AdvancedSecurityOptions

class aws_cdk.aws_opensearchservice.AdvancedSecurityOptions(*, master_user_arn=None, master_user_name=None, master_user_password=None)

Bases: object

Specifies options for fine-grained access control.

Parameters:

master_user_arn (Optional[str]) – ARN for the master user. Only specify this or masterUserName, but not both. Default: - fine-grained access control is disabled
master_user_name (Optional[str]) – Username for the master user. Only specify this or masterUserArn, but not both. Default: - fine-grained access control is disabled
master_user_password (Optional[SecretValue]) – Password for the master user. You can use SecretValue.unsafePlainText to specify a password in plain text or use secretsmanager.Secret.fromSecretAttributes to reference a secret in Secrets Manager. Default: - A Secrets Manager generated password

ExampleMetadata:

infused

Example:

domain = opensearch.Domain(self, "Domain",
    version=opensearch.EngineVersion.OPENSEARCH_1_0,
    enforce_https=True,
    node_to_node_encryption=True,
    encryption_at_rest=opensearch.EncryptionAtRestOptions(
        enabled=True
    ),
    fine_grained_access_control=opensearch.AdvancedSecurityOptions(
        master_user_name="master-user"
    ),
    logging=opensearch.LoggingOptions(
        audit_log_enabled=True,
        slow_search_log_enabled=True,
        app_log_enabled=True,
        slow_index_log_enabled=True
    )
)

Attributes

master_user_arn

ARN for the master user.

Only specify this or masterUserName, but not both.

Default:

fine-grained access control is disabled

master_user_name

Username for the master user.

Only specify this or masterUserArn, but not both.

Default:

fine-grained access control is disabled

master_user_password

Password for the master user.

You can use SecretValue.unsafePlainText to specify a password in plain text or use secretsmanager.Secret.fromSecretAttributes to reference a secret in Secrets Manager.

Default:

A Secrets Manager generated password