This is the new *CloudFormation Template Reference Guide*. Please update your bookmarks and links. For help getting started with CloudFormation, see the [AWS CloudFormation User Guide](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/Welcome.html). # AWS::OpenSearchServerless::SecurityConfig Specifies a security configuration for OpenSearch Serverless. For more information, see [SAML authentication for Amazon OpenSearch Serverless](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/serverless-saml.html). ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "Type" : "AWS::OpenSearchServerless::SecurityConfig", "Properties" : { "[Description](#cfn-opensearchserverless-securityconfig-description)" : String, "[IamFederationOptions](#cfn-opensearchserverless-securityconfig-iamfederationoptions)" : IamFederationConfigOptions, "[IamIdentityCenterOptions](#cfn-opensearchserverless-securityconfig-iamidentitycenteroptions)" : IamIdentityCenterConfigOptions, "[Name](#cfn-opensearchserverless-securityconfig-name)" : String, "[SamlOptions](#cfn-opensearchserverless-securityconfig-samloptions)" : SamlConfigOptions, "[Type](#cfn-opensearchserverless-securityconfig-type)" : String } } ``` ### YAML ``` Type: AWS::OpenSearchServerless::SecurityConfig Properties: [Description](#cfn-opensearchserverless-securityconfig-description): String [IamFederationOptions](#cfn-opensearchserverless-securityconfig-iamfederationoptions): IamFederationConfigOptions [IamIdentityCenterOptions](#cfn-opensearchserverless-securityconfig-iamidentitycenteroptions): IamIdentityCenterConfigOptions [Name](#cfn-opensearchserverless-securityconfig-name): String [SamlOptions](#cfn-opensearchserverless-securityconfig-samloptions): SamlConfigOptions [Type](#cfn-opensearchserverless-securityconfig-type): String ``` ## Properties `Description` The description of the security configuration. *Required*: No *Type*: String *Minimum*: `1` *Maximum*: `1000` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `IamFederationOptions` Describes IAM federation options in the form of a key-value map. Contains configuration details about how OpenSearch Serverless integrates with external identity providers through federation. *Required*: No *Type*: [IamFederationConfigOptions](aws-properties-opensearchserverless-securityconfig-iamfederationconfigoptions.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `IamIdentityCenterOptions` Describes IAM Identity Center options in the form of a key-value map. *Required*: No *Type*: [IamIdentityCenterConfigOptions](aws-properties-opensearchserverless-securityconfig-iamidentitycenterconfigoptions.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Name` The name of the security configuration. *Required*: No *Type*: String *Pattern*: `^[a-z][a-z0-9-]{2,31}$` *Minimum*: `3` *Maximum*: `32` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `SamlOptions` SAML options for the security configuration in the form of a key-value map. *Required*: No *Type*: [SamlConfigOptions](aws-properties-opensearchserverless-securityconfig-samlconfigoptions.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Type` The type of security configuration. Currently the only option is `saml`. *Required*: No *Type*: String *Allowed values*: `saml | iamidentitycenter | iamfederation` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) ## Return values ### Ref When you pass the logical ID of this resource to the intrinsic `Ref` function, `Ref` returns the name of the ID of the security configuration. For more information about using the `Ref` function, see [Ref](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.html). ### Fn::GetAtt `GetAtt` returns a value for a specified attribute of this type. For more information, see [Fn::GetAtt](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-getatt.html). The following are the available attributes and sample return values. #### `IamIdentityCenterOptions.ApplicationArn` Property description not available. `IamIdentityCenterOptions.ApplicationDescription` Property description not available. `IamIdentityCenterOptions.ApplicationName` Property description not available. `Id` The unique identifier of the security configuration. For example, `saml/123456789012/myprovider`. ## Examples ### Create a security configuration that specifies a YAML provider The following example specifies an OpenSearch Serverless SAML provider named `my-provider` with a custom group attribute `ALLGroups`. #### JSON ``` { "AWSTemplateFormatVersion":"2010-09-09", "Description":"OpenSearch Serverless security policy template", "Resources":{ "TestSecurityConfig":{ "Type":"AWS::OpenSearchServerless::SecurityConfig", "Properties":{ "Name":"my-provider", "Type":"saml", "Description":"Serverless SAML configuration", "SamlOptions":{ "Metadata":"Mfoobarurn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", "UserAttribute":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", "GroupAttribute":"ALLGroups", "SessionTimeout":120 } } } } } ``` #### YAML ``` Description: OpenSearch Serverless security policy template Resources: TestSecurityConfig: Type: 'AWS::OpenSearchService::Domain' Properties: Name: my-provider Type: saml Description: Serverless SAML configuration SamlOptions: Metadata: >- Mfoobarurn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress UserAttribute: 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier' GroupAttribute: ALLGroups SessionTimeout: 120 ```