This is the new *CloudFormation Template Reference Guide*. Please update your bookmarks and links. For help getting started with CloudFormation, see the [AWS CloudFormation User Guide](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/Welcome.html).

# AWS::OpenSearchServerless::SecurityConfig
<a name="aws-resource-opensearchserverless-securityconfig"></a>

Specifies a security configuration for OpenSearch Serverless. For more information, see [SAML authentication for Amazon OpenSearch Serverless](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/serverless-saml.html).

## Syntax
<a name="aws-resource-opensearchserverless-securityconfig-syntax"></a>

To declare this entity in your CloudFormation template, use the following syntax:

### JSON
<a name="aws-resource-opensearchserverless-securityconfig-syntax.json"></a>

```
{
  "Type" : "AWS::OpenSearchServerless::SecurityConfig",
  "Properties" : {
      "[Description](#cfn-opensearchserverless-securityconfig-description)" : String,
      "[IamFederationOptions](#cfn-opensearchserverless-securityconfig-iamfederationoptions)" : IamFederationConfigOptions,
      "[IamIdentityCenterOptions](#cfn-opensearchserverless-securityconfig-iamidentitycenteroptions)" : IamIdentityCenterConfigOptions,
      "[Name](#cfn-opensearchserverless-securityconfig-name)" : String,
      "[SamlOptions](#cfn-opensearchserverless-securityconfig-samloptions)" : SamlConfigOptions,
      "[Type](#cfn-opensearchserverless-securityconfig-type)" : String
    }
}
```

### YAML
<a name="aws-resource-opensearchserverless-securityconfig-syntax.yaml"></a>

```
Type: AWS::OpenSearchServerless::SecurityConfig
Properties:
  [Description](#cfn-opensearchserverless-securityconfig-description): String
  [IamFederationOptions](#cfn-opensearchserverless-securityconfig-iamfederationoptions): 
    IamFederationConfigOptions
  [IamIdentityCenterOptions](#cfn-opensearchserverless-securityconfig-iamidentitycenteroptions): 
    IamIdentityCenterConfigOptions
  [Name](#cfn-opensearchserverless-securityconfig-name): String
  [SamlOptions](#cfn-opensearchserverless-securityconfig-samloptions): 
    SamlConfigOptions
  [Type](#cfn-opensearchserverless-securityconfig-type): String
```

## Properties
<a name="aws-resource-opensearchserverless-securityconfig-properties"></a>

`Description`  <a name="cfn-opensearchserverless-securityconfig-description"></a>
The description of the security configuration.  
*Required*: No  
*Type*: String  
*Minimum*: `1`  
*Maximum*: `1000`  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

`IamFederationOptions`  <a name="cfn-opensearchserverless-securityconfig-iamfederationoptions"></a>
Describes IAM federation options in the form of a key-value map. Contains configuration details about how OpenSearch Serverless integrates with external identity providers through federation.  
*Required*: No  
*Type*: [IamFederationConfigOptions](aws-properties-opensearchserverless-securityconfig-iamfederationconfigoptions.md)  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

`IamIdentityCenterOptions`  <a name="cfn-opensearchserverless-securityconfig-iamidentitycenteroptions"></a>
Describes IAM Identity Center options in the form of a key-value map.  
*Required*: No  
*Type*: [IamIdentityCenterConfigOptions](aws-properties-opensearchserverless-securityconfig-iamidentitycenterconfigoptions.md)  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

`Name`  <a name="cfn-opensearchserverless-securityconfig-name"></a>
The name of the security configuration.  
*Required*: No  
*Type*: String  
*Pattern*: `^[a-z][a-z0-9-]{2,31}$`  
*Minimum*: `3`  
*Maximum*: `32`  
*Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement)

`SamlOptions`  <a name="cfn-opensearchserverless-securityconfig-samloptions"></a>
SAML options for the security configuration in the form of a key-value map.  
*Required*: No  
*Type*: [SamlConfigOptions](aws-properties-opensearchserverless-securityconfig-samlconfigoptions.md)  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

`Type`  <a name="cfn-opensearchserverless-securityconfig-type"></a>
The type of security configuration. Currently the only option is `saml`.  
*Required*: No  
*Type*: String  
*Allowed values*: `saml | iamidentitycenter | iamfederation`  
*Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement)

## Return values
<a name="aws-resource-opensearchserverless-securityconfig-return-values"></a>

### Ref
<a name="aws-resource-opensearchserverless-securityconfig-return-values-ref"></a>

When you pass the logical ID of this resource to the intrinsic `Ref` function, `Ref` returns the name of the ID of the security configuration. For more information about using the `Ref` function, see [Ref](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.html).

### Fn::GetAtt
<a name="aws-resource-opensearchserverless-securityconfig-return-values-fn--getatt"></a>

`GetAtt` returns a value for a specified attribute of this type. For more information, see [Fn::GetAtt](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-getatt.html). The following are the available attributes and sample return values.

#### 
<a name="aws-resource-opensearchserverless-securityconfig-return-values-fn--getatt-fn--getatt"></a>

`IamIdentityCenterOptions.ApplicationArn`  <a name="IamIdentityCenterOptions.ApplicationArn-fn::getatt"></a>
Property description not available.

`IamIdentityCenterOptions.ApplicationDescription`  <a name="IamIdentityCenterOptions.ApplicationDescription-fn::getatt"></a>
Property description not available.

`IamIdentityCenterOptions.ApplicationName`  <a name="IamIdentityCenterOptions.ApplicationName-fn::getatt"></a>
Property description not available.

`Id`  <a name="Id-fn::getatt"></a>
The unique identifier of the security configuration. For example, `saml/123456789012/myprovider`.

## Examples
<a name="aws-resource-opensearchserverless-securityconfig--examples"></a>

### Create a security configuration that specifies a YAML provider
<a name="aws-resource-opensearchserverless-securityconfig--examples--Create_a_security_configuration_that_specifies_a_YAML_provider"></a>

The following example specifies an OpenSearch Serverless SAML provider named `my-provider` with a custom group attribute `ALLGroups`.

#### JSON
<a name="aws-resource-opensearchserverless-securityconfig--examples--Create_a_security_configuration_that_specifies_a_YAML_provider--json"></a>

```
{
   "AWSTemplateFormatVersion":"2010-09-09",
   "Description":"OpenSearch Serverless security policy template",
   "Resources":{
      "TestSecurityConfig":{
         "Type":"AWS::OpenSearchServerless::SecurityConfig",
         "Properties":{
            "Name":"my-provider",
            "Type":"saml",
            "Description":"Serverless SAML configuration",
            "SamlOptions":{
               "Metadata":"<?xml version=\"1.0\"
                encoding=\"UTF-8\"?><md:EntityDescriptor
                entityID=\"http://www.okta.com/foobar\"
                xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\"><md:IDPSSODescriptor
                WantAuthnRequestsSigned=\"false\"
                protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\"><md:KeyDescriptor
                use=\"signing\"><ds:KeyInfo
                xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"><ds:X509Data><ds:X509Certificate>Mfoobar</ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat><md:SingleSignOnService
                Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\"
                Location=\"https://trial-1234567.okta.com/app/trial-1234567_saml2_1/foobar/sso/saml\"/><md:SingleSignOnService
                Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\"
                Location=\"https://trial-1234567.okta.com/app/trial-1234567_saml2_1/foobar/sso/saml\"/></md:IDPSSODescriptor></md:EntityDescriptor>",
               "UserAttribute":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier",
               "GroupAttribute":"ALLGroups",
               "SessionTimeout":120
            }
         }
      }
   }
}
```

#### YAML
<a name="aws-resource-opensearchserverless-securityconfig--examples--Create_a_security_configuration_that_specifies_a_YAML_provider--yaml"></a>

```
Description: OpenSearch Serverless security policy template
Resources:
  TestSecurityConfig:
      Type: 'AWS::OpenSearchService::Domain'
      Properties:
        Name: my-provider
        Type: saml
        Description: Serverless SAML configuration
        SamlOptions:
          Metadata: >- 
             <?xml
             version="1.0" encoding="UTF-8"?><md:EntityDescriptor
             entityID="http://www.okta.com/foobar"
             xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"><md:IDPSSODescriptor
             WantAuthnRequestsSigned="false"
             protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"><md:KeyDescriptor
             use="signing"><ds:KeyInfo
             xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:X509Data><ds:X509Certificate>Mfoobar</ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat><md:SingleSignOnService
             Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
             Location="https://trial-1234567.okta.com/app/trial-1234567_saml2_1/foobar/sso/saml"/><md:SingleSignOnService
             Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
             Location="https://trial-1234567.okta.com/app/trial-1234567_saml2_1/foobar/sso/saml"/></md:IDPSSODescriptor></md:EntityDescriptor>
             UserAttribute: 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier'
             GroupAttribute: ALLGroups SessionTimeout: 120
```

# AWS::OpenSearchServerless::SecurityConfig IamFederationConfigOptions
<a name="aws-properties-opensearchserverless-securityconfig-iamfederationconfigoptions"></a>

Describes IAM federation options for an OpenSearch Serverless security configuration in the form of a key-value map. These options define how OpenSearch Serverless integrates with external identity providers using federation.

## Syntax
<a name="aws-properties-opensearchserverless-securityconfig-iamfederationconfigoptions-syntax"></a>

To declare this entity in your CloudFormation template, use the following syntax:

### JSON
<a name="aws-properties-opensearchserverless-securityconfig-iamfederationconfigoptions-syntax.json"></a>

```
{
  "[GroupAttribute](#cfn-opensearchserverless-securityconfig-iamfederationconfigoptions-groupattribute)" : String,
  "[UserAttribute](#cfn-opensearchserverless-securityconfig-iamfederationconfigoptions-userattribute)" : String
}
```

### YAML
<a name="aws-properties-opensearchserverless-securityconfig-iamfederationconfigoptions-syntax.yaml"></a>

```
  [GroupAttribute](#cfn-opensearchserverless-securityconfig-iamfederationconfigoptions-groupattribute): String
  [UserAttribute](#cfn-opensearchserverless-securityconfig-iamfederationconfigoptions-userattribute): String
```

## Properties
<a name="aws-properties-opensearchserverless-securityconfig-iamfederationconfigoptions-properties"></a>

`GroupAttribute`  <a name="cfn-opensearchserverless-securityconfig-iamfederationconfigoptions-groupattribute"></a>
The group attribute for this IAM federation integration. This attribute is used to map identity provider groups to OpenSearch Serverless permissions.  
*Required*: No  
*Type*: String  
*Pattern*: `[A-Za-z][A-Za-z0-9_.:/=+\-@]*`  
*Minimum*: `1`  
*Maximum*: `64`  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

`UserAttribute`  <a name="cfn-opensearchserverless-securityconfig-iamfederationconfigoptions-userattribute"></a>
The user attribute for this IAM federation integration. This attribute is used to identify users in the federated authentication process.  
*Required*: No  
*Type*: String  
*Pattern*: `[A-Za-z][A-Za-z0-9_.:/=+\-@]*`  
*Minimum*: `1`  
*Maximum*: `64`  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

# AWS::OpenSearchServerless::SecurityConfig IamIdentityCenterConfigOptions
<a name="aws-properties-opensearchserverless-securityconfig-iamidentitycenterconfigoptions"></a>

Describes IAM Identity Center options for an OpenSearch Serverless security configuration in the form of a key-value map.

## Syntax
<a name="aws-properties-opensearchserverless-securityconfig-iamidentitycenterconfigoptions-syntax"></a>

To declare this entity in your CloudFormation template, use the following syntax:

### JSON
<a name="aws-properties-opensearchserverless-securityconfig-iamidentitycenterconfigoptions-syntax.json"></a>

```
{
  "[ApplicationArn](#cfn-opensearchserverless-securityconfig-iamidentitycenterconfigoptions-applicationarn)" : String,
  "[ApplicationDescription](#cfn-opensearchserverless-securityconfig-iamidentitycenterconfigoptions-applicationdescription)" : String,
  "[ApplicationName](#cfn-opensearchserverless-securityconfig-iamidentitycenterconfigoptions-applicationname)" : String,
  "[GroupAttribute](#cfn-opensearchserverless-securityconfig-iamidentitycenterconfigoptions-groupattribute)" : String,
  "[InstanceArn](#cfn-opensearchserverless-securityconfig-iamidentitycenterconfigoptions-instancearn)" : String,
  "[UserAttribute](#cfn-opensearchserverless-securityconfig-iamidentitycenterconfigoptions-userattribute)" : String
}
```

### YAML
<a name="aws-properties-opensearchserverless-securityconfig-iamidentitycenterconfigoptions-syntax.yaml"></a>

```
  [ApplicationArn](#cfn-opensearchserverless-securityconfig-iamidentitycenterconfigoptions-applicationarn): String
  [ApplicationDescription](#cfn-opensearchserverless-securityconfig-iamidentitycenterconfigoptions-applicationdescription): String
  [ApplicationName](#cfn-opensearchserverless-securityconfig-iamidentitycenterconfigoptions-applicationname): String
  [GroupAttribute](#cfn-opensearchserverless-securityconfig-iamidentitycenterconfigoptions-groupattribute): String
  [InstanceArn](#cfn-opensearchserverless-securityconfig-iamidentitycenterconfigoptions-instancearn): String
  [UserAttribute](#cfn-opensearchserverless-securityconfig-iamidentitycenterconfigoptions-userattribute): String
```

## Properties
<a name="aws-properties-opensearchserverless-securityconfig-iamidentitycenterconfigoptions-properties"></a>

`ApplicationArn`  <a name="cfn-opensearchserverless-securityconfig-iamidentitycenterconfigoptions-applicationarn"></a>
The ARN of the IAM Identity Center application used to integrate with OpenSearch Serverless.  
*Required*: No  
*Type*: String  
*Pattern*: `arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b):sso::\d{12}:application/(sso)?ins-[a-zA-Z0-9-.]{16}/apl-[a-zA-Z0-9]{16}`  
*Minimum*: `10`  
*Maximum*: `1224`  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

`ApplicationDescription`  <a name="cfn-opensearchserverless-securityconfig-iamidentitycenterconfigoptions-applicationdescription"></a>
The description of the IAM Identity Center application used to integrate with OpenSearch Serverless.  
*Required*: No  
*Type*: String  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

`ApplicationName`  <a name="cfn-opensearchserverless-securityconfig-iamidentitycenterconfigoptions-applicationname"></a>
The name of the IAM Identity Center application used to integrate with OpenSearch Serverless.  
*Required*: No  
*Type*: String  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

`GroupAttribute`  <a name="cfn-opensearchserverless-securityconfig-iamidentitycenterconfigoptions-groupattribute"></a>
The group attribute for this IAM Identity Center integration. Defaults to `GroupId`.  
*Required*: No  
*Type*: String  
*Allowed values*: `GroupId | GroupName`  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

`InstanceArn`  <a name="cfn-opensearchserverless-securityconfig-iamidentitycenterconfigoptions-instancearn"></a>
The ARN of the IAM Identity Center instance used to integrate with OpenSearch Serverless.  
*Required*: Yes  
*Type*: String  
*Pattern*: `arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b):sso:::instance/(sso)?ins-[a-zA-Z0-9-.]{16}`  
*Minimum*: `10`  
*Maximum*: `1224`  
*Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement)

`UserAttribute`  <a name="cfn-opensearchserverless-securityconfig-iamidentitycenterconfigoptions-userattribute"></a>
The user attribute for this IAM Identity Center integration. Defaults to `UserId`  
*Required*: No  
*Type*: String  
*Allowed values*: `UserId | UserName | Email`  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

# AWS::OpenSearchServerless::SecurityConfig SamlConfigOptions
<a name="aws-properties-opensearchserverless-securityconfig-samlconfigoptions"></a>

Describes SAML options for an OpenSearch Serverless security configuration in the form of a key-value map.

## Syntax
<a name="aws-properties-opensearchserverless-securityconfig-samlconfigoptions-syntax"></a>

To declare this entity in your CloudFormation template, use the following syntax:

### JSON
<a name="aws-properties-opensearchserverless-securityconfig-samlconfigoptions-syntax.json"></a>

```
{
  "[GroupAttribute](#cfn-opensearchserverless-securityconfig-samlconfigoptions-groupattribute)" : String,
  "[Metadata](#cfn-opensearchserverless-securityconfig-samlconfigoptions-metadata)" : String,
  "[OpenSearchServerlessEntityId](#cfn-opensearchserverless-securityconfig-samlconfigoptions-opensearchserverlessentityid)" : String,
  "[SessionTimeout](#cfn-opensearchserverless-securityconfig-samlconfigoptions-sessiontimeout)" : Integer,
  "[UserAttribute](#cfn-opensearchserverless-securityconfig-samlconfigoptions-userattribute)" : String
}
```

### YAML
<a name="aws-properties-opensearchserverless-securityconfig-samlconfigoptions-syntax.yaml"></a>

```
  [GroupAttribute](#cfn-opensearchserverless-securityconfig-samlconfigoptions-groupattribute): String
  [Metadata](#cfn-opensearchserverless-securityconfig-samlconfigoptions-metadata): String
  [OpenSearchServerlessEntityId](#cfn-opensearchserverless-securityconfig-samlconfigoptions-opensearchserverlessentityid): String
  [SessionTimeout](#cfn-opensearchserverless-securityconfig-samlconfigoptions-sessiontimeout): Integer
  [UserAttribute](#cfn-opensearchserverless-securityconfig-samlconfigoptions-userattribute): String
```

## Properties
<a name="aws-properties-opensearchserverless-securityconfig-samlconfigoptions-properties"></a>

`GroupAttribute`  <a name="cfn-opensearchserverless-securityconfig-samlconfigoptions-groupattribute"></a>
The group attribute for this SAML integration.  
*Required*: No  
*Type*: String  
*Pattern*: `[\w+=,.@-]+`  
*Minimum*: `1`  
*Maximum*: `2048`  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

`Metadata`  <a name="cfn-opensearchserverless-securityconfig-samlconfigoptions-metadata"></a>
The XML IdP metadata file generated from your identity provider.  
*Required*: Yes  
*Type*: String  
*Pattern*: `[\u0009\u000A\u000D\u0020-\u007E\u00A1-\u00FF]+`  
*Minimum*: `1`  
*Maximum*: `51200`  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

`OpenSearchServerlessEntityId`  <a name="cfn-opensearchserverless-securityconfig-samlconfigoptions-opensearchserverlessentityid"></a>
Custom entity ID attribute to override the default entity ID for this SAML integration.  
*Required*: No  
*Type*: String  
*Pattern*: `^aws:opensearch:[0-9]{12}:*`  
*Minimum*: `1`  
*Maximum*: `1024`  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

`SessionTimeout`  <a name="cfn-opensearchserverless-securityconfig-samlconfigoptions-sessiontimeout"></a>
The session timeout, in minutes. Default is 60 minutes (12 hours).  
*Required*: No  
*Type*: Integer  
*Minimum*: `5`  
*Maximum*: `720`  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

`UserAttribute`  <a name="cfn-opensearchserverless-securityconfig-samlconfigoptions-userattribute"></a>
A user attribute for this SAML integration.  
*Required*: No  
*Type*: String  
*Pattern*: `[\w+=,.@-]+`  
*Minimum*: `1`  
*Maximum*: `2048`  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)