This is the new *Amazon CloudFormation Template Reference Guide*. Please update your bookmarks and links. For help getting started with CloudFormation, see the [Amazon CloudFormation User Guide](https://docs.amazonaws.cn/AWSCloudFormation/latest/UserGuide/Welcome.html). # AWS::Elasticsearch::Domain DomainEndpointOptions Specifies additional options for the domain endpoint, such as whether to require HTTPS for all traffic or whether to use a custom endpoint rather than the default endpoint. **Important** The `AWS::Elasticsearch::Domain` resource is being replaced by the [AWS::OpenSearchService::Domain](https://docs.amazonaws.cn/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html) resource. While the legacy Elasticsearch resource and options are still supported, we recommend modifying your existing Cloudformation templates to use the new OpenSearch Service resource, which supports both OpenSearch and Elasticsearch. For more information about the service rename, see [New resource types](https://docs.amazonaws.cn/opensearch-service/latest/developerguide/rename.html#rename-resource) in the *Amazon OpenSearch Service Developer Guide*. ## Syntax To declare this entity in your Amazon CloudFormation template, use the following syntax: ### JSON ``` { "[CustomEndpoint](#cfn-elasticsearch-domain-domainendpointoptions-customendpoint)" : String, "[CustomEndpointCertificateArn](#cfn-elasticsearch-domain-domainendpointoptions-customendpointcertificatearn)" : String, "[CustomEndpointEnabled](#cfn-elasticsearch-domain-domainendpointoptions-customendpointenabled)" : Boolean, "[EnforceHTTPS](#cfn-elasticsearch-domain-domainendpointoptions-enforcehttps)" : Boolean, "[TLSSecurityPolicy](#cfn-elasticsearch-domain-domainendpointoptions-tlssecuritypolicy)" : String } ``` ### YAML ``` [CustomEndpoint](#cfn-elasticsearch-domain-domainendpointoptions-customendpoint): String [CustomEndpointCertificateArn](#cfn-elasticsearch-domain-domainendpointoptions-customendpointcertificatearn): String [CustomEndpointEnabled](#cfn-elasticsearch-domain-domainendpointoptions-customendpointenabled): Boolean [EnforceHTTPS](#cfn-elasticsearch-domain-domainendpointoptions-enforcehttps): Boolean [TLSSecurityPolicy](#cfn-elasticsearch-domain-domainendpointoptions-tlssecuritypolicy): String ``` ## Properties `CustomEndpoint` The fully qualified URL for your custom endpoint. Required if you enabled a custom endpoint for the domain. *Required*: Conditional *Type*: String *Update requires*: [No interruption](https://docs.amazonaws.cn/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `CustomEndpointCertificateArn` The Amazon Certificate Manager ARN for your domain's SSL/TLS certificate. Required if you enabled a custom endpoint for the domain. *Required*: Conditional *Type*: String *Update requires*: [No interruption](https://docs.amazonaws.cn/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `CustomEndpointEnabled` True to enable a custom endpoint for the domain. If enabled, you must also provide values for `CustomEndpoint` and `CustomEndpointCertificateArn`. *Required*: No *Type*: Boolean *Update requires*: [No interruption](https://docs.amazonaws.cn/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `EnforceHTTPS` True to require that all traffic to the domain arrive over HTTPS. *Required*: No *Type*: Boolean *Update requires*: [No interruption](https://docs.amazonaws.cn/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `TLSSecurityPolicy` The minimum TLS version required for traffic to the domain. Valid values are TLS 1.3 (recommended) or 1.2: + `Policy-Min-TLS-1-0-2019-07` + `Policy-Min-TLS-1-2-2019-07` *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.amazonaws.cn/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)