AWS::OpenSearchService::Domain AdvancedSecurityOptionsInput - Amazon CloudFormation
SyntaxProperties
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

AWS::OpenSearchService::Domain AdvancedSecurityOptionsInput

Specifies options for fine-grained access control.

If you specify advanced security options, you must also enable node-to-node encryption (NodeToNodeEncryptionOptions) and encryption at rest (EncryptionAtRestOptions). You must also enable EnforceHTTPS within DomainEndpointOptions, which requires HTTPS for all traffic to the domain.

Syntax

To declare this entity in your Amazon CloudFormation template, use the following syntax:

Properties

AnonymousAuthDisableDate

Date and time when the migration period will be disabled. Only necessary when enabling fine-grained access control on an existing domain.

Required: No

Type: String

Update requires: No interruption

AnonymousAuthEnabled

True to enable a 30-day migration period during which administrators can create role mappings. Only necessary when enabling fine-grained access control on an existing domain.

Required: No

Type: Boolean

Update requires: No interruption

Enabled

True to enable fine-grained access control. You must also enable encryption of data at rest and node-to-node encryption. See Fine-grained access control in Amazon OpenSearch Service.

Required: No

Type: Boolean

Update requires: No interruption

InternalUserDatabaseEnabled

True to enable the internal user database.

Required: No

Type: Boolean

Update requires: No interruption

MasterUserOptions

Specifies information about the master user.

Required: No

Type: MasterUserOptions

Update requires: No interruption

SAMLOptions

Container for information about the SAML configuration for OpenSearch Dashboards.

Required: No

Type: SAMLOptions

Update requires: No interruption