EncryptionAtRestOptions

class aws_cdk.aws_opensearchservice.EncryptionAtRestOptions(*, enabled=None, kms_key=None)

Bases: object

Whether the domain should encrypt data at rest, and if so, the AWS Key Management Service (KMS) key to use.

Can only be used to create a new domain, not update an existing one. Requires Elasticsearch version 5.1 or later or OpenSearch version 1.0 or later.

Parameters:

enabled (Optional[bool]) – Specify true to enable encryption at rest. Default: - encryption at rest is disabled.
kms_key (Optional[IKey]) – Supply if using KMS key for encryption at rest. Default: - uses default aws/es KMS key.

ExampleMetadata:

infused

Example:

import aws_cdk.aws_opensearchservice as opensearch


domain = opensearch.Domain(self, "Domain",
    version=opensearch.EngineVersion.OPENSEARCH_2_17,
    encryption_at_rest=opensearch.EncryptionAtRestOptions(
        enabled=True
    ),
    node_to_node_encryption=True,
    enforce_https=True,
    capacity=opensearch.CapacityConfig(
        multi_az_with_standby_enabled=False
    ),
    ebs=opensearch.EbsOptions(
        enabled=True,
        volume_size=10
    )
)
api = appsync.EventApi(self, "EventApiOpenSearch",
    api_name="OpenSearchEventApi"
)

data_source = api.add_open_search_data_source("opensearchds", domain)

Attributes

enabled

Specify true to enable encryption at rest.

Default:

encryption at rest is disabled.

kms_key

Supply if using KMS key for encryption at rest.

Default:

uses default aws/es KMS key.