This is the new *CloudFormation Template Reference Guide*. Please update your bookmarks and links. For help getting started with CloudFormation, see the [AWS CloudFormation User Guide](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/Welcome.html). # Amazon OpenSearch Service **Resource types** + [AWS::OpenSearchService::Application](aws-resource-opensearchservice-application.md) + [AWS::OpenSearchService::Domain](aws-resource-opensearchservice-domain.md) # AWS::OpenSearchService::Application Creates an OpenSearch UI application. For more information, see [Using the OpenSearch user interface in Amazon OpenSearch Service](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/application.html). ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "Type" : "AWS::OpenSearchService::Application", "Properties" : { "[AppConfigs](#cfn-opensearchservice-application-appconfigs)" : [ AppConfig, ... ], "[DataSources](#cfn-opensearchservice-application-datasources)" : [ DataSource, ... ], "[Endpoint](#cfn-opensearchservice-application-endpoint)" : String, "[IamIdentityCenterOptions](#cfn-opensearchservice-application-iamidentitycenteroptions)" : IamIdentityCenterOptions, "[Name](#cfn-opensearchservice-application-name)" : String, "[Tags](#cfn-opensearchservice-application-tags)" : [ Tag, ... ] } } ``` ### YAML ``` Type: AWS::OpenSearchService::Application Properties: [AppConfigs](#cfn-opensearchservice-application-appconfigs): - AppConfig [DataSources](#cfn-opensearchservice-application-datasources): - DataSource [Endpoint](#cfn-opensearchservice-application-endpoint): String [IamIdentityCenterOptions](#cfn-opensearchservice-application-iamidentitycenteroptions): IamIdentityCenterOptions [Name](#cfn-opensearchservice-application-name): String [Tags](#cfn-opensearchservice-application-tags): - Tag ``` ## Properties `AppConfigs` Property description not available. *Required*: No *Type*: Array of [AppConfig](aws-properties-opensearchservice-application-appconfig.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `DataSources` Property description not available. *Required*: No *Type*: Array of [DataSource](aws-properties-opensearchservice-application-datasource.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Endpoint` The endpoint URL of an OpenSearch application. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `IamIdentityCenterOptions` Settings container for integrating IAM Identity Center with OpenSearch UI applications, which enables enabling secure user authentication and access control across multiple data sources. This setup supports single sign-on (SSO) through IAM Identity Center, allowing centralized user management. *Required*: No *Type*: [IamIdentityCenterOptions](aws-properties-opensearchservice-application-iamidentitycenteroptions.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Name` The name of an OpenSearch application. *Required*: Yes *Type*: String *Pattern*: `[a-z][a-z0-9\-]+` *Minimum*: `3` *Maximum*: `40` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `Tags` Property description not available. *Required*: No *Type*: Array of [Tag](aws-properties-opensearchservice-application-tag.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) ## Return values ### Ref ### Fn::GetAtt #### `Arn` The Amazon Resource Name (ARN) of the domain. See [Identifiers for IAM Entities ](https://docs.aws.amazon.com/IAM/latest/UserGuide/index.html) in *Using AWS Identity and Access Management* for more information. `Id` The unique identifier of an OpenSearch application. # AWS::OpenSearchService::Application AppConfig Configuration settings for an OpenSearch application. For more information, see [Using the OpenSearch user interface in Amazon OpenSearch Service](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/application.html). ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Key](#cfn-opensearchservice-application-appconfig-key)" : String, "[Value](#cfn-opensearchservice-application-appconfig-value)" : String } ``` ### YAML ``` [Key](#cfn-opensearchservice-application-appconfig-key): String [Value](#cfn-opensearchservice-application-appconfig-value): String ``` ## Properties `Key` The configuration item to set, such as the admin role for the OpenSearch application. *Required*: Yes *Type*: String *Allowed values*: `opensearchDashboards.dashboardAdmin.users | opensearchDashboards.dashboardAdmin.groups` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Value` The value assigned to the configuration key, such as an IAM user ARN. *Required*: Yes *Type*: String *Minimum*: `0` *Maximum*: `256` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::OpenSearchService::Application DataSource Data sources that are associated with an OpenSearch application. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[DataSourceArn](#cfn-opensearchservice-application-datasource-datasourcearn)" : String, "[DataSourceDescription](#cfn-opensearchservice-application-datasource-datasourcedescription)" : String } ``` ### YAML ``` [DataSourceArn](#cfn-opensearchservice-application-datasource-datasourcearn): String [DataSourceDescription](#cfn-opensearchservice-application-datasource-datasourcedescription): String ``` ## Properties `DataSourceArn` Property description not available. *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `DataSourceDescription` Detailed description of a data source. *Required*: No *Type*: String *Pattern*: `^([a-zA-Z0-9_])*[\\a-zA-Z0-9_@#%*+=:?./!\s-]*$` *Maximum*: `1000` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::OpenSearchService::Application IamIdentityCenterOptions Configuration settings for IAM Identity Center in an OpenSearch application. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Enabled](#cfn-opensearchservice-application-iamidentitycenteroptions-enabled)" : Boolean, "[IamIdentityCenterInstanceArn](#cfn-opensearchservice-application-iamidentitycenteroptions-iamidentitycenterinstancearn)" : String, "[IamRoleForIdentityCenterApplicationArn](#cfn-opensearchservice-application-iamidentitycenteroptions-iamroleforidentitycenterapplicationarn)" : String } ``` ### YAML ``` [Enabled](#cfn-opensearchservice-application-iamidentitycenteroptions-enabled): Boolean [IamIdentityCenterInstanceArn](#cfn-opensearchservice-application-iamidentitycenteroptions-iamidentitycenterinstancearn): String [IamRoleForIdentityCenterApplicationArn](#cfn-opensearchservice-application-iamidentitycenteroptions-iamroleforidentitycenterapplicationarn): String ``` ## Properties `Enabled` Indicates whether IAM Identity Center is enabled for the OpenSearch application. *Required*: No *Type*: Boolean *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `IamIdentityCenterInstanceArn` Property description not available. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `IamRoleForIdentityCenterApplicationArn` The Amazon Resource Name (ARN) of the IAM role assigned to the IAM Identity Center application for the OpenSearch application. *Required*: No *Type*: String *Pattern*: `arn:(aws|aws\-cn|aws\-us\-gov|aws\-iso|aws\-iso\-b):iam::[0-9]+:role\/.*` *Minimum*: `20` *Maximum*: `2048` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::OpenSearchService::Application Tag A tag (key-value pair) for an Amazon OpenSearch Service resource. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Key](#cfn-opensearchservice-application-tag-key)" : String, "[Value](#cfn-opensearchservice-application-tag-value)" : String } ``` ### YAML ``` [Key](#cfn-opensearchservice-application-tag-key): String [Value](#cfn-opensearchservice-application-tag-value): String ``` ## Properties `Key` The tag key. Tag keys must be unique for the domain to which they are attached. *Required*: Yes *Type*: String *Minimum*: `1` *Maximum*: `128` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Value` The value assigned to the corresponding tag key. Tag values can be null and don't have to be unique in a tag set. For example, you can have a key value pair in a tag set of `project : Trinity` and `cost-center : Trinity` *Required*: Yes *Type*: String *Minimum*: `0` *Maximum*: `256` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::OpenSearchService::Domain The AWS::OpenSearchService::Domain resource creates an Amazon OpenSearch Service domain. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "Type" : "AWS::OpenSearchService::Domain", "Properties" : { "[AccessPolicies](#cfn-opensearchservice-domain-accesspolicies)" : Json, "[AdvancedOptions](#cfn-opensearchservice-domain-advancedoptions)" : {Key: Value, ...}, "[AdvancedSecurityOptions](#cfn-opensearchservice-domain-advancedsecurityoptions)" : AdvancedSecurityOptionsInput, "[AIMLOptions](#cfn-opensearchservice-domain-aimloptions)" : AIMLOptions, "[ClusterConfig](#cfn-opensearchservice-domain-clusterconfig)" : ClusterConfig, "[CognitoOptions](#cfn-opensearchservice-domain-cognitooptions)" : CognitoOptions, "[DeploymentStrategyOptions](#cfn-opensearchservice-domain-deploymentstrategyoptions)" : DeploymentStrategyOptions, "[DomainEndpointOptions](#cfn-opensearchservice-domain-domainendpointoptions)" : DomainEndpointOptions, "[DomainName](#cfn-opensearchservice-domain-domainname)" : String, "[EBSOptions](#cfn-opensearchservice-domain-ebsoptions)" : EBSOptions, "[EncryptionAtRestOptions](#cfn-opensearchservice-domain-encryptionatrestoptions)" : EncryptionAtRestOptions, "[EngineVersion](#cfn-opensearchservice-domain-engineversion)" : String, "[IdentityCenterOptions](#cfn-opensearchservice-domain-identitycenteroptions)" : IdentityCenterOptions, "[IPAddressType](#cfn-opensearchservice-domain-ipaddresstype)" : String, "[LogPublishingOptions](#cfn-opensearchservice-domain-logpublishingoptions)" : {Key: Value, ...}, "[NodeToNodeEncryptionOptions](#cfn-opensearchservice-domain-nodetonodeencryptionoptions)" : NodeToNodeEncryptionOptions, "[OffPeakWindowOptions](#cfn-opensearchservice-domain-offpeakwindowoptions)" : OffPeakWindowOptions, "[SkipShardMigrationWait](#cfn-opensearchservice-domain-skipshardmigrationwait)" : Boolean, "[SnapshotOptions](#cfn-opensearchservice-domain-snapshotoptions)" : SnapshotOptions, "[SoftwareUpdateOptions](#cfn-opensearchservice-domain-softwareupdateoptions)" : SoftwareUpdateOptions, "[Tags](#cfn-opensearchservice-domain-tags)" : [ Tag, ... ], "[VPCOptions](#cfn-opensearchservice-domain-vpcoptions)" : VPCOptions } } ``` ### YAML ``` Type: AWS::OpenSearchService::Domain Properties: [AccessPolicies](#cfn-opensearchservice-domain-accesspolicies): Json [AdvancedOptions](#cfn-opensearchservice-domain-advancedoptions): Key: Value [AdvancedSecurityOptions](#cfn-opensearchservice-domain-advancedsecurityoptions): AdvancedSecurityOptionsInput [AIMLOptions](#cfn-opensearchservice-domain-aimloptions): AIMLOptions [ClusterConfig](#cfn-opensearchservice-domain-clusterconfig): ClusterConfig [CognitoOptions](#cfn-opensearchservice-domain-cognitooptions): CognitoOptions [DeploymentStrategyOptions](#cfn-opensearchservice-domain-deploymentstrategyoptions): DeploymentStrategyOptions [DomainEndpointOptions](#cfn-opensearchservice-domain-domainendpointoptions): DomainEndpointOptions [DomainName](#cfn-opensearchservice-domain-domainname): String [EBSOptions](#cfn-opensearchservice-domain-ebsoptions): EBSOptions [EncryptionAtRestOptions](#cfn-opensearchservice-domain-encryptionatrestoptions): EncryptionAtRestOptions [EngineVersion](#cfn-opensearchservice-domain-engineversion): String [IdentityCenterOptions](#cfn-opensearchservice-domain-identitycenteroptions): IdentityCenterOptions [IPAddressType](#cfn-opensearchservice-domain-ipaddresstype): String [LogPublishingOptions](#cfn-opensearchservice-domain-logpublishingoptions): Key: Value [NodeToNodeEncryptionOptions](#cfn-opensearchservice-domain-nodetonodeencryptionoptions): NodeToNodeEncryptionOptions [OffPeakWindowOptions](#cfn-opensearchservice-domain-offpeakwindowoptions): OffPeakWindowOptions [SkipShardMigrationWait](#cfn-opensearchservice-domain-skipshardmigrationwait): Boolean [SnapshotOptions](#cfn-opensearchservice-domain-snapshotoptions): SnapshotOptions [SoftwareUpdateOptions](#cfn-opensearchservice-domain-softwareupdateoptions): SoftwareUpdateOptions [Tags](#cfn-opensearchservice-domain-tags): - Tag [VPCOptions](#cfn-opensearchservice-domain-vpcoptions): VPCOptions ``` ## Properties `AccessPolicies` An AWS Identity and Access Management (IAM) policy document that specifies who can access the OpenSearch Service domain and their permissions. For more information, see [Configuring access policies](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/ac.html#ac-creating) in the *Amazon OpenSearch Service Developer Guide*. *Required*: No *Type*: Json *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `AdvancedOptions` Additional options to specify for the OpenSearch Service domain. For more information, see [AdvancedOptions](https://docs.aws.amazon.com/opensearch-service/latest/APIReference/API_CreateDomain.html#API_CreateDomain_RequestBody) in the OpenSearch Service API reference. *Required*: No *Type*: Object of String *Pattern*: `[a-zA-Z0-9]+` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `AdvancedSecurityOptions` Specifies options for fine-grained access control and SAML authentication. If you specify advanced security options, you must also enable node-to-node encryption ([NodeToNodeEncryptionOptions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-nodetonodeencryptionoptions.html)) and encryption at rest ([EncryptionAtRestOptions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-encryptionatrestoptions.html)). You must also enable `EnforceHTTPS` within [DomainEndpointOptions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-domainendpointoptions.html), which requires HTTPS for all traffic to the domain. *Required*: No *Type*: [AdvancedSecurityOptionsInput](aws-properties-opensearchservice-domain-advancedsecurityoptionsinput.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `AIMLOptions` Container for parameters required to enable all machine learning features. *Required*: No *Type*: [AIMLOptions](aws-properties-opensearchservice-domain-aimloptions.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `ClusterConfig` Container for the cluster configuration of a domain. *Required*: No *Type*: [ClusterConfig](aws-properties-opensearchservice-domain-clusterconfig.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `CognitoOptions` Configures OpenSearch Service to use Amazon Cognito authentication for OpenSearch Dashboards. *Required*: No *Type*: [CognitoOptions](aws-properties-opensearchservice-domain-cognitooptions.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `DeploymentStrategyOptions` The current status of the domain's deployment strategy options. *Required*: No *Type*: [DeploymentStrategyOptions](aws-properties-opensearchservice-domain-deploymentstrategyoptions.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `DomainEndpointOptions` Specifies additional options for the domain endpoint, such as whether to require HTTPS for all traffic or whether to use a custom endpoint rather than the default endpoint. *Required*: No *Type*: [DomainEndpointOptions](aws-properties-opensearchservice-domain-domainendpointoptions.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `DomainName` A name for the OpenSearch Service domain. The name must have a minimum length of 3 and a maximum length of 28. If you don't specify a name, CloudFormation generates a unique physical ID and uses that ID for the domain name. For more information, see [Name Type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html). Required when creating a new domain. If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name. *Required*: Conditional *Type*: String *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `EBSOptions` The configurations of Amazon Elastic Block Store (Amazon EBS) volumes that are attached to data nodes in the OpenSearch Service domain. For more information, see [EBS volume size limits](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/limits.html#ebsresource) in the *Amazon OpenSearch Service Developer Guide*. *Required*: No *Type*: [EBSOptions](aws-properties-opensearchservice-domain-ebsoptions.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `EncryptionAtRestOptions` Whether the domain should encrypt data at rest, and if so, the AWS KMS key to use. See [Encryption of data at rest for Amazon OpenSearch Service](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/encryption-at-rest.html). If no encryption at rest options were initially specified in the template, updating this property by adding it causes no interruption. However, if you change this property after it's already been set within a template, the domain is deleted and recreated in order to modify the property. *Required*: No *Type*: [EncryptionAtRestOptions](aws-properties-opensearchservice-domain-encryptionatrestoptions.md) *Update requires*: [Some interruptions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-some-interrupt) `EngineVersion` The version of OpenSearch to use. The value must be in the format `OpenSearch_X.Y` or `Elasticsearch_X.Y`. If not specified, the latest version of OpenSearch is used. For information about the versions that OpenSearch Service supports, see [Supported versions of OpenSearch and Elasticsearch](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/what-is.html#choosing-version) in the *Amazon OpenSearch Service Developer Guide*. If you set the [EnableVersionUpgrade](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-updatepolicy.html#cfn-attributes-updatepolicy-upgradeopensearchdomain) update policy to `true`, you can update `EngineVersion` without interruption. When `EnableVersionUpgrade` is set to `false`, or is not specified, updating `EngineVersion` results in [replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement). *Required*: Conditional *Type*: String *Pattern*: `^Elasticsearch_[0-9]{1}\.[0-9]{1,2}$|^OpenSearch_[0-9]{1,2}\.[0-9]{1,2}$` *Minimum*: `14` *Maximum*: `18` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `IdentityCenterOptions` Configuration options for controlling IAM Identity Center integration within a domain. *Required*: No *Type*: [IdentityCenterOptions](aws-properties-opensearchservice-domain-identitycenteroptions.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `IPAddressType` Choose either dual stack or IPv4 as your IP address type. Dual stack allows you to share domain resources across IPv4 and IPv6 address types, and is the recommended option. If you set your IP address type to dual stack, you can't change your address type later. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `LogPublishingOptions` An object with one or more of the following keys: `SEARCH_SLOW_LOGS`, `ES_APPLICATION_LOGS`, `INDEX_SLOW_LOGS`, `AUDIT_LOGS`, depending on the types of logs you want to publish. Each key needs a valid `LogPublishingOption` value. For the full syntax, see the [examples](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html#aws-resource-opensearchservice-domain--examples). *Required*: No *Type*: Object of [LogPublishingOption](aws-properties-opensearchservice-domain-logpublishingoption.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `NodeToNodeEncryptionOptions` Specifies whether node-to-node encryption is enabled. See [Node-to-node encryption for Amazon OpenSearch Service](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/ntn.html). *Required*: No *Type*: [NodeToNodeEncryptionOptions](aws-properties-opensearchservice-domain-nodetonodeencryptionoptions.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `OffPeakWindowOptions` Options for a domain's off-peak window, during which OpenSearch Service can perform mandatory configuration changes on the domain. *Required*: No *Type*: [OffPeakWindowOptions](aws-properties-opensearchservice-domain-offpeakwindowoptions.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `SkipShardMigrationWait` Property description not available. *Required*: No *Type*: Boolean *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `SnapshotOptions` **DEPRECATED**. The automated snapshot configuration for the OpenSearch Service domain indexes. *Required*: No *Type*: [SnapshotOptions](aws-properties-opensearchservice-domain-snapshotoptions.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `SoftwareUpdateOptions` Service software update options for the domain. *Required*: No *Type*: [SoftwareUpdateOptions](aws-properties-opensearchservice-domain-softwareupdateoptions.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Tags` An arbitrary set of tags (key–value pairs) to associate with the OpenSearch Service domain. *Required*: No *Type*: Array of [Tag](aws-properties-opensearchservice-domain-tag.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `VPCOptions` The virtual private cloud (VPC) configuration for the OpenSearch Service domain. For more information, see [Launching your Amazon OpenSearch Service domains within a VPC](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/vpc.html) in the *Amazon OpenSearch Service Developer Guide*. If you remove this entity altogether, along with its associated properties, it causes a replacement. You might encounter this scenario if you're updating your security configuration from a VPC to a public endpoint. *Required*: No *Type*: [VPCOptions](aws-properties-opensearchservice-domain-vpcoptions.md) *Update requires*: [Some interruptions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-some-interrupt) ## Return values ### Ref When the logical ID of this resource is provided to the Ref intrinsic function, Ref returns the resource name, such as `mystack-abc1d2efg3h4.` For more information about using the Ref function, see [Ref](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.html). ### Fn::GetAtt GetAtt returns a value for a specified attribute of this type. For more information, see [Fn::GetAtt](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-getatt.html). The following are the available attributes and sample return values. #### `AdvancedSecurityOptions.AnonymousAuthDisableDate` Date and time when the migration period will be disabled. Only necessary when [enabling fine-grained access control on an existing domain](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/fgac.html#fgac-enabling-existing). `Arn` The Amazon Resource Name (ARN) of the CloudFormation stack. `DomainArn` The Amazon Resource Name (ARN) of the domain. See [Identifiers for IAM Entities ](https://docs.aws.amazon.com/IAM/latest/UserGuide/index.html) in *Using AWS Identity and Access Management* for more information. `DomainEndpoint` The domain-specific endpoint used for requests to the OpenSearch APIs, such as `search-mystack-1ab2cdefghij-ab1c2deckoyb3hofw7wpqa3cm.us-west-1.es.amazonaws.com`. `DomainEndpointV2` If `IPAddressType` to set to `dualstack`, a version 2 domain endpoint is provisioned. This endpoint functions like a normal endpoint, except that it works with both IPv4 and IPv6 IP addresses. Normal endpoints work only with IPv4 IP addresses. `Id` The resource ID. For example, `123456789012/my-domain`. `IdentityCenterOptions.IdentityCenterApplicationARN` The Amazon Resource Name (ARN) of the domain. See [Identifiers for IAM Entities ](https://docs.aws.amazon.com/IAM/latest/UserGuide/index.html) in *Using AWS Identity and Access Management* for more information. `IdentityCenterOptions.IdentityStoreId` Property description not available. ## Remarks *Migrating stacks from Elasticsearch to OpenSearch* **Important** You can't directly update CloudFormation templates to use the `AWS::OpenSearchService::Domain` resource in place of `AWS::Elasticsearch::Domain`, otherwise the corresponding domain will be deleted along with all of its data. Perform the following steps to migrate an Elasticsearch domain to an OpenSearch domain if the domain is defined within CloudFormation. **Step 1: Prepare your existing stack for deprecation** Make a copy of your original CloudFormation template, which contains the Elasticsearch domain resource, for use in step 3. Then add the following attributes to the Elasticsearch domain resource at the same level as `Type` and `Properties`. `DeletionPolicy: Retain` `UpdateReplacePolicy: Retain` These settings ensure that CloudFormation doesn't delete or modify the corresponding domain when you delete this resource from your stack. If you have other custom resources defined in the stack that aren't critically important during the short migration period, you can delete them from the template and they'll be recreated when you create the new stack. **Step 2: Upgrade your domain to OpenSearch** After you add the two policy attributes to your template, upgrade your domain to an OpenSearch version using the normal upgrade process. For instructions, see [Starting an upgrade](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/version-migration.html#starting-upgrades). Make sure to take a snapshot of your domain before upgrading it to prevent accidental loss of data. **Step 3: Create a new CloudFormation template** While you wait for the upgrade to complete, prepare your new OpenSearch template. Using the copy of your original template that you made in step 1, make the following changes: + Change the domain resource type from `AWS::Elasticsearch::Domain` to `AWS::OpenSearchService::Domain`. + Add the `DeletionPolicy` and `UpdateReplacePolicy` attributes to the resource, as you did in step 1. + Change `ElasticsearchVersion` to `EngineVersion` and set its value to `OpenSearch_1.0` (or whichever version of OpenSearch you want to upgrade to). + If your resource contains `ElasticsearchClusterConfig`, change it to `ClusterConfig`. + Change the suffixes of all instance types from `.elasticsearch` to `.search`. + If there are any `Fn::GetAtt` or `!GetAtt` references to your domain ARN, change them to `!GetAtt MyDomain.Arn`. + Comment out any resources not currently within the stack (most likely everything except `AWS::OpenSearchService::Domain`). See the next section for examples that demonstrate the new format. **Step 4: Import the OpenSearch stack** Once your domain upgrade finishes, you can import the new stack. Within CloudFormation, choose **Create stack** and **With existing resources (import resources)**, then upload the template you created in the previous step. CloudFormation prompts you for the name (identifier value) of the existing domain. Copy the domain name directly from the OpenSearch console. Give the stack a name that's different from the current one, then choose **Import resources**. After the stack is created, uncomment any related resources from the stack and update it to ensure they're recreated. You can remove the `DeletionPolicy` and `UpdateReplacePolicy` attributes if you want, but they can help prevent accidental deletions in the future. **Step 5: Delete the Elasticsearch stack** Now that your new stack is created, delete the old stack which contains the legacy Elasticsearch resource. **Important** Before deleting the old stack, make absolutely sure that the template contains the `DeletionPolicy: Retain` attribute. \$1The above steps were partially derived from this [blog post](https://onecloudplease.com/blog/migrating-to-opensearch-with-cloudformation). ## Examples **Topics** + [Create an OpenSearch Service domain that contains two data nodes and three master nodes](#aws-resource-opensearchservice-domain--examples--Create_an_OpenSearch_Service_domain_that_contains_two_data_nodes_and_three_master_nodes) + [Create a domain with VPC options](#aws-resource-opensearchservice-domain--examples--Create_a_domain_with_VPC_options) + [Create a domain with fine-grained access control](#aws-resource-opensearchservice-domain--examples--Create_a_domain_with_fine-grained_access_control) ### Create an OpenSearch Service domain that contains two data nodes and three master nodes The following example creates an OpenSearch Service domain running OpenSearch 1.0 that contains two data nodes and three dedicated master nodes. The domain has 40 GiB of storage and enables log publishing for application logs, search slow logs, and index slow logs. The access policy permits the root user for the AWS account to make all HTTP requests to the domain, such as indexing documents or searching indexes. #### JSON ``` "OpenSearchServiceDomain": { "Type":"AWS::OpenSearchService::Domain", "Properties": { "DomainName": "test", "EngineVersion": "OpenSearch_1.0", "ClusterConfig": { "DedicatedMasterEnabled": true, "InstanceCount": "2", "ZoneAwarenessEnabled": true, "InstanceType": "m3.medium.search", "DedicatedMasterType": "m3.medium.search", "DedicatedMasterCount": "3" }, "EBSOptions":{ "EBSEnabled": true, "Iops": "0", "VolumeSize": "20", "VolumeType": "gp2" }, "AccessPolicies": { "Version":"2012-10-17", "Statement":[ { "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::123456789012:user/opensearch-user" }, "Action":"es:*", "Resource": "arn:aws:es:us-east-1:123456789012:domain/test/*" } ] }, "LogPublishingOptions": { "ES_APPLICATION_LOGS": { "CloudWatchLogsLogGroupArn": "arn:aws:logs:us-east-1:123456789012:log-group:/aws/opensearch/domains/opensearch-application-logs", "Enabled": true }, "SEARCH_SLOW_LOGS": { "CloudWatchLogsLogGroupArn": "arn:aws:logs:us-east-1:123456789012:log-group:/aws/opensearch/domains/opensearch-slow-logs", "Enabled": true }, "INDEX_SLOW_LOGS": { "CloudWatchLogsLogGroupArn": "arn:aws:logs:us-east-1:123456789012:log-group:/aws/opensearch/domains/opensearch-index-slow-logs", "Enabled": true } }, "AdvancedOptions": { "rest.action.multi.allow_explicit_index": "true", "override_main_response_version": "true" } } } ``` #### YAML ``` OpenSearchServiceDomain: Type: AWS::OpenSearchService::Domain Properties: DomainName: 'test' EngineVersion: 'OpenSearch_1.0' ClusterConfig: DedicatedMasterEnabled: true InstanceCount: '2' ZoneAwarenessEnabled: true InstanceType: 'm3.medium.search' DedicatedMasterType: 'm3.medium.search' DedicatedMasterCount: '3' EBSOptions: EBSEnabled: true Iops: '0' VolumeSize: '20' VolumeType: 'gp2' AccessPolicies: Version: '2012-10-17 ' Statement: - Effect: 'Allow' Principal: AWS: 'arn:aws:iam::123456789012:user/opensearch-user' Action: 'es:*' Resource: 'arn:aws:es:us-east-1:846973539254:domain/test/*' LogPublishingOptions: ES_APPLICATION_LOGS: CloudWatchLogsLogGroupArn: 'arn:aws:logs:us-east-1:123456789012:log-group:/aws/opensearch/domains/opensearch-application-logs' Enabled: true SEARCH_SLOW_LOGS: CloudWatchLogsLogGroupArn: 'arn:aws:logs:us-east-1:123456789012:log-group:/aws/opensearch/domains/opensearch-slow-logs' Enabled: true INDEX_SLOW_LOGS: CloudWatchLogsLogGroupArn: 'arn:aws:logs:us-east-1:123456789012:log-group:/aws/opensearch/domains/opensearch-index-slow-logs' Enabled: true AdvancedOptions: rest.action.multi.allow_explicit_index: 'true' override_main_response_version: 'true' ``` ### Create a domain with VPC options The following example creates a domain with VPC options. #### JSON ``` { "AWSTemplateFormatVersion": "2010-09-09", "Description": "OpenSearchServiceDomain resource", "Parameters": { "DomainName": { "Description": "User-defined OpenSearch domain name", "Type": "String" }, "EngineVersion": { "Description": "User-defined OpenSearch version", "Type": "String" }, "InstanceType": { "Type": "String" }, "AvailabilityZone": { "Type": "String" }, "CidrBlock": { "Type": "String" }, "GroupDescription": { "Type": "String" }, "SGName": { "Type": "String" } }, "Resources": { "OpenSearchServiceDomain": { "Type": "AWS::OpenSearchService::Domain", "Properties": { "DomainName": { "Ref": "DomainName" }, "EngineVersion": { "Ref": "EngineVersion" }, "ClusterConfig": { "InstanceCount": "1", "InstanceType": { "Ref": "InstanceType" } }, "EBSOptions": { "EBSEnabled": true, "Iops": "0", "VolumeSize": "10", "VolumeType": "standard" }, "AccessPolicies": { "Version": "2012-10-17", "Statement": [ { "Effect": "Deny", "Principal": { "AWS": "*" }, "Action": "es:*", "Resource": "*" } ] }, "AdvancedOptions": { "rest.action.multi.allow_explicit_index": "true", "override_main_response_version": "true" }, "Tags": [ { "Key": "foo", "Value": "bar" } ], "VPCOptions": { "SubnetIds": [ { "Ref": "subnet" } ], "SecurityGroupIds": [ { "Ref": "mySecurityGroup" } ] } } }, "vpc": { "Type": "AWS::EC2::VPC", "Properties": { "CidrBlock": "10.0.0.0/16" } }, "subnet": { "Type": "AWS::EC2::Subnet", "Properties": { "VpcId": { "Ref": "vpc" }, "CidrBlock": { "Ref": "CidrBlock" }, "AvailabilityZone": { "Ref": "AvailabilityZone" } } }, "mySecurityGroup": { "Type": "AWS::EC2::SecurityGroup", "Properties": { "GroupDescription": { "Ref": "GroupDescription" }, "VpcId": { "Ref": "vpc" }, "GroupName": { "Ref": "SGName" }, "SecurityGroupIngress": [ { "FromPort": 443, "IpProtocol": "tcp", "ToPort": 443, "CidrIp": "0.0.0.0/0" } ] } } }, "Outputs": { "Arn": { "Value": { "Fn::GetAtt": [ "OpenSearchServiceDomain", "Arn" ] } }, "DomainEndpoint": { "Value": { "Fn::GetAtt": [ "OpenSearchServiceDomain", "DomainEndpoint" ] } }, "SecurityGroupId": { "Value": { "Ref": "mySecurityGroup" } }, "SubnetId": { "Value": { "Ref": "subnet" } } } } ``` #### YAML ``` AWSTemplateFormatVersion: '2010-09-09' Description: OpenSearchServiceDomain resource Parameters: DomainName: Description: User-defined OpenSearch domain name Type: String EngineVersion: Description: User-defined OpenSearch version Type: String InstanceType: Type: String AvailabilityZone: Type: String CidrBlock: Type: String GroupDescription: Type: String SGName: Type: String Resources: OpenSearchServiceDomain: Type: 'AWS::OpenSearchService::Domain' Properties: DomainName: Ref: DomainName EngineVersion: Ref: EngineVersion ClusterConfig: InstanceCount: '1' InstanceType: Ref: InstanceType EBSOptions: EBSEnabled: true Iops: '0' VolumeSize: '10' VolumeType: 'standard' AccessPolicies: Version: '2012-10-17 ' Statement: - Effect: Deny Principal: AWS: '*' Action: 'es:*' Resource: '*' AdvancedOptions: rest.action.multi.allow_explicit_index: 'true' override_main_response_version: 'true' Tags: - Key: foo Value: bar VPCOptions: SubnetIds: - Ref: subnet SecurityGroupIds: - Ref: mySecurityGroup vpc: Type: 'AWS::EC2::VPC' Properties: CidrBlock: 10.0.0.0/16 subnet: Type: 'AWS::EC2::Subnet' Properties: VpcId: Ref: vpc CidrBlock: Ref: CidrBlock AvailabilityZone: Ref: AvailabilityZone mySecurityGroup: Type: 'AWS::EC2::SecurityGroup' Properties: GroupDescription: Ref: GroupDescription VpcId: Ref: vpc GroupName: Ref: SGName SecurityGroupIngress: - FromPort: 443 IpProtocol: tcp ToPort: 443 CidrIp: 0.0.0.0/0 Outputs: Arn: Value: 'Fn::GetAtt': - OpenSearchServiceDomain - Arn DomainEndpoint: Value: 'Fn::GetAtt': - OpenSearchServiceDomain - DomainEndpoint SecurityGroupId: Value: Ref: mySecurityGroup SubnetId: Value: Ref: subnet ``` ### Create a domain with fine-grained access control The following example creates a domain with fine-grained access control. #### JSON ``` { "OpenSearchServiceDomain": { "Type": "AWS::OpenSearchService::Domain", "Properties": { "DomainName": "my-domain-logs", "EngineVersion": "OpenSearch_1.0", "ClusterConfig": { "InstanceCount": 2, "InstanceType": "r6g.xlarge.search", "DedicatedMasterEnabled": true, "DedicatedMasterCount": 3, "DedicatedMasterType": "r6g.xlarge.search" }, "EBSOptions": { "EBSEnabled": true, "VolumeSize": 10, "VolumeType": "gp2" }, "AccessPolicies": { "Version": "2012-10-17", "Statement": { "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::478253424788:role/Admin" }, "Action": "es:*", "Resource": "arn:aws:es:us-east-1:478253424788:domain/my-domain-logs/*" } } }, "AdvancedSecurityOptions": { "Enabled": true, "InternalUserDatabaseEnabled": true, "MasterUserOptions": { "MasterUserName": "", "MasterUserPassword": "" } } } } ``` #### YAML ``` OpenSearchServiceDomain: Type: 'AWS::OpenSearchService::Domain' Properties: DomainName: my-domain-logs EngineVersion: OpenSearch_1.0 ClusterConfig: InstanceCount: 2 InstanceType: r6g.xlarge.search DedicatedMasterEnabled: true DedicatedMasterCount: 3 DedicatedMasterType: r6g.xlarge.search EBSOptions: EBSEnabled: true VolumeSize: 10 VolumeType: gp2 AccessPolicies: Version: '2012-10-17 ' Statement: Effect: Allow Principal: AWS: 'arn:aws:iam::478253424788:role/Admin' Action: 'es:*' Resource: 'arn:aws:es:us-east-1:478253424788:domain/my-domain-logs/*' AdvancedSecurityOptions: Enabled: true InternalUserDatabaseEnabled: true MasterUserOptions: MasterUserName: MasterUserPassword: ``` # AWS::OpenSearchService::Domain AdvancedSecurityOptionsInput Specifies options for fine-grained access control. If you specify advanced security options, you must also enable node-to-node encryption ([NodeToNodeEncryptionOptions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-nodetonodeencryptionoptions.html)) and encryption at rest ([EncryptionAtRestOptions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-encryptionatrestoptions.html)). You must also enable `EnforceHTTPS` within [DomainEndpointOptions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-domainendpointoptions.html), which requires HTTPS for all traffic to the domain. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[AnonymousAuthDisableDate](#cfn-opensearchservice-domain-advancedsecurityoptionsinput-anonymousauthdisabledate)" : String, "[AnonymousAuthEnabled](#cfn-opensearchservice-domain-advancedsecurityoptionsinput-anonymousauthenabled)" : Boolean, "[Enabled](#cfn-opensearchservice-domain-advancedsecurityoptionsinput-enabled)" : Boolean, "[IAMFederationOptions](#cfn-opensearchservice-domain-advancedsecurityoptionsinput-iamfederationoptions)" : IAMFederationOptions, "[InternalUserDatabaseEnabled](#cfn-opensearchservice-domain-advancedsecurityoptionsinput-internaluserdatabaseenabled)" : Boolean, "[JWTOptions](#cfn-opensearchservice-domain-advancedsecurityoptionsinput-jwtoptions)" : JWTOptions, "[MasterUserOptions](#cfn-opensearchservice-domain-advancedsecurityoptionsinput-masteruseroptions)" : MasterUserOptions, "[SAMLOptions](#cfn-opensearchservice-domain-advancedsecurityoptionsinput-samloptions)" : SAMLOptions } ``` ### YAML ``` [AnonymousAuthDisableDate](#cfn-opensearchservice-domain-advancedsecurityoptionsinput-anonymousauthdisabledate): String [AnonymousAuthEnabled](#cfn-opensearchservice-domain-advancedsecurityoptionsinput-anonymousauthenabled): Boolean [Enabled](#cfn-opensearchservice-domain-advancedsecurityoptionsinput-enabled): Boolean [IAMFederationOptions](#cfn-opensearchservice-domain-advancedsecurityoptionsinput-iamfederationoptions): IAMFederationOptions [InternalUserDatabaseEnabled](#cfn-opensearchservice-domain-advancedsecurityoptionsinput-internaluserdatabaseenabled): Boolean [JWTOptions](#cfn-opensearchservice-domain-advancedsecurityoptionsinput-jwtoptions): JWTOptions [MasterUserOptions](#cfn-opensearchservice-domain-advancedsecurityoptionsinput-masteruseroptions): MasterUserOptions [SAMLOptions](#cfn-opensearchservice-domain-advancedsecurityoptionsinput-samloptions): SAMLOptions ``` ## Properties `AnonymousAuthDisableDate` Date and time when the migration period will be disabled. Only necessary when [enabling fine-grained access control on an existing domain](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/fgac.html#fgac-enabling-existing). *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `AnonymousAuthEnabled` True to enable a 30-day migration period during which administrators can create role mappings. Only necessary when [enabling fine-grained access control on an existing domain](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/fgac.html#fgac-enabling-existing). *Required*: No *Type*: Boolean *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Enabled` True to enable fine-grained access control. You must also enable encryption of data at rest and node-to-node encryption. See [Fine-grained access control in Amazon OpenSearch Service](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/fgac.html). *Required*: No *Type*: Boolean *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `IAMFederationOptions` Input configuration for IAM identity federation within advanced security options. *Required*: No *Type*: [IAMFederationOptions](aws-properties-opensearchservice-domain-iamfederationoptions.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `InternalUserDatabaseEnabled` True to enable the internal user database. *Required*: No *Type*: Boolean *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `JWTOptions` Container for information about the JWT configuration of the Amazon OpenSearch Service. *Required*: No *Type*: [JWTOptions](aws-properties-opensearchservice-domain-jwtoptions.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `MasterUserOptions` Specifies information about the master user. *Required*: No *Type*: [MasterUserOptions](aws-properties-opensearchservice-domain-masteruseroptions.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `SAMLOptions` Container for information about the SAML configuration for OpenSearch Dashboards. *Required*: No *Type*: [SAMLOptions](aws-properties-opensearchservice-domain-samloptions.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::OpenSearchService::Domain AIMLOptions The `AIMLOptions` property type specifies Property description not available. for an [AWS::OpenSearchService::Domain](aws-resource-opensearchservice-domain.md). ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[S3VectorsEngine](#cfn-opensearchservice-domain-aimloptions-s3vectorsengine)" : S3VectorsEngine, "[ServerlessVectorAcceleration](#cfn-opensearchservice-domain-aimloptions-serverlessvectoracceleration)" : ServerlessVectorAcceleration } ``` ### YAML ``` [S3VectorsEngine](#cfn-opensearchservice-domain-aimloptions-s3vectorsengine): S3VectorsEngine [ServerlessVectorAcceleration](#cfn-opensearchservice-domain-aimloptions-serverlessvectoracceleration): ServerlessVectorAcceleration ``` ## Properties `S3VectorsEngine` Property description not available. *Required*: No *Type*: [S3VectorsEngine](aws-properties-opensearchservice-domain-s3vectorsengine.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `ServerlessVectorAcceleration` Property description not available. *Required*: No *Type*: [ServerlessVectorAcceleration](aws-properties-opensearchservice-domain-serverlessvectoracceleration.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::OpenSearchService::Domain ClusterConfig The cluster configuration for the OpenSearch Service domain. You can specify options such as the instance type and the number of instances. For more information, see [Creating and managing Amazon OpenSearch Service domains](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/createupdatedomains.html) in the *Amazon OpenSearch Service Developer Guide*. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[ColdStorageOptions](#cfn-opensearchservice-domain-clusterconfig-coldstorageoptions)" : ColdStorageOptions, "[DedicatedMasterCount](#cfn-opensearchservice-domain-clusterconfig-dedicatedmastercount)" : Integer, "[DedicatedMasterEnabled](#cfn-opensearchservice-domain-clusterconfig-dedicatedmasterenabled)" : Boolean, "[DedicatedMasterType](#cfn-opensearchservice-domain-clusterconfig-dedicatedmastertype)" : String, "[InstanceCount](#cfn-opensearchservice-domain-clusterconfig-instancecount)" : Integer, "[InstanceType](#cfn-opensearchservice-domain-clusterconfig-instancetype)" : String, "[MultiAZWithStandbyEnabled](#cfn-opensearchservice-domain-clusterconfig-multiazwithstandbyenabled)" : Boolean, "[NodeOptions](#cfn-opensearchservice-domain-clusterconfig-nodeoptions)" : [ NodeOption, ... ], "[WarmCount](#cfn-opensearchservice-domain-clusterconfig-warmcount)" : Integer, "[WarmEnabled](#cfn-opensearchservice-domain-clusterconfig-warmenabled)" : Boolean, "[WarmType](#cfn-opensearchservice-domain-clusterconfig-warmtype)" : String, "[ZoneAwarenessConfig](#cfn-opensearchservice-domain-clusterconfig-zoneawarenessconfig)" : ZoneAwarenessConfig, "[ZoneAwarenessEnabled](#cfn-opensearchservice-domain-clusterconfig-zoneawarenessenabled)" : Boolean } ``` ### YAML ``` [ColdStorageOptions](#cfn-opensearchservice-domain-clusterconfig-coldstorageoptions): ColdStorageOptions [DedicatedMasterCount](#cfn-opensearchservice-domain-clusterconfig-dedicatedmastercount): Integer [DedicatedMasterEnabled](#cfn-opensearchservice-domain-clusterconfig-dedicatedmasterenabled): Boolean [DedicatedMasterType](#cfn-opensearchservice-domain-clusterconfig-dedicatedmastertype): String [InstanceCount](#cfn-opensearchservice-domain-clusterconfig-instancecount): Integer [InstanceType](#cfn-opensearchservice-domain-clusterconfig-instancetype): String [MultiAZWithStandbyEnabled](#cfn-opensearchservice-domain-clusterconfig-multiazwithstandbyenabled): Boolean [NodeOptions](#cfn-opensearchservice-domain-clusterconfig-nodeoptions): - NodeOption [WarmCount](#cfn-opensearchservice-domain-clusterconfig-warmcount): Integer [WarmEnabled](#cfn-opensearchservice-domain-clusterconfig-warmenabled): Boolean [WarmType](#cfn-opensearchservice-domain-clusterconfig-warmtype): String [ZoneAwarenessConfig](#cfn-opensearchservice-domain-clusterconfig-zoneawarenessconfig): ZoneAwarenessConfig [ZoneAwarenessEnabled](#cfn-opensearchservice-domain-clusterconfig-zoneawarenessenabled): Boolean ``` ## Properties `ColdStorageOptions` Container for cold storage configuration options. *Required*: No *Type*: [ColdStorageOptions](aws-properties-opensearchservice-domain-coldstorageoptions.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `DedicatedMasterCount` The number of instances to use for the master node. If you specify this property, you must specify `true` for the `DedicatedMasterEnabled` property. *Required*: No *Type*: Integer *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `DedicatedMasterEnabled` Indicates whether to use a dedicated master node for the OpenSearch Service domain. A dedicated master node is a cluster node that performs cluster management tasks, but doesn't hold data or respond to data upload requests. Dedicated master nodes offload cluster management tasks to increase the stability of your search clusters. See [Dedicated master nodes in Amazon OpenSearch Service](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/managedomains-dedicatedmasternodes.html). *Required*: No *Type*: Boolean *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `DedicatedMasterType` The hardware configuration of the computer that hosts the dedicated master node, such as `m3.medium.search`. If you specify this property, you must specify `true` for the `DedicatedMasterEnabled` property. For valid values, see [Supported instance types in Amazon OpenSearch Service](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/supported-instance-types.html). *Required*: No *Type*: String *Allowed values*: `m3.medium.search | m3.large.search | m3.xlarge.search | m3.2xlarge.search | m4.large.search | m4.xlarge.search | m4.2xlarge.search | m4.4xlarge.search | m4.10xlarge.search | m5.large.search | m5.xlarge.search | m5.2xlarge.search | m5.4xlarge.search | m5.12xlarge.search | m5.24xlarge.search | r5.large.search | r5.xlarge.search | r5.2xlarge.search | r5.4xlarge.search | r5.12xlarge.search | r5.24xlarge.search | c5.large.search | c5.xlarge.search | c5.2xlarge.search | c5.4xlarge.search | c5.9xlarge.search | c5.18xlarge.search | t3.nano.search | t3.micro.search | t3.small.search | t3.medium.search | t3.large.search | t3.xlarge.search | t3.2xlarge.search | or1.medium.search | or1.large.search | or1.xlarge.search | or1.2xlarge.search | or1.4xlarge.search | or1.8xlarge.search | or1.12xlarge.search | or1.16xlarge.search | ultrawarm1.medium.search | ultrawarm1.large.search | ultrawarm1.xlarge.search | t2.micro.search | t2.small.search | t2.medium.search | r3.large.search | r3.xlarge.search | r3.2xlarge.search | r3.4xlarge.search | r3.8xlarge.search | i2.xlarge.search | i2.2xlarge.search | d2.xlarge.search | d2.2xlarge.search | d2.4xlarge.search | d2.8xlarge.search | c4.large.search | c4.xlarge.search | c4.2xlarge.search | c4.4xlarge.search | c4.8xlarge.search | r4.large.search | r4.xlarge.search | r4.2xlarge.search | r4.4xlarge.search | r4.8xlarge.search | r4.16xlarge.search | i3.large.search | i3.xlarge.search | i3.2xlarge.search | i3.4xlarge.search | i3.8xlarge.search | i3.16xlarge.search | r6g.large.search | r6g.xlarge.search | r6g.2xlarge.search | r6g.4xlarge.search | r6g.8xlarge.search | r6g.12xlarge.search | m6g.large.search | m6g.xlarge.search | m6g.2xlarge.search | m6g.4xlarge.search | m6g.8xlarge.search | m6g.12xlarge.search | c6g.large.search | c6g.xlarge.search | c6g.2xlarge.search | c6g.4xlarge.search | c6g.8xlarge.search | c6g.12xlarge.search | r6gd.large.search | r6gd.xlarge.search | r6gd.2xlarge.search | r6gd.4xlarge.search | r6gd.8xlarge.search | r6gd.12xlarge.search | r6gd.16xlarge.search | t4g.small.search | t4g.medium.search` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `InstanceCount` The number of data nodes (instances) to use in the OpenSearch Service domain. *Required*: No *Type*: Integer *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `InstanceType` The instance type for your data nodes, such as `m3.medium.search`. For valid values, see [Supported instance types in Amazon OpenSearch Service ](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/supported-instance-types.html). *Required*: No *Type*: String *Allowed values*: `m3.medium.search | m3.large.search | m3.xlarge.search | m3.2xlarge.search | m4.large.search | m4.xlarge.search | m4.2xlarge.search | m4.4xlarge.search | m4.10xlarge.search | m5.large.search | m5.xlarge.search | m5.2xlarge.search | m5.4xlarge.search | m5.12xlarge.search | m5.24xlarge.search | r5.large.search | r5.xlarge.search | r5.2xlarge.search | r5.4xlarge.search | r5.12xlarge.search | r5.24xlarge.search | c5.large.search | c5.xlarge.search | c5.2xlarge.search | c5.4xlarge.search | c5.9xlarge.search | c5.18xlarge.search | t3.nano.search | t3.micro.search | t3.small.search | t3.medium.search | t3.large.search | t3.xlarge.search | t3.2xlarge.search | or1.medium.search | or1.large.search | or1.xlarge.search | or1.2xlarge.search | or1.4xlarge.search | or1.8xlarge.search | or1.12xlarge.search | or1.16xlarge.search | ultrawarm1.medium.search | ultrawarm1.large.search | ultrawarm1.xlarge.search | t2.micro.search | t2.small.search | t2.medium.search | r3.large.search | r3.xlarge.search | r3.2xlarge.search | r3.4xlarge.search | r3.8xlarge.search | i2.xlarge.search | i2.2xlarge.search | d2.xlarge.search | d2.2xlarge.search | d2.4xlarge.search | d2.8xlarge.search | c4.large.search | c4.xlarge.search | c4.2xlarge.search | c4.4xlarge.search | c4.8xlarge.search | r4.large.search | r4.xlarge.search | r4.2xlarge.search | r4.4xlarge.search | r4.8xlarge.search | r4.16xlarge.search | i3.large.search | i3.xlarge.search | i3.2xlarge.search | i3.4xlarge.search | i3.8xlarge.search | i3.16xlarge.search | r6g.large.search | r6g.xlarge.search | r6g.2xlarge.search | r6g.4xlarge.search | r6g.8xlarge.search | r6g.12xlarge.search | m6g.large.search | m6g.xlarge.search | m6g.2xlarge.search | m6g.4xlarge.search | m6g.8xlarge.search | m6g.12xlarge.search | c6g.large.search | c6g.xlarge.search | c6g.2xlarge.search | c6g.4xlarge.search | c6g.8xlarge.search | c6g.12xlarge.search | r6gd.large.search | r6gd.xlarge.search | r6gd.2xlarge.search | r6gd.4xlarge.search | r6gd.8xlarge.search | r6gd.12xlarge.search | r6gd.16xlarge.search | t4g.small.search | t4g.medium.search` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `MultiAZWithStandbyEnabled` Indicates whether Multi-AZ with Standby deployment option is enabled. For more information, see [Multi-AZ with Standby](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/managedomains-multiaz.html#managedomains-za-standby). *Required*: No *Type*: Boolean *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `NodeOptions` List of node options for the domain. *Required*: No *Type*: Array of [NodeOption](aws-properties-opensearchservice-domain-nodeoption.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `WarmCount` The number of warm nodes in the cluster. *Required*: No *Type*: Integer *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `WarmEnabled` Whether to enable UltraWarm storage for the cluster. See [UltraWarm storage for Amazon OpenSearch Service](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/ultrawarm.html). *Required*: No *Type*: Boolean *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `WarmType` The instance type for the cluster's warm nodes. *Required*: No *Type*: String *Allowed values*: `ultrawarm1.medium.search | ultrawarm1.large.search | ultrawarm1.xlarge.search` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `ZoneAwarenessConfig` Specifies zone awareness configuration options. Only use if `ZoneAwarenessEnabled` is `true`. *Required*: No *Type*: [ZoneAwarenessConfig](aws-properties-opensearchservice-domain-zoneawarenessconfig.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `ZoneAwarenessEnabled` Indicates whether to enable zone awareness for the OpenSearch Service domain. When you enable zone awareness, OpenSearch Service allocates the nodes and replica index shards that belong to a cluster across two Availability Zones (AZs) in the same region to prevent data loss and minimize downtime in the event of node or data center failure. Don't enable zone awareness if your cluster has no replica index shards or is a single-node cluster. For more information, see [Configuring a multi-AZ domain in Amazon OpenSearch Service](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/managedomains-multiaz.html). *Required*: No *Type*: Boolean *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::OpenSearchService::Domain CognitoOptions Configures OpenSearch Service to use Amazon Cognito authentication for OpenSearch Dashboards. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Enabled](#cfn-opensearchservice-domain-cognitooptions-enabled)" : Boolean, "[IdentityPoolId](#cfn-opensearchservice-domain-cognitooptions-identitypoolid)" : String, "[RoleArn](#cfn-opensearchservice-domain-cognitooptions-rolearn)" : String, "[UserPoolId](#cfn-opensearchservice-domain-cognitooptions-userpoolid)" : String } ``` ### YAML ``` [Enabled](#cfn-opensearchservice-domain-cognitooptions-enabled): Boolean [IdentityPoolId](#cfn-opensearchservice-domain-cognitooptions-identitypoolid): String [RoleArn](#cfn-opensearchservice-domain-cognitooptions-rolearn): String [UserPoolId](#cfn-opensearchservice-domain-cognitooptions-userpoolid): String ``` ## Properties `Enabled` Whether to enable or disable Amazon Cognito authentication for OpenSearch Dashboards. See [Amazon Cognito authentication for OpenSearch Dashboards](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/cognito-auth.html). *Required*: No *Type*: Boolean *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `IdentityPoolId` The Amazon Cognito identity pool ID that you want OpenSearch Service to use for OpenSearch Dashboards authentication. Required if you enabled Cognito Authentication for OpenSearch Dashboards. *Required*: Conditional *Type*: String *Pattern*: `[\w-]+:[0-9a-f-]+` *Minimum*: `1` *Maximum*: `55` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `RoleArn` The `AmazonOpenSearchServiceCognitoAccess` role that allows OpenSearch Service to configure your user pool and identity pool. Required if you enabled Cognito Authentication for OpenSearch Dashboards. *Required*: Conditional *Type*: String *Pattern*: `arn:(aws|aws\-cn|aws\-us\-gov|aws\-iso|aws\-iso\-b):iam::[0-9]+:role\/.*` *Minimum*: `20` *Maximum*: `2048` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `UserPoolId` The Amazon Cognito user pool ID that you want OpenSearch Service to use for OpenSearch Dashboards authentication. Required if you enabled Cognito Authentication for OpenSearch Dashboards. *Required*: Conditional *Type*: String *Pattern*: `[\w-]+_[0-9a-zA-Z]+` *Minimum*: `1` *Maximum*: `55` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::OpenSearchService::Domain ColdStorageOptions Container for the parameters required to enable cold storage for an OpenSearch Service domain. For more information, see [Cold storage for Amazon OpenSearch Service](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/cold-storage.html). ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Enabled](#cfn-opensearchservice-domain-coldstorageoptions-enabled)" : Boolean } ``` ### YAML ``` [Enabled](#cfn-opensearchservice-domain-coldstorageoptions-enabled): Boolean ``` ## Properties `Enabled` Whether to enable or disable cold storage on the domain. You must enable UltraWarm storage to enable cold storage. *Required*: No *Type*: Boolean *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::OpenSearchService::Domain DeploymentStrategyOptions Specifies the deployment strategy options for the domain. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[DeploymentStrategy](#cfn-opensearchservice-domain-deploymentstrategyoptions-deploymentstrategy)" : String } ``` ### YAML ``` [DeploymentStrategy](#cfn-opensearchservice-domain-deploymentstrategyoptions-deploymentstrategy): String ``` ## Properties `DeploymentStrategy` Specifies the deployment strategy for the domain. Valid values are `Default` and `CapacityOptimized`. *Required*: No *Type*: String *Allowed values*: `Default | CapacityOptimized` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::OpenSearchService::Domain DomainEndpointOptions Specifies additional options for the domain endpoint, such as whether to require HTTPS for all traffic or whether to use a custom endpoint rather than the default endpoint. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[CustomEndpoint](#cfn-opensearchservice-domain-domainendpointoptions-customendpoint)" : String, "[CustomEndpointCertificateArn](#cfn-opensearchservice-domain-domainendpointoptions-customendpointcertificatearn)" : String, "[CustomEndpointEnabled](#cfn-opensearchservice-domain-domainendpointoptions-customendpointenabled)" : Boolean, "[EnforceHTTPS](#cfn-opensearchservice-domain-domainendpointoptions-enforcehttps)" : Boolean, "[TLSSecurityPolicy](#cfn-opensearchservice-domain-domainendpointoptions-tlssecuritypolicy)" : String } ``` ### YAML ``` [CustomEndpoint](#cfn-opensearchservice-domain-domainendpointoptions-customendpoint): String [CustomEndpointCertificateArn](#cfn-opensearchservice-domain-domainendpointoptions-customendpointcertificatearn): String [CustomEndpointEnabled](#cfn-opensearchservice-domain-domainendpointoptions-customendpointenabled): Boolean [EnforceHTTPS](#cfn-opensearchservice-domain-domainendpointoptions-enforcehttps): Boolean [TLSSecurityPolicy](#cfn-opensearchservice-domain-domainendpointoptions-tlssecuritypolicy): String ``` ## Properties `CustomEndpoint` The fully qualified URL for your custom endpoint. Required if you enabled a custom endpoint for the domain. *Required*: Conditional *Type*: String *Pattern*: `^(((?!-)[A-Za-z0-9-]{0,62}[A-Za-z0-9])\.)+((?!-)[A-Za-z0-9-]{1,62}[A-Za-z0-9])$` *Minimum*: `1` *Maximum*: `255` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `CustomEndpointCertificateArn` The AWS Certificate Manager ARN for your domain's SSL/TLS certificate. Required if you enabled a custom endpoint for the domain. *Required*: Conditional *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `CustomEndpointEnabled` True to enable a custom endpoint for the domain. If enabled, you must also provide values for `CustomEndpoint` and `CustomEndpointCertificateArn`. *Required*: No *Type*: Boolean *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `EnforceHTTPS` True to require that all traffic to the domain arrive over HTTPS. Required if you enable fine-grained access control in [AdvancedSecurityOptions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-advancedsecurityoptionsinput.html). *Required*: Conditional *Type*: Boolean *Update requires*: [Some interruptions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-some-interrupt) `TLSSecurityPolicy` The minimum TLS version required for traffic to the domain. The policy can be one of the following values: + **Policy-Min-TLS-1-0-2019-07:** TLS security policy that supports TLS version 1.0 to TLS version 1.2 + **Policy-Min-TLS-1-2-2019-07:** TLS security policy that supports only TLS version 1.2 + **Policy-Min-TLS-1-2-PFS-2023-10:** TLS security policy that supports TLS version 1.2 to TLS version 1.3 with perfect forward secrecy cipher suites *Required*: No *Type*: String *Allowed values*: `Policy-Min-TLS-1-0-2019-07 | Policy-Min-TLS-1-2-2019-07 | Policy-Min-TLS-1-2-PFS-2023-10 | Policy-Min-TLS-1-2-RFC9151-FIPS-2024-08` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::OpenSearchService::Domain EBSOptions The configurations of Amazon Elastic Block Store (Amazon EBS) volumes that are attached to data nodes in the OpenSearch Service domain. For more information, see [EBS volume size limits](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/limits.html#ebsresource) in the *Amazon OpenSearch Service Developer Guide*. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[EBSEnabled](#cfn-opensearchservice-domain-ebsoptions-ebsenabled)" : Boolean, "[Iops](#cfn-opensearchservice-domain-ebsoptions-iops)" : Integer, "[Throughput](#cfn-opensearchservice-domain-ebsoptions-throughput)" : Integer, "[VolumeSize](#cfn-opensearchservice-domain-ebsoptions-volumesize)" : Integer, "[VolumeType](#cfn-opensearchservice-domain-ebsoptions-volumetype)" : String } ``` ### YAML ``` [EBSEnabled](#cfn-opensearchservice-domain-ebsoptions-ebsenabled): Boolean [Iops](#cfn-opensearchservice-domain-ebsoptions-iops): Integer [Throughput](#cfn-opensearchservice-domain-ebsoptions-throughput): Integer [VolumeSize](#cfn-opensearchservice-domain-ebsoptions-volumesize): Integer [VolumeType](#cfn-opensearchservice-domain-ebsoptions-volumetype): String ``` ## Properties `EBSEnabled` Specifies whether Amazon EBS volumes are attached to data nodes in the OpenSearch Service domain. *Required*: No *Type*: Boolean *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Iops` The number of I/O operations per second (IOPS) that the volume supports. This property applies only to the `gp3` and provisioned IOPS EBS volume types. *Required*: No *Type*: Integer *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Throughput` The throughput (in MiB/s) of the EBS volumes attached to data nodes. Applies only to the `gp3` volume type. *Required*: No *Type*: Integer *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `VolumeSize` The size (in GiB) of the EBS volume for each data node. The minimum and maximum size of an EBS volume depends on the EBS volume type and the instance type to which it is attached. For more information, see [EBS volume size limits](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/limits.html#ebsresource) in the *Amazon OpenSearch Service Developer Guide*. *Required*: No *Type*: Integer *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `VolumeType` The EBS volume type to use with the OpenSearch Service domain. If you choose `gp3`, you must also specify values for `Iops` and `Throughput`. For more information about each type, see [Amazon EBS volume types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html) in the *Amazon EC2 User Guide for Linux Instances*. *Required*: No *Type*: String *Allowed values*: `standard | gp2 | io1 | gp3` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::OpenSearchService::Domain EncryptionAtRestOptions Whether the domain should encrypt data at rest, and if so, the AWS Key Management Service key to use. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Enabled](#cfn-opensearchservice-domain-encryptionatrestoptions-enabled)" : Boolean, "[KmsKeyId](#cfn-opensearchservice-domain-encryptionatrestoptions-kmskeyid)" : String } ``` ### YAML ``` [Enabled](#cfn-opensearchservice-domain-encryptionatrestoptions-enabled): Boolean [KmsKeyId](#cfn-opensearchservice-domain-encryptionatrestoptions-kmskeyid): String ``` ## Properties `Enabled` Specify `true` to enable encryption at rest. Required if you enable fine-grained access control in [AdvancedSecurityOptionsInput](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-advancedsecurityoptionsinput.html). If no encryption at rest options were initially specified in the template, updating this property by adding it causes no interruption. However, if you change this property after it's already been set within a template, the domain is deleted and recreated in order to modify the property. *Required*: Conditional *Type*: Boolean *Update requires*: [Some interruptions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-some-interrupt) `KmsKeyId` The KMS key ID. Takes the form `1a2a3a4-1a2a-3a4a-5a6a-1a2a3a4a5a6a`. Required if you enable encryption at rest. You can also use `keyAlias` as a value. If no encryption at rest options were initially specified in the template, updating this property by adding it causes no interruption. However, if you change this property after it's already been set within a template, the domain is deleted and recreated in order to modify the property. *Required*: Conditional *Type*: String *Pattern*: `.*` *Minimum*: `1` *Maximum*: `500` *Update requires*: [Some interruptions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-some-interrupt) ## See also + [CreateDomain](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/configuration-api.html#configuration-api-actions-createdomain) in the *Amazon OpenSearch Service Developer Guide*. # AWS::OpenSearchService::Domain IAMFederationOptions The `IAMFederationOptions` property type specifies Property description not available. for an [AWS::OpenSearchService::Domain](aws-resource-opensearchservice-domain.md). ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Enabled](#cfn-opensearchservice-domain-iamfederationoptions-enabled)" : Boolean, "[RolesKey](#cfn-opensearchservice-domain-iamfederationoptions-roleskey)" : String, "[SubjectKey](#cfn-opensearchservice-domain-iamfederationoptions-subjectkey)" : String } ``` ### YAML ``` [Enabled](#cfn-opensearchservice-domain-iamfederationoptions-enabled): Boolean [RolesKey](#cfn-opensearchservice-domain-iamfederationoptions-roleskey): String [SubjectKey](#cfn-opensearchservice-domain-iamfederationoptions-subjectkey): String ``` ## Properties `Enabled` Property description not available. *Required*: No *Type*: Boolean *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `RolesKey` Property description not available. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `SubjectKey` Property description not available. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::OpenSearchService::Domain IdentityCenterOptions Settings container for integrating IAM Identity Center with OpenSearch UI applications, which enables enabling secure user authentication and access control across multiple data sources. This setup supports single sign-on (SSO) through IAM Identity Center, allowing centralized user management. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[EnabledAPIAccess](#cfn-opensearchservice-domain-identitycenteroptions-enabledapiaccess)" : Boolean, "[IdentityCenterApplicationARN](#cfn-opensearchservice-domain-identitycenteroptions-identitycenterapplicationarn)" : String, "[IdentityCenterInstanceARN](#cfn-opensearchservice-domain-identitycenteroptions-identitycenterinstancearn)" : String, "[IdentityStoreId](#cfn-opensearchservice-domain-identitycenteroptions-identitystoreid)" : String, "[RolesKey](#cfn-opensearchservice-domain-identitycenteroptions-roleskey)" : String, "[SubjectKey](#cfn-opensearchservice-domain-identitycenteroptions-subjectkey)" : String } ``` ### YAML ``` [EnabledAPIAccess](#cfn-opensearchservice-domain-identitycenteroptions-enabledapiaccess): Boolean [IdentityCenterApplicationARN](#cfn-opensearchservice-domain-identitycenteroptions-identitycenterapplicationarn): String [IdentityCenterInstanceARN](#cfn-opensearchservice-domain-identitycenteroptions-identitycenterinstancearn): String [IdentityStoreId](#cfn-opensearchservice-domain-identitycenteroptions-identitystoreid): String [RolesKey](#cfn-opensearchservice-domain-identitycenteroptions-roleskey): String [SubjectKey](#cfn-opensearchservice-domain-identitycenteroptions-subjectkey): String ``` ## Properties `EnabledAPIAccess` Indicates whether IAM Identity Center is enabled for the application. *Required*: No *Type*: Boolean *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `IdentityCenterApplicationARN` The ARN of the IAM Identity Center application that integrates with Amazon OpenSearch Service. *Required*: No *Type*: String *Pattern*: `^arn:aws[a-z\\-]*:[a-z]+:[a-z0-9\\-]*:[0-9]*:[a-z0-9\\-]+\/[a-z0-9\\-]+\/[a-z0-9\\-]+` *Minimum*: `20` *Maximum*: `2048` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `IdentityCenterInstanceARN` The Amazon Resource Name (ARN) of the IAM Identity Center instance. *Required*: No *Type*: String *Pattern*: `^arn:aws[a-z\\-]*:[a-z]+:[a-z0-9\\-]*:[0-9]*:[a-z0-9\\-]+\/[a-z0-9\\-]+` *Minimum*: `20` *Maximum*: `2048` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `IdentityStoreId` The identifier of the IAM Identity Store. *Required*: No *Type*: String *Pattern*: `^d-[0-9a-f]{10}$|^[0-9a-f]{8}\\b-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-\\b[0-9a-f]{12}$` *Minimum*: `1` *Maximum*: `64` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `RolesKey` Specifies the attribute that contains the backend role identifier (such as group name or group ID) in IAM Identity Center. *Required*: No *Type*: String *Allowed values*: `GroupName | GroupId` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `SubjectKey` Specifies the attribute that contains the subject identifier (such as username, user ID, or email) in IAM Identity Center. *Required*: No *Type*: String *Allowed values*: `UserName | UserId | Email` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::OpenSearchService::Domain Idp The SAML Identity Provider's information. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[EntityId](#cfn-opensearchservice-domain-idp-entityid)" : String, "[MetadataContent](#cfn-opensearchservice-domain-idp-metadatacontent)" : String } ``` ### YAML ``` [EntityId](#cfn-opensearchservice-domain-idp-entityid): String [MetadataContent](#cfn-opensearchservice-domain-idp-metadatacontent): String ``` ## Properties `EntityId` The unique entity ID of the application in the SAML identity provider. *Required*: Yes *Type*: String *Minimum*: `8` *Maximum*: `512` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `MetadataContent` The metadata of the SAML application, in XML format. *Required*: Yes *Type*: String *Minimum*: `1` *Maximum*: `1048576` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::OpenSearchService::Domain JWTOptions The `JWTOptions` property type specifies Property description not available. for an [AWS::OpenSearchService::Domain](aws-resource-opensearchservice-domain.md). ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Enabled](#cfn-opensearchservice-domain-jwtoptions-enabled)" : Boolean, "[PublicKey](#cfn-opensearchservice-domain-jwtoptions-publickey)" : String, "[RolesKey](#cfn-opensearchservice-domain-jwtoptions-roleskey)" : String, "[SubjectKey](#cfn-opensearchservice-domain-jwtoptions-subjectkey)" : String } ``` ### YAML ``` [Enabled](#cfn-opensearchservice-domain-jwtoptions-enabled): Boolean [PublicKey](#cfn-opensearchservice-domain-jwtoptions-publickey): String [RolesKey](#cfn-opensearchservice-domain-jwtoptions-roleskey): String [SubjectKey](#cfn-opensearchservice-domain-jwtoptions-subjectkey): String ``` ## Properties `Enabled` Property description not available. *Required*: No *Type*: Boolean *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `PublicKey` Property description not available. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `RolesKey` Property description not available. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `SubjectKey` Property description not available. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::OpenSearchService::Domain LogPublishingOption Specifies whether the OpenSearch Service domain publishes application, search slow logs, or index slow logs to Amazon CloudWatch. Each option must be an object of name `SEARCH_SLOW_LOGS`, `ES_APPLICATION_LOGS`, `INDEX_SLOW_LOGS`, or `AUDIT_LOGS` depending on the type of logs you want to publish. For the full syntax, see the [examples](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html#aws-resource-opensearchservice-domain--examples). Before you enable log publishing, you need to create a CloudWatch log group and provide OpenSearch Service the correct permissions to write to it. To learn more, see [Enabling log publishing (AWS CloudFormation)](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/createdomain-configure-slow-logs.html#createdomain-configure-slow-logs-cfn). ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[CloudWatchLogsLogGroupArn](#cfn-opensearchservice-domain-logpublishingoption-cloudwatchlogsloggrouparn)" : String, "[Enabled](#cfn-opensearchservice-domain-logpublishingoption-enabled)" : Boolean } ``` ### YAML ``` [CloudWatchLogsLogGroupArn](#cfn-opensearchservice-domain-logpublishingoption-cloudwatchlogsloggrouparn): String [Enabled](#cfn-opensearchservice-domain-logpublishingoption-enabled): Boolean ``` ## Properties `CloudWatchLogsLogGroupArn` Specifies the CloudWatch log group to publish to. Required if you enable log publishing. *Required*: Conditional *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Enabled` If `true`, enables the publishing of logs to CloudWatch. Default: `false`. *Required*: No *Type*: Boolean *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) ## See also + [Monitoring OpenSearch logs with Amazon CloudWatch Logs](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/createdomain-configure-slow-logs.html) and [LogPublishingOptions](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/configuration-api.html#configuration-api-datatypes-logpublishingoptions) in the *Amazon OpenSearch Service Developer Guide*. # AWS::OpenSearchService::Domain MasterUserOptions Specifies information about the master user. Required if `InternalUserDatabaseEnabled` is true in [AdvancedSecurityOptions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-advancedsecurityoptionsinput.html). ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[MasterUserARN](#cfn-opensearchservice-domain-masteruseroptions-masteruserarn)" : String, "[MasterUserName](#cfn-opensearchservice-domain-masteruseroptions-masterusername)" : String, "[MasterUserPassword](#cfn-opensearchservice-domain-masteruseroptions-masteruserpassword)" : String } ``` ### YAML ``` [MasterUserARN](#cfn-opensearchservice-domain-masteruseroptions-masteruserarn): String [MasterUserName](#cfn-opensearchservice-domain-masteruseroptions-masterusername): String [MasterUserPassword](#cfn-opensearchservice-domain-masteruseroptions-masteruserpassword): String ``` ## Properties `MasterUserARN` Amazon Resource Name (ARN) for the master user. The ARN can point to an IAM user or role. This property is required for Amazon Cognito to work, and it must match the role configured for Cognito. Only specify if `InternalUserDatabaseEnabled` is false in [AdvancedSecurityOptionsInput](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-advancedsecurityoptionsinput.html). *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `MasterUserName` Username for the master user. Only specify if `InternalUserDatabaseEnabled` is true in [AdvancedSecurityOptionsInput](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-advancedsecurityoptionsinput.html). If you don't want to specify this value directly within the template, you can use a [dynamic reference](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/dynamic-references.html) instead. *Required*: No *Type*: String *Pattern*: `.*` *Minimum*: `1` *Maximum*: `64` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `MasterUserPassword` Password for the master user. Only specify if `InternalUserDatabaseEnabled` is true in [AdvancedSecurityOptionsInput](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-advancedsecurityoptionsinput.html). If you don't want to specify this value directly within the template, you can use a [dynamic reference](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/dynamic-references.html) instead. *Required*: No *Type*: String *Pattern*: `.*` *Minimum*: `8` *Maximum*: `128` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::OpenSearchService::Domain NodeConfig Configuration options for defining the setup of any node type within the cluster. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Count](#cfn-opensearchservice-domain-nodeconfig-count)" : Integer, "[Enabled](#cfn-opensearchservice-domain-nodeconfig-enabled)" : Boolean, "[Type](#cfn-opensearchservice-domain-nodeconfig-type)" : String } ``` ### YAML ``` [Count](#cfn-opensearchservice-domain-nodeconfig-count): Integer [Enabled](#cfn-opensearchservice-domain-nodeconfig-enabled): Boolean [Type](#cfn-opensearchservice-domain-nodeconfig-type): String ``` ## Properties `Count` The number of nodes of a specific type within the cluster. *Required*: No *Type*: Integer *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Enabled` A boolean value indicating whether a specific node type is active or inactive. *Required*: No *Type*: Boolean *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Type` The instance type of a particular node within the cluster. *Required*: No *Type*: String *Allowed values*: `m3.medium.search | m3.large.search | m3.xlarge.search | m3.2xlarge.search | m4.large.search | m4.xlarge.search | m4.2xlarge.search | m4.4xlarge.search | m4.10xlarge.search | m5.large.search | m5.xlarge.search | m5.2xlarge.search | m5.4xlarge.search | m5.12xlarge.search | m5.24xlarge.search | r5.large.search | r5.xlarge.search | r5.2xlarge.search | r5.4xlarge.search | r5.12xlarge.search | r5.24xlarge.search | c5.large.search | c5.xlarge.search | c5.2xlarge.search | c5.4xlarge.search | c5.9xlarge.search | c5.18xlarge.search | t3.nano.search | t3.micro.search | t3.small.search | t3.medium.search | t3.large.search | t3.xlarge.search | t3.2xlarge.search | or1.medium.search | or1.large.search | or1.xlarge.search | or1.2xlarge.search | or1.4xlarge.search | or1.8xlarge.search | or1.12xlarge.search | or1.16xlarge.search | ultrawarm1.medium.search | ultrawarm1.large.search | ultrawarm1.xlarge.search | t2.micro.search | t2.small.search | t2.medium.search | r3.large.search | r3.xlarge.search | r3.2xlarge.search | r3.4xlarge.search | r3.8xlarge.search | i2.xlarge.search | i2.2xlarge.search | d2.xlarge.search | d2.2xlarge.search | d2.4xlarge.search | d2.8xlarge.search | c4.large.search | c4.xlarge.search | c4.2xlarge.search | c4.4xlarge.search | c4.8xlarge.search | r4.large.search | r4.xlarge.search | r4.2xlarge.search | r4.4xlarge.search | r4.8xlarge.search | r4.16xlarge.search | i3.large.search | i3.xlarge.search | i3.2xlarge.search | i3.4xlarge.search | i3.8xlarge.search | i3.16xlarge.search | r6g.large.search | r6g.xlarge.search | r6g.2xlarge.search | r6g.4xlarge.search | r6g.8xlarge.search | r6g.12xlarge.search | m6g.large.search | m6g.xlarge.search | m6g.2xlarge.search | m6g.4xlarge.search | m6g.8xlarge.search | m6g.12xlarge.search | c6g.large.search | c6g.xlarge.search | c6g.2xlarge.search | c6g.4xlarge.search | c6g.8xlarge.search | c6g.12xlarge.search | r6gd.large.search | r6gd.xlarge.search | r6gd.2xlarge.search | r6gd.4xlarge.search | r6gd.8xlarge.search | r6gd.12xlarge.search | r6gd.16xlarge.search | t4g.small.search | t4g.medium.search` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::OpenSearchService::Domain NodeOption Configuration settings for defining the node type within a cluster. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[NodeConfig](#cfn-opensearchservice-domain-nodeoption-nodeconfig)" : NodeConfig, "[NodeType](#cfn-opensearchservice-domain-nodeoption-nodetype)" : String } ``` ### YAML ``` [NodeConfig](#cfn-opensearchservice-domain-nodeoption-nodeconfig): NodeConfig [NodeType](#cfn-opensearchservice-domain-nodeoption-nodetype): String ``` ## Properties `NodeConfig` Configuration options for defining the setup of any node type. *Required*: No *Type*: [NodeConfig](aws-properties-opensearchservice-domain-nodeconfig.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `NodeType` Defines the type of node, such as coordinating nodes. *Required*: No *Type*: String *Allowed values*: `coordinator` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::OpenSearchService::Domain NodeToNodeEncryptionOptions Specifies options for node-to-node encryption. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Enabled](#cfn-opensearchservice-domain-nodetonodeencryptionoptions-enabled)" : Boolean } ``` ### YAML ``` [Enabled](#cfn-opensearchservice-domain-nodetonodeencryptionoptions-enabled): Boolean ``` ## Properties `Enabled` Specifies to enable or disable node-to-node encryption on the domain. Required if you enable fine-grained access control in [AdvancedSecurityOptionsInput](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-advancedsecurityoptionsinput.html). *Required*: Conditional *Type*: Boolean *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::OpenSearchService::Domain OffPeakWindow A custom 10-hour, low-traffic window during which OpenSearch Service can perform mandatory configuration changes on the domain. These actions can include scheduled service software updates and blue/green Auto-Tune enhancements. OpenSearch Service will schedule these actions during the window that you specify. If you don't specify a window start time, it defaults to 10:00 P.M. local time. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[WindowStartTime](#cfn-opensearchservice-domain-offpeakwindow-windowstarttime)" : WindowStartTime } ``` ### YAML ``` [WindowStartTime](#cfn-opensearchservice-domain-offpeakwindow-windowstarttime): WindowStartTime ``` ## Properties `WindowStartTime` The desired start time for an off-peak maintenance window. *Required*: No *Type*: [WindowStartTime](aws-properties-opensearchservice-domain-windowstarttime.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::OpenSearchService::Domain OffPeakWindowOptions Off-peak window settings for the domain. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Enabled](#cfn-opensearchservice-domain-offpeakwindowoptions-enabled)" : Boolean, "[OffPeakWindow](#cfn-opensearchservice-domain-offpeakwindowoptions-offpeakwindow)" : OffPeakWindow } ``` ### YAML ``` [Enabled](#cfn-opensearchservice-domain-offpeakwindowoptions-enabled): Boolean [OffPeakWindow](#cfn-opensearchservice-domain-offpeakwindowoptions-offpeakwindow): OffPeakWindow ``` ## Properties `Enabled` Specifies whether off-peak window settings are enabled for the domain. *Required*: No *Type*: Boolean *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `OffPeakWindow` Off-peak window settings for the domain. *Required*: No *Type*: [OffPeakWindow](aws-properties-opensearchservice-domain-offpeakwindow.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::OpenSearchService::Domain S3VectorsEngine Options for enabling S3 vectors engine features on the specified domain. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Enabled](#cfn-opensearchservice-domain-s3vectorsengine-enabled)" : Boolean } ``` ### YAML ``` [Enabled](#cfn-opensearchservice-domain-s3vectorsengine-enabled): Boolean ``` ## Properties `Enabled` Enables S3 vectors engine features. *Required*: Yes *Type*: Boolean *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::OpenSearchService::Domain SAMLOptions Container for information about the SAML configuration for OpenSearch Dashboards. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Enabled](#cfn-opensearchservice-domain-samloptions-enabled)" : Boolean, "[Idp](#cfn-opensearchservice-domain-samloptions-idp)" : Idp, "[MasterBackendRole](#cfn-opensearchservice-domain-samloptions-masterbackendrole)" : String, "[MasterUserName](#cfn-opensearchservice-domain-samloptions-masterusername)" : String, "[RolesKey](#cfn-opensearchservice-domain-samloptions-roleskey)" : String, "[SessionTimeoutMinutes](#cfn-opensearchservice-domain-samloptions-sessiontimeoutminutes)" : Integer, "[SubjectKey](#cfn-opensearchservice-domain-samloptions-subjectkey)" : String } ``` ### YAML ``` [Enabled](#cfn-opensearchservice-domain-samloptions-enabled): Boolean [Idp](#cfn-opensearchservice-domain-samloptions-idp): Idp [MasterBackendRole](#cfn-opensearchservice-domain-samloptions-masterbackendrole): String [MasterUserName](#cfn-opensearchservice-domain-samloptions-masterusername): String [RolesKey](#cfn-opensearchservice-domain-samloptions-roleskey): String [SessionTimeoutMinutes](#cfn-opensearchservice-domain-samloptions-sessiontimeoutminutes): Integer [SubjectKey](#cfn-opensearchservice-domain-samloptions-subjectkey): String ``` ## Properties `Enabled` True to enable SAML authentication for a domain. *Required*: No *Type*: Boolean *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Idp` The SAML Identity Provider's information. *Required*: No *Type*: [Idp](aws-properties-opensearchservice-domain-idp.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `MasterBackendRole` The backend role that the SAML master user is mapped to. *Required*: No *Type*: String *Minimum*: `1` *Maximum*: `256` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `MasterUserName` The SAML master user name, which is stored in the domain's internal user database. *Required*: No *Type*: String *Pattern*: `.*` *Minimum*: `1` *Maximum*: `64` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `RolesKey` Element of the SAML assertion to use for backend roles. Default is `roles`. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `SessionTimeoutMinutes` The duration, in minutes, after which a user session becomes inactive. Acceptable values are between 1 and 1440, and the default value is 60. *Required*: No *Type*: Integer *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `SubjectKey` Element of the SAML assertion to use for the user name. Default is `NameID`. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::OpenSearchService::Domain ServerlessVectorAcceleration Configuration for serverless vector acceleration, which provides [GPU-accelerated](https://docs.aws.amazon.com//opensearch-service/latest/developerguide/gpu-acceleration-vector-index.html) vector search capabilities for improved performance on vector workloads. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Enabled](#cfn-opensearchservice-domain-serverlessvectoracceleration-enabled)" : Boolean } ``` ### YAML ``` [Enabled](#cfn-opensearchservice-domain-serverlessvectoracceleration-enabled): Boolean ``` ## Properties `Enabled` Specifies whether serverless vector acceleration is enabled for the domain. *Required*: No *Type*: Boolean *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::OpenSearchService::Domain ServiceSoftwareOptions The current status of the service software for an Amazon OpenSearch Service domain. For more information, see [Service software updates in Amazon OpenSearch Service](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/service-software.html). ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[AutomatedUpdateDate](#cfn-opensearchservice-domain-servicesoftwareoptions-automatedupdatedate)" : String, "[Cancellable](#cfn-opensearchservice-domain-servicesoftwareoptions-cancellable)" : Boolean, "[CurrentVersion](#cfn-opensearchservice-domain-servicesoftwareoptions-currentversion)" : String, "[Description](#cfn-opensearchservice-domain-servicesoftwareoptions-description)" : String, "[NewVersion](#cfn-opensearchservice-domain-servicesoftwareoptions-newversion)" : String, "[OptionalDeployment](#cfn-opensearchservice-domain-servicesoftwareoptions-optionaldeployment)" : Boolean, "[UpdateAvailable](#cfn-opensearchservice-domain-servicesoftwareoptions-updateavailable)" : Boolean, "[UpdateStatus](#cfn-opensearchservice-domain-servicesoftwareoptions-updatestatus)" : String } ``` ### YAML ``` [AutomatedUpdateDate](#cfn-opensearchservice-domain-servicesoftwareoptions-automatedupdatedate): String [Cancellable](#cfn-opensearchservice-domain-servicesoftwareoptions-cancellable): Boolean [CurrentVersion](#cfn-opensearchservice-domain-servicesoftwareoptions-currentversion): String [Description](#cfn-opensearchservice-domain-servicesoftwareoptions-description): String [NewVersion](#cfn-opensearchservice-domain-servicesoftwareoptions-newversion): String [OptionalDeployment](#cfn-opensearchservice-domain-servicesoftwareoptions-optionaldeployment): Boolean [UpdateAvailable](#cfn-opensearchservice-domain-servicesoftwareoptions-updateavailable): Boolean [UpdateStatus](#cfn-opensearchservice-domain-servicesoftwareoptions-updatestatus): String ``` ## Properties `AutomatedUpdateDate` The timestamp, in Epoch time, until which you can manually request a service software update. After this date, we automatically update your service software. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Cancellable` True if you're able to cancel your service software version update. False if you can't cancel your service software update. *Required*: No *Type*: Boolean *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `CurrentVersion` The current service software version present on the domain. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Description` A description of the service software update status. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `NewVersion` The new service software version, if one is available. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `OptionalDeployment` True if a service software is never automatically updated. False if a service software is automatically updated after the automated update date. *Required*: No *Type*: Boolean *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `UpdateAvailable` True if you're able to update your service software version. False if you can't update your service software version. *Required*: No *Type*: Boolean *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `UpdateStatus` The status of your service software update. *Required*: No *Type*: String *Allowed values*: `PENDING_UPDATE | IN_PROGRESS | COMPLETED | NOT_ELIGIBLE | ELIGIBLE` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::OpenSearchService::Domain SnapshotOptions **DEPRECATED**. This setting is only relevant to domains running legacy Elasticsearch OSS versions earlier than 5.3. It does not apply to OpenSearch domains. The automated snapshot configuration for the OpenSearch Service domain indexes. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[AutomatedSnapshotStartHour](#cfn-opensearchservice-domain-snapshotoptions-automatedsnapshotstarthour)" : Integer } ``` ### YAML ``` [AutomatedSnapshotStartHour](#cfn-opensearchservice-domain-snapshotoptions-automatedsnapshotstarthour): Integer ``` ## Properties `AutomatedSnapshotStartHour` The hour in UTC during which the service takes an automated daily snapshot of the indexes in the OpenSearch Service domain. For example, if you specify 0, OpenSearch Service takes an automated snapshot everyday between midnight and 1 am. You can specify a value between 0 and 23. *Required*: No *Type*: Integer *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::OpenSearchService::Domain SoftwareUpdateOptions Options for configuring service software updates for a domain. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[AutoSoftwareUpdateEnabled](#cfn-opensearchservice-domain-softwareupdateoptions-autosoftwareupdateenabled)" : Boolean } ``` ### YAML ``` [AutoSoftwareUpdateEnabled](#cfn-opensearchservice-domain-softwareupdateoptions-autosoftwareupdateenabled): Boolean ``` ## Properties `AutoSoftwareUpdateEnabled` Specifies whether automatic service software updates are enabled for the domain. *Required*: No *Type*: Boolean *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::OpenSearchService::Domain Tag A tag (key-value pair) for an Amazon OpenSearch Service resource. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Key](#cfn-opensearchservice-domain-tag-key)" : String, "[Value](#cfn-opensearchservice-domain-tag-value)" : String } ``` ### YAML ``` [Key](#cfn-opensearchservice-domain-tag-key): String [Value](#cfn-opensearchservice-domain-tag-value): String ``` ## Properties `Key` The tag key. Tag keys must be unique for the domain to which they are attached. *Required*: Yes *Type*: String *Minimum*: `0` *Maximum*: `128` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Value` The value assigned to the corresponding tag key. Tag values can be null and don't have to be unique in a tag set. For example, you can have a key value pair in a tag set of `project : Trinity` and `cost-center : Trinity` *Required*: Yes *Type*: String *Minimum*: `0` *Maximum*: `256` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::OpenSearchService::Domain VPCOptions The virtual private cloud (VPC) configuration for the OpenSearch Service domain. For more information, see [Launching your Amazon OpenSearch Service domains using a VPC](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/vpc.html) in the *Amazon OpenSearch Service Developer Guide*. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[SecurityGroupIds](#cfn-opensearchservice-domain-vpcoptions-securitygroupids)" : [ String, ... ], "[SubnetIds](#cfn-opensearchservice-domain-vpcoptions-subnetids)" : [ String, ... ] } ``` ### YAML ``` [SecurityGroupIds](#cfn-opensearchservice-domain-vpcoptions-securitygroupids): - String [SubnetIds](#cfn-opensearchservice-domain-vpcoptions-subnetids): - String ``` ## Properties `SecurityGroupIds` The list of security group IDs that are associated with the VPC endpoints for the domain. If you don't provide a security group ID, OpenSearch Service uses the default security group for the VPC. To learn more, see [Security groups for your VPC ](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html) in the *Amazon VPC User Guide*. *Required*: No *Type*: Array of String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `SubnetIds` Provide one subnet ID for each Availability Zone that your domain uses. For example, you must specify three subnet IDs for a three-AZ domain. To learn more, see [VPCs and subnets](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html) in the *Amazon VPC User Guide*. If you specify more than one subnet, you must also configure `ZoneAwarenessEnabled` and `ZoneAwarenessConfig` within [ClusterConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-clusterconfig.html), otherwise you'll see the error "You must specify exactly one subnet" during template creation. *Required*: No *Type*: Array of String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) ## See also + [Launching your Amazon OpenSearch Service domains within a VPC](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/vpc.html) in the *Amazon OpenSearch Service Developer Guide*. # AWS::OpenSearchService::Domain WindowStartTime A custom start time for the off-peak window, in Coordinated Universal Time (UTC). The window length will always be 10 hours, so you can't specify an end time. For example, if you specify 11:00 P.M. UTC as a start time, the end time will automatically be set to 9:00 A.M. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Hours](#cfn-opensearchservice-domain-windowstarttime-hours)" : Integer, "[Minutes](#cfn-opensearchservice-domain-windowstarttime-minutes)" : Integer } ``` ### YAML ``` [Hours](#cfn-opensearchservice-domain-windowstarttime-hours): Integer [Minutes](#cfn-opensearchservice-domain-windowstarttime-minutes): Integer ``` ## Properties `Hours` The start hour of the window in Coordinated Universal Time (UTC), using 24-hour time. For example, 17 refers to 5:00 P.M. UTC. The minimum value is 0 and the maximum value is 23. *Required*: Yes *Type*: Integer *Minimum*: `0` *Maximum*: `23` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Minutes` The start minute of the window, in UTC. The minimum value is 0 and the maximum value is 59. *Required*: Yes *Type*: Integer *Minimum*: `0` *Maximum*: `59` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::OpenSearchService::Domain ZoneAwarenessConfig Specifies zone awareness configuration options. Only use if `ZoneAwarenessEnabled` is `true`. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[AvailabilityZoneCount](#cfn-opensearchservice-domain-zoneawarenessconfig-availabilityzonecount)" : Integer } ``` ### YAML ``` [AvailabilityZoneCount](#cfn-opensearchservice-domain-zoneawarenessconfig-availabilityzonecount): Integer ``` ## Properties `AvailabilityZoneCount` If you enabled multiple Availability Zones (AZs), the number of AZs that you want the domain to use. Valid values are `2` and `3`. Default is 2. *Required*: No *Type*: Integer *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)