Package software.amazon.awscdk.services.opensearchservice

Interface AdvancedSecurityOptions

All Superinterfaces:

software.amazon.jsii.JsiiSerializable

All Known Implementing Classes:

AdvancedSecurityOptions.Jsii$Proxy

@Generated(value="jsii-pacmak/1.116.0 (build 0eddcff)",
           date="2025-10-24T13:34:42.825Z")
@Stability(Stable)
public interface AdvancedSecurityOptions
extends software.amazon.jsii.JsiiSerializable

Specifies options for fine-grained access control.

Example:

 Domain domain = Domain.Builder.create(this, "Domain")
         .version(EngineVersion.OPENSEARCH_1_0)
         .enforceHttps(true)
         .nodeToNodeEncryption(true)
         .encryptionAtRest(EncryptionAtRestOptions.builder()
                 .enabled(true)
                 .build())
         .fineGrainedAccessControl(AdvancedSecurityOptions.builder()
                 .masterUserName("master-user")
                 .samlAuthenticationEnabled(true)
                 .samlAuthenticationOptions(SAMLOptionsProperty.builder()
                         .idpEntityId("entity-id")
                         .idpMetadataContent("metadata-content-with-quotes-escaped")
                         .build())
                 .build())
         .build();
 

Nested Class Summary

Nested Classes

Modifier and Type	Interface	Description
static final class	AdvancedSecurityOptions.Builder	A builder for AdvancedSecurityOptions
static final class	AdvancedSecurityOptions.Jsii$Proxy	An implementation for AdvancedSecurityOptions

Method Summary

Modifier and Type	Method	Description
static AdvancedSecurityOptions.Builder	builder()
default String	getMasterUserArn()	ARN for the master user.
default String	getMasterUserName()	Username for the master user.
default SecretValue	getMasterUserPassword()	Password for the master user.
default Boolean	getSamlAuthenticationEnabled()	True to enable SAML authentication for a domain.
default SAMLOptionsProperty	getSamlAuthenticationOptions()	Container for information about the SAML configuration for OpenSearch Dashboards.

Methods inherited from interface software.amazon.jsii.JsiiSerializable

$jsii$toJson

Method Details

getMasterUserArn

@Stability(Stable)
@Nullable
default String getMasterUserArn()

ARN for the master user.

Only specify this or masterUserName, but not both.

Default: - fine-grained access control is disabled

getMasterUserName

@Stability(Stable)
@Nullable
default String getMasterUserName()

Username for the master user.

Only specify this or masterUserArn, but not both.

Default: - fine-grained access control is disabled

getMasterUserPassword

@Stability(Stable)
@Nullable
default SecretValue getMasterUserPassword()

Password for the master user.

You can use SecretValue.unsafePlainText to specify a password in plain text or use secretsmanager.Secret.fromSecretAttributes to reference a secret in Secrets Manager.

Default: - A Secrets Manager generated password

getSamlAuthenticationEnabled

@Stability(Stable)
@Nullable
default Boolean getSamlAuthenticationEnabled()

True to enable SAML authentication for a domain.

Default: - SAML authentication is disabled. Enabled if `samlAuthenticationOptions` is set.

See Also:

• https://docs.aws.amazon.com/opensearch-service/latest/developerguide/saml.html

getSamlAuthenticationOptions

@Stability(Stable)
@Nullable
default SAMLOptionsProperty getSamlAuthenticationOptions()

Container for information about the SAML configuration for OpenSearch Dashboards.

If set, samlAuthenticationEnabled will be enabled.

Default: - no SAML authentication options

builder

@Stability(Stable)
static AdvancedSecurityOptions.Builder builder()

Returns:

a AdvancedSecurityOptions.Builder of AdvancedSecurityOptions