AWS::OpenSearchService::Domain DomainEndpointOptions - Amazon CloudFormation
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

AWS::OpenSearchService::Domain DomainEndpointOptions

Specifies additional options for the domain endpoint, such as whether to require HTTPS for all traffic or whether to use a custom endpoint rather than the default endpoint.

Syntax

To declare this entity in your Amazon CloudFormation template, use the following syntax:

JSON

{ "CustomEndpoint" : String, "CustomEndpointCertificateArn" : String, "CustomEndpointEnabled" : Boolean, "EnforceHTTPS" : Boolean, "TLSSecurityPolicy" : String }

Properties

CustomEndpoint

The fully qualified URL for your custom endpoint. Required if you enabled a custom endpoint for the domain.

Required: Conditional

Type: String

Pattern: ^(((?!-)[A-Za-z0-9-]{0,62}[A-Za-z0-9])\.)+((?!-)[A-Za-z0-9-]{1,62}[A-Za-z0-9])$

Minimum: 1

Maximum: 255

Update requires: No interruption

CustomEndpointCertificateArn

The Amazon Certificate Manager ARN for your domain's SSL/TLS certificate. Required if you enabled a custom endpoint for the domain.

Required: Conditional

Type: String

Update requires: No interruption

CustomEndpointEnabled

True to enable a custom endpoint for the domain. If enabled, you must also provide values for CustomEndpoint and CustomEndpointCertificateArn.

Required: No

Type: Boolean

Update requires: No interruption

EnforceHTTPS

True to require that all traffic to the domain arrive over HTTPS. Required if you enable fine-grained access control in AdvancedSecurityOptions.

Required: Conditional

Type: Boolean

Update requires: Some interruptions

TLSSecurityPolicy

The minimum TLS version required for traffic to the domain. The policy can be one of the following values:

  • Policy-Min-TLS-1-0-2019-07: TLS security policy that supports TLS version 1.0 to TLS version 1.2

  • Policy-Min-TLS-1-2-2019-07: TLS security policy that supports only TLS version 1.2

  • Policy-Min-TLS-1-2-PFS-2023-10: TLS security policy that supports TLS version 1.2 to TLS version 1.3 with perfect forward secrecy cipher suites

Required: No

Type: String

Allowed values: Policy-Min-TLS-1-0-2019-07 | Policy-Min-TLS-1-2-2019-07 | Policy-Min-TLS-1-2-PFS-2023-10

Update requires: No interruption