AWSConfigRemediation-UpdateOpenSearchDomainSecurityGroups
Description
The AWSConfigRemediation-UpdateOpenSearchDomainSecurityGroups
runbook updates the security group configuration on a given Amazon OpenSearch Service domain using
the UpdateDomainConfig API.
Amazon Security groups can only be applied to Amazon OpenSearch Service domains configured for Amazon Virtual Private Cloud (VPC) Access, and not to Amazon OpenSearch Service domains configured for Public Access.
Document type
Automation
Owner
Amazon
Platforms
Linux, macOS, Windows
Parameters
-
DomainName
Type: String
Description: (Required) The name of the Amazon OpenSearch Service domain that you want to use to update security groups.
-
SecurityGroupList
Type: StringList
Description: (Required) The security group IDs that you want to assign to the Amazon OpenSearch Service domain.
-
AutomationAssumeRole
Type: String
Allowed values: ^arn:(?:aws|aws-us-gov|aws-cn):iam::\d{12}:role\/[\w+=,.@/-]+$
Description: (Required) The Amazon Resource Name (ARN) of the Amazon Identity and Access Management (IAM) role that allows Systems Manager Automation to perform the actions on your behalf.
Required IAM permissions
The AutomationAssumeRole
parameter requires the following actions to
successfully use the runbook.
-
ssm:StartAutomationExecution
-
ssm:GetAutomationExecution
-
es:DescribeDomain
-
es:UpdateDomainConfig
Document Steps
-
aws:executeScript
- Updates the security group configuration on the Amazon OpenSearch Service domain you specify in theDomainName
parameter.