Interface CfnDomain.AdvancedSecurityOptionsInputProperty
- All Superinterfaces:
software.amazon.jsii.JsiiSerializable
- All Known Implementing Classes:
CfnDomain.AdvancedSecurityOptionsInputProperty.Jsii$Proxy
- Enclosing class:
CfnDomain
If you specify advanced security options, you must also enable node-to-node encryption ( NodeToNodeEncryptionOptions ) and encryption at rest ( EncryptionAtRestOptions ). You must also enable EnforceHTTPS within DomainEndpointOptions , which requires HTTPS for all traffic to the domain.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import software.amazon.awscdk.services.opensearchservice.*;
AdvancedSecurityOptionsInputProperty advancedSecurityOptionsInputProperty = AdvancedSecurityOptionsInputProperty.builder()
.anonymousAuthDisableDate("anonymousAuthDisableDate")
.anonymousAuthEnabled(false)
.enabled(false)
.iamFederationOptions(Map.of(
"enabled", false,
"rolesKey", "rolesKey",
"subjectKey", "subjectKey"))
.internalUserDatabaseEnabled(false)
.jwtOptions(JWTOptionsProperty.builder()
.enabled(false)
.publicKey("publicKey")
.rolesKey("rolesKey")
.subjectKey("subjectKey")
.build())
.masterUserOptions(MasterUserOptionsProperty.builder()
.masterUserArn("masterUserArn")
.masterUserName("masterUserName")
.masterUserPassword("masterUserPassword")
.build())
.samlOptions(SAMLOptionsProperty.builder()
.enabled(false)
.idp(IdpProperty.builder()
.entityId("entityId")
.metadataContent("metadataContent")
.build())
.masterBackendRole("masterBackendRole")
.masterUserName("masterUserName")
.rolesKey("rolesKey")
.sessionTimeoutMinutes(123)
.subjectKey("subjectKey")
.build())
.build();
- See Also:
-
Nested Class Summary
Nested ClassesModifier and TypeInterfaceDescriptionstatic final classA builder forCfnDomain.AdvancedSecurityOptionsInputPropertystatic final classAn implementation forCfnDomain.AdvancedSecurityOptionsInputProperty -
Method Summary
Modifier and TypeMethodDescriptionbuilder()default StringDate and time when the migration period will be disabled.default ObjectTrue to enable a 30-day migration period during which administrators can create role mappings.default ObjectTrue to enable fine-grained access control.default ObjectInput configuration for IAM identity federation within advanced security options.default ObjectTrue to enable the internal user database.default ObjectContainer for information about the JWT configuration of the Amazon OpenSearch Service.default ObjectSpecifies information about the master user.default ObjectContainer for information about the SAML configuration for OpenSearch Dashboards.Methods inherited from interface software.amazon.jsii.JsiiSerializable
$jsii$toJson
-
Method Details
-
getAnonymousAuthDisableDate
Date and time when the migration period will be disabled.Only necessary when enabling fine-grained access control on an existing domain .
- See Also:
-
getAnonymousAuthEnabled
True to enable a 30-day migration period during which administrators can create role mappings.Only necessary when enabling fine-grained access control on an existing domain .
Returns union: either
BooleanorIResolvable- See Also:
-
getEnabled
True to enable fine-grained access control.You must also enable encryption of data at rest and node-to-node encryption. See Fine-grained access control in Amazon OpenSearch Service .
Returns union: either
BooleanorIResolvable- See Also:
-
getIamFederationOptions
Input configuration for IAM identity federation within advanced security options.Returns union: either
IResolvableorCfnDomain.IAMFederationOptionsProperty- See Also:
-
getInternalUserDatabaseEnabled
True to enable the internal user database.Returns union: either
BooleanorIResolvable- See Also:
-
getJwtOptions
Container for information about the JWT configuration of the Amazon OpenSearch Service.Returns union: either
IResolvableorCfnDomain.JWTOptionsProperty- See Also:
-
getMasterUserOptions
Specifies information about the master user.Returns union: either
IResolvableorCfnDomain.MasterUserOptionsProperty- See Also:
-
getSamlOptions
Container for information about the SAML configuration for OpenSearch Dashboards.Returns union: either
IResolvableorCfnDomain.SAMLOptionsProperty- See Also:
-
builder
-