[ aws . opensearch ]

create-domain

Description

Creates a new Amazon OpenSearch Service domain. For more information, see Creating and managing Amazon OpenSearch Service domains in the Amazon OpenSearch Service Developer Guide .

See also: AWS API Documentation

See ‘aws help’ for descriptions of global parameters.

Synopsis

  create-domain
--domain-name <value>
[--engine-version <value>]
[--cluster-config <value>]
[--ebs-options <value>]
[--access-policies <value>]
[--snapshot-options <value>]
[--vpc-options <value>]
[--cognito-options <value>]
[--encryption-at-rest-options <value>]
[--node-to-node-encryption-options <value>]
[--advanced-options <value>]
[--log-publishing-options <value>]
[--domain-endpoint-options <value>]
[--advanced-security-options <value>]
[--tag-list <value>]
[--auto-tune-options <value>]
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]

Options

--domain-name (string)

The name of the Amazon OpenSearch Service domain you’re creating. Domain names are unique across the domains owned by an account within an AWS region. Domain names must start with a lowercase letter and can contain the following characters: a-z (lowercase), 0-9, and - (hyphen).

--engine-version (string)

String of format Elasticsearch_X.Y or OpenSearch_X.Y to specify the engine version for the Amazon OpenSearch Service domain. For example, “OpenSearch_1.0” or “Elasticsearch_7.9”. For more information, see Creating and managing Amazon OpenSearch Service domains .

--cluster-config (structure)

Configuration options for a domain. Specifies the instance type and number of instances in the domain.

InstanceType -> (string)

The instance type for an OpenSearch cluster. UltraWarm instance types are not supported for data instances.

InstanceCount -> (integer)

The number of instances in the specified domain cluster.

DedicatedMasterEnabled -> (boolean)

A boolean value to indicate whether a dedicated master node is enabled. See Dedicated master nodes in Amazon OpenSearch Service for more information.

ZoneAwarenessEnabled -> (boolean)

A boolean value to indicate whether zone awareness is enabled. See Configuring a multi-AZ domain in Amazon OpenSearch Service for more information.

ZoneAwarenessConfig -> (structure)

The zone awareness configuration for a domain when zone awareness is enabled.

AvailabilityZoneCount -> (integer)

An integer value to indicate the number of availability zones for a domain when zone awareness is enabled. This should be equal to number of subnets if VPC endpoints is enabled.

DedicatedMasterType -> (string)

The instance type for a dedicated master node.

DedicatedMasterCount -> (integer)

Total number of dedicated master nodes, active and on standby, for the cluster.

WarmEnabled -> (boolean)

True to enable UltraWarm storage.

WarmType -> (string)

The instance type for the OpenSearch cluster’s warm nodes.

WarmCount -> (integer)

The number of UltraWarm nodes in the cluster.

ColdStorageOptions -> (structure)

Specifies the ColdStorageOptions config for a Domain

Enabled -> (boolean)

Enable cold storage option. Accepted values true or false

Shorthand Syntax:

InstanceType=string,InstanceCount=integer,DedicatedMasterEnabled=boolean,ZoneAwarenessEnabled=boolean,ZoneAwarenessConfig={AvailabilityZoneCount=integer},DedicatedMasterType=string,DedicatedMasterCount=integer,WarmEnabled=boolean,WarmType=string,WarmCount=integer,ColdStorageOptions={Enabled=boolean}

JSON Syntax:

{
  "InstanceType": "m3.medium.search"|"m3.large.search"|"m3.xlarge.search"|"m3.2xlarge.search"|"m4.large.search"|"m4.xlarge.search"|"m4.2xlarge.search"|"m4.4xlarge.search"|"m4.10xlarge.search"|"m5.large.search"|"m5.xlarge.search"|"m5.2xlarge.search"|"m5.4xlarge.search"|"m5.12xlarge.search"|"m5.24xlarge.search"|"r5.large.search"|"r5.xlarge.search"|"r5.2xlarge.search"|"r5.4xlarge.search"|"r5.12xlarge.search"|"r5.24xlarge.search"|"c5.large.search"|"c5.xlarge.search"|"c5.2xlarge.search"|"c5.4xlarge.search"|"c5.9xlarge.search"|"c5.18xlarge.search"|"t3.nano.search"|"t3.micro.search"|"t3.small.search"|"t3.medium.search"|"t3.large.search"|"t3.xlarge.search"|"t3.2xlarge.search"|"ultrawarm1.medium.search"|"ultrawarm1.large.search"|"ultrawarm1.xlarge.search"|"t2.micro.search"|"t2.small.search"|"t2.medium.search"|"r3.large.search"|"r3.xlarge.search"|"r3.2xlarge.search"|"r3.4xlarge.search"|"r3.8xlarge.search"|"i2.xlarge.search"|"i2.2xlarge.search"|"d2.xlarge.search"|"d2.2xlarge.search"|"d2.4xlarge.search"|"d2.8xlarge.search"|"c4.large.search"|"c4.xlarge.search"|"c4.2xlarge.search"|"c4.4xlarge.search"|"c4.8xlarge.search"|"r4.large.search"|"r4.xlarge.search"|"r4.2xlarge.search"|"r4.4xlarge.search"|"r4.8xlarge.search"|"r4.16xlarge.search"|"i3.large.search"|"i3.xlarge.search"|"i3.2xlarge.search"|"i3.4xlarge.search"|"i3.8xlarge.search"|"i3.16xlarge.search"|"r6g.large.search"|"r6g.xlarge.search"|"r6g.2xlarge.search"|"r6g.4xlarge.search"|"r6g.8xlarge.search"|"r6g.12xlarge.search"|"m6g.large.search"|"m6g.xlarge.search"|"m6g.2xlarge.search"|"m6g.4xlarge.search"|"m6g.8xlarge.search"|"m6g.12xlarge.search"|"c6g.large.search"|"c6g.xlarge.search"|"c6g.2xlarge.search"|"c6g.4xlarge.search"|"c6g.8xlarge.search"|"c6g.12xlarge.search"|"r6gd.large.search"|"r6gd.xlarge.search"|"r6gd.2xlarge.search"|"r6gd.4xlarge.search"|"r6gd.8xlarge.search"|"r6gd.12xlarge.search"|"r6gd.16xlarge.search"|"t4g.small.search"|"t4g.medium.search",
  "InstanceCount": integer,
  "DedicatedMasterEnabled": true|false,
  "ZoneAwarenessEnabled": true|false,
  "ZoneAwarenessConfig": {
    "AvailabilityZoneCount": integer
  },
  "DedicatedMasterType": "m3.medium.search"|"m3.large.search"|"m3.xlarge.search"|"m3.2xlarge.search"|"m4.large.search"|"m4.xlarge.search"|"m4.2xlarge.search"|"m4.4xlarge.search"|"m4.10xlarge.search"|"m5.large.search"|"m5.xlarge.search"|"m5.2xlarge.search"|"m5.4xlarge.search"|"m5.12xlarge.search"|"m5.24xlarge.search"|"r5.large.search"|"r5.xlarge.search"|"r5.2xlarge.search"|"r5.4xlarge.search"|"r5.12xlarge.search"|"r5.24xlarge.search"|"c5.large.search"|"c5.xlarge.search"|"c5.2xlarge.search"|"c5.4xlarge.search"|"c5.9xlarge.search"|"c5.18xlarge.search"|"t3.nano.search"|"t3.micro.search"|"t3.small.search"|"t3.medium.search"|"t3.large.search"|"t3.xlarge.search"|"t3.2xlarge.search"|"ultrawarm1.medium.search"|"ultrawarm1.large.search"|"ultrawarm1.xlarge.search"|"t2.micro.search"|"t2.small.search"|"t2.medium.search"|"r3.large.search"|"r3.xlarge.search"|"r3.2xlarge.search"|"r3.4xlarge.search"|"r3.8xlarge.search"|"i2.xlarge.search"|"i2.2xlarge.search"|"d2.xlarge.search"|"d2.2xlarge.search"|"d2.4xlarge.search"|"d2.8xlarge.search"|"c4.large.search"|"c4.xlarge.search"|"c4.2xlarge.search"|"c4.4xlarge.search"|"c4.8xlarge.search"|"r4.large.search"|"r4.xlarge.search"|"r4.2xlarge.search"|"r4.4xlarge.search"|"r4.8xlarge.search"|"r4.16xlarge.search"|"i3.large.search"|"i3.xlarge.search"|"i3.2xlarge.search"|"i3.4xlarge.search"|"i3.8xlarge.search"|"i3.16xlarge.search"|"r6g.large.search"|"r6g.xlarge.search"|"r6g.2xlarge.search"|"r6g.4xlarge.search"|"r6g.8xlarge.search"|"r6g.12xlarge.search"|"m6g.large.search"|"m6g.xlarge.search"|"m6g.2xlarge.search"|"m6g.4xlarge.search"|"m6g.8xlarge.search"|"m6g.12xlarge.search"|"c6g.large.search"|"c6g.xlarge.search"|"c6g.2xlarge.search"|"c6g.4xlarge.search"|"c6g.8xlarge.search"|"c6g.12xlarge.search"|"r6gd.large.search"|"r6gd.xlarge.search"|"r6gd.2xlarge.search"|"r6gd.4xlarge.search"|"r6gd.8xlarge.search"|"r6gd.12xlarge.search"|"r6gd.16xlarge.search"|"t4g.small.search"|"t4g.medium.search",
  "DedicatedMasterCount": integer,
  "WarmEnabled": true|false,
  "WarmType": "ultrawarm1.medium.search"|"ultrawarm1.large.search"|"ultrawarm1.xlarge.search",
  "WarmCount": integer,
  "ColdStorageOptions": {
    "Enabled": true|false
  }
}

--ebs-options (structure)

Options to enable, disable, and specify the type and size of EBS storage volumes.

EBSEnabled -> (boolean)

Whether EBS-based storage is enabled.

VolumeType -> (string)

The volume type for EBS-based storage.

VolumeSize -> (integer)

Integer to specify the size of an EBS volume.

Iops -> (integer)

The IOPS for Provisioned IOPS And GP3 EBS volume (SSD).

Throughput -> (integer)

The Throughput for GP3 EBS volume (SSD).

Shorthand Syntax:

EBSEnabled=boolean,VolumeType=string,VolumeSize=integer,Iops=integer,Throughput=integer

JSON Syntax:

{
  "EBSEnabled": true|false,
  "VolumeType": "standard"|"gp2"|"io1"|"gp3",
  "VolumeSize": integer,
  "Iops": integer,
  "Throughput": integer
}

--access-policies (string)

IAM access policy as a JSON-formatted string.

--snapshot-options (structure)

Option to set time, in UTC format, of the daily automated snapshot. Default value is 0 hours.

AutomatedSnapshotStartHour -> (integer)

The time, in UTC format, when the service takes a daily automated snapshot of the specified domain. Default is 0 hours.

Shorthand Syntax:

AutomatedSnapshotStartHour=integer

JSON Syntax:

{
  "AutomatedSnapshotStartHour": integer
}

--vpc-options (structure)

Options to specify the subnets and security groups for a VPC endpoint. For more information, see Launching your Amazon OpenSearch Service domains using a VPC .

SubnetIds -> (list)

The subnets for the VPC endpoint.

(string)

SecurityGroupIds -> (list)

The security groups for the VPC endpoint.

(string)

Shorthand Syntax:

SubnetIds=string,string,SecurityGroupIds=string,string

JSON Syntax:

{
  "SubnetIds": ["string", ...],
  "SecurityGroupIds": ["string", ...]
}

--cognito-options (structure)

Options to specify the Cognito user and identity pools for OpenSearch Dashboards authentication. For more information, see Configuring Amazon Cognito authentication for OpenSearch Dashboards .

Enabled -> (boolean)

The option to enable Cognito for OpenSearch Dashboards authentication.

UserPoolId -> (string)

The Cognito user pool ID for OpenSearch Dashboards authentication.

IdentityPoolId -> (string)

The Cognito identity pool ID for OpenSearch Dashboards authentication.

RoleArn -> (string)

The role ARN that provides OpenSearch permissions for accessing Cognito resources.

Shorthand Syntax:

Enabled=boolean,UserPoolId=string,IdentityPoolId=string,RoleArn=string

JSON Syntax:

{
  "Enabled": true|false,
  "UserPoolId": "string",
  "IdentityPoolId": "string",
  "RoleArn": "string"
}

--encryption-at-rest-options (structure)

Options for encryption of data at rest.

Enabled -> (boolean)

The option to enable encryption at rest.

KmsKeyId -> (string)

The KMS key ID for encryption at rest options.

Shorthand Syntax:

Enabled=boolean,KmsKeyId=string

JSON Syntax:

{
  "Enabled": true|false,
  "KmsKeyId": "string"
}

--node-to-node-encryption-options (structure)

Node-to-node encryption options.

Enabled -> (boolean)

True to enable node-to-node encryption.

Shorthand Syntax:

Enabled=boolean

JSON Syntax:

{
  "Enabled": true|false
}

--advanced-options (map)

Option to allow references to indices in an HTTP request body. Must be false when configuring access to individual sub-resources. By default, the value is true . See Advanced cluster parameters for more information.

key -> (string)

value -> (string)

Shorthand Syntax:

KeyName1=string,KeyName2=string

JSON Syntax:

{"string": "string"
  ...}

--log-publishing-options (map)

Map of LogType and LogPublishingOption , each containing options to publish a given type of OpenSearch log.

key -> (string)

Type of log file. Can be one of the following:

  • INDEX_SLOW_LOGS: Index slow logs contain insert requests that took more time than configured index query log threshold to execute.

  • SEARCH_SLOW_LOGS: Search slow logs contain search queries that took more time than configured search query log threshold to execute.

  • ES_APPLICATION_LOGS: OpenSearch application logs contain information about errors and warnings raised during the operation of the service and can be useful for troubleshooting.

  • AUDIT_LOGS: Audit logs contain records of user requests for access from the domain.

value -> (structure)

Log Publishing option that is set for a given domain. Attributes and their details:

  • CloudWatchLogsLogGroupArn: ARN of the Cloudwatch log group to publish logs to.

  • Enabled: Whether the log publishing for a given log type is enabled or not.

CloudWatchLogsLogGroupArn -> (string)

ARN of the Cloudwatch log group to publish logs to.

Enabled -> (boolean)

Whether the given log publishing option is enabled or not.

Shorthand Syntax:

  KeyName1=CloudWatchLogsLogGroupArn=string,Enabled=boolean,KeyName2=CloudWatchLogsLogGroupArn=string,Enabled=boolean

Where valid key names are:
  INDEX_SLOW_LOGS
  SEARCH_SLOW_LOGS
  ES_APPLICATION_LOGS
  AUDIT_LOGS

JSON Syntax:

{"INDEX_SLOW_LOGS"|"SEARCH_SLOW_LOGS"|"ES_APPLICATION_LOGS"|"AUDIT_LOGS": {
      "CloudWatchLogsLogGroupArn": "string",
      "Enabled": true|false
    }
  ...}

--domain-endpoint-options (structure)

Options to specify configurations that will be applied to the domain endpoint.

EnforceHTTPS -> (boolean)

Whether only HTTPS endpoint should be enabled for the domain.

TLSSecurityPolicy -> (string)

Specify the TLS security policy to apply to the HTTPS endpoint of the domain. Can be one of the following values:

  • Policy-Min-TLS-1-0-2019-07: TLS security policy which supports TLSv1.0 and higher.

  • Policy-Min-TLS-1-2-2019-07: TLS security policy which supports only TLSv1.2

CustomEndpointEnabled -> (boolean)

Whether to enable a custom endpoint for the domain.

CustomEndpoint -> (string)

The fully qualified domain for your custom endpoint.

CustomEndpointCertificateArn -> (string)

The ACM certificate ARN for your custom endpoint.

Shorthand Syntax:

EnforceHTTPS=boolean,TLSSecurityPolicy=string,CustomEndpointEnabled=boolean,CustomEndpoint=string,CustomEndpointCertificateArn=string

JSON Syntax:

{
  "EnforceHTTPS": true|false,
  "TLSSecurityPolicy": "Policy-Min-TLS-1-0-2019-07"|"Policy-Min-TLS-1-2-2019-07",
  "CustomEndpointEnabled": true|false,
  "CustomEndpoint": "string",
  "CustomEndpointCertificateArn": "string"
}

--advanced-security-options (structure)

Specifies advanced security options.

Enabled -> (boolean)

True if advanced security is enabled.

InternalUserDatabaseEnabled -> (boolean)

True if the internal user database is enabled.

MasterUserOptions -> (structure)

Credentials for the master user: username and password, ARN, or both.

MasterUserARN -> (string)

ARN for the master user (if IAM is enabled).

MasterUserName -> (string)

The master user’s username, which is stored in the Amazon OpenSearch Service domain’s internal database.

MasterUserPassword -> (string)

The master user’s password, which is stored in the Amazon OpenSearch Service domain’s internal database.

SAMLOptions -> (structure)

The SAML application configuration for the domain.

Enabled -> (boolean)

True if SAML is enabled.

Idp -> (structure)

The SAML Identity Provider’s information.

MetadataContent -> (string)

The metadata of the SAML application in XML format.

EntityId -> (string)

The unique entity ID of the application in SAML identity provider.

MasterUserName -> (string)

The SAML master username, which is stored in the Amazon OpenSearch Service domain’s internal database.

MasterBackendRole -> (string)

The backend role that the SAML master user is mapped to.

SubjectKey -> (string)

Element of the SAML assertion to use for username. Default is NameID.

RolesKey -> (string)

Element of the SAML assertion to use for backend roles. Default is roles.

SessionTimeoutMinutes -> (integer)

The duration, in minutes, after which a user session becomes inactive. Acceptable values are between 1 and 1440, and the default value is 60.

AnonymousAuthEnabled -> (boolean)

True if Anonymous auth is enabled. Anonymous auth can be enabled only when AdvancedSecurity is enabled on existing domains.

Shorthand Syntax:

Enabled=boolean,InternalUserDatabaseEnabled=boolean,MasterUserOptions={MasterUserARN=string,MasterUserName=string,MasterUserPassword=string},SAMLOptions={Enabled=boolean,Idp={MetadataContent=string,EntityId=string},MasterUserName=string,MasterBackendRole=string,SubjectKey=string,RolesKey=string,SessionTimeoutMinutes=integer},AnonymousAuthEnabled=boolean

JSON Syntax:

{
  "Enabled": true|false,
  "InternalUserDatabaseEnabled": true|false,
  "MasterUserOptions": {
    "MasterUserARN": "string",
    "MasterUserName": "string",
    "MasterUserPassword": "string"
  },
  "SAMLOptions": {
    "Enabled": true|false,
    "Idp": {
      "MetadataContent": "string",
      "EntityId": "string"
    },
    "MasterUserName": "string",
    "MasterBackendRole": "string",
    "SubjectKey": "string",
    "RolesKey": "string",
    "SessionTimeoutMinutes": integer
  },
  "AnonymousAuthEnabled": true|false
}

--tag-list (list)

A list of Tag added during domain creation.

(structure)

A key value pair for a resource tag.

Key -> (string)

The TagKey , the name of the tag. Tag keys must be unique for the domain to which they are attached.

Value -> (string)

The TagValue , the value assigned to the corresponding tag key. Tag values can be null and don’t have to be unique in a tag set. For example, you can have a key value pair in a tag set of project : Trinity and cost-center : Trinity

Shorthand Syntax:

Key=string,Value=string ...

JSON Syntax:

[
  {
    "Key": "string",
    "Value": "string"
  }
  ...
]

--auto-tune-options (structure)

Specifies Auto-Tune options.

DesiredState -> (string)

The Auto-Tune desired state. Valid values are ENABLED and DISABLED.

MaintenanceSchedules -> (list)

A list of maintenance schedules. See Auto-Tune for Amazon OpenSearch Service for more information.

(structure)

Specifies the Auto-Tune maintenance schedule. See Auto-Tune for Amazon OpenSearch Service for more information.

StartAt -> (timestamp)

The timestamp at which the Auto-Tune maintenance schedule starts.

Duration -> (structure)

Specifies maintenance schedule duration: duration value and duration unit. See Auto-Tune for Amazon OpenSearch Service for more information.

Value -> (long)

Integer to specify the value of a maintenance schedule duration. See Auto-Tune for Amazon OpenSearch Service for more information.

Unit -> (string)

The unit of a maintenance schedule duration. Valid value is HOURS. See Auto-Tune for Amazon OpenSearch Service for more information.

CronExpressionForRecurrence -> (string)

A cron expression for a recurring maintenance schedule. See Auto-Tune for Amazon OpenSearch Service for more information.

JSON Syntax:

{
  "DesiredState": "ENABLED"|"DISABLED",
  "MaintenanceSchedules": [
    {
      "StartAt": timestamp,
      "Duration": {
        "Value": long,
        "Unit": "HOURS"
      },
      "CronExpressionForRecurrence": "string"
    }
    ...
  ]
}

--cli-input-json | --cli-input-yaml (string) Reads arguments from the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton. If other arguments are provided on the command line, those values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally. This may not be specified along with --cli-input-yaml.

--generate-cli-skeleton (string) Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input, prints a sample input JSON that can be used as an argument for --cli-input-json. Similarly, if provided yaml-input it will print a sample input YAML that can be used with --cli-input-yaml. If provided with the value output, it validates the command inputs and returns a sample output JSON for that command. The generated JSON skeleton is not stable between versions of the AWS CLI and there are no backwards compatibility guarantees in the JSON skeleton generated.

See ‘aws help’ for descriptions of global parameters.

Output

DomainStatus -> (structure)

The status of the newly created domain.

DomainId -> (string)

The unique identifier for the specified domain.

DomainName -> (string)

The name of a domain. Domain names are unique across the domains owned by an account within an AWS region. Domain names start with a letter or number and can contain the following characters: a-z (lowercase), 0-9, and - (hyphen).

ARN -> (string)

The Amazon Resource Name (ARN) of a domain. See IAM identifiers in the AWS Identity and Access Management User Guide for more information.

Created -> (boolean)

The domain creation status. True if the creation of a domain is complete. False if domain creation is still in progress.

Deleted -> (boolean)

The domain deletion status. True if a delete request has been received for the domain but resource cleanup is still in progress. False if the domain has not been deleted. Once domain deletion is complete, the status of the domain is no longer returned.

Endpoint -> (string)

The domain endpoint that you use to submit index and search requests.

Endpoints -> (map)

Map containing the domain endpoints used to submit index and search requests. Example key, value : 'vpc','vpc-endpoint-h2dsd34efgyghrtguk5gt6j2foh4.us-east-1.es.amazonaws.com' .

key -> (string)

value -> (string)

The endpoint to which service requests are submitted. For example, search-imdb-movies-oopcnjfn6ugofer3zx5iadxxca.eu-west-1.es.amazonaws.com or doc-imdb-movies-oopcnjfn6ugofer3zx5iadxxca.eu-west-1.es.amazonaws.com .

Processing -> (boolean)

The status of the domain configuration. True if Amazon OpenSearch Service is processing configuration changes. False if the configuration is active.

UpgradeProcessing -> (boolean)

The status of a domain version upgrade. True if Amazon OpenSearch Service is undergoing a version upgrade. False if the configuration is active.

EngineVersion -> (string)

ClusterConfig -> (structure)

The type and number of instances in the domain.

InstanceType -> (string)

The instance type for an OpenSearch cluster. UltraWarm instance types are not supported for data instances.

InstanceCount -> (integer)

The number of instances in the specified domain cluster.

DedicatedMasterEnabled -> (boolean)

A boolean value to indicate whether a dedicated master node is enabled. See Dedicated master nodes in Amazon OpenSearch Service for more information.

ZoneAwarenessEnabled -> (boolean)

A boolean value to indicate whether zone awareness is enabled. See Configuring a multi-AZ domain in Amazon OpenSearch Service for more information.

ZoneAwarenessConfig -> (structure)

The zone awareness configuration for a domain when zone awareness is enabled.

AvailabilityZoneCount -> (integer)

An integer value to indicate the number of availability zones for a domain when zone awareness is enabled. This should be equal to number of subnets if VPC endpoints is enabled.

DedicatedMasterType -> (string)

The instance type for a dedicated master node.

DedicatedMasterCount -> (integer)

Total number of dedicated master nodes, active and on standby, for the cluster.

WarmEnabled -> (boolean)

True to enable UltraWarm storage.

WarmType -> (string)

The instance type for the OpenSearch cluster’s warm nodes.

WarmCount -> (integer)

The number of UltraWarm nodes in the cluster.

ColdStorageOptions -> (structure)

Specifies the ColdStorageOptions config for a Domain

Enabled -> (boolean)

Enable cold storage option. Accepted values true or false

EBSOptions -> (structure)

The EBSOptions for the specified domain.

EBSEnabled -> (boolean)

Whether EBS-based storage is enabled.

VolumeType -> (string)

The volume type for EBS-based storage.

VolumeSize -> (integer)

Integer to specify the size of an EBS volume.

Iops -> (integer)

The IOPS for Provisioned IOPS And GP3 EBS volume (SSD).

Throughput -> (integer)

The Throughput for GP3 EBS volume (SSD).

AccessPolicies -> (string)

IAM access policy as a JSON-formatted string.

SnapshotOptions -> (structure)

The status of the SnapshotOptions .

AutomatedSnapshotStartHour -> (integer)

The time, in UTC format, when the service takes a daily automated snapshot of the specified domain. Default is 0 hours.

VPCOptions -> (structure)

The VPCOptions for the specified domain. For more information, see Launching your Amazon OpenSearch Service domains using a VPC .

VPCId -> (string)

The VPC ID for the domain. Exists only if the domain was created with VPCOptions .

SubnetIds -> (list)

The subnets for the VPC endpoint.

(string)

AvailabilityZones -> (list)

The Availability Zones for the domain. Exists only if the domain was created with VPCOptions .

(string)

SecurityGroupIds -> (list)

The security groups for the VPC endpoint.

(string)

CognitoOptions -> (structure)

The CognitoOptions for the specified domain. For more information, see Configuring Amazon Cognito authentication for OpenSearch Dashboards .

Enabled -> (boolean)

The option to enable Cognito for OpenSearch Dashboards authentication.

UserPoolId -> (string)

The Cognito user pool ID for OpenSearch Dashboards authentication.

IdentityPoolId -> (string)

The Cognito identity pool ID for OpenSearch Dashboards authentication.

RoleArn -> (string)

The role ARN that provides OpenSearch permissions for accessing Cognito resources.

EncryptionAtRestOptions -> (structure)

The status of the EncryptionAtRestOptions .

Enabled -> (boolean)

The option to enable encryption at rest.

KmsKeyId -> (string)

The KMS key ID for encryption at rest options.

NodeToNodeEncryptionOptions -> (structure)

The status of the NodeToNodeEncryptionOptions .

Enabled -> (boolean)

True to enable node-to-node encryption.

AdvancedOptions -> (map)

The status of the AdvancedOptions .

key -> (string)

value -> (string)

LogPublishingOptions -> (map)

Log publishing options for the given domain.

key -> (string)

Type of log file. Can be one of the following:

  • INDEX_SLOW_LOGS: Index slow logs contain insert requests that took more time than configured index query log threshold to execute.

  • SEARCH_SLOW_LOGS: Search slow logs contain search queries that took more time than configured search query log threshold to execute.

  • ES_APPLICATION_LOGS: OpenSearch application logs contain information about errors and warnings raised during the operation of the service and can be useful for troubleshooting.

  • AUDIT_LOGS: Audit logs contain records of user requests for access from the domain.

value -> (structure)

Log Publishing option that is set for a given domain. Attributes and their details:

  • CloudWatchLogsLogGroupArn: ARN of the Cloudwatch log group to publish logs to.

  • Enabled: Whether the log publishing for a given log type is enabled or not.

CloudWatchLogsLogGroupArn -> (string)

ARN of the Cloudwatch log group to publish logs to.

Enabled -> (boolean)

Whether the given log publishing option is enabled or not.

ServiceSoftwareOptions -> (structure)

The current status of the domain’s service software.

CurrentVersion -> (string)

The current service software version present on the domain.

NewVersion -> (string)

The new service software version if one is available.

UpdateAvailable -> (boolean)

True if you’re able to update your service software version. False if you can’t update your service software version.

Cancellable -> (boolean)

True if you’re able to cancel your service software version update. False if you can’t cancel your service software update.

UpdateStatus -> (string)

The status of your service software update. This field can take the following values: ELIGIBLE , PENDING_UPDATE , IN_PROGRESS , COMPLETED , and NOT_ELIGIBLE .

Description -> (string)

The description of the UpdateStatus .

AutomatedUpdateDate -> (timestamp)

The timestamp, in Epoch time, until which you can manually request a service software update. After this date, we automatically update your service software.

OptionalDeployment -> (boolean)

True if a service software is never automatically updated. False if a service software is automatically updated after AutomatedUpdateDate .

DomainEndpointOptions -> (structure)

The current status of the domain’s endpoint options.

EnforceHTTPS -> (boolean)

Whether only HTTPS endpoint should be enabled for the domain.

TLSSecurityPolicy -> (string)

Specify the TLS security policy to apply to the HTTPS endpoint of the domain. Can be one of the following values:

  • Policy-Min-TLS-1-0-2019-07: TLS security policy which supports TLSv1.0 and higher.

  • Policy-Min-TLS-1-2-2019-07: TLS security policy which supports only TLSv1.2

CustomEndpointEnabled -> (boolean)

Whether to enable a custom endpoint for the domain.

CustomEndpoint -> (string)

The fully qualified domain for your custom endpoint.

CustomEndpointCertificateArn -> (string)

The ACM certificate ARN for your custom endpoint.

AdvancedSecurityOptions -> (structure)

The current status of the domain’s advanced security options.

Enabled -> (boolean)

True if advanced security is enabled.

InternalUserDatabaseEnabled -> (boolean)

True if the internal user database is enabled.

SAMLOptions -> (structure)

Describes the SAML application configured for a domain.

Enabled -> (boolean)

True if SAML is enabled.

Idp -> (structure)

Describes the SAML identity provider’s information.

MetadataContent -> (string)

The metadata of the SAML application in XML format.

EntityId -> (string)

The unique entity ID of the application in SAML identity provider.

SubjectKey -> (string)

The key used for matching the SAML subject attribute.

RolesKey -> (string)

The key used for matching the SAML roles attribute.

SessionTimeoutMinutes -> (integer)

The duration, in minutes, after which a user session becomes inactive.

AnonymousAuthDisableDate -> (timestamp)

Specifies the Anonymous Auth Disable Date when Anonymous Auth is enabled.

AnonymousAuthEnabled -> (boolean)

True if Anonymous auth is enabled. Anonymous auth can be enabled only when AdvancedSecurity is enabled on existing domains.

AutoTuneOptions -> (structure)

The current status of the domain’s Auto-Tune options.

State -> (string)

The AutoTuneState for the domain.

ErrorMessage -> (string)

The error message while enabling or disabling Auto-Tune.

ChangeProgressDetails -> (structure)

Specifies change details of the domain configuration change.

ChangeId -> (string)

The unique change identifier associated with a specific domain configuration change.

Message -> (string)

Contains an optional message associated with the domain configuration change.