Class: AWSCDK::OpenSearchService::DomainProps

Inherits:
Jsii::Struct
  • Object
show all
Defined in:
open_search_service/domain_props.rb

Overview

Properties for an Amazon OpenSearch Service domain.

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(version:, access_policies: nil, advanced_options: nil, automated_snapshot_start_hour: nil, capacity: nil, cognito_dashboards_auth: nil, cold_storage_enabled: nil, custom_endpoint: nil, domain_name: nil, ebs: nil, enable_auto_software_update: nil, enable_version_upgrade: nil, encryption_at_rest: nil, enforce_https: nil, fine_grained_access_control: nil, ip_address_type: nil, logging: nil, node_to_node_encryption: nil, off_peak_window_enabled: nil, off_peak_window_start: nil, removal_policy: nil, s3_vectors_engine_enabled: nil, security_groups: nil, suppress_logs_resource_policy: nil, tls_security_policy: nil, use_unsigned_basic_auth: nil, vpc: nil, vpc_subnets: nil, zone_awareness: nil) ⇒ DomainProps

Returns a new instance of DomainProps.

Parameters:

  • version (AWSCDK::OpenSearchService::EngineVersion)

    The Elasticsearch/OpenSearch version that your domain will leverage.

  • access_policies (Array<AWSCDK::IAM::PolicyStatement>, nil) (defaults to: nil)

    Domain access policies.

  • advanced_options (Hash{String => String}, nil) (defaults to: nil)

    Additional options to specify for the Amazon OpenSearch Service domain.

  • automated_snapshot_start_hour (Numeric, nil) (defaults to: nil)

    The hour in UTC during which the service takes an automated daily snapshot of the indices in the Amazon OpenSearch Service domain.

  • capacity (AWSCDK::OpenSearchService::CapacityConfig, nil) (defaults to: nil)

    The cluster capacity configuration for the Amazon OpenSearch Service domain.

  • cognito_dashboards_auth (AWSCDK::OpenSearchService::CognitoOptions, nil) (defaults to: nil)

    Configures Amazon OpenSearch Service to use Amazon Cognito authentication for OpenSearch Dashboards.

  • cold_storage_enabled (Boolean, nil) (defaults to: nil)

    Whether to enable or disable cold storage on the domain.

  • custom_endpoint (AWSCDK::OpenSearchService::CustomEndpointOptions, nil) (defaults to: nil)

    To configure a custom domain configure these options.

  • domain_name (String, nil) (defaults to: nil)

    Enforces a particular physical domain name.

  • ebs (AWSCDK::OpenSearchService::EbsOptions, nil) (defaults to: nil)

    The configurations of Amazon Elastic Block Store (Amazon EBS) volumes that are attached to data nodes in the Amazon OpenSearch Service domain.

  • enable_auto_software_update (Boolean, nil) (defaults to: nil)

    Specifies whether automatic service software updates are enabled for the domain.

  • enable_version_upgrade (Boolean, nil) (defaults to: nil)

    To upgrade an Amazon OpenSearch Service domain to a new version, rather than replacing the entire domain resource, use the EnableVersionUpgrade update policy.

  • encryption_at_rest (AWSCDK::OpenSearchService::EncryptionAtRestOptions, nil) (defaults to: nil)

    Encryption at rest options for the cluster.

  • enforce_https (Boolean, nil) (defaults to: nil)

    True to require that all traffic to the domain arrive over HTTPS.

  • fine_grained_access_control (AWSCDK::OpenSearchService::AdvancedSecurityOptions, nil) (defaults to: nil)

    Specifies options for fine-grained access control.

  • ip_address_type (AWSCDK::OpenSearchService::IPAddressType, nil) (defaults to: nil)

    Specify either dual stack or IPv4 as your IP address type.

  • logging (AWSCDK::OpenSearchService::LoggingOptions, nil) (defaults to: nil)

    Configuration log publishing configuration options.

  • node_to_node_encryption (Boolean, nil) (defaults to: nil)

    Specify true to enable node to node encryption.

  • off_peak_window_enabled (Boolean, nil) (defaults to: nil)

    Options for enabling a domain's off-peak window, during which OpenSearch Service can perform mandatory configuration changes on the domain.

  • off_peak_window_start (AWSCDK::OpenSearchService::WindowStartTime, nil) (defaults to: nil)

    Start time for the off-peak window, in Coordinated Universal Time (UTC).

  • removal_policy (AWSCDK::RemovalPolicy, nil) (defaults to: nil)

    Policy to apply when the domain is removed from the stack.

  • s3_vectors_engine_enabled (Boolean, nil) (defaults to: nil)

    Whether to enable S3 vectors engine.

  • security_groups (Array<AWSCDK::EC2::ISecurityGroup>, nil) (defaults to: nil)

    The list of security groups that are associated with the VPC endpoints for the domain.

  • suppress_logs_resource_policy (Boolean, nil) (defaults to: nil)

    Specify whether to create a CloudWatch Logs resource policy or not.

  • tls_security_policy (AWSCDK::OpenSearchService::TLSSecurityPolicy, nil) (defaults to: nil)

    The minimum TLS version required for traffic to the domain.

  • use_unsigned_basic_auth (Boolean, nil) (defaults to: nil)

    Configures the domain so that unsigned basic auth is enabled.

  • vpc (AWSCDK::EC2::IVPC, nil) (defaults to: nil)

    Place the domain inside this VPC.

  • vpc_subnets (Array<AWSCDK::EC2::SubnetSelection>, nil) (defaults to: nil)

    The specific vpc subnets the domain will be placed in.

  • zone_awareness (AWSCDK::OpenSearchService::ZoneAwarenessConfig, nil) (defaults to: nil)

    The cluster zone awareness configuration for the Amazon OpenSearch Service domain.



36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
# File 'open_search_service/domain_props.rb', line 36

def initialize(version:, access_policies: nil, advanced_options: nil, automated_snapshot_start_hour: nil, capacity: nil, cognito_dashboards_auth: nil, cold_storage_enabled: nil, custom_endpoint: nil, domain_name: nil, ebs: nil, enable_auto_software_update: nil, enable_version_upgrade: nil, encryption_at_rest: nil, enforce_https: nil, fine_grained_access_control: nil, ip_address_type: nil, logging: nil, node_to_node_encryption: nil, off_peak_window_enabled: nil, off_peak_window_start: nil, removal_policy: nil, s3_vectors_engine_enabled: nil, security_groups: nil, suppress_logs_resource_policy: nil, tls_security_policy: nil, use_unsigned_basic_auth: nil, vpc: nil, vpc_subnets: nil, zone_awareness: nil)
  @version = version
  Jsii::Type.check_type(@version, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3Nfb3BlbnNlYXJjaHNlcnZpY2UuRW5naW5lVmVyc2lvbiJ9")), "version")
  @access_policies = access_policies
  Jsii::Type.check_type(@access_policies, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7ImZxbiI6ImF3cy1jZGstbGliLmF3c19pYW0uUG9saWN5U3RhdGVtZW50In0sImtpbmQiOiJhcnJheSJ9fQ==")), "accessPolicies") unless @access_policies.nil?
  @advanced_options = advanced_options
  Jsii::Type.check_type(@advanced_options, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7InByaW1pdGl2ZSI6InN0cmluZyJ9LCJraW5kIjoibWFwIn19")), "advancedOptions") unless @advanced_options.nil?
  @automated_snapshot_start_hour = automated_snapshot_start_hour
  Jsii::Type.check_type(@automated_snapshot_start_hour, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJudW1iZXIifQ==")), "automatedSnapshotStartHour") unless @automated_snapshot_start_hour.nil?
  @capacity = capacity.is_a?(Hash) ? ::AWSCDK::OpenSearchService::CapacityConfig.new(**capacity.transform_keys(&:to_sym)) : capacity
  Jsii::Type.check_type(@capacity, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3Nfb3BlbnNlYXJjaHNlcnZpY2UuQ2FwYWNpdHlDb25maWcifQ==")), "capacity") unless @capacity.nil?
  @cognito_dashboards_auth = cognito_dashboards_auth.is_a?(Hash) ? ::AWSCDK::OpenSearchService::CognitoOptions.new(**cognito_dashboards_auth.transform_keys(&:to_sym)) : cognito_dashboards_auth
  Jsii::Type.check_type(@cognito_dashboards_auth, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3Nfb3BlbnNlYXJjaHNlcnZpY2UuQ29nbml0b09wdGlvbnMifQ==")), "cognitoDashboardsAuth") unless @cognito_dashboards_auth.nil?
  @cold_storage_enabled = cold_storage_enabled
  Jsii::Type.check_type(@cold_storage_enabled, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "coldStorageEnabled") unless @cold_storage_enabled.nil?
  @custom_endpoint = custom_endpoint.is_a?(Hash) ? ::AWSCDK::OpenSearchService::CustomEndpointOptions.new(**custom_endpoint.transform_keys(&:to_sym)) : custom_endpoint
  Jsii::Type.check_type(@custom_endpoint, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3Nfb3BlbnNlYXJjaHNlcnZpY2UuQ3VzdG9tRW5kcG9pbnRPcHRpb25zIn0=")), "customEndpoint") unless @custom_endpoint.nil?
  @domain_name = domain_name
  Jsii::Type.check_type(@domain_name, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "domainName") unless @domain_name.nil?
  @ebs = ebs.is_a?(Hash) ? ::AWSCDK::OpenSearchService::EbsOptions.new(**ebs.transform_keys(&:to_sym)) : ebs
  Jsii::Type.check_type(@ebs, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3Nfb3BlbnNlYXJjaHNlcnZpY2UuRWJzT3B0aW9ucyJ9")), "ebs") unless @ebs.nil?
  @enable_auto_software_update = enable_auto_software_update
  Jsii::Type.check_type(@enable_auto_software_update, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "enableAutoSoftwareUpdate") unless @enable_auto_software_update.nil?
  @enable_version_upgrade = enable_version_upgrade
  Jsii::Type.check_type(@enable_version_upgrade, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "enableVersionUpgrade") unless @enable_version_upgrade.nil?
  @encryption_at_rest = encryption_at_rest.is_a?(Hash) ? ::AWSCDK::OpenSearchService::EncryptionAtRestOptions.new(**encryption_at_rest.transform_keys(&:to_sym)) : encryption_at_rest
  Jsii::Type.check_type(@encryption_at_rest, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3Nfb3BlbnNlYXJjaHNlcnZpY2UuRW5jcnlwdGlvbkF0UmVzdE9wdGlvbnMifQ==")), "encryptionAtRest") unless @encryption_at_rest.nil?
  @enforce_https = enforce_https
  Jsii::Type.check_type(@enforce_https, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "enforceHttps") unless @enforce_https.nil?
  @fine_grained_access_control = fine_grained_access_control.is_a?(Hash) ? ::AWSCDK::OpenSearchService::AdvancedSecurityOptions.new(**fine_grained_access_control.transform_keys(&:to_sym)) : fine_grained_access_control
  Jsii::Type.check_type(@fine_grained_access_control, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3Nfb3BlbnNlYXJjaHNlcnZpY2UuQWR2YW5jZWRTZWN1cml0eU9wdGlvbnMifQ==")), "fineGrainedAccessControl") unless @fine_grained_access_control.nil?
  @ip_address_type = ip_address_type
  Jsii::Type.check_type(@ip_address_type, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3Nfb3BlbnNlYXJjaHNlcnZpY2UuSXBBZGRyZXNzVHlwZSJ9")), "ipAddressType") unless @ip_address_type.nil?
  @logging = logging.is_a?(Hash) ? ::AWSCDK::OpenSearchService::LoggingOptions.new(**logging.transform_keys(&:to_sym)) : logging
  Jsii::Type.check_type(@logging, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3Nfb3BlbnNlYXJjaHNlcnZpY2UuTG9nZ2luZ09wdGlvbnMifQ==")), "logging") unless @logging.nil?
  @node_to_node_encryption = node_to_node_encryption
  Jsii::Type.check_type(@node_to_node_encryption, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "nodeToNodeEncryption") unless @node_to_node_encryption.nil?
  @off_peak_window_enabled = off_peak_window_enabled
  Jsii::Type.check_type(@off_peak_window_enabled, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "offPeakWindowEnabled") unless @off_peak_window_enabled.nil?
  @off_peak_window_start = off_peak_window_start.is_a?(Hash) ? ::AWSCDK::OpenSearchService::WindowStartTime.new(**off_peak_window_start.transform_keys(&:to_sym)) : off_peak_window_start
  Jsii::Type.check_type(@off_peak_window_start, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3Nfb3BlbnNlYXJjaHNlcnZpY2UuV2luZG93U3RhcnRUaW1lIn0=")), "offPeakWindowStart") unless @off_peak_window_start.nil?
  @removal_policy = removal_policy
  Jsii::Type.check_type(@removal_policy, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5SZW1vdmFsUG9saWN5In0=")), "removalPolicy") unless @removal_policy.nil?
  @s3_vectors_engine_enabled = s3_vectors_engine_enabled
  Jsii::Type.check_type(@s3_vectors_engine_enabled, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "s3VectorsEngineEnabled") unless @s3_vectors_engine_enabled.nil?
  @security_groups = security_groups
  Jsii::Type.check_type(@security_groups, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7ImZxbiI6ImF3cy1jZGstbGliLmF3c19lYzIuSVNlY3VyaXR5R3JvdXAifSwia2luZCI6ImFycmF5In19")), "securityGroups") unless @security_groups.nil?
  @suppress_logs_resource_policy = suppress_logs_resource_policy
  Jsii::Type.check_type(@suppress_logs_resource_policy, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "suppressLogsResourcePolicy") unless @suppress_logs_resource_policy.nil?
  @tls_security_policy = tls_security_policy
  Jsii::Type.check_type(@tls_security_policy, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3Nfb3BlbnNlYXJjaHNlcnZpY2UuVExTU2VjdXJpdHlQb2xpY3kifQ==")), "tlsSecurityPolicy") unless @tls_security_policy.nil?
  @use_unsigned_basic_auth = use_unsigned_basic_auth
  Jsii::Type.check_type(@use_unsigned_basic_auth, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "useUnsignedBasicAuth") unless @use_unsigned_basic_auth.nil?
  @vpc = vpc
  Jsii::Type.check_type(@vpc, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfZWMyLklWcGMifQ==")), "vpc") unless @vpc.nil?
  @vpc_subnets = vpc_subnets.is_a?(Array) ? vpc_subnets.map { |jsii_v0| jsii_v0.is_a?(Hash) ? ::AWSCDK::EC2::SubnetSelection.new(**jsii_v0.transform_keys(&:to_sym)) : jsii_v0 } : vpc_subnets
  Jsii::Type.check_type(@vpc_subnets, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7ImZxbiI6ImF3cy1jZGstbGliLmF3c19lYzIuU3VibmV0U2VsZWN0aW9uIn0sImtpbmQiOiJhcnJheSJ9fQ==")), "vpcSubnets") unless @vpc_subnets.nil?
  @zone_awareness = zone_awareness.is_a?(Hash) ? ::AWSCDK::OpenSearchService::ZoneAwarenessConfig.new(**zone_awareness.transform_keys(&:to_sym)) : zone_awareness
  Jsii::Type.check_type(@zone_awareness, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3Nfb3BlbnNlYXJjaHNlcnZpY2UuWm9uZUF3YXJlbmVzc0NvbmZpZyJ9")), "zoneAwareness") unless @zone_awareness.nil?
end

Instance Attribute Details

#access_policiesArray<AWSCDK::IAM::PolicyStatement>? (readonly)

Note:

Default: - No access policies.

Domain access policies.

Returns:



105
106
107
# File 'open_search_service/domain_props.rb', line 105

def access_policies
  @access_policies
end

#advanced_optionsHash{String => String}? (readonly)

Note:

Default: - no advanced options are specified

Additional options to specify for the Amazon OpenSearch Service domain.



111
112
113
# File 'open_search_service/domain_props.rb', line 111

def advanced_options
  @advanced_options
end

#automated_snapshot_start_hourNumeric? (readonly)

Note:

Default: - Hourly automated snapshots not used

The hour in UTC during which the service takes an automated daily snapshot of the indices in the Amazon OpenSearch Service domain.

Only applies for Elasticsearch versions below 5.3.

Returns:

  • (Numeric, nil)


119
120
121
# File 'open_search_service/domain_props.rb', line 119

def automated_snapshot_start_hour
  @automated_snapshot_start_hour
end

#capacityAWSCDK::OpenSearchService::CapacityConfig? (readonly)

Note:

Default: - 1 r5.large.search data node; no dedicated master nodes.

The cluster capacity configuration for the Amazon OpenSearch Service domain.



124
125
126
# File 'open_search_service/domain_props.rb', line 124

def capacity
  @capacity
end

#cognito_dashboards_authAWSCDK::OpenSearchService::CognitoOptions? (readonly)

Note:

Default: - Cognito not used for authentication to OpenSearch Dashboards.

Configures Amazon OpenSearch Service to use Amazon Cognito authentication for OpenSearch Dashboards.



129
130
131
# File 'open_search_service/domain_props.rb', line 129

def cognito_dashboards_auth
  @cognito_dashboards_auth
end

#cold_storage_enabledBoolean? (readonly)

Note:

Default: - undefined

Whether to enable or disable cold storage on the domain.

You must enable UltraWarm storage to enable cold storage.



137
138
139
# File 'open_search_service/domain_props.rb', line 137

def cold_storage_enabled
  @cold_storage_enabled
end

#custom_endpointAWSCDK::OpenSearchService::CustomEndpointOptions? (readonly)

Note:

Default: - no custom domain endpoint will be configured

To configure a custom domain configure these options.

If you specify a Route53 hosted zone it will create a CNAME record and use DNS validation for the certificate



144
145
146
# File 'open_search_service/domain_props.rb', line 144

def custom_endpoint
  @custom_endpoint
end

#domain_nameString? (readonly)

Note:

Default: - A name will be auto-generated.

Enforces a particular physical domain name.

Returns:

  • (String, nil)


149
150
151
# File 'open_search_service/domain_props.rb', line 149

def domain_name
  @domain_name
end

#ebsAWSCDK::OpenSearchService::EbsOptions? (readonly)

Note:

Default: - 10 GiB General Purpose (SSD) volumes per node.

The configurations of Amazon Elastic Block Store (Amazon EBS) volumes that are attached to data nodes in the Amazon OpenSearch Service domain.



154
155
156
# File 'open_search_service/domain_props.rb', line 154

def ebs
  @ebs
end

#enable_auto_software_updateBoolean? (readonly)

Note:

Default: - false

Specifies whether automatic service software updates are enabled for the domain.



160
161
162
# File 'open_search_service/domain_props.rb', line 160

def enable_auto_software_update
  @enable_auto_software_update
end

#enable_version_upgradeBoolean? (readonly)

Note:

Default: - false

To upgrade an Amazon OpenSearch Service domain to a new version, rather than replacing the entire domain resource, use the EnableVersionUpgrade update policy.



166
167
168
# File 'open_search_service/domain_props.rb', line 166

def enable_version_upgrade
  @enable_version_upgrade
end

#encryption_at_restAWSCDK::OpenSearchService::EncryptionAtRestOptions? (readonly)

Note:

Default: - No encryption at rest

Encryption at rest options for the cluster.



171
172
173
# File 'open_search_service/domain_props.rb', line 171

def encryption_at_rest
  @encryption_at_rest
end

#enforce_httpsBoolean? (readonly)

Note:

Default: - false

True to require that all traffic to the domain arrive over HTTPS.

Returns:

  • (Boolean, nil)


176
177
178
# File 'open_search_service/domain_props.rb', line 176

def enforce_https
  @enforce_https
end

#fine_grained_access_controlAWSCDK::OpenSearchService::AdvancedSecurityOptions? (readonly)

Note:

Default: - fine-grained access control is disabled

Specifies options for fine-grained access control.

Requires Elasticsearch version 6.7 or later or OpenSearch version 1.0 or later. Enabling fine-grained access control also requires encryption of data at rest and node-to-node encryption, along with enforced HTTPS.



185
186
187
# File 'open_search_service/domain_props.rb', line 185

def fine_grained_access_control
  @fine_grained_access_control
end

#ip_address_typeAWSCDK::OpenSearchService::IPAddressType? (readonly)

Note:

Default: - IpAddressType.IPV4

Specify either dual stack or IPv4 as your IP address type.

Dual stack allows you to share domain resources across IPv4 and IPv6 address types, and is the recommended option.

If you set your IP address type to dual stack, you can't change your address type later.



194
195
196
# File 'open_search_service/domain_props.rb', line 194

def ip_address_type
  @ip_address_type
end

#loggingAWSCDK::OpenSearchService::LoggingOptions? (readonly)

Note:

Default: - No logs are published

Configuration log publishing configuration options.



199
200
201
# File 'open_search_service/domain_props.rb', line 199

def logging
  @logging
end

#node_to_node_encryptionBoolean? (readonly)

Note:

Default: - Node to node encryption is not enabled.

Specify true to enable node to node encryption.

Requires Elasticsearch version 6.0 or later or OpenSearch version 1.0 or later.

Returns:

  • (Boolean, nil)


206
207
208
# File 'open_search_service/domain_props.rb', line 206

def node_to_node_encryption
  @node_to_node_encryption
end

#off_peak_window_enabledBoolean? (readonly)

Note:

Default: - Disabled for domains created before February 16, 2023. Enabled for domains created after. Enabled if offPeakWindowStart is set.

Options for enabling a domain's off-peak window, during which OpenSearch Service can perform mandatory configuration changes on the domain.

Off-peak windows were introduced on February 16, 2023. All domains created before this date have the off-peak window disabled by default. You must manually enable and configure the off-peak window for these domains. All domains created after this date will have the off-peak window enabled by default. You can't disable the off-peak window for a domain after it's enabled.



218
219
220
# File 'open_search_service/domain_props.rb', line 218

def off_peak_window_enabled
  @off_peak_window_enabled
end

#off_peak_window_startAWSCDK::OpenSearchService::WindowStartTime? (readonly)

Note:

Default: - 10:00 P.M. local time

Start time for the off-peak window, in Coordinated Universal Time (UTC).

The window length will always be 10 hours, so you can't specify an end time. For example, if you specify 11:00 P.M. UTC as a start time, the end time will automatically be set to 9:00 A.M.



226
227
228
# File 'open_search_service/domain_props.rb', line 226

def off_peak_window_start
  @off_peak_window_start
end

#removal_policyAWSCDK::RemovalPolicy? (readonly)

Note:

Default: RemovalPolicy.RETAIN

Policy to apply when the domain is removed from the stack.

Returns:



231
232
233
# File 'open_search_service/domain_props.rb', line 231

def removal_policy
  @removal_policy
end

#s3_vectors_engine_enabledBoolean? (readonly)

Note:

Default: undefined - AWS OpenSearch Service default is false

Whether to enable S3 vectors engine.

This feature allows you to offload vector data to Amazon S3 while maintaining sub-second vector search capabilities at low cost.

Requirements:

  • OpenSearch version 2.19 or later
  • OpenSearch Optimized instance types (OR*, OM*, OI*) for data nodes
  • Encryption at rest must be enabled


245
246
247
# File 'open_search_service/domain_props.rb', line 245

def s3_vectors_engine_enabled
  @s3_vectors_engine_enabled
end

#security_groupsArray<AWSCDK::EC2::ISecurityGroup>? (readonly)

Note:

Default: - One new security group is created.

The list of security groups that are associated with the VPC endpoints for the domain.

Only used if vpc is specified.



253
254
255
# File 'open_search_service/domain_props.rb', line 253

def security_groups
  @security_groups
end

#suppress_logs_resource_policyBoolean? (readonly)

Note:

Default: - false

Specify whether to create a CloudWatch Logs resource policy or not.

When logging is enabled for the domain, a CloudWatch Logs resource policy is created by default. However, CloudWatch Logs supports only 10 resource policies per region. If you enable logging for several domains, it may hit the quota and cause an error. By setting this property to true, creating a resource policy is suppressed, allowing you to avoid this problem.

If you set this option to true, you must create a resource policy before deployment.



266
267
268
# File 'open_search_service/domain_props.rb', line 266

def suppress_logs_resource_policy
  @suppress_logs_resource_policy
end

#tls_security_policyAWSCDK::OpenSearchService::TLSSecurityPolicy? (readonly)

Note:

Default: - TLSSecurityPolicy.TLS_1_2

The minimum TLS version required for traffic to the domain.



271
272
273
# File 'open_search_service/domain_props.rb', line 271

def tls_security_policy
  @tls_security_policy
end

#use_unsigned_basic_authBoolean? (readonly)

Note:

Default: - false

Configures the domain so that unsigned basic auth is enabled.

If no master user is provided a default master user with username admin and a dynamically generated password stored in KMS is created. The password can be retrieved by getting master_user_password from the domain instance.

Setting this to true will also add an access policy that allows unsigned access, enable node to node encryption, encryption at rest. If conflicting settings are encountered (like disabling encryption at rest) enabling this setting will cause a failure.

Returns:

  • (Boolean, nil)


285
286
287
# File 'open_search_service/domain_props.rb', line 285

def use_unsigned_basic_auth
  @use_unsigned_basic_auth
end

#versionAWSCDK::OpenSearchService::EngineVersion (readonly)

The Elasticsearch/OpenSearch version that your domain will leverage.



100
101
102
# File 'open_search_service/domain_props.rb', line 100

def version
  @version
end

#vpcAWSCDK::EC2::IVPC? (readonly)

Note:

Default: - Domain is not placed in a VPC.

Place the domain inside this VPC.



291
292
293
# File 'open_search_service/domain_props.rb', line 291

def vpc
  @vpc
end

#vpc_subnetsArray<AWSCDK::EC2::SubnetSelection>? (readonly)

Note:

Default: - All private subnets.

The specific vpc subnets the domain will be placed in.

You must provide one subnet for each Availability Zone that your domain uses. For example, you must specify three subnet IDs for a three Availability Zone domain.

Only used if vpc is specified.



303
304
305
# File 'open_search_service/domain_props.rb', line 303

def vpc_subnets
  @vpc_subnets
end

#zone_awarenessAWSCDK::OpenSearchService::ZoneAwarenessConfig? (readonly)

Note:

Default: - no zone awareness (1 AZ)

The cluster zone awareness configuration for the Amazon OpenSearch Service domain.



308
309
310
# File 'open_search_service/domain_props.rb', line 308

def zone_awareness
  @zone_awareness
end

Class Method Details

.jsii_propertiesObject



310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
# File 'open_search_service/domain_props.rb', line 310

def self.jsii_properties
  {
    :version => "version",
    :access_policies => "accessPolicies",
    :advanced_options => "advancedOptions",
    :automated_snapshot_start_hour => "automatedSnapshotStartHour",
    :capacity => "capacity",
    :cognito_dashboards_auth => "cognitoDashboardsAuth",
    :cold_storage_enabled => "coldStorageEnabled",
    :custom_endpoint => "customEndpoint",
    :domain_name => "domainName",
    :ebs => "ebs",
    :enable_auto_software_update => "enableAutoSoftwareUpdate",
    :enable_version_upgrade => "enableVersionUpgrade",
    :encryption_at_rest => "encryptionAtRest",
    :enforce_https => "enforceHttps",
    :fine_grained_access_control => "fineGrainedAccessControl",
    :ip_address_type => "ipAddressType",
    :logging => "logging",
    :node_to_node_encryption => "nodeToNodeEncryption",
    :off_peak_window_enabled => "offPeakWindowEnabled",
    :off_peak_window_start => "offPeakWindowStart",
    :removal_policy => "removalPolicy",
    :s3_vectors_engine_enabled => "s3VectorsEngineEnabled",
    :security_groups => "securityGroups",
    :suppress_logs_resource_policy => "suppressLogsResourcePolicy",
    :tls_security_policy => "tlsSecurityPolicy",
    :use_unsigned_basic_auth => "useUnsignedBasicAuth",
    :vpc => "vpc",
    :vpc_subnets => "vpcSubnets",
    :zone_awareness => "zoneAwareness",
  }
end

Instance Method Details

#to_jsiiObject



344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
# File 'open_search_service/domain_props.rb', line 344

def to_jsii
  result = {}
  result.merge!({
    "version" => @version,
    "accessPolicies" => @access_policies,
    "advancedOptions" => @advanced_options,
    "automatedSnapshotStartHour" => @automated_snapshot_start_hour,
    "capacity" => @capacity,
    "cognitoDashboardsAuth" => @cognito_dashboards_auth,
    "coldStorageEnabled" => @cold_storage_enabled,
    "customEndpoint" => @custom_endpoint,
    "domainName" => @domain_name,
    "ebs" => @ebs,
    "enableAutoSoftwareUpdate" => @enable_auto_software_update,
    "enableVersionUpgrade" => @enable_version_upgrade,
    "encryptionAtRest" => @encryption_at_rest,
    "enforceHttps" => @enforce_https,
    "fineGrainedAccessControl" => @fine_grained_access_control,
    "ipAddressType" => @ip_address_type,
    "logging" => @logging,
    "nodeToNodeEncryption" => @node_to_node_encryption,
    "offPeakWindowEnabled" => @off_peak_window_enabled,
    "offPeakWindowStart" => @off_peak_window_start,
    "removalPolicy" => @removal_policy,
    "s3VectorsEngineEnabled" => @s3_vectors_engine_enabled,
    "securityGroups" => @security_groups,
    "suppressLogsResourcePolicy" => @suppress_logs_resource_policy,
    "tlsSecurityPolicy" => @tls_security_policy,
    "useUnsignedBasicAuth" => @use_unsigned_basic_auth,
    "vpc" => @vpc,
    "vpcSubnets" => @vpc_subnets,
    "zoneAwareness" => @zone_awareness,
  })
  result.compact
end