_endpoint: nil, domain_name: nil, ebs: nil, enable_auto_software_update: nil, enable_version_upgrade: nil, encryption_at_rest: nil, enforce_https: nil, fine_grained_access_control: nil, ip_address_type: nil, logging: nil, node_to_node_encryption: nil, off_peak_window_enabled: nil, off_peak_window_start: nil, removal_policy: nil, s3_vectors_engine_enabled: nil, security_groups: nil, suppress_logs_resource_policy: nil, tls_security_policy: nil, use_unsigned_basic_auth: nil, vpc: nil, vpc_subnets: nil, zone_awareness: nil) @version = version Jsii::Type.check_type(@version, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3Nfb3BlbnNlYXJjaHNlcnZpY2UuRW5naW5lVmVyc2lvbiJ9")), "version") @access_policies = access_policies Jsii::Type.check_type(@access_policies, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7ImZxbiI6ImF3cy1jZGstbGliLmF3c19pYW0uUG9saWN5U3RhdGVtZW50In0sImtpbmQiOiJhcnJheSJ9fQ==")), "accessPolicies") unless @access_policies.nil? @advanced_options = Jsii::Type.check_type(@advanced_options, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7InByaW1pdGl2ZSI6InN0cmluZyJ9LCJraW5kIjoibWFwIn19")), "advancedOptions") unless @advanced_options.nil? @automated_snapshot_start_hour = automated_snapshot_start_hour Jsii::Type.check_type(@automated_snapshot_start_hour, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJudW1iZXIifQ==")), "automatedSnapshotStartHour") unless @automated_snapshot_start_hour.nil? @capacity = capacity.is_a?(Hash) ? ::AWSCDK::OpenSearchService::CapacityConfig.new(**capacity.transform_keys(&:to_sym)) : capacity Jsii::Type.check_type(@capacity, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3Nfb3BlbnNlYXJjaHNlcnZpY2UuQ2FwYWNpdHlDb25maWcifQ==")), "capacity") unless @capacity.nil? @cognito_dashboards_auth = cognito_dashboards_auth.is_a?(Hash) ? ::AWSCDK::OpenSearchService::CognitoOptions.new(**cognito_dashboards_auth.transform_keys(&:to_sym)) : cognito_dashboards_auth Jsii::Type.check_type(@cognito_dashboards_auth, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3Nfb3BlbnNlYXJjaHNlcnZpY2UuQ29nbml0b09wdGlvbnMifQ==")), "cognitoDashboardsAuth") unless @cognito_dashboards_auth.nil? @cold_storage_enabled = cold_storage_enabled Jsii::Type.check_type(@cold_storage_enabled, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "coldStorageEnabled") unless @cold_storage_enabled.nil? @custom_endpoint = custom_endpoint.is_a?(Hash) ? ::AWSCDK::OpenSearchService::CustomEndpointOptions.new(**custom_endpoint.transform_keys(&:to_sym)) : custom_endpoint Jsii::Type.check_type(@custom_endpoint, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3Nfb3BlbnNlYXJjaHNlcnZpY2UuQ3VzdG9tRW5kcG9pbnRPcHRpb25zIn0=")), "customEndpoint") unless @custom_endpoint.nil? @domain_name = domain_name Jsii::Type.check_type(@domain_name, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "domainName") unless @domain_name.nil? @ebs = ebs.is_a?(Hash) ? ::AWSCDK::OpenSearchService::EbsOptions.new(**ebs.transform_keys(&:to_sym)) : ebs Jsii::Type.check_type(@ebs, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3Nfb3BlbnNlYXJjaHNlcnZpY2UuRWJzT3B0aW9ucyJ9")), "ebs") unless @ebs.nil? @enable_auto_software_update = enable_auto_software_update Jsii::Type.check_type(@enable_auto_software_update, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "enableAutoSoftwareUpdate") unless @enable_auto_software_update.nil? @enable_version_upgrade = enable_version_upgrade Jsii::Type.check_type(@enable_version_upgrade, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "enableVersionUpgrade") unless @enable_version_upgrade.nil? @encryption_at_rest = encryption_at_rest.is_a?(Hash) ? ::AWSCDK::OpenSearchService::EncryptionAtRestOptions.new(**encryption_at_rest.transform_keys(&:to_sym)) : encryption_at_rest Jsii::Type.check_type(@encryption_at_rest, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3Nfb3BlbnNlYXJjaHNlcnZpY2UuRW5jcnlwdGlvbkF0UmVzdE9wdGlvbnMifQ==")), "encryptionAtRest") unless @encryption_at_rest.nil? @enforce_https = enforce_https Jsii::Type.check_type(@enforce_https, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "enforceHttps") unless @enforce_https.nil? @fine_grained_access_control = fine_grained_access_control.is_a?(Hash) ? ::AWSCDK::OpenSearchService::AdvancedSecurityOptions.new(**fine_grained_access_control.transform_keys(&:to_sym)) : fine_grained_access_control Jsii::Type.check_type(@fine_grained_access_control, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3Nfb3BlbnNlYXJjaHNlcnZpY2UuQWR2YW5jZWRTZWN1cml0eU9wdGlvbnMifQ==")), "fineGrainedAccessControl") unless @fine_grained_access_control.nil? @ip_address_type = ip_address_type Jsii::Type.check_type(@ip_address_type, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3Nfb3BlbnNlYXJjaHNlcnZpY2UuSXBBZGRyZXNzVHlwZSJ9")), "ipAddressType") unless @ip_address_type.nil? @logging = logging.is_a?(Hash) ? ::AWSCDK::OpenSearchService::LoggingOptions.new(**logging.transform_keys(&:to_sym)) : logging Jsii::Type.check_type(@logging, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3Nfb3BlbnNlYXJjaHNlcnZpY2UuTG9nZ2luZ09wdGlvbnMifQ==")), "logging") unless @logging.nil? @node_to_node_encryption = node_to_node_encryption Jsii::Type.check_type(@node_to_node_encryption, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "nodeToNodeEncryption") unless @node_to_node_encryption.nil? @off_peak_window_enabled = off_peak_window_enabled Jsii::Type.check_type(@off_peak_window_enabled, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "offPeakWindowEnabled") unless @off_peak_window_enabled.nil? @off_peak_window_start = off_peak_window_start.is_a?(Hash) ? ::AWSCDK::OpenSearchService::WindowStartTime.new(**off_peak_window_start.transform_keys(&:to_sym)) : off_peak_window_start Jsii::Type.check_type(@off_peak_window_start, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3Nfb3BlbnNlYXJjaHNlcnZpY2UuV2luZG93U3RhcnRUaW1lIn0=")), "offPeakWindowStart") unless @off_peak_window_start.nil? @removal_policy = removal_policy Jsii::Type.check_type(@removal_policy, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5SZW1vdmFsUG9saWN5In0=")), "removalPolicy") unless @removal_policy.nil? @s3_vectors_engine_enabled = s3_vectors_engine_enabled Jsii::Type.check_type(@s3_vectors_engine_enabled, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "s3VectorsEngineEnabled") unless @s3_vectors_engine_enabled.nil? @security_groups = security_groups Jsii::Type.check_type(@security_groups, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7ImZxbiI6ImF3cy1jZGstbGliLmF3c19lYzIuSVNlY3VyaXR5R3JvdXAifSwia2luZCI6ImFycmF5In19")), "securityGroups") unless @security_groups.nil? @suppress_logs_resource_policy = suppress_logs_resource_policy Jsii::Type.check_type(@suppress_logs_resource_policy, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "suppressLogsResourcePolicy") unless @suppress_logs_resource_policy.nil? @tls_security_policy = tls_security_policy Jsii::Type.check_type(@tls_security_policy, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3Nfb3BlbnNlYXJjaHNlcnZpY2UuVExTU2VjdXJpdHlQb2xpY3kifQ==")), "tlsSecurityPolicy") unless @tls_security_policy.nil? @use_unsigned_basic_auth = use_unsigned_basic_auth Jsii::Type.check_type(@use_unsigned_basic_auth, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "useUnsignedBasicAuth") unless @use_unsigned_basic_auth.nil? @vpc = vpc Jsii::Type.check_type(@vpc, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfZWMyLklWcGMifQ==")), "vpc") unless @vpc.nil? @vpc_subnets = vpc_subnets.is_a?(Array) ? vpc_subnets.map { |jsii_v0| jsii_v0.is_a?(Hash) ? ::AWSCDK::EC2::SubnetSelection.new(**jsii_v0.transform_keys(&:to_sym)) : jsii_v0 } : vpc_subnets Jsii::Type.check_type(@vpc_subnets, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7ImZxbiI6ImF3cy1jZGstbGliLmF3c19lYzIuU3VibmV0U2VsZWN0aW9uIn0sImtpbmQiOiJhcnJheSJ9fQ==")), "vpcSubnets") unless @vpc_subnets.nil? @zone_awareness = zone_awareness.is_a?(Hash) ? ::AWSCDK::OpenSearchService::ZoneAwarenessConfig.new(**zone_awareness.transform_keys(&:to_sym)) : zone_awareness Jsii::Type.check_type(@zone_awareness, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3Nfb3BlbnNlYXJjaHNlcnZpY2UuWm9uZUF3YXJlbmVzc0NvbmZpZyJ9")), "zoneAwareness") unless @zone_awareness.nil? end |
Instance Attribute Details
#access_policies ⇒ Array<AWSCDK::IAM::PolicyStatement>? (readonly)
Default: - No access policies.
Domain access policies.
105 106 107 |
# File 'open_search_service/domain_props.rb', line 105 def access_policies @access_policies end |
#advanced_options ⇒ Hash{String => String}? (readonly)
Default: - no advanced options are specified
Additional options to specify for the Amazon OpenSearch Service domain.
111 112 113 |
# File 'open_search_service/domain_props.rb', line 111 def @advanced_options end |
#automated_snapshot_start_hour ⇒ Numeric? (readonly)
Default: - Hourly automated snapshots not used
The hour in UTC during which the service takes an automated daily snapshot of the indices in the Amazon OpenSearch Service domain.
Only applies for Elasticsearch versions below 5.3.
119 120 121 |
# File 'open_search_service/domain_props.rb', line 119 def automated_snapshot_start_hour @automated_snapshot_start_hour end |
#capacity ⇒ AWSCDK::OpenSearchService::CapacityConfig? (readonly)
Default: - 1 r5.large.search data node; no dedicated master nodes.
The cluster capacity configuration for the Amazon OpenSearch Service domain.
124 125 126 |
# File 'open_search_service/domain_props.rb', line 124 def capacity @capacity end |
#cognito_dashboards_auth ⇒ AWSCDK::OpenSearchService::CognitoOptions? (readonly)
Default: - Cognito not used for authentication to OpenSearch Dashboards.
Configures Amazon OpenSearch Service to use Amazon Cognito authentication for OpenSearch Dashboards.
129 130 131 |
# File 'open_search_service/domain_props.rb', line 129 def cognito_dashboards_auth @cognito_dashboards_auth end |
#cold_storage_enabled ⇒ Boolean? (readonly)
Default: - undefined
Whether to enable or disable cold storage on the domain.
You must enable UltraWarm storage to enable cold storage.
137 138 139 |
# File 'open_search_service/domain_props.rb', line 137 def cold_storage_enabled @cold_storage_enabled end |
#custom_endpoint ⇒ AWSCDK::OpenSearchService::CustomEndpointOptions? (readonly)
Default: - no custom domain endpoint will be configured
To configure a custom domain configure these options.
If you specify a Route53 hosted zone it will create a CNAME record and use DNS validation for the certificate
144 145 146 |
# File 'open_search_service/domain_props.rb', line 144 def custom_endpoint @custom_endpoint end |
#domain_name ⇒ String? (readonly)
Default: - A name will be auto-generated.
Enforces a particular physical domain name.
149 150 151 |
# File 'open_search_service/domain_props.rb', line 149 def domain_name @domain_name end |
#ebs ⇒ AWSCDK::OpenSearchService::EbsOptions? (readonly)
Default: - 10 GiB General Purpose (SSD) volumes per node.
The configurations of Amazon Elastic Block Store (Amazon EBS) volumes that are attached to data nodes in the Amazon OpenSearch Service domain.
154 155 156 |
# File 'open_search_service/domain_props.rb', line 154 def ebs @ebs end |
#enable_auto_software_update ⇒ Boolean? (readonly)
Default: - false
Specifies whether automatic service software updates are enabled for the domain.
160 161 162 |
# File 'open_search_service/domain_props.rb', line 160 def enable_auto_software_update @enable_auto_software_update end |
#enable_version_upgrade ⇒ Boolean? (readonly)
Default: - false
To upgrade an Amazon OpenSearch Service domain to a new version, rather than replacing the entire domain resource, use the EnableVersionUpgrade update policy.
166 167 168 |
# File 'open_search_service/domain_props.rb', line 166 def enable_version_upgrade @enable_version_upgrade end |
#encryption_at_rest ⇒ AWSCDK::OpenSearchService::EncryptionAtRestOptions? (readonly)
Default: - No encryption at rest
Encryption at rest options for the cluster.
171 172 173 |
# File 'open_search_service/domain_props.rb', line 171 def encryption_at_rest @encryption_at_rest end |
#enforce_https ⇒ Boolean? (readonly)
Default: - false
True to require that all traffic to the domain arrive over HTTPS.
176 177 178 |
# File 'open_search_service/domain_props.rb', line 176 def enforce_https @enforce_https end |
#fine_grained_access_control ⇒ AWSCDK::OpenSearchService::AdvancedSecurityOptions? (readonly)
Default: - fine-grained access control is disabled
Specifies options for fine-grained access control.
Requires Elasticsearch version 6.7 or later or OpenSearch version 1.0 or later. Enabling fine-grained access control also requires encryption of data at rest and node-to-node encryption, along with enforced HTTPS.
185 186 187 |
# File 'open_search_service/domain_props.rb', line 185 def fine_grained_access_control @fine_grained_access_control end |
#ip_address_type ⇒ AWSCDK::OpenSearchService::IPAddressType? (readonly)
Default: - IpAddressType.IPV4
Specify either dual stack or IPv4 as your IP address type.
Dual stack allows you to share domain resources across IPv4 and IPv6 address types, and is the recommended option.
If you set your IP address type to dual stack, you can't change your address type later.
194 195 196 |
# File 'open_search_service/domain_props.rb', line 194 def ip_address_type @ip_address_type end |
#logging ⇒ AWSCDK::OpenSearchService::LoggingOptions? (readonly)
Default: - No logs are published
Configuration log publishing configuration options.
199 200 201 |
# File 'open_search_service/domain_props.rb', line 199 def logging @logging end |
#node_to_node_encryption ⇒ Boolean? (readonly)
Default: - Node to node encryption is not enabled.
Specify true to enable node to node encryption.
Requires Elasticsearch version 6.0 or later or OpenSearch version 1.0 or later.
206 207 208 |
# File 'open_search_service/domain_props.rb', line 206 def node_to_node_encryption @node_to_node_encryption end |
#off_peak_window_enabled ⇒ Boolean? (readonly)
Default: - Disabled for domains created before February 16, 2023. Enabled for domains created after. Enabled if offPeakWindowStart is set.
Options for enabling a domain's off-peak window, during which OpenSearch Service can perform mandatory configuration changes on the domain.
Off-peak windows were introduced on February 16, 2023. All domains created before this date have the off-peak window disabled by default. You must manually enable and configure the off-peak window for these domains. All domains created after this date will have the off-peak window enabled by default. You can't disable the off-peak window for a domain after it's enabled.
218 219 220 |
# File 'open_search_service/domain_props.rb', line 218 def off_peak_window_enabled @off_peak_window_enabled end |
#off_peak_window_start ⇒ AWSCDK::OpenSearchService::WindowStartTime? (readonly)
Default: - 10:00 P.M. local time
Start time for the off-peak window, in Coordinated Universal Time (UTC).
The window length will always be 10 hours, so you can't specify an end time. For example, if you specify 11:00 P.M. UTC as a start time, the end time will automatically be set to 9:00 A.M.
226 227 228 |
# File 'open_search_service/domain_props.rb', line 226 def off_peak_window_start @off_peak_window_start end |
#removal_policy ⇒ AWSCDK::RemovalPolicy? (readonly)
Default: RemovalPolicy.RETAIN
Policy to apply when the domain is removed from the stack.
231 232 233 |
# File 'open_search_service/domain_props.rb', line 231 def removal_policy @removal_policy end |
#s3_vectors_engine_enabled ⇒ Boolean? (readonly)
Default: undefined - AWS OpenSearch Service default is false
Whether to enable S3 vectors engine.
This feature allows you to offload vector data to Amazon S3 while maintaining sub-second vector search capabilities at low cost.
Requirements:
- OpenSearch version 2.19 or later
- OpenSearch Optimized instance types (OR*, OM*, OI*) for data nodes
- Encryption at rest must be enabled
245 246 247 |
# File 'open_search_service/domain_props.rb', line 245 def s3_vectors_engine_enabled @s3_vectors_engine_enabled end |
#security_groups ⇒ Array<AWSCDK::EC2::ISecurityGroup>? (readonly)
Default: - One new security group is created.
The list of security groups that are associated with the VPC endpoints for the domain.
Only used if vpc is specified.
253 254 255 |
# File 'open_search_service/domain_props.rb', line 253 def security_groups @security_groups end |
#suppress_logs_resource_policy ⇒ Boolean? (readonly)
Default: - false
Specify whether to create a CloudWatch Logs resource policy or not.
When logging is enabled for the domain, a CloudWatch Logs resource policy is created by default. However, CloudWatch Logs supports only 10 resource policies per region. If you enable logging for several domains, it may hit the quota and cause an error. By setting this property to true, creating a resource policy is suppressed, allowing you to avoid this problem.
If you set this option to true, you must create a resource policy before deployment.
266 267 268 |
# File 'open_search_service/domain_props.rb', line 266 def suppress_logs_resource_policy @suppress_logs_resource_policy end |
#tls_security_policy ⇒ AWSCDK::OpenSearchService::TLSSecurityPolicy? (readonly)
Default: - TLSSecurityPolicy.TLS_1_2
The minimum TLS version required for traffic to the domain.
271 272 273 |
# File 'open_search_service/domain_props.rb', line 271 def tls_security_policy @tls_security_policy end |
#use_unsigned_basic_auth ⇒ Boolean? (readonly)
Default: - false
Configures the domain so that unsigned basic auth is enabled.
If no master user is provided a default master user
with username admin and a dynamically generated password stored in KMS is created. The password can be retrieved
by getting master_user_password from the domain instance.
Setting this to true will also add an access policy that allows unsigned access, enable node to node encryption, encryption at rest. If conflicting settings are encountered (like disabling encryption at rest) enabling this setting will cause a failure.
285 286 287 |
# File 'open_search_service/domain_props.rb', line 285 def use_unsigned_basic_auth @use_unsigned_basic_auth end |
#version ⇒ AWSCDK::OpenSearchService::EngineVersion (readonly)
The Elasticsearch/OpenSearch version that your domain will leverage.
100 101 102 |
# File 'open_search_service/domain_props.rb', line 100 def version @version end |
#vpc ⇒ AWSCDK::EC2::IVPC? (readonly)
Default: - Domain is not placed in a VPC.
Place the domain inside this VPC.
291 292 293 |
# File 'open_search_service/domain_props.rb', line 291 def vpc @vpc end |
#vpc_subnets ⇒ Array<AWSCDK::EC2::SubnetSelection>? (readonly)
Default: - All private subnets.
The specific vpc subnets the domain will be placed in.
You must provide one subnet for each Availability Zone that your domain uses. For example, you must specify three subnet IDs for a three Availability Zone domain.
Only used if vpc is specified.
303 304 305 |
# File 'open_search_service/domain_props.rb', line 303 def vpc_subnets @vpc_subnets end |
#zone_awareness ⇒ AWSCDK::OpenSearchService::ZoneAwarenessConfig? (readonly)
Default: - no zone awareness (1 AZ)
The cluster zone awareness configuration for the Amazon OpenSearch Service domain.
308 309 310 |
# File 'open_search_service/domain_props.rb', line 308 def zone_awareness @zone_awareness end |
Class Method Details
.jsii_properties ⇒ Object
310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 |
# File 'open_search_service/domain_props.rb', line 310 def self.jsii_properties { :version => "version", :access_policies => "accessPolicies", :advanced_options => "advancedOptions", :automated_snapshot_start_hour => "automatedSnapshotStartHour", :capacity => "capacity", :cognito_dashboards_auth => "cognitoDashboardsAuth", :cold_storage_enabled => "coldStorageEnabled", :custom_endpoint => "customEndpoint", :domain_name => "domainName", :ebs => "ebs", :enable_auto_software_update => "enableAutoSoftwareUpdate", :enable_version_upgrade => "enableVersionUpgrade", :encryption_at_rest => "encryptionAtRest", :enforce_https => "enforceHttps", :fine_grained_access_control => "fineGrainedAccessControl", :ip_address_type => "ipAddressType", :logging => "logging", :node_to_node_encryption => "nodeToNodeEncryption", :off_peak_window_enabled => "offPeakWindowEnabled", :off_peak_window_start => "offPeakWindowStart", :removal_policy => "removalPolicy", :s3_vectors_engine_enabled => "s3VectorsEngineEnabled", :security_groups => "securityGroups", :suppress_logs_resource_policy => "suppressLogsResourcePolicy", :tls_security_policy => "tlsSecurityPolicy", :use_unsigned_basic_auth => "useUnsignedBasicAuth", :vpc => "vpc", :vpc_subnets => "vpcSubnets", :zone_awareness => "zoneAwareness", } end |
Instance Method Details
#to_jsii ⇒ Object
344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 |
# File 'open_search_service/domain_props.rb', line 344 def to_jsii result = {} result.merge!({ "version" => @version, "accessPolicies" => @access_policies, "advancedOptions" => @advanced_options, "automatedSnapshotStartHour" => @automated_snapshot_start_hour, "capacity" => @capacity, "cognitoDashboardsAuth" => @cognito_dashboards_auth, "coldStorageEnabled" => @cold_storage_enabled, "customEndpoint" => @custom_endpoint, "domainName" => @domain_name, "ebs" => @ebs, "enableAutoSoftwareUpdate" => @enable_auto_software_update, "enableVersionUpgrade" => @enable_version_upgrade, "encryptionAtRest" => @encryption_at_rest, "enforceHttps" => @enforce_https, "fineGrainedAccessControl" => @fine_grained_access_control, "ipAddressType" => @ip_address_type, "logging" => @logging, "nodeToNodeEncryption" => @node_to_node_encryption, "offPeakWindowEnabled" => @off_peak_window_enabled, "offPeakWindowStart" => @off_peak_window_start, "removalPolicy" => @removal_policy, "s3VectorsEngineEnabled" => @s3_vectors_engine_enabled, "securityGroups" => @security_groups, "suppressLogsResourcePolicy" => @suppress_logs_resource_policy, "tlsSecurityPolicy" => @tls_security_policy, "useUnsignedBasicAuth" => @use_unsigned_basic_auth, "vpc" => @vpc, "vpcSubnets" => @vpc_subnets, "zoneAwareness" => @zone_awareness, }) result.compact end |