Interface CfnDomainPropsMixin.IAdvancedSecurityOptionsInputProperty

Specifies options for fine-grained access control.

Namespace: Amazon.CDK.Mixins.Preview.AWS.OpenSearchService.Mixins

Assembly: Amazon.CDK.Mixins.Preview.dll

Syntax (csharp)

public interface CfnDomainPropsMixin.IAdvancedSecurityOptionsInputProperty

Syntax (vb)

Public Interface CfnDomainPropsMixin.IAdvancedSecurityOptionsInputProperty

Remarks

If you specify advanced security options, you must also enable node-to-node encryption ( NodeToNodeEncryptionOptions ) and encryption at rest ( EncryptionAtRestOptions ). You must also enable EnforceHTTPS within DomainEndpointOptions , which requires HTTPS for all traffic to the domain.

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-advancedsecurityoptionsinput.html

ExampleMetadata: fixture=_generated

Examples

// The code below shows an example of how to instantiate this type.
             // The values are placeholders you should change.
             using Amazon.CDK.Mixins.Preview.AWS.OpenSearchService.Mixins;

             var advancedSecurityOptionsInputProperty = new AdvancedSecurityOptionsInputProperty {
                 AnonymousAuthDisableDate = "anonymousAuthDisableDate",
                 AnonymousAuthEnabled = false,
                 Enabled = false,
                 IamFederationOptions = new Dictionary<string, object?> {
                     { "enabled", false },
                     { "rolesKey", "rolesKey" },
                     { "subjectKey", "subjectKey" }
                 },
                 InternalUserDatabaseEnabled = false,
                 JwtOptions = new JWTOptionsProperty {
                     Enabled = false,
                     PublicKey = "publicKey",
                     RolesKey = "rolesKey",
                     SubjectKey = "subjectKey"
                 },
                 MasterUserOptions = new MasterUserOptionsProperty {
                     MasterUserArn = "masterUserArn",
                     MasterUserName = "masterUserName",
                     MasterUserPassword = "masterUserPassword"
                 },
                 SamlOptions = new SAMLOptionsProperty {
                     Enabled = false,
                     Idp = new IdpProperty {
                         EntityId = "entityId",
                         MetadataContent = "metadataContent"
                     },
                     MasterBackendRole = "masterBackendRole",
                     MasterUserName = "masterUserName",
                     RolesKey = "rolesKey",
                     SessionTimeoutMinutes = 123,
                     SubjectKey = "subjectKey"
                 }
             };

Synopsis

Properties

AnonymousAuthDisableDate	Date and time when the migration period will be disabled.
AnonymousAuthEnabled	True to enable a 30-day migration period during which administrators can create role mappings.
Enabled	True to enable fine-grained access control.
IamFederationOptions	Input configuration for IAM identity federation within advanced security options.
InternalUserDatabaseEnabled	True to enable the internal user database.
JwtOptions	Container for information about the JWT configuration of the Amazon OpenSearch Service.
MasterUserOptions	Specifies information about the master user.
SamlOptions	Container for information about the SAML configuration for OpenSearch Dashboards.

Properties

AnonymousAuthDisableDate

Date and time when the migration period will be disabled.

string? AnonymousAuthDisableDate { get; }

Property Value

string

Remarks

Only necessary when enabling fine-grained access control on an existing domain .

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-advancedsecurityoptionsinput.html#cfn-opensearchservice-domain-advancedsecurityoptionsinput-anonymousauthdisabledate

AnonymousAuthEnabled

True to enable a 30-day migration period during which administrators can create role mappings.

object? AnonymousAuthEnabled { get; }

Property Value

object

Remarks

Only necessary when enabling fine-grained access control on an existing domain .

Type union: either bool or IResolvable

Enabled

True to enable fine-grained access control.

object? Enabled { get; }

Property Value

object

Remarks

You must also enable encryption of data at rest and node-to-node encryption. See Fine-grained access control in Amazon OpenSearch Service .

Type union: either bool or IResolvable

IamFederationOptions

Input configuration for IAM identity federation within advanced security options.

object? IamFederationOptions { get; }

Property Value

object

Remarks

Type union: either IResolvable or CfnDomainPropsMixin.IIAMFederationOptionsProperty

InternalUserDatabaseEnabled

True to enable the internal user database.

object? InternalUserDatabaseEnabled { get; }

Property Value

object

Remarks

Type union: either bool or IResolvable

JwtOptions

Container for information about the JWT configuration of the Amazon OpenSearch Service.

object? JwtOptions { get; }

Property Value

object

Remarks

Type union: either IResolvable or CfnDomainPropsMixin.IJWTOptionsProperty

MasterUserOptions

Specifies information about the master user.

object? MasterUserOptions { get; }

Property Value

object

Remarks

Type union: either IResolvable or CfnDomainPropsMixin.IMasterUserOptionsProperty

SamlOptions

Container for information about the SAML configuration for OpenSearch Dashboards.

object? SamlOptions { get; }

Property Value

object

Remarks

Type union: either IResolvable or CfnDomainPropsMixin.ISAMLOptionsProperty