AWS::OpenSearchService::Domain IdentityCenterOptions - Amazon CloudFormation
SyntaxProperties
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

This is the new Amazon CloudFormation Template Reference Guide. Please update your bookmarks and links. For help getting started with CloudFormation, see the Amazon CloudFormation User Guide.

AWS::OpenSearchService::Domain IdentityCenterOptions

Settings container for integrating IAM Identity Center with OpenSearch UI applications, which enables enabling secure user authentication and access control across multiple data sources. This setup supports single sign-on (SSO) through IAM Identity Center, allowing centralized user management.

Syntax

To declare this entity in your Amazon CloudFormation template, use the following syntax:

JSON

{
  "EnabledAPIAccess" : Boolean,
  "IdentityCenterApplicationARN" : String,
  "IdentityCenterInstanceARN" : String,
  "IdentityStoreId" : String,
  "RolesKey" : String,
  "SubjectKey" : String
}

Properties

EnabledAPIAccess

Indicates whether IAM Identity Center is enabled for the application.

Required: No

Type: Boolean

Update requires: No interruption

IdentityCenterApplicationARN

The ARN of the IAM Identity Center application that integrates with Amazon OpenSearch Service.

Required: No

Type: String

Pattern: ^arn:aws[a-z\\-]*:[a-z]+:[a-z0-9\\-]*:[0-9]*:[a-z0-9\\-]+\/[a-z0-9\\-]+\/[a-z0-9\\-]+

Minimum: 20

Maximum: 2048

Update requires: No interruption

IdentityCenterInstanceARN

The Amazon Resource Name (ARN) of the IAM Identity Center instance.

Required: No

Type: String

Pattern: ^arn:aws[a-z\\-]*:[a-z]+:[a-z0-9\\-]*:[0-9]*:[a-z0-9\\-]+\/[a-z0-9\\-]+

Minimum: 20

Maximum: 2048

Update requires: No interruption

IdentityStoreId

The identifier of the IAM Identity Store.

Required: No

Type: String

Pattern: ^d-[0-9a-f]{10}$|^[0-9a-f]{8}\\b-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-\\b[0-9a-f]{12}$

Minimum: 1

Maximum: 64

Update requires: No interruption

RolesKey

Specifies the attribute that contains the backend role identifier (such as group name or group ID) in IAM Identity Center.

Required: No

Type: String

Allowed values: GroupName | GroupId

Update requires: No interruption

SubjectKey

Specifies the attribute that contains the subject identifier (such as username, user ID, or email) in IAM Identity Center.

Required: No

Type: String

Allowed values: UserName | UserId | Email

Update requires: No interruption