aws::opensearch-domain¶

Creates an opensearch domain.

Example¶

aws::opensearch-domain opensearch-domain-example
    domain-name: "testdomain3"
    open-search-version: "OpenSearch_1.0"

    ebs-options
        enable-ebs: true
        volume-type: standard
        volume-count: 10
    end

    node-to-node-encryption-options
        enable-node-to-node-encryption: true
    end

    encryption-at-rest-options
        enable-encryption-at-rest: true
    end

    cluster-configuration
        enable-zone-awareness: true
        instance-count: 4

        zone-awareness-configuration
            availability-zone-count: 2
        end
    end

    domain-endpoint-options
        enforce-https: true
    end

    advanced-security-options
        enable-advanced-security-options: true
        enable-internal-user-database: true

        master-user-options
            master-username: "masteruser"
            master-password: "MasterUser1!"
        end
    end

    access-policies: "access-policy.json"

    advanced-options: {
        "indices.query.bool.max_clause_count": "1026"
    }

    tags: {
        "description": "Test Domain"
    }

    vpc-options
        subnets: [
            $(aws::subnet example-subnet-1),
            $(aws::subnet example-subnet-3)
        ]

        security-groups: [
            $(aws::security-group example-security-group)
        ]
    end
end

Attributes¶

Attribute	Description
open-search-version	The version of OpenSearch. Valid values satisfy one of the following regexes: Must be Should be in the format of ‘Elasticsearch_X.Y’. Valid values satisfy the regex: `[Elasticsearch_\\d+\\.\\d+]`. Must be Should be in the format of ‘OpenSearch_X.Y’. Valid values satisfy the regex: `[OpenSearch_\\d+\\.\\d+]`.
domain-name	The name of the OpenSearch Domain. The name can be a combination of lowercase letters, numbers, or hyphens (`-`) and it must start with a lowercase letter. It can be between `3` to `28` characters in length. Valid values satisfy the regex: `[^[a-z]([a-z]\|[0-9]\|-){2,27}$]`. (Required)
ebs-options subresource	The Elastic Block Storage options configuration. enable-ebs When set to `true`, EBS volumes are attached to data nodes in an OpenSearch Service domain (Required) volume-type The volume type for the EBS-based storage. Can only be set if `enable-ebs` is set to `true`. Valid values are `standard`, `gp2`, `gp3` or `io1`. volume-count The size of the EBS volume. Can only be set if `enable-ebs` is set to `true`. Valid values are between `10` to `1024`. iops The baseline I/O performance for the EBS volume. Only used by Provisioned IOPS volumes. Can only be set if `enable-ebs` is set to `true`. Valid values are between `1000` to `16000`. throughput The throughput for the EBS volume. Can only be set if `enable-ebs` is set to `true`. Valid values are between `125` to `1000`.
cluster-configuration subresource	The OpenSearch Domain cluster configuration. enable-zone-awareness When set to `true`, zone awareness is enabled for the OpenSearch domain cluster. zone-awareness-configuration subresource The zone awareness options configuration. Can only be set if `enable-zone-awareness` is set. availability-zone-count The number of availability zones for a domain when zone awareness is enabled. Valid values are `2.0` or ``3.0`. (Required) instance-type The instance type for the OpenSearch domain cluster. Defaults to `m4.large_elasticsearch`. instance-count The number of nodes in the specified domain cluster. Defaults to `1`. Valid values are between `0` to `40`. dedicated-master-enabled When set to `true`, master nodes are dedicated to the OpenSearch domain cluster. Defaults to `false`. dedicated-master-type The instance type for the dedicated master nodes. Defaults to `m4.large_elasticsearch`. Can only be set if `dedicated-master-enabled` is set. dedicated-master-count The number of dedicated master nodes for the cluster. Defaults to `3`. Can only be set if `dedicated-master-enabled` is set. Valid values are between `2` to `5`. enable-warm When set to `true`, warm nodes are enabled for the OpenSearch domain cluster. Defaults to `false`. warm-count The number of warm nodes in the cluster. Defaults to `3`. Can only be set if `enable-warm` is set. Minimum allowed value is `3`. warm-type The instance type for warm nodes. Defaults to `ultrawarm1.medium.elasticsearch`. Valid values are `ultrawarm1.medium.elasticsearch`, `ultrawarm1.large.elasticsearch` or `ultrawarm1.xlarge.search`. Can only be set if `enable-warm` is set.
snapshot-options subresource	The automated snapshot time configuration. automated-snapshot-start-hour The hour, in UTC format, when the service takes a daily automated snapshot of the specified OpenSearch domain. Valid values are between `0` to `23`. (Required)
access-policies	The Json formatted IAM access policies. It can either be a JSON formatted string or the file path to a `.json` file.
advanced-options map	Configure advanced options for the cluster to allow references to indices in an HTTP request body. The valid options are `rest.action.multi.allow_explicit_index`: `true` \| `false` `override_main_response_version`: `true` \| `false` `indices.fielddata.cache.size`: A number between `1` and `100` `indices.query.bool.max_clause`: A number between `1` and `2147483647`.
node-to-node-encryption-options subresource	The node to node encryption options configuration. enable-node-to-node-encryption When set to `true`, node to node encryption is enabled, which prevents potential interception of traffic between OpenSearch nodes. (Required)
domain-endpoint-options subresource	The OpenSearch domain endpoint options configuration. enforce-https When set to `true`, all traffic to the domain will be required to arrive over HTTPS (Required) tls-security-policy The TLS security policy that needs to be applied to the HTTPS endpoints of the OpenSearch domain. Valid values are `Policy-Min-TLS-1-0-2019-07`, `Policy-Min-TLS-1-2-2019-07` or `Policy-Min-TLS-1-2-PFS-2023-10`.
encryption-at-rest-options subresource	The encryption at rest options configuration. enable-encryption-at-rest When set to `true`, enables encryption at rest to prevent unauthorized access to the data. (Required) kms-key-resource The KMS key resource for encryption options. Can only be set if `enable-encryption-at-rest` is set to `true`.
vpc-options subresource	The VPC options configuration. subnets set The list of subnets in the same region for the VPC endpoint. One subnet per availability zone. (Required) security-groups set The list if security groups for the VPC endpoint that need to access the domain. (Required)
advanced-security-options subresource	The advanced security options configuration. enable-advanced-security-options When set to `true`, enables advanced security options for the domain. (Required) enable-internal-user-database When set to `true`, enables the internal user database for the domain. master-user-options subresource The master user options configuration. Can only be set if `enable-advanced-security-options` is set to `true`. master-username The master username stored in the domain’s internal database. Cannot be set if `master-user-arn` is set. master-password The master password stored in the domain’s internal database. Cannot be set if `master-user-arn` is set. master-user-arn The master user’s Amazon Resource Number. The ARN can point to an IAM user or role. Cannot be set if any of `master-username` or `master-password` is set.
off-peak-window-options subresource	The off-peak window options configuration. off-peak-enabled When set to true, the off-peak window is enabled. (Required) off-peak-window-hour The hour at which the off-peak window starts. Can only be set if `off-peak-window-minutes` is set.
ip-address-type	The IP address type for the OpenSearch domain. Valid values are `ipv4` or `dualstack`.
auto-tune-options subresource	The auto-tune options configuration. desired-state The desired state of the Auto-Tune options. Valid values are `ENABLED` or `DISABLED`. (Required) rollback-on-disable The rollback behavior when Auto-Tune is disabled. Valid values are `DEFAULT_ROLLBACK` or `NO_ROLLBACK`. maintenance-schedules set subresource The maintenance schedules for the Auto-Tune options. duration The duration of the maintenance schedule. (Required) duration-unit The unit of the duration. Currently the only supported value is `HOURS`. (Required) cron-expression-for-recurrence The cron expression for the recurrence of the maintenance schedule. start-at The start time of the maintenance schedule. (Required) use-off-peak-window When set to true, Auto-Tune will only run during the off-peak window. (Required)
tags map	The list of tags.

Outputs¶

Attribute	Description
id	The ID of the OpenSearch domain.
arn	The Amazon Resource Name of an OpenSearch domain.
endpoints map	The endpoints of the OpenSearch domain.
endpoint	The Domain-specific endpoint used to submit index, search, and data upload requests to the domain.
endpoint-v2	The V2 endpoint of the OpenSearch domain. This endpoint functions like a normal endpoint, except that it works with both IPv4 and IPv6 IP addresses. Normal endpoints work only with IPv4 IP addresses. This is provided if the domain is created with the `ip-address-type` set to `dualstack`.