EncryptionAtRestOptions
- class aws_cdk.aws_opensearchservice.EncryptionAtRestOptions(*, enabled=None, kms_key=None)
Bases:
objectWhether the domain should encrypt data at rest, and if so, the AWS Key Management Service (KMS) key to use.
Can only be used to create a new domain, not update an existing one. Requires Elasticsearch version 5.1 or later or OpenSearch version 1.0 or later.
- Parameters:
enabled (
Optional[bool]) – Specify true to enable encryption at rest. Default: - encryption at rest is disabled.kms_key (
Optional[IKey]) – Supply if using KMS key for encryption at rest. Default: - uses default aws/es KMS key.
- ExampleMetadata:
infused
Example:
domain = opensearch.Domain(self, "Domain", version=opensearch.EngineVersion.OPENSEARCH_1_0, enforce_https=True, node_to_node_encryption=True, encryption_at_rest=opensearch.EncryptionAtRestOptions( enabled=True ), fine_grained_access_control=opensearch.AdvancedSecurityOptions( master_user_name="master-user" ), logging=opensearch.LoggingOptions( audit_log_enabled=True, slow_search_log_enabled=True, app_log_enabled=True, slow_index_log_enabled=True ) )
Attributes
- enabled
Specify true to enable encryption at rest.
- Default:
encryption at rest is disabled.
- kms_key
Supply if using KMS key for encryption at rest.
- Default:
uses default aws/es KMS key.