interface AdvancedSecurityOptions
| Language | Type name |
|---|---|
 .NET | Amazon.CDK.AWS.OpenSearchService.AdvancedSecurityOptions |
 Go | github.com/aws/aws-cdk-go/awscdk/v2/awsopensearchservice#AdvancedSecurityOptions |
 Java | software.amazon.awscdk.services.opensearchservice.AdvancedSecurityOptions |
 Python | aws_cdk.aws_opensearchservice.AdvancedSecurityOptions |
 TypeScript (source) | aws-cdk-lib » aws_opensearchservice » AdvancedSecurityOptions |
Specifies options for fine-grained access control.
Example
const domain = new Domain(this, 'Domain', {
version: EngineVersion.OPENSEARCH_1_0,
enforceHttps: true,
nodeToNodeEncryption: true,
encryptionAtRest: {
enabled: true,
},
fineGrainedAccessControl: {
masterUserName: 'master-user',
samlAuthenticationEnabled: true,
samlAuthenticationOptions: {
idpEntityId: 'entity-id',
idpMetadataContent: 'metadata-content-with-quotes-escaped',
},
},
});
Properties
| Name | Type | Description |
|---|---|---|
| master | string | ARN for the master user. |
| master | string | Username for the master user. |
| master | Secret | Password for the master user. |
| saml | boolean | True to enable SAML authentication for a domain. |
| saml | SAMLOptions | Container for information about the SAML configuration for OpenSearch Dashboards. |
masterUserArn?
Type:
string
(optional, default: fine-grained access control is disabled)
ARN for the master user.
Only specify this or masterUserName, but not both.
masterUserName?
Type:
string
(optional, default: fine-grained access control is disabled)
Username for the master user.
Only specify this or masterUserArn, but not both.
masterUserPassword?
Type:
Secret
(optional, default: A Secrets Manager generated password)
Password for the master user.
You can use SecretValue.unsafePlainText to specify a password in plain text or
use secretsmanager.Secret.fromSecretAttributes to reference a secret in
Secrets Manager.
samlAuthenticationEnabled?
Type:
boolean
(optional, default: SAML authentication is disabled. Enabled if samlAuthenticationOptions is set.)
True to enable SAML authentication for a domain.
See also: https://docs.aws.amazon.com/opensearch-service/latest/developerguide/saml.html
samlAuthenticationOptions?
Type:
SAMLOptions
(optional, default: no SAML authentication options)
Container for information about the SAML configuration for OpenSearch Dashboards.
If set, samlAuthenticationEnabled will be enabled.