This is the new CloudFormation Template Reference Guide. Please update your bookmarks and links. For help getting started with CloudFormation, see the AWS CloudFormation User Guide.
AWS::OpenSearchServerless::Collection
Specifies an OpenSearch Serverless collection. For more information, see Creating and managing Amazon OpenSearch Serverless collections in the Amazon OpenSearch Service Developer Guide.
Important
To create a collection successfully, you must associate a KMS key for encryption. You have two options: 1. Specify the KMS key directly in the CreateCollection request – Use the encryption-config parameter when creating the collection. 2. Define the KMS key in an encryption security policy – Create a matching encryption policy before or alongside your collection. Note: If you specify a KMS key in both locations, the key provided in the CreateCollection request takes precedence over the security policy configuration. When using CloudFormation templates, you can include the encryption policy resource in the same template as the collection resource by using the DependsOn attribute to ensure proper resource creation order. Alternatively, ensure the encryption policy or KMS key configuration exists before creating the collection.
Syntax
To declare this entity in your CloudFormation template, use the following syntax:
JSON
{ "Type" : "AWS::OpenSearchServerless::Collection", "Properties" : { "CollectionGroupName" :String, "Description" :String, "EncryptionConfig" :EncryptionConfig, "Name" :String, "StandbyReplicas" :String, "Tags" :[ Tag, ... ], "Type" :String} }
YAML
Type: AWS::OpenSearchServerless::Collection Properties: CollectionGroupName:StringDescription:StringEncryptionConfig:EncryptionConfigName:StringStandbyReplicas:StringTags:- TagType:String
Properties
CollectionGroupName-
The name of the collection group to associate with the collection.
Required: No
Type: String
Pattern:
[a-z][a-z0-9-]+Minimum:
3Maximum:
32Update requires: Replacement
Description-
A description of the collection.
Required: No
Type: String
Maximum:
1000Update requires: No interruption
EncryptionConfig-
Encryption settings for the collection.
Required: No
Type: EncryptionConfig
Update requires: Replacement
Name-
The name of the collection.
Collection names must meet the following criteria:
-
Starts with a lowercase letter
-
Unique to your account and AWS Region
-
Contains between 3 and 28 characters
-
Contains only lowercase letters a-z, the numbers 0-9, and the hyphen (-)
Required: Yes
Type: String
Pattern:
^[a-z][a-z0-9-]{2,31}$Minimum:
3Maximum:
32Update requires: Replacement
-
StandbyReplicas-
Indicates whether to use standby replicas for the collection. You can't update this property after the collection is already created. If you attempt to modify this property, the collection continues to use the original value.
Required: No
Type: String
Allowed values:
ENABLED | DISABLEDUpdate requires: Replacement
-
An arbitrary set of tags (key–value pairs) to associate with the collection.
For more information, see Tag.
Required: No
Type: Array of Tag
Minimum:
0Maximum:
50Update requires: Replacement
Type-
The type of collection. Possible values are
SEARCH,TIMESERIES, andVECTORSEARCH. For more information, see Choosing a collection type.Required: No
Type: String
Allowed values:
SEARCH | TIMESERIES | VECTORSEARCHUpdate requires: Replacement
Return values
Ref
When you pass the logical ID of this resource to the intrinsic Ref
function, Ref returns the collection ID. For more information about using the
Ref function, see Ref.
Fn::GetAtt
GetAtt returns a value for a specified attribute of this type. For more
information, see Fn::GetAtt. The following are the available attributes and sample return
values.
Arn-
The Amazon Resource Name (ARN) of the collection. For example,
arn:aws:aoss:us-east-1:123456789012:collection/07tjusf2h91cunochc. CollectionEndpoint-
Collection-specific endpoint used to submit index, search, and data upload requests to an OpenSearch Serverless collection. For example,
https://07tjusf2h91cunochc.us-east-1.aoss.amazonaws.com. DashboardEndpoint-
The collection-specific endpoint used to access OpenSearch Dashboards. For example,
https://07tjusf2h91cunochc.us-east-1.aoss.amazonaws.com/_dashboards. Id-
A unique identifier for the collection. For example,
07tjusf2h91cunochc. KmsKeyArn-
The ARN of the AWS KMS key used to encrypt the collection.
Examples
Create a collection
The following example specifies an OpenSearch Serverless collection named
test-collection. The collection type is SEARCH. The
template also creates a matching encryption policy, which is required in order for
the collection to be created successfully.
For a complete sample policy that creates network, encryption, and access policies, as well as a matching collection, see Using AWS CloudFormation to create Amazon OpenSearch Serverless collections in the Amazon OpenSearch Service Developer Guide.
Note
This example uses public network access, which isn't recommended for production workloads. We recommend using VPC access to protect your collections. For more information, see AWS::OpenSearchServerless::VpcEndpoint and Access Amazon OpenSearch Serverless using an interface endpoint.
JSON
{ "Description":"OpenSearch Serverless collection template", "Resources":{ "TestCollection":{ "Type":"AWS::OpenSearchServerless::Collection", "Properties":{ "Name":"test-collection", "Type":"SEARCH", "Description":"Search collection" }, "DependsOn":"EncryptionPolicy" }, "EncryptionPolicy":{ "Type":"AWS::OpenSearchServerless::SecurityPolicy", "Properties":{ "Name":"test-encryption-policy", "Type":"encryption", "Description":"Encryption policy for test collection", "Policy":"{\"Rules\":[{\"ResourceType\":\"collection\",\"Resource\":[\"collection/test-collection\"]}],\"AWSOwnedKey\":true}" } } }
YAML
Description: OpenSearch Serverless collection template Resources: TestCollection: Type: 'AWS::OpenSearchServerless::Collection' Properties: Name: test-collection Type: SEARCH Description: Search collection DependsOn: EncryptionPolicy EncryptionPolicy: Type: 'AWS::OpenSearchServerless::SecurityPolicy' Properties: Name: test-encryption-policy Type: encryption Description: Encryption policy for test collection Policy: >- {"Rules":[{"ResourceType":"collection","Resource":["collection/test-collection"]}],"AWSOwnedKey":true}
