Class DomainProps
Properties for an Amazon OpenSearch Service domain.
Inheritance
Implements
Namespace: Amazon.CDK.AWS.OpenSearchService
Assembly: Amazon.CDK.AWS.OpenSearchService.dll
Syntax (csharp)
public class DomainProps : Object, IDomainProps
Syntax (vb)
Public Class DomainProps
Inherits Object
Implements IDomainProps
Remarks
ExampleMetadata: infused
Examples
var domain = new Domain(this, "Domain", new DomainProps {
Version = EngineVersion.OPENSEARCH_1_0,
Ebs = new EbsOptions {
VolumeSize = 100,
VolumeType = EbsDeviceVolumeType.GENERAL_PURPOSE_SSD
},
NodeToNodeEncryption = true,
EncryptionAtRest = new EncryptionAtRestOptions {
Enabled = true
}
});
Synopsis
Constructors
DomainProps() |
Properties
AccessPolicies | Domain access policies. |
AdvancedOptions | Additional options to specify for the Amazon OpenSearch Service domain. |
AutomatedSnapshotStartHour | The hour in UTC during which the service takes an automated daily snapshot of the indices in the Amazon OpenSearch Service domain. |
Capacity | The cluster capacity configuration for the Amazon OpenSearch Service domain. |
CognitoDashboardsAuth | Configures Amazon OpenSearch Service to use Amazon Cognito authentication for OpenSearch Dashboards. |
CustomEndpoint | To configure a custom domain configure these options. |
DomainName | Enforces a particular physical domain name. |
Ebs | The configurations of Amazon Elastic Block Store (Amazon EBS) volumes that are attached to data nodes in the Amazon OpenSearch Service domain. |
EnableVersionUpgrade | To upgrade an Amazon OpenSearch Service domain to a new version, rather than replacing the entire domain resource, use the EnableVersionUpgrade update policy. |
EncryptionAtRest | Encryption at rest options for the cluster. |
EnforceHttps | True to require that all traffic to the domain arrive over HTTPS. |
FineGrainedAccessControl | Specifies options for fine-grained access control. |
Logging | Configuration log publishing configuration options. |
NodeToNodeEncryption | Specify true to enable node to node encryption. |
RemovalPolicy | Policy to apply when the domain is removed from the stack. |
SecurityGroups | The list of security groups that are associated with the VPC endpoints for the domain. |
TlsSecurityPolicy | The minimum TLS version required for traffic to the domain. |
UseUnsignedBasicAuth | Configures the domain so that unsigned basic auth is enabled. |
Version | The Elasticsearch/OpenSearch version that your domain will leverage. |
Vpc | Place the domain inside this VPC. |
VpcSubnets | The specific vpc subnets the domain will be placed in. |
ZoneAwareness | The cluster zone awareness configuration for the Amazon OpenSearch Service domain. |
Constructors
DomainProps()
public DomainProps()
Properties
AccessPolicies
Domain access policies.
public PolicyStatement[] AccessPolicies { get; set; }
Property Value
Remarks
Default: - No access policies.
AdvancedOptions
Additional options to specify for the Amazon OpenSearch Service domain.
public IDictionary<string, string> AdvancedOptions { get; set; }
Property Value
System.Collections.Generic.IDictionary<System.String, System.String>
Remarks
Default: - no advanced options are specified
AutomatedSnapshotStartHour
The hour in UTC during which the service takes an automated daily snapshot of the indices in the Amazon OpenSearch Service domain.
public Nullable<double> AutomatedSnapshotStartHour { get; set; }
Property Value
System.Nullable<System.Double>
Remarks
Only applies for Elasticsearch versions below 5.3.
Default: - Hourly automated snapshots not used
Capacity
The cluster capacity configuration for the Amazon OpenSearch Service domain.
public ICapacityConfig Capacity { get; set; }
Property Value
Remarks
Default: - 1 r5.large.search data node; no dedicated master nodes.
CognitoDashboardsAuth
Configures Amazon OpenSearch Service to use Amazon Cognito authentication for OpenSearch Dashboards.
public ICognitoOptions CognitoDashboardsAuth { get; set; }
Property Value
Remarks
Default: - Cognito not used for authentication to OpenSearch Dashboards.
CustomEndpoint
To configure a custom domain configure these options.
public ICustomEndpointOptions CustomEndpoint { get; set; }
Property Value
Remarks
If you specify a Route53 hosted zone it will create a CNAME record and use DNS validation for the certificate
Default: - no custom domain endpoint will be configured
DomainName
Enforces a particular physical domain name.
public string DomainName { get; set; }
Property Value
System.String
Remarks
Default: - A name will be auto-generated.
Ebs
The configurations of Amazon Elastic Block Store (Amazon EBS) volumes that are attached to data nodes in the Amazon OpenSearch Service domain.
public IEbsOptions Ebs { get; set; }
Property Value
Remarks
Default: - 10 GiB General Purpose (SSD) volumes per node.
EnableVersionUpgrade
To upgrade an Amazon OpenSearch Service domain to a new version, rather than replacing the entire domain resource, use the EnableVersionUpgrade update policy.
public Nullable<bool> EnableVersionUpgrade { get; set; }
Property Value
System.Nullable<System.Boolean>
Remarks
EncryptionAtRest
Encryption at rest options for the cluster.
public IEncryptionAtRestOptions EncryptionAtRest { get; set; }
Property Value
Remarks
Default: - No encryption at rest
EnforceHttps
True to require that all traffic to the domain arrive over HTTPS.
public Nullable<bool> EnforceHttps { get; set; }
Property Value
System.Nullable<System.Boolean>
Remarks
Default: - false
FineGrainedAccessControl
Specifies options for fine-grained access control.
public IAdvancedSecurityOptions FineGrainedAccessControl { get; set; }
Property Value
Remarks
Requires Elasticsearch version 6.7 or later or OpenSearch version 1.0 or later. Enabling fine-grained access control also requires encryption of data at rest and node-to-node encryption, along with enforced HTTPS.
Default: - fine-grained access control is disabled
Logging
Configuration log publishing configuration options.
public ILoggingOptions Logging { get; set; }
Property Value
Remarks
Default: - No logs are published
NodeToNodeEncryption
Specify true to enable node to node encryption.
public Nullable<bool> NodeToNodeEncryption { get; set; }
Property Value
System.Nullable<System.Boolean>
Remarks
Requires Elasticsearch version 6.0 or later or OpenSearch version 1.0 or later.
Default: - Node to node encryption is not enabled.
RemovalPolicy
Policy to apply when the domain is removed from the stack.
public Nullable<RemovalPolicy> RemovalPolicy { get; set; }
Property Value
System.Nullable<RemovalPolicy>
Remarks
Default: RemovalPolicy.RETAIN
SecurityGroups
The list of security groups that are associated with the VPC endpoints for the domain.
public ISecurityGroup[] SecurityGroups { get; set; }
Property Value
Remarks
Only used if vpc
is specified.
Default: - One new security group is created.
See: https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html
TlsSecurityPolicy
The minimum TLS version required for traffic to the domain.
public Nullable<TLSSecurityPolicy> TlsSecurityPolicy { get; set; }
Property Value
System.Nullable<TLSSecurityPolicy>
Remarks
Default: - TLSSecurityPolicy.TLS_1_0
UseUnsignedBasicAuth
Configures the domain so that unsigned basic auth is enabled.
public Nullable<bool> UseUnsignedBasicAuth { get; set; }
Property Value
System.Nullable<System.Boolean>
Remarks
If no master user is provided a default master user
with username admin
and a dynamically generated password stored in KMS is created. The password can be retrieved
by getting masterUserPassword
from the domain instance.
Setting this to true will also add an access policy that allows unsigned access, enable node to node encryption, encryption at rest. If conflicting settings are encountered (like disabling encryption at rest) enabling this setting will cause a failure.
Default: - false
Version
The Elasticsearch/OpenSearch version that your domain will leverage.
public EngineVersion Version { get; set; }
Property Value
Vpc
Place the domain inside this VPC.
public IVpc Vpc { get; set; }
Property Value
Remarks
Default: - Domain is not placed in a VPC.
See: https://docs.aws.amazon.com/opensearch-service/latest/developerguide/vpc.html
VpcSubnets
The specific vpc subnets the domain will be placed in.
public ISubnetSelection[] VpcSubnets { get; set; }
Property Value
Remarks
You must provide one subnet for each Availability Zone that your domain uses. For example, you must specify three subnet IDs for a three Availability Zone domain.
Only used if vpc
is specified.
Default: - All private subnets.
See: https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html
ZoneAwareness
The cluster zone awareness configuration for the Amazon OpenSearch Service domain.
public IZoneAwarenessConfig ZoneAwareness { get; set; }
Property Value
Remarks
Default: - no zone awareness (1 AZ)