Class EncryptionAtRestOptions
Whether the domain should encrypt data at rest, and if so, the AWS Key Management Service (KMS) key to use.
Inheritance
System.Object
EncryptionAtRestOptions
Implements
Namespace: Amazon.CDK.AWS.OpenSearchService
Assembly: Amazon.CDK.AWS.OpenSearchService.dll
Syntax (csharp)
public class EncryptionAtRestOptions : Object, IEncryptionAtRestOptions
Syntax (vb)
Public Class EncryptionAtRestOptions
Inherits Object
Implements IEncryptionAtRestOptions
Remarks
Can only be used to create a new domain, not update an existing one. Requires Elasticsearch version 5.1 or later or OpenSearch version 1.0 or later.
ExampleMetadata: infused
Examples
var domain = new Domain(this, "Domain", new DomainProps {
Version = EngineVersion.OPENSEARCH_1_0,
EnforceHttps = true,
NodeToNodeEncryption = true,
EncryptionAtRest = new EncryptionAtRestOptions {
Enabled = true
},
FineGrainedAccessControl = new AdvancedSecurityOptions {
MasterUserName = "master-user"
},
Logging = new LoggingOptions {
AuditLogEnabled = true,
SlowSearchLogEnabled = true,
AppLogEnabled = true,
SlowIndexLogEnabled = true
}
});
Synopsis
Constructors
EncryptionAtRestOptions() |
Properties
Enabled | Specify true to enable encryption at rest. |
KmsKey | Supply if using KMS key for encryption at rest. |
Constructors
EncryptionAtRestOptions()
public EncryptionAtRestOptions()
Properties
Enabled
Specify true to enable encryption at rest.
public Nullable<bool> Enabled { get; set; }
Property Value
System.Nullable<System.Boolean>
Remarks
Default: - encryption at rest is disabled.
KmsKey
Supply if using KMS key for encryption at rest.
public IKey KmsKey { get; set; }
Property Value
Remarks
Default: - uses default aws/es KMS key.