AWS::OpenSearchService::Domain DomainEndpointOptions
Specifies additional options for the domain endpoint, such as whether to require HTTPS for all traffic or whether to use a custom endpoint rather than the default endpoint.
Syntax
To declare this entity in your Amazon CloudFormation template, use the following syntax:
JSON
{ "CustomEndpoint" :
String
, "CustomEndpointCertificateArn" :String
, "CustomEndpointEnabled" :Boolean
, "EnforceHTTPS" :Boolean
, "TLSSecurityPolicy" :String
}
YAML
CustomEndpoint:
String
CustomEndpointCertificateArn:String
CustomEndpointEnabled:Boolean
EnforceHTTPS:Boolean
TLSSecurityPolicy:String
Properties
CustomEndpoint
-
The fully qualified URL for your custom endpoint. Required if you enabled a custom endpoint for the domain.
Required: Conditional
Type: String
Pattern:
^(((?!-)[A-Za-z0-9-]{0,62}[A-Za-z0-9])\.)+((?!-)[A-Za-z0-9-]{1,62}[A-Za-z0-9])$
Minimum:
1
Maximum:
255
Update requires: No interruption
CustomEndpointCertificateArn
-
The Amazon Certificate Manager ARN for your domain's SSL/TLS certificate. Required if you enabled a custom endpoint for the domain.
Required: Conditional
Type: String
Update requires: No interruption
CustomEndpointEnabled
-
True to enable a custom endpoint for the domain. If enabled, you must also provide values for
CustomEndpoint
andCustomEndpointCertificateArn
.Required: No
Type: Boolean
Update requires: No interruption
EnforceHTTPS
-
True to require that all traffic to the domain arrive over HTTPS. Required if you enable fine-grained access control in AdvancedSecurityOptions.
Required: Conditional
Type: Boolean
Update requires: Some interruptions
TLSSecurityPolicy
-
The minimum TLS version required for traffic to the domain. The policy can be one of the following values:
-
Policy-Min-TLS-1-0-2019-07: TLS security policy that supports TLS version 1.0 to TLS version 1.2
-
Policy-Min-TLS-1-2-2019-07: TLS security policy that supports only TLS version 1.2
-
Policy-Min-TLS-1-2-PFS-2023-10: TLS security policy that supports TLS version 1.2 to TLS version 1.3 with perfect forward secrecy cipher suites
Required: No
Type: String
Allowed values:
Policy-Min-TLS-1-0-2019-07 | Policy-Min-TLS-1-2-2019-07 | Policy-Min-TLS-1-2-PFS-2023-10
Update requires: No interruption
-