awsopensearchservice

package
v2.139.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 30, 2024 License: Apache-2.0 Imports: 14 Imported by: 4

README

Amazon OpenSearch Service Construct Library

See Migrating to OpenSearch for migration instructions from aws-cdk-lib/aws-elasticsearch to this module, aws-cdk-lib/aws-opensearchservice.

Quick start

Create a development cluster by simply specifying the version:

devDomain := awscdk.NewDomain(this, jsii.String("Domain"), &DomainProps{
	Version: awscdk.EngineVersion_OPENSEARCH_1_0(),
})

To perform version upgrades without replacing the entire domain, specify the enableVersionUpgrade property.

devDomain := awscdk.NewDomain(this, jsii.String("Domain"), &DomainProps{
	Version: awscdk.EngineVersion_OPENSEARCH_1_0(),
	EnableVersionUpgrade: jsii.Boolean(true),
})

Create a cluster with GP3 volumes:

gp3Domain := awscdk.NewDomain(this, jsii.String("Domain"), &DomainProps{
	Version: awscdk.EngineVersion_OPENSEARCH_2_5(),
	Ebs: &EbsOptions{
		VolumeSize: jsii.Number(30),
		VolumeType: ec2.EbsDeviceVolumeType_GP3,
		Throughput: jsii.Number(125),
		Iops: jsii.Number(3000),
	},
})

Create a production grade cluster by also specifying things like capacity and az distribution

prodDomain := awscdk.NewDomain(this, jsii.String("Domain"), &DomainProps{
	Version: awscdk.EngineVersion_OPENSEARCH_1_0(),
	Capacity: &CapacityConfig{
		MasterNodes: jsii.Number(5),
		DataNodes: jsii.Number(20),
	},
	Ebs: &EbsOptions{
		VolumeSize: jsii.Number(20),
	},
	ZoneAwareness: &ZoneAwarenessConfig{
		AvailabilityZoneCount: jsii.Number(3),
	},
	Logging: &LoggingOptions{
		SlowSearchLogEnabled: jsii.Boolean(true),
		AppLogEnabled: jsii.Boolean(true),
		SlowIndexLogEnabled: jsii.Boolean(true),
	},
})

This creates an Amazon OpenSearch Service cluster and automatically sets up log groups for logging the domain logs and slow search logs.

A note about SLR

Some cluster configurations (e.g VPC access) require the existence of the AWSServiceRoleForAmazonElasticsearchService Service-Linked Role.

When performing such operations via the AWS Console, this SLR is created automatically when needed. However, this is not the behavior when using CloudFormation. If an SLR is needed, but doesn't exist, you will encounter a failure message similar to:

Before you can proceed, you must enable a service-linked role to give Amazon OpenSearch Service...

To resolve this, you need to create the SLR. We recommend using the AWS CLI:

aws iam create-service-linked-role --aws-service-name es.amazonaws.com

You can also create it using the CDK, but note that only the first application deploying this will succeed:

slr := iam.NewCfnServiceLinkedRole(this, jsii.String("Service Linked Role"), &CfnServiceLinkedRoleProps{
	AwsServiceName: jsii.String("es.amazonaws.com"),
})

Importing existing domains

Using a known domain endpoint

To import an existing domain into your CDK application, use the Domain.fromDomainEndpoint factory method. This method accepts a domain endpoint of an already existing domain:

domainEndpoint := "https://my-domain-jcjotrt6f7otem4sqcwbch3c4u.us-east-1.es.amazonaws.com"
domain := awscdk.Domain_FromDomainEndpoint(this, jsii.String("ImportedDomain"), domainEndpoint)
Using the output of another CloudFormation stack

To import an existing domain with the help of an exported value from another CloudFormation stack, use the Domain.fromDomainAttributes factory method. This will accept tokens.

domainArn := awscdk.Fn_ImportValue(jsii.String("another-cf-stack-export-domain-arn"))
domainEndpoint := awscdk.Fn_ImportValue(jsii.String("another-cf-stack-export-domain-endpoint"))
domain := awscdk.Domain_FromDomainAttributes(this, jsii.String("ImportedDomain"), &DomainAttributes{
	DomainArn: jsii.String(DomainArn),
	DomainEndpoint: jsii.String(DomainEndpoint),
})

Permissions

IAM

Helper methods also exist for managing access to the domain.

var fn function
var domain domain


// Grant write access to the app-search index
domain.grantIndexWrite(jsii.String("app-search"), fn)

// Grant read access to the 'app-search/_search' path
domain.grantPathRead(jsii.String("app-search/_search"), fn)

Encryption

The domain can also be created with encryption enabled:

domain := awscdk.NewDomain(this, jsii.String("Domain"), &DomainProps{
	Version: awscdk.EngineVersion_OPENSEARCH_1_0(),
	Ebs: &EbsOptions{
		VolumeSize: jsii.Number(100),
		VolumeType: ec2.EbsDeviceVolumeType_GENERAL_PURPOSE_SSD,
	},
	NodeToNodeEncryption: jsii.Boolean(true),
	EncryptionAtRest: &EncryptionAtRestOptions{
		Enabled: jsii.Boolean(true),
	},
})

This sets up the domain with node to node encryption and encryption at rest. You can also choose to supply your own KMS key to use for encryption at rest.

VPC Support

Domains can be placed inside a VPC, providing a secure communication between Amazon OpenSearch Service and other services within the VPC without the need for an internet gateway, NAT device, or VPN connection.

Visit VPC Support for Amazon OpenSearch Service Domains for more details.

vpc := ec2.NewVpc(this, jsii.String("Vpc"))
domainProps := &DomainProps{
	Version: awscdk.EngineVersion_OPENSEARCH_1_0(),
	RemovalPolicy: awscdk.RemovalPolicy_DESTROY,
	Vpc: Vpc,
	// must be enabled since our VPC contains multiple private subnets.
	ZoneAwareness: &ZoneAwarenessConfig{
		Enabled: jsii.Boolean(true),
	},
	Capacity: &CapacityConfig{
		// must be an even number since the default az count is 2.
		DataNodes: jsii.Number(2),
	},
}
awscdk.NewDomain(this, jsii.String("Domain"), domainProps)

In addition, you can use the vpcSubnets property to control which specific subnets will be used, and the securityGroups property to control which security groups will be attached to the domain. By default, CDK will select all private subnets in the VPC, and create one dedicated security group.

Metrics

Helper methods exist to access common domain metrics for example:

var domain domain

freeStorageSpace := domain.metricFreeStorageSpace()
masterSysMemoryUtilization := domain.metric(jsii.String("MasterSysMemoryUtilization"))

This module is part of the AWS Cloud Development Kit project.

Fine grained access control

The domain can also be created with a master user configured. The password can be supplied or dynamically created if not supplied.

domain := awscdk.NewDomain(this, jsii.String("Domain"), &DomainProps{
	Version: awscdk.EngineVersion_OPENSEARCH_1_0(),
	EnforceHttps: jsii.Boolean(true),
	NodeToNodeEncryption: jsii.Boolean(true),
	EncryptionAtRest: &EncryptionAtRestOptions{
		Enabled: jsii.Boolean(true),
	},
	FineGrainedAccessControl: &AdvancedSecurityOptions{
		MasterUserName: jsii.String("master-user"),
	},
})

masterUserPassword := domain.MasterUserPassword

SAML authentication

You can enable SAML authentication to use your existing identity provider to offer single sign-on (SSO) for dashboards on Amazon OpenSearch Service domains running OpenSearch or Elasticsearch 6.7 or later. To use SAML authentication, fine-grained access control must be enabled.

domain := awscdk.NewDomain(this, jsii.String("Domain"), &DomainProps{
	Version: awscdk.EngineVersion_OPENSEARCH_1_0(),
	EnforceHttps: jsii.Boolean(true),
	NodeToNodeEncryption: jsii.Boolean(true),
	EncryptionAtRest: &EncryptionAtRestOptions{
		Enabled: jsii.Boolean(true),
	},
	FineGrainedAccessControl: &AdvancedSecurityOptions{
		MasterUserName: jsii.String("master-user"),
		SamlAuthenticationEnabled: jsii.Boolean(true),
		SamlAuthenticationOptions: &SAMLOptionsProperty{
			IdpEntityId: jsii.String("entity-id"),
			IdpMetadataContent: jsii.String("metadata-content-with-quotes-escaped"),
		},
	},
})

Using unsigned basic auth

For convenience, the domain can be configured to allow unsigned HTTP requests that use basic auth. Unless the domain is configured to be part of a VPC this means anyone can access the domain using the configured master username and password.

To enable unsigned basic auth access the domain is configured with an access policy that allows anonymous requests, HTTPS required, node to node encryption, encryption at rest and fine grained access control.

If the above settings are not set they will be configured as part of enabling unsigned basic auth. If they are set with conflicting values, an error will be thrown.

If no master user is configured a default master user is created with the username admin.

If no password is configured a default master user password is created and stored in the AWS Secrets Manager as secret. The secret has the prefix <domain id>MasterUser.

domain := awscdk.NewDomain(this, jsii.String("Domain"), &DomainProps{
	Version: awscdk.EngineVersion_OPENSEARCH_1_0(),
	UseUnsignedBasicAuth: jsii.Boolean(true),
})

masterUserPassword := domain.MasterUserPassword

Custom access policies

If the domain requires custom access control it can be configured either as a constructor property, or later by means of a helper method.

For simple permissions the accessPolicies constructor may be sufficient:

domain := awscdk.NewDomain(this, jsii.String("Domain"), &DomainProps{
	Version: awscdk.EngineVersion_OPENSEARCH_1_0(),
	AccessPolicies: []policyStatement{
		iam.NewPolicyStatement(&PolicyStatementProps{
			Actions: []*string{
				jsii.String("es:*ESHttpPost"),
				jsii.String("es:ESHttpPut*"),
			},
			Effect: iam.Effect_ALLOW,
			Principals: []iPrincipal{
				iam.NewAccountPrincipal(jsii.String("123456789012")),
			},
			Resources: []*string{
				jsii.String("*"),
			},
		}),
	},
})

For more complex use-cases, for example, to set the domain up to receive data from a cross-account Kinesis Firehose the addAccessPolicies helper method allows for policies that include the explicit domain ARN.

domain := awscdk.NewDomain(this, jsii.String("Domain"), &DomainProps{
	Version: awscdk.EngineVersion_OPENSEARCH_1_0(),
})
domain.AddAccessPolicies(
iam.NewPolicyStatement(&PolicyStatementProps{
	Actions: []*string{
		jsii.String("es:ESHttpPost"),
		jsii.String("es:ESHttpPut"),
	},
	Effect: iam.Effect_ALLOW,
	Principals: []iPrincipal{
		iam.NewAccountPrincipal(jsii.String("123456789012")),
	},
	Resources: []*string{
		domain.DomainArn,
		fmt.Sprintf("%v/*", domain.*DomainArn),
	},
}),
iam.NewPolicyStatement(&PolicyStatementProps{
	Actions: []*string{
		jsii.String("es:ESHttpGet"),
	},
	Effect: iam.Effect_ALLOW,
	Principals: []*iPrincipal{
		iam.NewAccountPrincipal(jsii.String("123456789012")),
	},
	Resources: []*string{
		fmt.Sprintf("%v/_all/_settings", domain.*DomainArn),
		fmt.Sprintf("%v/_cluster/stats", domain.*DomainArn),
		fmt.Sprintf("%v/index-name*/_mapping/type-name", domain.*DomainArn),
		fmt.Sprintf("%v/roletest*/_mapping/roletest", domain.*DomainArn),
		fmt.Sprintf("%v/_nodes", domain.*DomainArn),
		fmt.Sprintf("%v/_nodes/stats", domain.*DomainArn),
		fmt.Sprintf("%v/_nodes/*/stats", domain.*DomainArn),
		fmt.Sprintf("%v/_stats", domain.*DomainArn),
		fmt.Sprintf("%v/index-name*/_stats", domain.*DomainArn),
		fmt.Sprintf("%v/roletest*/_stat", domain.*DomainArn),
	},
}))

Audit logs

Audit logs can be enabled for a domain, but only when fine grained access control is enabled.

domain := awscdk.NewDomain(this, jsii.String("Domain"), &DomainProps{
	Version: awscdk.EngineVersion_OPENSEARCH_1_0(),
	EnforceHttps: jsii.Boolean(true),
	NodeToNodeEncryption: jsii.Boolean(true),
	EncryptionAtRest: &EncryptionAtRestOptions{
		Enabled: jsii.Boolean(true),
	},
	FineGrainedAccessControl: &AdvancedSecurityOptions{
		MasterUserName: jsii.String("master-user"),
	},
	Logging: &LoggingOptions{
		AuditLogEnabled: jsii.Boolean(true),
		SlowSearchLogEnabled: jsii.Boolean(true),
		AppLogEnabled: jsii.Boolean(true),
		SlowIndexLogEnabled: jsii.Boolean(true),
	},
})

Suppress creating CloudWatch Logs resource policy

When logging is enabled for the domain, the CloudWatch Logs resource policy is created by default. This resource policy is necessary for logging, but since only a maximum of 10 resource policies can be created per region, the maximum number of resource policies may be a problem when enabling logging for several domains. By setting the suppressLogsResourcePolicy option to true, you can suppress the creation of a CloudWatch Logs resource policy.

If you set the suppressLogsResourcePolicy option to true, you must create a resource policy before deployment. Also, to avoid reaching this limit, consider reusing a broader policy that includes multiple log groups.

domain := awscdk.NewDomain(this, jsii.String("Domain"), &DomainProps{
	Version: awscdk.EngineVersion_OPENSEARCH_1_0(),
	EnforceHttps: jsii.Boolean(true),
	NodeToNodeEncryption: jsii.Boolean(true),
	EncryptionAtRest: &EncryptionAtRestOptions{
		Enabled: jsii.Boolean(true),
	},
	FineGrainedAccessControl: &AdvancedSecurityOptions{
		MasterUserName: jsii.String("master-user"),
	},
	Logging: &LoggingOptions{
		AuditLogEnabled: jsii.Boolean(true),
		SlowSearchLogEnabled: jsii.Boolean(true),
		AppLogEnabled: jsii.Boolean(true),
		SlowIndexLogEnabled: jsii.Boolean(true),
	},
	SuppressLogsResourcePolicy: jsii.Boolean(true),
})

Visit Monitoring OpenSearch logs with Amazon CloudWatch Logs for more details.

UltraWarm

UltraWarm nodes can be enabled to provide a cost-effective way to store large amounts of read-only data.

domain := awscdk.NewDomain(this, jsii.String("Domain"), &DomainProps{
	Version: awscdk.EngineVersion_OPENSEARCH_1_0(),
	Capacity: &CapacityConfig{
		MasterNodes: jsii.Number(2),
		WarmNodes: jsii.Number(2),
		WarmInstanceType: jsii.String("ultrawarm1.medium.search"),
	},
})

Cold storage

Cold storage can be enabled on the domain. You must enable UltraWarm storage to enable cold storage.

domain := awscdk.NewDomain(this, jsii.String("Domain"), &DomainProps{
	Version: awscdk.EngineVersion_OPENSEARCH_1_0(),
	Capacity: &CapacityConfig{
		MasterNodes: jsii.Number(2),
		WarmNodes: jsii.Number(2),
		WarmInstanceType: jsii.String("ultrawarm1.medium.search"),
	},
	ColdStorageEnabled: jsii.Boolean(true),
})

Custom endpoint

Custom endpoints can be configured to reach the domain under a custom domain name.

awscdk.NewDomain(this, jsii.String("Domain"), &DomainProps{
	Version: awscdk.EngineVersion_OPENSEARCH_1_0(),
	CustomEndpoint: &CustomEndpointOptions{
		DomainName: jsii.String("search.example.com"),
	},
})

It is also possible to specify a custom certificate instead of the auto-generated one.

Additionally, an automatic CNAME-Record is created if a hosted zone is provided for the custom endpoint

Advanced options

Advanced options can used to configure additional options.

awscdk.NewDomain(this, jsii.String("Domain"), &DomainProps{
	Version: awscdk.EngineVersion_OPENSEARCH_1_0(),
	AdvancedOptions: map[string]*string{
		"rest.action.multi.allow_explicit_index": jsii.String("false"),
		"indices.fielddata.cache.size": jsii.String("25"),
		"indices.query.bool.max_clause_count": jsii.String("2048"),
	},
})

Amazon Cognito authentication for OpenSearch Dashboards

The domain can be configured to use Amazon Cognito authentication for OpenSearch Dashboards.

Visit Configuring Amazon Cognito authentication for OpenSearch Dashboards for more details.

var cognitoConfigurationRole role


domain := awscdk.NewDomain(this, jsii.String("Domain"), &DomainProps{
	Version: awscdk.EngineVersion_OPENSEARCH_1_0(),
	CognitoDashboardsAuth: &CognitoOptions{
		Role: cognitoConfigurationRole,
		IdentityPoolId: jsii.String("example-identity-pool-id"),
		UserPoolId: jsii.String("example-user-pool-id"),
	},
})

## Enable support for Multi-AZ with Standby deployment

The domain can be configured to use multi-AZ with standby.

domain := awscdk.NewDomain(this, jsii.String("Domain"), &DomainProps{
	Version: awscdk.EngineVersion_OPENSEARCH_1_3(),
	Ebs: &EbsOptions{
		VolumeSize: jsii.Number(10),
		VolumeType: ec2.EbsDeviceVolumeType_GENERAL_PURPOSE_SSD_GP3,
	},
	ZoneAwareness: &ZoneAwarenessConfig{
		Enabled: jsii.Boolean(true),
		AvailabilityZoneCount: jsii.Number(3),
	},
	Capacity: &CapacityConfig{
		MultiAzWithStandbyEnabled: jsii.Boolean(true),
		MasterNodes: jsii.Number(3),
		DataNodes: jsii.Number(3),
	},
})

Define off-peak windows

The domain can be configured to use a daily 10-hour window considered as off-peak hours.

Off-peak windows were introduced on February 16, 2023. All domains created before this date have the off-peak window disabled by default. You must manually enable and configure the off-peak window for these domains. All domains created after this date will have the off-peak window enabled by default. You can't disable the off-peak window for a domain after it's enabled.

Visit Defining off-peak windows for Amazon OpenSearch Service for more details.

domain := awscdk.NewDomain(this, jsii.String("Domain"), &DomainProps{
	Version: awscdk.EngineVersion_OPENSEARCH_1_3(),
	OffPeakWindowEnabled: jsii.Boolean(true),
	 // can be omitted if offPeakWindowStart is set
	OffPeakWindowStart: &WindowStartTime{
		Hours: jsii.Number(20),
		Minutes: jsii.Number(0),
	},
})

Configuring service software updates

The domain can be configured to use service software updates.

Visit Service software updates in Amazon OpenSearch Service for more details.

domain := awscdk.NewDomain(this, jsii.String("Domain"), &DomainProps{
	Version: awscdk.EngineVersion_OPENSEARCH_1_3(),
	EnableAutoSoftwareUpdate: jsii.Boolean(true),
})

IP address type

You can specify either dual stack or IPv4 as your IP address type.

domain := awscdk.NewDomain(this, jsii.String("Domain"), &DomainProps{
	Version: awscdk.EngineVersion_OPENSEARCH_1_3(),
	IpAddressType: awscdk.IpAddressType_DUAL_STACK,
})

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CfnDomain_CFN_RESOURCE_TYPE_NAME 

func CfnDomain_CFN_RESOURCE_TYPE_NAME() *string

func CfnDomain_IsCfnElement 

func CfnDomain_IsCfnElement(x interface{}) *bool

Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).

Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.

Returns: The construct as a stack element or undefined if it is not a stack element.

func CfnDomain_IsCfnResource 

func CfnDomain_IsCfnResource(x interface{}) *bool

Check whether the given object is a CfnResource.

func CfnDomain_IsConstruct 

func CfnDomain_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func Domain_IsConstruct 

func Domain_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func Domain_IsOwnedResource added in v2.32.0 

func Domain_IsOwnedResource(construct constructs.IConstruct) *bool

Returns true if the construct was created by CDK, and false otherwise.

func Domain_IsResource 

func Domain_IsResource(construct constructs.IConstruct) *bool

Check whether the given construct is a Resource.

func NewCfnDomain_Override 

func NewCfnDomain_Override(c CfnDomain, scope constructs.Construct, id *string, props *CfnDomainProps)

func NewDomain_Override 

func NewDomain_Override(d Domain, scope constructs.Construct, id *string, props *DomainProps)

Types

type AdvancedSecurityOptions 

type AdvancedSecurityOptions struct {
	// ARN for the master user.
	//
	// Only specify this or masterUserName, but not both.
	// Default: - fine-grained access control is disabled.
	//
	MasterUserArn *string `field:"optional" json:"masterUserArn" yaml:"masterUserArn"`
	// Username for the master user.
	//
	// Only specify this or masterUserArn, but not both.
	// Default: - fine-grained access control is disabled.
	//
	MasterUserName *string `field:"optional" json:"masterUserName" yaml:"masterUserName"`
	// Password for the master user.
	//
	// You can use `SecretValue.unsafePlainText` to specify a password in plain text or
	// use `secretsmanager.Secret.fromSecretAttributes` to reference a secret in
	// Secrets Manager.
	// Default: - A Secrets Manager generated password.
	//
	MasterUserPassword awscdk.SecretValue `field:"optional" json:"masterUserPassword" yaml:"masterUserPassword"`
	// True to enable SAML authentication for a domain.
	// See: https://docs.aws.amazon.com/opensearch-service/latest/developerguide/saml.html
	//
	// Default: - SAML authentication is disabled. Enabled if `samlAuthenticationOptions` is set.
	//
	SamlAuthenticationEnabled *bool `field:"optional" json:"samlAuthenticationEnabled" yaml:"samlAuthenticationEnabled"`
	// Container for information about the SAML configuration for OpenSearch Dashboards.
	//
	// If set, `samlAuthenticationEnabled` will be enabled.
	// Default: - no SAML authentication options.
	//
	SamlAuthenticationOptions *SAMLOptionsProperty `field:"optional" json:"samlAuthenticationOptions" yaml:"samlAuthenticationOptions"`
}

Specifies options for fine-grained access control.

Example: 

domain := awscdk.NewDomain(this, jsii.String("Domain"), &DomainProps{
	Version: awscdk.EngineVersion_OPENSEARCH_1_0(),
	EnforceHttps: jsii.Boolean(true),
	NodeToNodeEncryption: jsii.Boolean(true),
	EncryptionAtRest: &EncryptionAtRestOptions{
		Enabled: jsii.Boolean(true),
	},
	FineGrainedAccessControl: &AdvancedSecurityOptions{
		MasterUserName: jsii.String("master-user"),
		SamlAuthenticationEnabled: jsii.Boolean(true),
		SamlAuthenticationOptions: &SAMLOptionsProperty{
			IdpEntityId: jsii.String("entity-id"),
			IdpMetadataContent: jsii.String("metadata-content-with-quotes-escaped"),
		},
	},
})

type CapacityConfig 

type CapacityConfig struct {
	// The instance type for your data nodes, such as `m3.medium.search`. For valid values, see [Supported Instance Types](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/supported-instance-types.html) in the Amazon OpenSearch Service Developer Guide.
	// Default: - r5.large.search
	//
	DataNodeInstanceType *string `field:"optional" json:"dataNodeInstanceType" yaml:"dataNodeInstanceType"`
	// The number of data nodes (instances) to use in the Amazon OpenSearch Service domain.
	// Default: - 1.
	//
	DataNodes *float64 `field:"optional" json:"dataNodes" yaml:"dataNodes"`
	// The hardware configuration of the computer that hosts the dedicated master node, such as `m3.medium.search`. For valid values, see [Supported Instance Types](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/supported-instance-types.html) in the Amazon OpenSearch Service Developer Guide.
	// Default: - r5.large.search
	//
	MasterNodeInstanceType *string `field:"optional" json:"masterNodeInstanceType" yaml:"masterNodeInstanceType"`
	// The number of instances to use for the master node.
	// Default: - no dedicated master nodes.
	//
	MasterNodes *float64 `field:"optional" json:"masterNodes" yaml:"masterNodes"`
	// Indicates whether Multi-AZ with Standby deployment option is enabled.
	//
	// For more information, see [Multi-AZ with
	// Standby](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/managedomains-multiaz.html#managedomains-za-standby)
	// Default: - multi-az with standby if the feature flag `ENABLE_OPENSEARCH_MULTIAZ_WITH_STANDBY`
	// is true, no multi-az with standby otherwise.
	//
	MultiAzWithStandbyEnabled *bool `field:"optional" json:"multiAzWithStandbyEnabled" yaml:"multiAzWithStandbyEnabled"`
	// The instance type for your UltraWarm node, such as `ultrawarm1.medium.search`. For valid values, see [UltraWarm Storage Limits](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/limits.html#limits-ultrawarm) in the Amazon OpenSearch Service Developer Guide.
	// Default: - ultrawarm1.medium.search
	//
	WarmInstanceType *string `field:"optional" json:"warmInstanceType" yaml:"warmInstanceType"`
	// The number of UltraWarm nodes (instances) to use in the Amazon OpenSearch Service domain.
	// Default: - no UltraWarm nodes.
	//
	WarmNodes *float64 `field:"optional" json:"warmNodes" yaml:"warmNodes"`
}

Configures the capacity of the cluster such as the instance type and the number of instances.

Example: 

domain := awscdk.NewDomain(this, jsii.String("Domain"), &DomainProps{
	Version: awscdk.EngineVersion_OPENSEARCH_1_0(),
	Capacity: &CapacityConfig{
		MasterNodes: jsii.Number(2),
		WarmNodes: jsii.Number(2),
		WarmInstanceType: jsii.String("ultrawarm1.medium.search"),
	},
	ColdStorageEnabled: jsii.Boolean(true),
})

type CfnDomain 

type CfnDomain interface {
	awscdk.CfnResource
	awscdk.IInspectable
	awscdk.ITaggable
	// An AWS Identity and Access Management ( IAM ) policy document that specifies who can access the OpenSearch Service domain and their permissions.
	AccessPolicies() interface{}
	SetAccessPolicies(val interface{})
	// Additional options to specify for the OpenSearch Service domain.
	AdvancedOptions() interface{}
	SetAdvancedOptions(val interface{})
	// Specifies options for fine-grained access control and SAML authentication.
	AdvancedSecurityOptions() interface{}
	SetAdvancedSecurityOptions(val interface{})
	// Date and time when the migration period will be disabled.
	//
	// Only necessary when [enabling fine-grained access control on an existing domain](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/fgac.html#fgac-enabling-existing) .
	AttrAdvancedSecurityOptionsAnonymousAuthDisableDate() *string
	// The Amazon Resource Name (ARN) of the CloudFormation stack.
	AttrArn() *string
	// The domain-specific endpoint used for requests to the OpenSearch APIs, such as `search-mystack-1ab2cdefghij-ab1c2deckoyb3hofw7wpqa3cm.us-west-1.es.amazonaws.com` .
	AttrDomainEndpoint() *string
	AttrDomainEndpoints() awscdk.IResolvable
	// If `IPAddressType` to set to `dualstack` , a version 2 domain endpoint is provisioned.
	//
	// This endpoint functions like a normal endpoint, except that it works with both IPv4 and IPv6 IP addresses. Normal endpoints work only with IPv4 IP addresses.
	AttrDomainEndpointV2() *string
	// The resource ID.
	//
	// For example, `123456789012/my-domain` .
	AttrId() *string
	AttrServiceSoftwareOptions() awscdk.IResolvable
	AttrServiceSoftwareOptionsAutomatedUpdateDate() *string
	AttrServiceSoftwareOptionsCancellable() awscdk.IResolvable
	AttrServiceSoftwareOptionsCurrentVersion() *string
	AttrServiceSoftwareOptionsDescription() *string
	AttrServiceSoftwareOptionsNewVersion() *string
	AttrServiceSoftwareOptionsOptionalDeployment() awscdk.IResolvable
	AttrServiceSoftwareOptionsUpdateAvailable() awscdk.IResolvable
	AttrServiceSoftwareOptionsUpdateStatus() *string
	// Options for this resource, such as condition, update policy etc.
	CfnOptions() awscdk.ICfnResourceOptions
	CfnProperties() *map[string]interface{}
	// AWS resource type.
	CfnResourceType() *string
	// Container for the cluster configuration of a domain.
	ClusterConfig() interface{}
	SetClusterConfig(val interface{})
	// Configures OpenSearch Service to use Amazon Cognito authentication for OpenSearch Dashboards.
	CognitoOptions() interface{}
	SetCognitoOptions(val interface{})
	// Returns: the stack trace of the point where this Resource was created from, sourced
	// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
	// node +internal+ entries filtered.
	CreationStack() *[]*string
	DomainArn() *string
	SetDomainArn(val *string)
	// Specifies additional options for the domain endpoint, such as whether to require HTTPS for all traffic or whether to use a custom endpoint rather than the default endpoint.
	DomainEndpointOptions() interface{}
	SetDomainEndpointOptions(val interface{})
	// A name for the OpenSearch Service domain.
	DomainName() *string
	SetDomainName(val *string)
	// The configurations of Amazon Elastic Block Store (Amazon EBS) volumes that are attached to data nodes in the OpenSearch Service domain.
	EbsOptions() interface{}
	SetEbsOptions(val interface{})
	// Whether the domain should encrypt data at rest, and if so, the AWS KMS key to use.
	EncryptionAtRestOptions() interface{}
	SetEncryptionAtRestOptions(val interface{})
	// The version of OpenSearch to use.
	EngineVersion() *string
	SetEngineVersion(val *string)
	// Choose either dual stack or IPv4 as your IP address type.
	IpAddressType() *string
	SetIpAddressType(val *string)
	// The logical ID for this CloudFormation stack element.
	//
	// The logical ID of the element
	// is calculated from the path of the resource node in the construct tree.
	//
	// To override this value, use `overrideLogicalId(newLogicalId)`.
	//
	// Returns: the logical ID as a stringified token. This value will only get
	// resolved during synthesis.
	LogicalId() *string
	// An object with one or more of the following keys: `SEARCH_SLOW_LOGS` , `ES_APPLICATION_LOGS` , `INDEX_SLOW_LOGS` , `AUDIT_LOGS` , depending on the types of logs you want to publish.
	LogPublishingOptions() interface{}
	SetLogPublishingOptions(val interface{})
	// The tree node.
	Node() constructs.Node
	// Specifies whether node-to-node encryption is enabled.
	NodeToNodeEncryptionOptions() interface{}
	SetNodeToNodeEncryptionOptions(val interface{})
	// Options for a domain's off-peak window, during which OpenSearch Service can perform mandatory configuration changes on the domain.
	OffPeakWindowOptions() interface{}
	SetOffPeakWindowOptions(val interface{})
	// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
	//
	// If, by any chance, the intrinsic reference of a resource is not a string, you could
	// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
	Ref() *string
	// *DEPRECATED* .
	SnapshotOptions() interface{}
	SetSnapshotOptions(val interface{})
	// Service software update options for the domain.
	SoftwareUpdateOptions() interface{}
	SetSoftwareUpdateOptions(val interface{})
	// The stack in which this element is defined.
	//
	// CfnElements must be defined within a stack scope (directly or indirectly).
	Stack() awscdk.Stack
	// Tag Manager which manages the tags for this resource.
	Tags() awscdk.TagManager
	// An arbitrary set of tags (key–value pairs) to associate with the OpenSearch Service domain.
	TagsRaw() *[]*awscdk.CfnTag
	SetTagsRaw(val *[]*awscdk.CfnTag)
	// Deprecated.
	// Deprecated: use `updatedProperties`
	//
	// Return properties modified after initiation
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperites() *map[string]interface{}
	// Return properties modified after initiation.
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperties() *map[string]interface{}
	// The virtual private cloud (VPC) configuration for the OpenSearch Service domain.
	VpcOptions() interface{}
	SetVpcOptions(val interface{})
	// Syntactic sugar for `addOverride(path, undefined)`.
	AddDeletionOverride(path *string)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	//
	// This can be used for resources across stacks (or nested stack) boundaries
	// and the dependency will automatically be transferred to the relevant scope.
	AddDependency(target awscdk.CfnResource)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	// Deprecated: use addDependency.
	AddDependsOn(target awscdk.CfnResource)
	// Add a value to the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	AddMetadata(key *string, value interface{})
	// Adds an override to the synthesized CloudFormation resource.
	//
	// To add a
	// property override, either use `addPropertyOverride` or prefix `path` with
	// "Properties." (i.e. `Properties.TopicName`).
	//
	// If the override is nested, separate each nested level using a dot (.) in the path parameter.
	// If there is an array as part of the nesting, specify the index in the path.
	//
	// To include a literal `.` in the property name, prefix with a `\`. In most
	// programming languages you will need to write this as `"\\."` because the
	// `\` itself will need to be escaped.
	//
	// For example,
	// “`typescript
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
	// “`
	// would add the overrides
	// “`json
	// "Properties": {
	//   "GlobalSecondaryIndexes": [
	//     {
	//       "Projection": {
	//         "NonKeyAttributes": [ "myattribute" ]
	//         ...
	//       }
	//       ...
	//     },
	//     {
	//       "ProjectionType": "INCLUDE"
	//       ...
	//     },
	//   ]
	//   ...
	// }
	// “`
	//
	// The `value` argument to `addOverride` will not be processed or translated
	// in any way. Pass raw JSON values in here with the correct capitalization
	// for CloudFormation. If you pass CDK classes or structs, they will be
	// rendered with lowercased key names, and CloudFormation will reject the
	// template.
	AddOverride(path *string, value interface{})
	// Adds an override that deletes the value of a property from the resource definition.
	AddPropertyDeletionOverride(propertyPath *string)
	// Adds an override to a resource property.
	//
	// Syntactic sugar for `addOverride("Properties.<...>", value)`.
	AddPropertyOverride(propertyPath *string, value interface{})
	// Sets the deletion policy of the resource based on the removal policy specified.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some
	// cases, a snapshot can be taken of the resource prior to deletion
	// (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy
	// can be found in the following link:.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options
	//
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
	// Returns a token for an runtime attribute of this resource.
	//
	// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
	// in case there is no generated attribute.
	GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference
	// Retrieve a value value from the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	GetMetadata(key *string) interface{}
	// Examines the CloudFormation resource and discloses attributes.
	Inspect(inspector awscdk.TreeInspector)
	// Retrieves an array of resources this resource depends on.
	//
	// This assembles dependencies on resources across stacks (including nested stacks)
	// automatically.
	ObtainDependencies() *[]interface{}
	// Get a shallow copy of dependencies between this resource and other resources in the same stack.
	ObtainResourceDependencies() *[]awscdk.CfnResource
	// Overrides the auto-generated logical ID with a specific ID.
	OverrideLogicalId(newLogicalId *string)
	// Indicates that this resource no longer depends on another resource.
	//
	// This can be used for resources across stacks (including nested stacks)
	// and the dependency will automatically be removed from the relevant scope.
	RemoveDependency(target awscdk.CfnResource)
	RenderProperties(props *map[string]interface{}) *map[string]interface{}
	// Replaces one dependency with another.
	ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource)
	// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
	//
	// Returns: `true` if the resource should be included or `false` is the resource
	// should be omitted.
	ShouldSynthesize() *bool
	// Returns a string representation of this construct.
	//
	// Returns: a string representation of this resource.
	ToString() *string
	ValidateProperties(_properties interface{})
}

The AWS::OpenSearchService::Domain resource creates an Amazon OpenSearch Service domain.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

var accessPolicies interface{}

cfnDomain := awscdk.Aws_opensearchservice.NewCfnDomain(this, jsii.String("MyCfnDomain"), &CfnDomainProps{
	AccessPolicies: accessPolicies,
	AdvancedOptions: map[string]*string{
		"advancedOptionsKey": jsii.String("advancedOptions"),
	},
	AdvancedSecurityOptions: &AdvancedSecurityOptionsInputProperty{
		AnonymousAuthDisableDate: jsii.String("anonymousAuthDisableDate"),
		AnonymousAuthEnabled: jsii.Boolean(false),
		Enabled: jsii.Boolean(false),
		InternalUserDatabaseEnabled: jsii.Boolean(false),
		MasterUserOptions: &MasterUserOptionsProperty{
			MasterUserArn: jsii.String("masterUserArn"),
			MasterUserName: jsii.String("masterUserName"),
			MasterUserPassword: jsii.String("masterUserPassword"),
		},
		SamlOptions: &SAMLOptionsProperty{
			Enabled: jsii.Boolean(false),
			Idp: &IdpProperty{
				EntityId: jsii.String("entityId"),
				MetadataContent: jsii.String("metadataContent"),
			},
			MasterBackendRole: jsii.String("masterBackendRole"),
			MasterUserName: jsii.String("masterUserName"),
			RolesKey: jsii.String("rolesKey"),
			SessionTimeoutMinutes: jsii.Number(123),
			SubjectKey: jsii.String("subjectKey"),
		},
	},
	ClusterConfig: &ClusterConfigProperty{
		ColdStorageOptions: &ColdStorageOptionsProperty{
			Enabled: jsii.Boolean(false),
		},
		DedicatedMasterCount: jsii.Number(123),
		DedicatedMasterEnabled: jsii.Boolean(false),
		DedicatedMasterType: jsii.String("dedicatedMasterType"),
		InstanceCount: jsii.Number(123),
		InstanceType: jsii.String("instanceType"),
		MultiAzWithStandbyEnabled: jsii.Boolean(false),
		WarmCount: jsii.Number(123),
		WarmEnabled: jsii.Boolean(false),
		WarmType: jsii.String("warmType"),
		ZoneAwarenessConfig: &ZoneAwarenessConfigProperty{
			AvailabilityZoneCount: jsii.Number(123),
		},
		ZoneAwarenessEnabled: jsii.Boolean(false),
	},
	CognitoOptions: &CognitoOptionsProperty{
		Enabled: jsii.Boolean(false),
		IdentityPoolId: jsii.String("identityPoolId"),
		RoleArn: jsii.String("roleArn"),
		UserPoolId: jsii.String("userPoolId"),
	},
	DomainArn: jsii.String("domainArn"),
	DomainEndpointOptions: &DomainEndpointOptionsProperty{
		CustomEndpoint: jsii.String("customEndpoint"),
		CustomEndpointCertificateArn: jsii.String("customEndpointCertificateArn"),
		CustomEndpointEnabled: jsii.Boolean(false),
		EnforceHttps: jsii.Boolean(false),
		TlsSecurityPolicy: jsii.String("tlsSecurityPolicy"),
	},
	DomainName: jsii.String("domainName"),
	EbsOptions: &EBSOptionsProperty{
		EbsEnabled: jsii.Boolean(false),
		Iops: jsii.Number(123),
		Throughput: jsii.Number(123),
		VolumeSize: jsii.Number(123),
		VolumeType: jsii.String("volumeType"),
	},
	EncryptionAtRestOptions: &EncryptionAtRestOptionsProperty{
		Enabled: jsii.Boolean(false),
		KmsKeyId: jsii.String("kmsKeyId"),
	},
	EngineVersion: jsii.String("engineVersion"),
	IpAddressType: jsii.String("ipAddressType"),
	LogPublishingOptions: map[string]interface{}{
		"logPublishingOptionsKey": &LogPublishingOptionProperty{
			"cloudWatchLogsLogGroupArn": jsii.String("cloudWatchLogsLogGroupArn"),
			"enabled": jsii.Boolean(false),
		},
	},
	NodeToNodeEncryptionOptions: &NodeToNodeEncryptionOptionsProperty{
		Enabled: jsii.Boolean(false),
	},
	OffPeakWindowOptions: &OffPeakWindowOptionsProperty{
		Enabled: jsii.Boolean(false),
		OffPeakWindow: &OffPeakWindowProperty{
			WindowStartTime: &WindowStartTimeProperty{
				Hours: jsii.Number(123),
				Minutes: jsii.Number(123),
			},
		},
	},
	SnapshotOptions: &SnapshotOptionsProperty{
		AutomatedSnapshotStartHour: jsii.Number(123),
	},
	SoftwareUpdateOptions: &SoftwareUpdateOptionsProperty{
		AutoSoftwareUpdateEnabled: jsii.Boolean(false),
	},
	Tags: []cfnTag{
		&cfnTag{
			Key: jsii.String("key"),
			Value: jsii.String("value"),
		},
	},
	VpcOptions: &VPCOptionsProperty{
		SecurityGroupIds: []*string{
			jsii.String("securityGroupIds"),
		},
		SubnetIds: []*string{
			jsii.String("subnetIds"),
		},
	},
})

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html

func NewCfnDomain 

func NewCfnDomain(scope constructs.Construct, id *string, props *CfnDomainProps) CfnDomain

type CfnDomainProps 

type CfnDomainProps struct {
	// An AWS Identity and Access Management ( IAM ) policy document that specifies who can access the OpenSearch Service domain and their permissions.
	//
	// For more information, see [Configuring access policies](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/ac.html#ac-creating) in the *Amazon OpenSearch Service Developer Guide* .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html#cfn-opensearchservice-domain-accesspolicies
	//
	AccessPolicies interface{} `field:"optional" json:"accessPolicies" yaml:"accessPolicies"`
	// Additional options to specify for the OpenSearch Service domain.
	//
	// For more information, see [AdvancedOptions](https://docs.aws.amazon.com/opensearch-service/latest/APIReference/API_CreateDomain.html#API_CreateDomain_RequestBody) in the OpenSearch Service API reference.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html#cfn-opensearchservice-domain-advancedoptions
	//
	AdvancedOptions interface{} `field:"optional" json:"advancedOptions" yaml:"advancedOptions"`
	// Specifies options for fine-grained access control and SAML authentication.
	//
	// If you specify advanced security options, you must also enable node-to-node encryption ( [NodeToNodeEncryptionOptions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-nodetonodeencryptionoptions.html) ) and encryption at rest ( [EncryptionAtRestOptions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-encryptionatrestoptions.html) ). You must also enable `EnforceHTTPS` within [DomainEndpointOptions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-domainendpointoptions.html) , which requires HTTPS for all traffic to the domain.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html#cfn-opensearchservice-domain-advancedsecurityoptions
	//
	AdvancedSecurityOptions interface{} `field:"optional" json:"advancedSecurityOptions" yaml:"advancedSecurityOptions"`
	// Container for the cluster configuration of a domain.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html#cfn-opensearchservice-domain-clusterconfig
	//
	ClusterConfig interface{} `field:"optional" json:"clusterConfig" yaml:"clusterConfig"`
	// Configures OpenSearch Service to use Amazon Cognito authentication for OpenSearch Dashboards.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html#cfn-opensearchservice-domain-cognitooptions
	//
	CognitoOptions interface{} `field:"optional" json:"cognitoOptions" yaml:"cognitoOptions"`
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html#cfn-opensearchservice-domain-domainarn
	//
	DomainArn *string `field:"optional" json:"domainArn" yaml:"domainArn"`
	// Specifies additional options for the domain endpoint, such as whether to require HTTPS for all traffic or whether to use a custom endpoint rather than the default endpoint.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html#cfn-opensearchservice-domain-domainendpointoptions
	//
	DomainEndpointOptions interface{} `field:"optional" json:"domainEndpointOptions" yaml:"domainEndpointOptions"`
	// A name for the OpenSearch Service domain.
	//
	// The name must have a minimum length of 3 and a maximum length of 28. If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the domain name. For more information, see [Name Type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html) .
	//
	// Required when creating a new domain.
	//
	// > If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html#cfn-opensearchservice-domain-domainname
	//
	DomainName *string `field:"optional" json:"domainName" yaml:"domainName"`
	// The configurations of Amazon Elastic Block Store (Amazon EBS) volumes that are attached to data nodes in the OpenSearch Service domain.
	//
	// For more information, see [EBS volume size limits](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/limits.html#ebsresource) in the *Amazon OpenSearch Service Developer Guide* .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html#cfn-opensearchservice-domain-ebsoptions
	//
	EbsOptions interface{} `field:"optional" json:"ebsOptions" yaml:"ebsOptions"`
	// Whether the domain should encrypt data at rest, and if so, the AWS KMS key to use.
	//
	// See [Encryption of data at rest for Amazon OpenSearch Service](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/encryption-at-rest.html) .
	//
	// If no encryption at rest options were initially specified in the template, updating this property by adding it causes no interruption. However, if you change this property after it's already been set within a template, the domain is deleted and recreated in order to modify the property.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html#cfn-opensearchservice-domain-encryptionatrestoptions
	//
	EncryptionAtRestOptions interface{} `field:"optional" json:"encryptionAtRestOptions" yaml:"encryptionAtRestOptions"`
	// The version of OpenSearch to use.
	//
	// The value must be in the format `OpenSearch_X.Y` or `Elasticsearch_X.Y` . If not specified, the latest version of OpenSearch is used. For information about the versions that OpenSearch Service supports, see [Supported versions of OpenSearch and Elasticsearch](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/what-is.html#choosing-version) in the *Amazon OpenSearch Service Developer Guide* .
	//
	// If you set the [EnableVersionUpgrade](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-updatepolicy.html#cfn-attributes-updatepolicy-upgradeopensearchdomain) update policy to `true` , you can update `EngineVersion` without interruption. When `EnableVersionUpgrade` is set to `false` , or is not specified, updating `EngineVersion` results in [replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html#cfn-opensearchservice-domain-engineversion
	//
	EngineVersion *string `field:"optional" json:"engineVersion" yaml:"engineVersion"`
	// Choose either dual stack or IPv4 as your IP address type.
	//
	// Dual stack allows you to share domain resources across IPv4 and IPv6 address types, and is the recommended option. If you set your IP address type to dual stack, you can't change your address type later.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html#cfn-opensearchservice-domain-ipaddresstype
	//
	IpAddressType *string `field:"optional" json:"ipAddressType" yaml:"ipAddressType"`
	// An object with one or more of the following keys: `SEARCH_SLOW_LOGS` , `ES_APPLICATION_LOGS` , `INDEX_SLOW_LOGS` , `AUDIT_LOGS` , depending on the types of logs you want to publish.
	//
	// Each key needs a valid `LogPublishingOption` value. For the full syntax, see the [examples](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html#aws-resource-opensearchservice-domain--examples) .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html#cfn-opensearchservice-domain-logpublishingoptions
	//
	LogPublishingOptions interface{} `field:"optional" json:"logPublishingOptions" yaml:"logPublishingOptions"`
	// Specifies whether node-to-node encryption is enabled.
	//
	// See [Node-to-node encryption for Amazon OpenSearch Service](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/ntn.html) .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html#cfn-opensearchservice-domain-nodetonodeencryptionoptions
	//
	NodeToNodeEncryptionOptions interface{} `field:"optional" json:"nodeToNodeEncryptionOptions" yaml:"nodeToNodeEncryptionOptions"`
	// Options for a domain's off-peak window, during which OpenSearch Service can perform mandatory configuration changes on the domain.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html#cfn-opensearchservice-domain-offpeakwindowoptions
	//
	OffPeakWindowOptions interface{} `field:"optional" json:"offPeakWindowOptions" yaml:"offPeakWindowOptions"`
	// *DEPRECATED* .
	//
	// The automated snapshot configuration for the OpenSearch Service domain indexes.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html#cfn-opensearchservice-domain-snapshotoptions
	//
	SnapshotOptions interface{} `field:"optional" json:"snapshotOptions" yaml:"snapshotOptions"`
	// Service software update options for the domain.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html#cfn-opensearchservice-domain-softwareupdateoptions
	//
	SoftwareUpdateOptions interface{} `field:"optional" json:"softwareUpdateOptions" yaml:"softwareUpdateOptions"`
	// An arbitrary set of tags (key–value pairs) to associate with the OpenSearch Service domain.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html#cfn-opensearchservice-domain-tags
	//
	Tags *[]*awscdk.CfnTag `field:"optional" json:"tags" yaml:"tags"`
	// The virtual private cloud (VPC) configuration for the OpenSearch Service domain.
	//
	// For more information, see [Launching your Amazon OpenSearch Service domains within a VPC](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/vpc.html) in the *Amazon OpenSearch Service Developer Guide* .
	//
	// If you remove this entity altogether, along with its associated properties, it causes a replacement. You might encounter this scenario if you're updating your security configuration from a VPC to a public endpoint.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html#cfn-opensearchservice-domain-vpcoptions
	//
	VpcOptions interface{} `field:"optional" json:"vpcOptions" yaml:"vpcOptions"`
}

Properties for defining a `CfnDomain`.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

var accessPolicies interface{}

cfnDomainProps := &CfnDomainProps{
	AccessPolicies: accessPolicies,
	AdvancedOptions: map[string]*string{
		"advancedOptionsKey": jsii.String("advancedOptions"),
	},
	AdvancedSecurityOptions: &AdvancedSecurityOptionsInputProperty{
		AnonymousAuthDisableDate: jsii.String("anonymousAuthDisableDate"),
		AnonymousAuthEnabled: jsii.Boolean(false),
		Enabled: jsii.Boolean(false),
		InternalUserDatabaseEnabled: jsii.Boolean(false),
		MasterUserOptions: &MasterUserOptionsProperty{
			MasterUserArn: jsii.String("masterUserArn"),
			MasterUserName: jsii.String("masterUserName"),
			MasterUserPassword: jsii.String("masterUserPassword"),
		},
		SamlOptions: &SAMLOptionsProperty{
			Enabled: jsii.Boolean(false),
			Idp: &IdpProperty{
				EntityId: jsii.String("entityId"),
				MetadataContent: jsii.String("metadataContent"),
			},
			MasterBackendRole: jsii.String("masterBackendRole"),
			MasterUserName: jsii.String("masterUserName"),
			RolesKey: jsii.String("rolesKey"),
			SessionTimeoutMinutes: jsii.Number(123),
			SubjectKey: jsii.String("subjectKey"),
		},
	},
	ClusterConfig: &ClusterConfigProperty{
		ColdStorageOptions: &ColdStorageOptionsProperty{
			Enabled: jsii.Boolean(false),
		},
		DedicatedMasterCount: jsii.Number(123),
		DedicatedMasterEnabled: jsii.Boolean(false),
		DedicatedMasterType: jsii.String("dedicatedMasterType"),
		InstanceCount: jsii.Number(123),
		InstanceType: jsii.String("instanceType"),
		MultiAzWithStandbyEnabled: jsii.Boolean(false),
		WarmCount: jsii.Number(123),
		WarmEnabled: jsii.Boolean(false),
		WarmType: jsii.String("warmType"),
		ZoneAwarenessConfig: &ZoneAwarenessConfigProperty{
			AvailabilityZoneCount: jsii.Number(123),
		},
		ZoneAwarenessEnabled: jsii.Boolean(false),
	},
	CognitoOptions: &CognitoOptionsProperty{
		Enabled: jsii.Boolean(false),
		IdentityPoolId: jsii.String("identityPoolId"),
		RoleArn: jsii.String("roleArn"),
		UserPoolId: jsii.String("userPoolId"),
	},
	DomainArn: jsii.String("domainArn"),
	DomainEndpointOptions: &DomainEndpointOptionsProperty{
		CustomEndpoint: jsii.String("customEndpoint"),
		CustomEndpointCertificateArn: jsii.String("customEndpointCertificateArn"),
		CustomEndpointEnabled: jsii.Boolean(false),
		EnforceHttps: jsii.Boolean(false),
		TlsSecurityPolicy: jsii.String("tlsSecurityPolicy"),
	},
	DomainName: jsii.String("domainName"),
	EbsOptions: &EBSOptionsProperty{
		EbsEnabled: jsii.Boolean(false),
		Iops: jsii.Number(123),
		Throughput: jsii.Number(123),
		VolumeSize: jsii.Number(123),
		VolumeType: jsii.String("volumeType"),
	},
	EncryptionAtRestOptions: &EncryptionAtRestOptionsProperty{
		Enabled: jsii.Boolean(false),
		KmsKeyId: jsii.String("kmsKeyId"),
	},
	EngineVersion: jsii.String("engineVersion"),
	IpAddressType: jsii.String("ipAddressType"),
	LogPublishingOptions: map[string]interface{}{
		"logPublishingOptionsKey": &LogPublishingOptionProperty{
			"cloudWatchLogsLogGroupArn": jsii.String("cloudWatchLogsLogGroupArn"),
			"enabled": jsii.Boolean(false),
		},
	},
	NodeToNodeEncryptionOptions: &NodeToNodeEncryptionOptionsProperty{
		Enabled: jsii.Boolean(false),
	},
	OffPeakWindowOptions: &OffPeakWindowOptionsProperty{
		Enabled: jsii.Boolean(false),
		OffPeakWindow: &OffPeakWindowProperty{
			WindowStartTime: &WindowStartTimeProperty{
				Hours: jsii.Number(123),
				Minutes: jsii.Number(123),
			},
		},
	},
	SnapshotOptions: &SnapshotOptionsProperty{
		AutomatedSnapshotStartHour: jsii.Number(123),
	},
	SoftwareUpdateOptions: &SoftwareUpdateOptionsProperty{
		AutoSoftwareUpdateEnabled: jsii.Boolean(false),
	},
	Tags: []cfnTag{
		&cfnTag{
			Key: jsii.String("key"),
			Value: jsii.String("value"),
		},
	},
	VpcOptions: &VPCOptionsProperty{
		SecurityGroupIds: []*string{
			jsii.String("securityGroupIds"),
		},
		SubnetIds: []*string{
			jsii.String("subnetIds"),
		},
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html

type CfnDomain_AdvancedSecurityOptionsInputProperty 

type CfnDomain_AdvancedSecurityOptionsInputProperty struct {
	// Date and time when the migration period will be disabled.
	//
	// Only necessary when [enabling fine-grained access control on an existing domain](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/fgac.html#fgac-enabling-existing) .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-advancedsecurityoptionsinput.html#cfn-opensearchservice-domain-advancedsecurityoptionsinput-anonymousauthdisabledate
	//
	AnonymousAuthDisableDate *string `field:"optional" json:"anonymousAuthDisableDate" yaml:"anonymousAuthDisableDate"`
	// True to enable a 30-day migration period during which administrators can create role mappings.
	//
	// Only necessary when [enabling fine-grained access control on an existing domain](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/fgac.html#fgac-enabling-existing) .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-advancedsecurityoptionsinput.html#cfn-opensearchservice-domain-advancedsecurityoptionsinput-anonymousauthenabled
	//
	AnonymousAuthEnabled interface{} `field:"optional" json:"anonymousAuthEnabled" yaml:"anonymousAuthEnabled"`
	// True to enable fine-grained access control.
	//
	// You must also enable encryption of data at rest and node-to-node encryption. See [Fine-grained access control in Amazon OpenSearch Service](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/fgac.html) .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-advancedsecurityoptionsinput.html#cfn-opensearchservice-domain-advancedsecurityoptionsinput-enabled
	//
	Enabled interface{} `field:"optional" json:"enabled" yaml:"enabled"`
	// True to enable the internal user database.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-advancedsecurityoptionsinput.html#cfn-opensearchservice-domain-advancedsecurityoptionsinput-internaluserdatabaseenabled
	//
	InternalUserDatabaseEnabled interface{} `field:"optional" json:"internalUserDatabaseEnabled" yaml:"internalUserDatabaseEnabled"`
	// Specifies information about the master user.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-advancedsecurityoptionsinput.html#cfn-opensearchservice-domain-advancedsecurityoptionsinput-masteruseroptions
	//
	MasterUserOptions interface{} `field:"optional" json:"masterUserOptions" yaml:"masterUserOptions"`
	// Container for information about the SAML configuration for OpenSearch Dashboards.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-advancedsecurityoptionsinput.html#cfn-opensearchservice-domain-advancedsecurityoptionsinput-samloptions
	//
	SamlOptions interface{} `field:"optional" json:"samlOptions" yaml:"samlOptions"`
}

Specifies options for fine-grained access control.

If you specify advanced security options, you must also enable node-to-node encryption ( [NodeToNodeEncryptionOptions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-nodetonodeencryptionoptions.html) ) and encryption at rest ( EncryptionAtRestOptions(https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-encryptionatrestoptions.html) ). You must also enable `EnforceHTTPS` within [DomainEndpointOptions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-domainendpointoptions.html) , which requires HTTPS for all traffic to the domain.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

advancedSecurityOptionsInputProperty := &AdvancedSecurityOptionsInputProperty{
	AnonymousAuthDisableDate: jsii.String("anonymousAuthDisableDate"),
	AnonymousAuthEnabled: jsii.Boolean(false),
	Enabled: jsii.Boolean(false),
	InternalUserDatabaseEnabled: jsii.Boolean(false),
	MasterUserOptions: &MasterUserOptionsProperty{
		MasterUserArn: jsii.String("masterUserArn"),
		MasterUserName: jsii.String("masterUserName"),
		MasterUserPassword: jsii.String("masterUserPassword"),
	},
	SamlOptions: &SAMLOptionsProperty{
		Enabled: jsii.Boolean(false),
		Idp: &IdpProperty{
			EntityId: jsii.String("entityId"),
			MetadataContent: jsii.String("metadataContent"),
		},
		MasterBackendRole: jsii.String("masterBackendRole"),
		MasterUserName: jsii.String("masterUserName"),
		RolesKey: jsii.String("rolesKey"),
		SessionTimeoutMinutes: jsii.Number(123),
		SubjectKey: jsii.String("subjectKey"),
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-advancedsecurityoptionsinput.html

type CfnDomain_ClusterConfigProperty 

type CfnDomain_ClusterConfigProperty struct {
	// Container for cold storage configuration options.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-clusterconfig.html#cfn-opensearchservice-domain-clusterconfig-coldstorageoptions
	//
	ColdStorageOptions interface{} `field:"optional" json:"coldStorageOptions" yaml:"coldStorageOptions"`
	// The number of instances to use for the master node.
	//
	// If you specify this property, you must specify `true` for the `DedicatedMasterEnabled` property.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-clusterconfig.html#cfn-opensearchservice-domain-clusterconfig-dedicatedmastercount
	//
	DedicatedMasterCount *float64 `field:"optional" json:"dedicatedMasterCount" yaml:"dedicatedMasterCount"`
	// Indicates whether to use a dedicated master node for the OpenSearch Service domain.
	//
	// A dedicated master node is a cluster node that performs cluster management tasks, but doesn't hold data or respond to data upload requests. Dedicated master nodes offload cluster management tasks to increase the stability of your search clusters. See [Dedicated master nodes in Amazon OpenSearch Service](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/managedomains-dedicatedmasternodes.html) .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-clusterconfig.html#cfn-opensearchservice-domain-clusterconfig-dedicatedmasterenabled
	//
	DedicatedMasterEnabled interface{} `field:"optional" json:"dedicatedMasterEnabled" yaml:"dedicatedMasterEnabled"`
	// The hardware configuration of the computer that hosts the dedicated master node, such as `m3.medium.search` . If you specify this property, you must specify `true` for the `DedicatedMasterEnabled` property. For valid values, see [Supported instance types in Amazon OpenSearch Service](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/supported-instance-types.html) .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-clusterconfig.html#cfn-opensearchservice-domain-clusterconfig-dedicatedmastertype
	//
	DedicatedMasterType *string `field:"optional" json:"dedicatedMasterType" yaml:"dedicatedMasterType"`
	// The number of data nodes (instances) to use in the OpenSearch Service domain.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-clusterconfig.html#cfn-opensearchservice-domain-clusterconfig-instancecount
	//
	InstanceCount *float64 `field:"optional" json:"instanceCount" yaml:"instanceCount"`
	// The instance type for your data nodes, such as `m3.medium.search` . For valid values, see [Supported instance types in Amazon OpenSearch Service](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/supported-instance-types.html) .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-clusterconfig.html#cfn-opensearchservice-domain-clusterconfig-instancetype
	//
	InstanceType *string `field:"optional" json:"instanceType" yaml:"instanceType"`
	// Indicates whether Multi-AZ with Standby deployment option is enabled.
	//
	// For more information, see [Multi-AZ with Standby](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/managedomains-multiaz.html#managedomains-za-standby) .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-clusterconfig.html#cfn-opensearchservice-domain-clusterconfig-multiazwithstandbyenabled
	//
	MultiAzWithStandbyEnabled interface{} `field:"optional" json:"multiAzWithStandbyEnabled" yaml:"multiAzWithStandbyEnabled"`
	// The number of warm nodes in the cluster.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-clusterconfig.html#cfn-opensearchservice-domain-clusterconfig-warmcount
	//
	WarmCount *float64 `field:"optional" json:"warmCount" yaml:"warmCount"`
	// Whether to enable UltraWarm storage for the cluster.
	//
	// See [UltraWarm storage for Amazon OpenSearch Service](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/ultrawarm.html) .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-clusterconfig.html#cfn-opensearchservice-domain-clusterconfig-warmenabled
	//
	WarmEnabled interface{} `field:"optional" json:"warmEnabled" yaml:"warmEnabled"`
	// The instance type for the cluster's warm nodes.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-clusterconfig.html#cfn-opensearchservice-domain-clusterconfig-warmtype
	//
	WarmType *string `field:"optional" json:"warmType" yaml:"warmType"`
	// Specifies zone awareness configuration options.
	//
	// Only use if `ZoneAwarenessEnabled` is `true` .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-clusterconfig.html#cfn-opensearchservice-domain-clusterconfig-zoneawarenessconfig
	//
	ZoneAwarenessConfig interface{} `field:"optional" json:"zoneAwarenessConfig" yaml:"zoneAwarenessConfig"`
	// Indicates whether to enable zone awareness for the OpenSearch Service domain.
	//
	// When you enable zone awareness, OpenSearch Service allocates the nodes and replica index shards that belong to a cluster across two Availability Zones (AZs) in the same region to prevent data loss and minimize downtime in the event of node or data center failure. Don't enable zone awareness if your cluster has no replica index shards or is a single-node cluster. For more information, see [Configuring a multi-AZ domain in Amazon OpenSearch Service](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/managedomains-multiaz.html) .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-clusterconfig.html#cfn-opensearchservice-domain-clusterconfig-zoneawarenessenabled
	//
	ZoneAwarenessEnabled interface{} `field:"optional" json:"zoneAwarenessEnabled" yaml:"zoneAwarenessEnabled"`
}

The cluster configuration for the OpenSearch Service domain.

You can specify options such as the instance type and the number of instances. For more information, see [Creating and managing Amazon OpenSearch Service domains](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/createupdatedomains.html) in the *Amazon OpenSearch Service Developer Guide* .

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

clusterConfigProperty := &ClusterConfigProperty{
	ColdStorageOptions: &ColdStorageOptionsProperty{
		Enabled: jsii.Boolean(false),
	},
	DedicatedMasterCount: jsii.Number(123),
	DedicatedMasterEnabled: jsii.Boolean(false),
	DedicatedMasterType: jsii.String("dedicatedMasterType"),
	InstanceCount: jsii.Number(123),
	InstanceType: jsii.String("instanceType"),
	MultiAzWithStandbyEnabled: jsii.Boolean(false),
	WarmCount: jsii.Number(123),
	WarmEnabled: jsii.Boolean(false),
	WarmType: jsii.String("warmType"),
	ZoneAwarenessConfig: &ZoneAwarenessConfigProperty{
		AvailabilityZoneCount: jsii.Number(123),
	},
	ZoneAwarenessEnabled: jsii.Boolean(false),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-clusterconfig.html

type CfnDomain_CognitoOptionsProperty 

type CfnDomain_CognitoOptionsProperty struct {
	// Whether to enable or disable Amazon Cognito authentication for OpenSearch Dashboards.
	//
	// See [Amazon Cognito authentication for OpenSearch Dashboards](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/cognito-auth.html) .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-cognitooptions.html#cfn-opensearchservice-domain-cognitooptions-enabled
	//
	Enabled interface{} `field:"optional" json:"enabled" yaml:"enabled"`
	// The Amazon Cognito identity pool ID that you want OpenSearch Service to use for OpenSearch Dashboards authentication.
	//
	// Required if you enabled Cognito Authentication for OpenSearch Dashboards.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-cognitooptions.html#cfn-opensearchservice-domain-cognitooptions-identitypoolid
	//
	IdentityPoolId *string `field:"optional" json:"identityPoolId" yaml:"identityPoolId"`
	// The `AmazonOpenSearchServiceCognitoAccess` role that allows OpenSearch Service to configure your user pool and identity pool.
	//
	// Required if you enabled Cognito Authentication for OpenSearch Dashboards.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-cognitooptions.html#cfn-opensearchservice-domain-cognitooptions-rolearn
	//
	RoleArn *string `field:"optional" json:"roleArn" yaml:"roleArn"`
	// The Amazon Cognito user pool ID that you want OpenSearch Service to use for OpenSearch Dashboards authentication.
	//
	// Required if you enabled Cognito Authentication for OpenSearch Dashboards.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-cognitooptions.html#cfn-opensearchservice-domain-cognitooptions-userpoolid
	//
	UserPoolId *string `field:"optional" json:"userPoolId" yaml:"userPoolId"`
}

Configures OpenSearch Service to use Amazon Cognito authentication for OpenSearch Dashboards.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cognitoOptionsProperty := &CognitoOptionsProperty{
	Enabled: jsii.Boolean(false),
	IdentityPoolId: jsii.String("identityPoolId"),
	RoleArn: jsii.String("roleArn"),
	UserPoolId: jsii.String("userPoolId"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-cognitooptions.html

type CfnDomain_ColdStorageOptionsProperty added in v2.123.0 

type CfnDomain_ColdStorageOptionsProperty struct {
	// Whether to enable or disable cold storage on the domain.
	//
	// You must enable UltraWarm storage to enable cold storage.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-coldstorageoptions.html#cfn-opensearchservice-domain-coldstorageoptions-enabled
	//
	Enabled interface{} `field:"optional" json:"enabled" yaml:"enabled"`
}

Container for the parameters required to enable cold storage for an OpenSearch Service domain.

For more information, see [Cold storage for Amazon OpenSearch Service](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/cold-storage.html) .

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

coldStorageOptionsProperty := &ColdStorageOptionsProperty{
	Enabled: jsii.Boolean(false),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-coldstorageoptions.html

type CfnDomain_DomainEndpointOptionsProperty 

type CfnDomain_DomainEndpointOptionsProperty struct {
	// The fully qualified URL for your custom endpoint.
	//
	// Required if you enabled a custom endpoint for the domain.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-domainendpointoptions.html#cfn-opensearchservice-domain-domainendpointoptions-customendpoint
	//
	CustomEndpoint *string `field:"optional" json:"customEndpoint" yaml:"customEndpoint"`
	// The AWS Certificate Manager ARN for your domain's SSL/TLS certificate.
	//
	// Required if you enabled a custom endpoint for the domain.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-domainendpointoptions.html#cfn-opensearchservice-domain-domainendpointoptions-customendpointcertificatearn
	//
	CustomEndpointCertificateArn *string `field:"optional" json:"customEndpointCertificateArn" yaml:"customEndpointCertificateArn"`
	// True to enable a custom endpoint for the domain.
	//
	// If enabled, you must also provide values for `CustomEndpoint` and `CustomEndpointCertificateArn` .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-domainendpointoptions.html#cfn-opensearchservice-domain-domainendpointoptions-customendpointenabled
	//
	CustomEndpointEnabled interface{} `field:"optional" json:"customEndpointEnabled" yaml:"customEndpointEnabled"`
	// True to require that all traffic to the domain arrive over HTTPS.
	//
	// Required if you enable fine-grained access control in [AdvancedSecurityOptions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-advancedsecurityoptionsinput.html) .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-domainendpointoptions.html#cfn-opensearchservice-domain-domainendpointoptions-enforcehttps
	//
	EnforceHttps interface{} `field:"optional" json:"enforceHttps" yaml:"enforceHttps"`
	// The minimum TLS version required for traffic to the domain. Valid values are TLS 1.3 (recommended) or 1.2:.
	//
	// - `Policy-Min-TLS-1-0-2019-07`
	// - `Policy-Min-TLS-1-2-2019-07`.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-domainendpointoptions.html#cfn-opensearchservice-domain-domainendpointoptions-tlssecuritypolicy
	//
	TlsSecurityPolicy *string `field:"optional" json:"tlsSecurityPolicy" yaml:"tlsSecurityPolicy"`
}

Specifies additional options for the domain endpoint, such as whether to require HTTPS for all traffic or whether to use a custom endpoint rather than the default endpoint.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

domainEndpointOptionsProperty := &DomainEndpointOptionsProperty{
	CustomEndpoint: jsii.String("customEndpoint"),
	CustomEndpointCertificateArn: jsii.String("customEndpointCertificateArn"),
	CustomEndpointEnabled: jsii.Boolean(false),
	EnforceHttps: jsii.Boolean(false),
	TlsSecurityPolicy: jsii.String("tlsSecurityPolicy"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-domainendpointoptions.html

type CfnDomain_EBSOptionsProperty 

type CfnDomain_EBSOptionsProperty struct {
	// Specifies whether Amazon EBS volumes are attached to data nodes in the OpenSearch Service domain.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-ebsoptions.html#cfn-opensearchservice-domain-ebsoptions-ebsenabled
	//
	EbsEnabled interface{} `field:"optional" json:"ebsEnabled" yaml:"ebsEnabled"`
	// The number of I/O operations per second (IOPS) that the volume supports.
	//
	// This property applies only to the `gp3` and provisioned IOPS EBS volume types.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-ebsoptions.html#cfn-opensearchservice-domain-ebsoptions-iops
	//
	Iops *float64 `field:"optional" json:"iops" yaml:"iops"`
	// The throughput (in MiB/s) of the EBS volumes attached to data nodes.
	//
	// Applies only to the `gp3` volume type.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-ebsoptions.html#cfn-opensearchservice-domain-ebsoptions-throughput
	//
	Throughput *float64 `field:"optional" json:"throughput" yaml:"throughput"`
	// The size (in GiB) of the EBS volume for each data node.
	//
	// The minimum and maximum size of an EBS volume depends on the EBS volume type and the instance type to which it is attached. For more information, see [EBS volume size limits](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/limits.html#ebsresource) in the *Amazon OpenSearch Service Developer Guide* .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-ebsoptions.html#cfn-opensearchservice-domain-ebsoptions-volumesize
	//
	VolumeSize *float64 `field:"optional" json:"volumeSize" yaml:"volumeSize"`
	// The EBS volume type to use with the OpenSearch Service domain.
	//
	// If you choose `gp3` , you must also specify values for `Iops` and `Throughput` . For more information about each type, see [Amazon EBS volume types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html) in the *Amazon EC2 User Guide for Linux Instances* .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-ebsoptions.html#cfn-opensearchservice-domain-ebsoptions-volumetype
	//
	VolumeType *string `field:"optional" json:"volumeType" yaml:"volumeType"`
}

The configurations of Amazon Elastic Block Store (Amazon EBS) volumes that are attached to data nodes in the OpenSearch Service domain.

For more information, see [EBS volume size limits](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/limits.html#ebsresource) in the *Amazon OpenSearch Service Developer Guide* .

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

eBSOptionsProperty := &EBSOptionsProperty{
	EbsEnabled: jsii.Boolean(false),
	Iops: jsii.Number(123),
	Throughput: jsii.Number(123),
	VolumeSize: jsii.Number(123),
	VolumeType: jsii.String("volumeType"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-ebsoptions.html

type CfnDomain_EncryptionAtRestOptionsProperty 

type CfnDomain_EncryptionAtRestOptionsProperty struct {
	// Specify `true` to enable encryption at rest. Required if you enable fine-grained access control in [AdvancedSecurityOptionsInput](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-advancedsecurityoptionsinput.html) .
	//
	// If no encryption at rest options were initially specified in the template, updating this property by adding it causes no interruption. However, if you change this property after it's already been set within a template, the domain is deleted and recreated in order to modify the property.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-encryptionatrestoptions.html#cfn-opensearchservice-domain-encryptionatrestoptions-enabled
	//
	Enabled interface{} `field:"optional" json:"enabled" yaml:"enabled"`
	// The KMS key ID. Takes the form `1a2a3a4-1a2a-3a4a-5a6a-1a2a3a4a5a6a` . Required if you enable encryption at rest.
	//
	// You can also use `keyAlias` as a value.
	//
	// If no encryption at rest options were initially specified in the template, updating this property by adding it causes no interruption. However, if you change this property after it's already been set within a template, the domain is deleted and recreated in order to modify the property.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-encryptionatrestoptions.html#cfn-opensearchservice-domain-encryptionatrestoptions-kmskeyid
	//
	KmsKeyId *string `field:"optional" json:"kmsKeyId" yaml:"kmsKeyId"`
}

Whether the domain should encrypt data at rest, and if so, the AWS Key Management Service key to use.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

encryptionAtRestOptionsProperty := &EncryptionAtRestOptionsProperty{
	Enabled: jsii.Boolean(false),
	KmsKeyId: jsii.String("kmsKeyId"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-encryptionatrestoptions.html

type CfnDomain_IdpProperty added in v2.63.0 

type CfnDomain_IdpProperty struct {
	// The unique entity ID of the application in the SAML identity provider.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-idp.html#cfn-opensearchservice-domain-idp-entityid
	//
	EntityId *string `field:"required" json:"entityId" yaml:"entityId"`
	// The metadata of the SAML application, in XML format.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-idp.html#cfn-opensearchservice-domain-idp-metadatacontent
	//
	MetadataContent *string `field:"required" json:"metadataContent" yaml:"metadataContent"`
}

The SAML Identity Provider's information.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

idpProperty := &IdpProperty{
	EntityId: jsii.String("entityId"),
	MetadataContent: jsii.String("metadataContent"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-idp.html

type CfnDomain_LogPublishingOptionProperty 

type CfnDomain_LogPublishingOptionProperty struct {
	// Specifies the CloudWatch log group to publish to.
	//
	// Required if you enable log publishing.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-logpublishingoption.html#cfn-opensearchservice-domain-logpublishingoption-cloudwatchlogsloggrouparn
	//
	CloudWatchLogsLogGroupArn *string `field:"optional" json:"cloudWatchLogsLogGroupArn" yaml:"cloudWatchLogsLogGroupArn"`
	// If `true` , enables the publishing of logs to CloudWatch.
	//
	// Default: `false` .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-logpublishingoption.html#cfn-opensearchservice-domain-logpublishingoption-enabled
	//
	Enabled interface{} `field:"optional" json:"enabled" yaml:"enabled"`
}

Specifies whether the OpenSearch Service domain publishes application, search slow logs, or index slow logs to Amazon CloudWatch.

Each option must be an object of name `SEARCH_SLOW_LOGS` , `ES_APPLICATION_LOGS` , `INDEX_SLOW_LOGS` , or `AUDIT_LOGS` depending on the type of logs you want to publish. For the full syntax, see the [examples](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html#aws-resource-opensearchservice-domain--examples) .

Before you enable log publishing, you need to create a CloudWatch log group and provide OpenSearch Service the correct permissions to write to it. To learn more, see [Enabling log publishing ( AWS CloudFormation)](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/createdomain-configure-slow-logs.html#createdomain-configure-slow-logs-cfn) .

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

logPublishingOptionProperty := &LogPublishingOptionProperty{
	CloudWatchLogsLogGroupArn: jsii.String("cloudWatchLogsLogGroupArn"),
	Enabled: jsii.Boolean(false),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-logpublishingoption.html

type CfnDomain_MasterUserOptionsProperty 

type CfnDomain_MasterUserOptionsProperty struct {
	// Amazon Resource Name (ARN) for the master user.
	//
	// The ARN can point to an IAM user or role. This property is required for Amazon Cognito to work, and it must match the role configured for Cognito. Only specify if `InternalUserDatabaseEnabled` is false in [AdvancedSecurityOptionsInput](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-advancedsecurityoptionsinput.html) .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-masteruseroptions.html#cfn-opensearchservice-domain-masteruseroptions-masteruserarn
	//
	MasterUserArn *string `field:"optional" json:"masterUserArn" yaml:"masterUserArn"`
	// Username for the master user. Only specify if `InternalUserDatabaseEnabled` is true in [AdvancedSecurityOptionsInput](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-advancedsecurityoptionsinput.html) .
	//
	// If you don't want to specify this value directly within the template, you can use a [dynamic reference](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/dynamic-references.html) instead.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-masteruseroptions.html#cfn-opensearchservice-domain-masteruseroptions-masterusername
	//
	MasterUserName *string `field:"optional" json:"masterUserName" yaml:"masterUserName"`
	// Password for the master user. Only specify if `InternalUserDatabaseEnabled` is true in [AdvancedSecurityOptionsInput](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-advancedsecurityoptionsinput.html) .
	//
	// If you don't want to specify this value directly within the template, you can use a [dynamic reference](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/dynamic-references.html) instead.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-masteruseroptions.html#cfn-opensearchservice-domain-masteruseroptions-masteruserpassword
	//
	MasterUserPassword *string `field:"optional" json:"masterUserPassword" yaml:"masterUserPassword"`
}

Specifies information about the master user.

Required if `InternalUserDatabaseEnabled` is true in AdvancedSecurityOptions(https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-advancedsecurityoptionsinput.html) .

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

masterUserOptionsProperty := &MasterUserOptionsProperty{
	MasterUserArn: jsii.String("masterUserArn"),
	MasterUserName: jsii.String("masterUserName"),
	MasterUserPassword: jsii.String("masterUserPassword"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-masteruseroptions.html

type CfnDomain_NodeToNodeEncryptionOptionsProperty 

type CfnDomain_NodeToNodeEncryptionOptionsProperty struct {
	// Specifies to enable or disable node-to-node encryption on the domain.
	//
	// Required if you enable fine-grained access control in [AdvancedSecurityOptionsInput](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-advancedsecurityoptionsinput.html) .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-nodetonodeencryptionoptions.html#cfn-opensearchservice-domain-nodetonodeencryptionoptions-enabled
	//
	Enabled interface{} `field:"optional" json:"enabled" yaml:"enabled"`
}

Specifies options for node-to-node encryption.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

nodeToNodeEncryptionOptionsProperty := &NodeToNodeEncryptionOptionsProperty{
	Enabled: jsii.Boolean(false),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-nodetonodeencryptionoptions.html

type CfnDomain_OffPeakWindowOptionsProperty added in v2.72.0 

type CfnDomain_OffPeakWindowOptionsProperty struct {
	// Specifies whether off-peak window settings are enabled for the domain.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-offpeakwindowoptions.html#cfn-opensearchservice-domain-offpeakwindowoptions-enabled
	//
	Enabled interface{} `field:"optional" json:"enabled" yaml:"enabled"`
	// Off-peak window settings for the domain.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-offpeakwindowoptions.html#cfn-opensearchservice-domain-offpeakwindowoptions-offpeakwindow
	//
	OffPeakWindow interface{} `field:"optional" json:"offPeakWindow" yaml:"offPeakWindow"`
}

Off-peak window settings for the domain.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

offPeakWindowOptionsProperty := &OffPeakWindowOptionsProperty{
	Enabled: jsii.Boolean(false),
	OffPeakWindow: &OffPeakWindowProperty{
		WindowStartTime: &WindowStartTimeProperty{
			Hours: jsii.Number(123),
			Minutes: jsii.Number(123),
		},
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-offpeakwindowoptions.html

type CfnDomain_OffPeakWindowProperty added in v2.72.0 

type CfnDomain_OffPeakWindowProperty struct {
	// The desired start time for an off-peak maintenance window.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-offpeakwindow.html#cfn-opensearchservice-domain-offpeakwindow-windowstarttime
	//
	WindowStartTime interface{} `field:"optional" json:"windowStartTime" yaml:"windowStartTime"`
}

A custom 10-hour, low-traffic window during which OpenSearch Service can perform mandatory configuration changes on the domain.

These actions can include scheduled service software updates and blue/green Auto-Tune enhancements. OpenSearch Service will schedule these actions during the window that you specify. If you don't specify a window start time, it defaults to 10:00 P.M. local time.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

offPeakWindowProperty := &OffPeakWindowProperty{
	WindowStartTime: &WindowStartTimeProperty{
		Hours: jsii.Number(123),
		Minutes: jsii.Number(123),
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-offpeakwindow.html

type CfnDomain_SAMLOptionsProperty added in v2.63.0 

type CfnDomain_SAMLOptionsProperty struct {
	// True to enable SAML authentication for a domain.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-samloptions.html#cfn-opensearchservice-domain-samloptions-enabled
	//
	Enabled interface{} `field:"optional" json:"enabled" yaml:"enabled"`
	// The SAML Identity Provider's information.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-samloptions.html#cfn-opensearchservice-domain-samloptions-idp
	//
	Idp interface{} `field:"optional" json:"idp" yaml:"idp"`
	// The backend role that the SAML master user is mapped to.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-samloptions.html#cfn-opensearchservice-domain-samloptions-masterbackendrole
	//
	MasterBackendRole *string `field:"optional" json:"masterBackendRole" yaml:"masterBackendRole"`
	// The SAML master user name, which is stored in the domain's internal user database.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-samloptions.html#cfn-opensearchservice-domain-samloptions-masterusername
	//
	MasterUserName *string `field:"optional" json:"masterUserName" yaml:"masterUserName"`
	// Element of the SAML assertion to use for backend roles.
	//
	// Default is `roles` .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-samloptions.html#cfn-opensearchservice-domain-samloptions-roleskey
	//
	RolesKey *string `field:"optional" json:"rolesKey" yaml:"rolesKey"`
	// The duration, in minutes, after which a user session becomes inactive.
	//
	// Acceptable values are between 1 and 1440, and the default value is 60.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-samloptions.html#cfn-opensearchservice-domain-samloptions-sessiontimeoutminutes
	//
	SessionTimeoutMinutes *float64 `field:"optional" json:"sessionTimeoutMinutes" yaml:"sessionTimeoutMinutes"`
	// Element of the SAML assertion to use for the user name.
	//
	// Default is `NameID` .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-samloptions.html#cfn-opensearchservice-domain-samloptions-subjectkey
	//
	SubjectKey *string `field:"optional" json:"subjectKey" yaml:"subjectKey"`
}

Container for information about the SAML configuration for OpenSearch Dashboards.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

sAMLOptionsProperty := &SAMLOptionsProperty{
	Enabled: jsii.Boolean(false),
	Idp: &IdpProperty{
		EntityId: jsii.String("entityId"),
		MetadataContent: jsii.String("metadataContent"),
	},
	MasterBackendRole: jsii.String("masterBackendRole"),
	MasterUserName: jsii.String("masterUserName"),
	RolesKey: jsii.String("rolesKey"),
	SessionTimeoutMinutes: jsii.Number(123),
	SubjectKey: jsii.String("subjectKey"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-samloptions.html

type CfnDomain_ServiceSoftwareOptionsProperty added in v2.55.0 

type CfnDomain_ServiceSoftwareOptionsProperty struct {
	// The timestamp, in Epoch time, until which you can manually request a service software update.
	//
	// After this date, we automatically update your service software.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-servicesoftwareoptions.html#cfn-opensearchservice-domain-servicesoftwareoptions-automatedupdatedate
	//
	AutomatedUpdateDate *string `field:"optional" json:"automatedUpdateDate" yaml:"automatedUpdateDate"`
	// True if you're able to cancel your service software version update.
	//
	// False if you can't cancel your service software update.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-servicesoftwareoptions.html#cfn-opensearchservice-domain-servicesoftwareoptions-cancellable
	//
	Cancellable interface{} `field:"optional" json:"cancellable" yaml:"cancellable"`
	// The current service software version present on the domain.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-servicesoftwareoptions.html#cfn-opensearchservice-domain-servicesoftwareoptions-currentversion
	//
	CurrentVersion *string `field:"optional" json:"currentVersion" yaml:"currentVersion"`
	// A description of the service software update status.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-servicesoftwareoptions.html#cfn-opensearchservice-domain-servicesoftwareoptions-description
	//
	Description *string `field:"optional" json:"description" yaml:"description"`
	// The new service software version, if one is available.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-servicesoftwareoptions.html#cfn-opensearchservice-domain-servicesoftwareoptions-newversion
	//
	NewVersion *string `field:"optional" json:"newVersion" yaml:"newVersion"`
	// True if a service software is never automatically updated.
	//
	// False if a service software is automatically updated after the automated update date.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-servicesoftwareoptions.html#cfn-opensearchservice-domain-servicesoftwareoptions-optionaldeployment
	//
	OptionalDeployment interface{} `field:"optional" json:"optionalDeployment" yaml:"optionalDeployment"`
	// True if you're able to update your service software version.
	//
	// False if you can't update your service software version.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-servicesoftwareoptions.html#cfn-opensearchservice-domain-servicesoftwareoptions-updateavailable
	//
	UpdateAvailable interface{} `field:"optional" json:"updateAvailable" yaml:"updateAvailable"`
	// The status of your service software update.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-servicesoftwareoptions.html#cfn-opensearchservice-domain-servicesoftwareoptions-updatestatus
	//
	UpdateStatus *string `field:"optional" json:"updateStatus" yaml:"updateStatus"`
}

The current status of the service software for an Amazon OpenSearch Service domain.

For more information, see [Service software updates in Amazon OpenSearch Service](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/service-software.html) .

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

serviceSoftwareOptionsProperty := &ServiceSoftwareOptionsProperty{
	AutomatedUpdateDate: jsii.String("automatedUpdateDate"),
	Cancellable: jsii.Boolean(false),
	CurrentVersion: jsii.String("currentVersion"),
	Description: jsii.String("description"),
	NewVersion: jsii.String("newVersion"),
	OptionalDeployment: jsii.Boolean(false),
	UpdateAvailable: jsii.Boolean(false),
	UpdateStatus: jsii.String("updateStatus"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-servicesoftwareoptions.html

type CfnDomain_SnapshotOptionsProperty 

type CfnDomain_SnapshotOptionsProperty struct {
	// The hour in UTC during which the service takes an automated daily snapshot of the indexes in the OpenSearch Service domain.
	//
	// For example, if you specify 0, OpenSearch Service takes an automated snapshot everyday between midnight and 1 am. You can specify a value between 0 and 23.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-snapshotoptions.html#cfn-opensearchservice-domain-snapshotoptions-automatedsnapshotstarthour
	//
	AutomatedSnapshotStartHour *float64 `field:"optional" json:"automatedSnapshotStartHour" yaml:"automatedSnapshotStartHour"`
}

*DEPRECATED* .

This setting is only relevant to domains running legacy Elasticsearch OSS versions earlier than 5.3. It does not apply to OpenSearch domains.

The automated snapshot configuration for the OpenSearch Service domain indexes.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

snapshotOptionsProperty := &SnapshotOptionsProperty{
	AutomatedSnapshotStartHour: jsii.Number(123),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-snapshotoptions.html

type CfnDomain_SoftwareUpdateOptionsProperty added in v2.72.0 

type CfnDomain_SoftwareUpdateOptionsProperty struct {
	// Specifies whether automatic service software updates are enabled for the domain.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-softwareupdateoptions.html#cfn-opensearchservice-domain-softwareupdateoptions-autosoftwareupdateenabled
	//
	AutoSoftwareUpdateEnabled interface{} `field:"optional" json:"autoSoftwareUpdateEnabled" yaml:"autoSoftwareUpdateEnabled"`
}

Options for configuring service software updates for a domain.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

softwareUpdateOptionsProperty := &SoftwareUpdateOptionsProperty{
	AutoSoftwareUpdateEnabled: jsii.Boolean(false),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-softwareupdateoptions.html

type CfnDomain_VPCOptionsProperty 

type CfnDomain_VPCOptionsProperty struct {
	// The list of security group IDs that are associated with the VPC endpoints for the domain.
	//
	// If you don't provide a security group ID, OpenSearch Service uses the default security group for the VPC. To learn more, see [Security groups for your VPC](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html) in the *Amazon VPC User Guide* .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-vpcoptions.html#cfn-opensearchservice-domain-vpcoptions-securitygroupids
	//
	SecurityGroupIds *[]*string `field:"optional" json:"securityGroupIds" yaml:"securityGroupIds"`
	// Provide one subnet ID for each Availability Zone that your domain uses.
	//
	// For example, you must specify three subnet IDs for a three-AZ domain. To learn more, see [VPCs and subnets](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html) in the *Amazon VPC User Guide* .
	//
	// If you specify more than one subnet, you must also configure `ZoneAwarenessEnabled` and `ZoneAwarenessConfig` within [ClusterConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-clusterconfig.html) , otherwise you'll see the error "You must specify exactly one subnet" during template creation.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-vpcoptions.html#cfn-opensearchservice-domain-vpcoptions-subnetids
	//
	SubnetIds *[]*string `field:"optional" json:"subnetIds" yaml:"subnetIds"`
}

The virtual private cloud (VPC) configuration for the OpenSearch Service domain.

For more information, see [Launching your Amazon OpenSearch Service domains using a VPC](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/vpc.html) in the *Amazon OpenSearch Service Developer Guide* .

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

vPCOptionsProperty := &VPCOptionsProperty{
	SecurityGroupIds: []*string{
		jsii.String("securityGroupIds"),
	},
	SubnetIds: []*string{
		jsii.String("subnetIds"),
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-vpcoptions.html

type CfnDomain_WindowStartTimeProperty added in v2.72.0 

type CfnDomain_WindowStartTimeProperty struct {
	// The start hour of the window in Coordinated Universal Time (UTC), using 24-hour time.
	//
	// For example, 17 refers to 5:00 P.M. UTC. The minimum value is 0 and the maximum value is 23.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-windowstarttime.html#cfn-opensearchservice-domain-windowstarttime-hours
	//
	Hours *float64 `field:"required" json:"hours" yaml:"hours"`
	// The start minute of the window, in UTC.
	//
	// The minimum value is 0 and the maximum value is 59.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-windowstarttime.html#cfn-opensearchservice-domain-windowstarttime-minutes
	//
	Minutes *float64 `field:"required" json:"minutes" yaml:"minutes"`
}

A custom start time for the off-peak window, in Coordinated Universal Time (UTC).

The window length will always be 10 hours, so you can't specify an end time. For example, if you specify 11:00 P.M. UTC as a start time, the end time will automatically be set to 9:00 A.M.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

windowStartTimeProperty := &WindowStartTimeProperty{
	Hours: jsii.Number(123),
	Minutes: jsii.Number(123),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-windowstarttime.html

type CfnDomain_ZoneAwarenessConfigProperty 

type CfnDomain_ZoneAwarenessConfigProperty struct {
	// If you enabled multiple Availability Zones (AZs), the number of AZs that you want the domain to use.
	//
	// Valid values are `2` and `3` . Default is 2.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-zoneawarenessconfig.html#cfn-opensearchservice-domain-zoneawarenessconfig-availabilityzonecount
	//
	AvailabilityZoneCount *float64 `field:"optional" json:"availabilityZoneCount" yaml:"availabilityZoneCount"`
}

Specifies zone awareness configuration options.

Only use if `ZoneAwarenessEnabled` is `true` .

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

zoneAwarenessConfigProperty := &ZoneAwarenessConfigProperty{
	AvailabilityZoneCount: jsii.Number(123),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-zoneawarenessconfig.html

type CognitoOptions 

type CognitoOptions struct {
	// The Amazon Cognito identity pool ID that you want Amazon OpenSearch Service to use for OpenSearch Dashboards authentication.
	IdentityPoolId *string `field:"required" json:"identityPoolId" yaml:"identityPoolId"`
	// A role that allows Amazon OpenSearch Service to configure your user pool and identity pool.
	//
	// It must have the `AmazonESCognitoAccess` policy attached to it.
	// See: https://docs.aws.amazon.com/opensearch-service/latest/developerguide/cognito-auth.html#cognito-auth-prereq
	//
	Role awsiam.IRole `field:"required" json:"role" yaml:"role"`
	// The Amazon Cognito user pool ID that you want Amazon OpenSearch Service to use for OpenSearch Dashboards authentication.
	UserPoolId *string `field:"required" json:"userPoolId" yaml:"userPoolId"`
}

Configures Amazon OpenSearch Service to use Amazon Cognito authentication for OpenSearch Dashboards.

Example: 

opensearch.NewDomain(this, jsii.String("Domain"), &DomainProps{
	CognitoDashboardsAuth: &CognitoOptions{
		IdentityPoolId: jsii.String("test-identity-pool-id"),
		UserPoolId: jsii.String("test-user-pool-id"),
		Role: role,
	},
	Version: openSearchVersion,
})

See: https://docs.aws.amazon.com/opensearch-service/latest/developerguide/cognito-auth.html

type CustomEndpointOptions 

type CustomEndpointOptions struct {
	// The custom domain name to assign.
	DomainName *string `field:"required" json:"domainName" yaml:"domainName"`
	// The certificate to use.
	// Default: - create a new one.
	//
	Certificate awscertificatemanager.ICertificate `field:"optional" json:"certificate" yaml:"certificate"`
	// The hosted zone in Route53 to create the CNAME record in.
	// Default: - do not create a CNAME.
	//
	HostedZone awsroute53.IHostedZone `field:"optional" json:"hostedZone" yaml:"hostedZone"`
}

Configures a custom domain endpoint for the Amazon OpenSearch Service domain.

Example: 

awscdk.NewDomain(this, jsii.String("Domain"), &DomainProps{
	Version: awscdk.EngineVersion_OPENSEARCH_1_0(),
	CustomEndpoint: &CustomEndpointOptions{
		DomainName: jsii.String("search.example.com"),
	},
})

type Domain 

type Domain interface {
	awscdk.Resource
	awsec2.IConnectable
	IDomain
	// Log group that application logs are logged to.
	AppLogGroup() awslogs.ILogGroup
	// Log group that audit logs are logged to.
	AuditLogGroup() awslogs.ILogGroup
	// Manages network connections to the domain.
	//
	// This will throw an error in case the domain
	// is not placed inside a VPC.
	Connections() awsec2.Connections
	// Arn of the Amazon OpenSearch Service domain.
	DomainArn() *string
	// Endpoint of the Amazon OpenSearch Service domain.
	DomainEndpoint() *string
	// Identifier of the Amazon OpenSearch Service domain.
	DomainId() *string
	// Domain name of the Amazon OpenSearch Service domain.
	DomainName() *string
	// The environment this resource belongs to.
	//
	// For resources that are created and managed by the CDK
	// (generally, those created by creating new class instances like Role, Bucket, etc.),
	// this is always the same as the environment of the stack they belong to;
	// however, for imported resources
	// (those obtained from static methods like fromRoleArn, fromBucketName, etc.),
	// that might be different than the stack they were imported into.
	Env() *awscdk.ResourceEnvironment
	// Master user password if fine grained access control is configured.
	MasterUserPassword() awscdk.SecretValue
	// The tree node.
	Node() constructs.Node
	// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
	//
	// This value will resolve to one of the following:
	// - a concrete value (e.g. `"my-awesome-bucket"`)
	// - `undefined`, when a name should be generated by CloudFormation
	// - a concrete name generated automatically during synthesis, in
	//   cross-environment scenarios.
	PhysicalName() *string
	// Log group that slow indices are logged to.
	SlowIndexLogGroup() awslogs.ILogGroup
	// Log group that slow searches are logged to.
	SlowSearchLogGroup() awslogs.ILogGroup
	// The stack in which this resource is defined.
	Stack() awscdk.Stack
	// Add policy statements to the domain access policy.
	AddAccessPolicies(accessPolicyStatements ...awsiam.PolicyStatement)
	// Apply the given removal policy to this resource.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	GeneratePhysicalName() *string
	// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
	//
	// Normally, this token will resolve to `arnAttr`, but if the resource is
	// referenced across environments, `arnComponents` will be used to synthesize
	// a concrete ARN with the resource's physical name. Make sure to reference
	// `this.physicalName` in `arnComponents`.
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
	//
	// Normally, this token will resolve to `nameAttr`, but if the resource is
	// referenced across environments, it will be resolved to `this.physicalName`,
	// which will be a concrete name.
	GetResourceNameAttribute(nameAttr *string) *string
	// Grant read permissions for an index in this domain to an IAM principal (Role/Group/User).
	GrantIndexRead(index *string, identity awsiam.IGrantable) awsiam.Grant
	// Grant read/write permissions for an index in this domain to an IAM principal (Role/Group/User).
	GrantIndexReadWrite(index *string, identity awsiam.IGrantable) awsiam.Grant
	// Grant write permissions for an index in this domain to an IAM principal (Role/Group/User).
	GrantIndexWrite(index *string, identity awsiam.IGrantable) awsiam.Grant
	// Grant read permissions for a specific path in this domain to an IAM principal (Role/Group/User).
	GrantPathRead(path *string, identity awsiam.IGrantable) awsiam.Grant
	// Grant read/write permissions for a specific path in this domain to an IAM principal (Role/Group/User).
	GrantPathReadWrite(path *string, identity awsiam.IGrantable) awsiam.Grant
	// Grant write permissions for a specific path in this domain to an IAM principal (Role/Group/User).
	GrantPathWrite(path *string, identity awsiam.IGrantable) awsiam.Grant
	// Grant read permissions for this domain and its contents to an IAM principal (Role/Group/User).
	GrantRead(identity awsiam.IGrantable) awsiam.Grant
	// Grant read/write permissions for this domain and its contents to an IAM principal (Role/Group/User).
	GrantReadWrite(identity awsiam.IGrantable) awsiam.Grant
	// Grant write permissions for this domain and its contents to an IAM principal (Role/Group/User).
	GrantWrite(identity awsiam.IGrantable) awsiam.Grant
	// Return the given named metric for this domain.
	Metric(metricName *string, props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// Metric for automated snapshot failures.
	// Default: maximum over 5 minutes.
	//
	MetricAutomatedSnapshotFailure(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// Metric for the cluster blocking index writes.
	// Default: maximum over 1 minute.
	//
	MetricClusterIndexWritesBlocked(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// Metric for the time the cluster status is red.
	// Default: maximum over 5 minutes.
	//
	MetricClusterStatusRed(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// Metric for the time the cluster status is yellow.
	// Default: maximum over 5 minutes.
	//
	MetricClusterStatusYellow(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// Metric for CPU utilization.
	// Default: maximum over 5 minutes.
	//
	MetricCPUUtilization(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// Metric for the storage space of nodes in the cluster.
	// Default: minimum over 5 minutes.
	//
	MetricFreeStorageSpace(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// Metric for indexing latency.
	// Default: p99 over 5 minutes.
	//
	MetricIndexingLatency(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// Metric for JVM memory pressure.
	// Default: maximum over 5 minutes.
	//
	MetricJVMMemoryPressure(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// Metric for KMS key errors.
	// Default: maximum over 5 minutes.
	//
	MetricKMSKeyError(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// Metric for KMS key being inaccessible.
	// Default: maximum over 5 minutes.
	//
	MetricKMSKeyInaccessible(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// Metric for master CPU utilization.
	// Default: maximum over 5 minutes.
	//
	MetricMasterCPUUtilization(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// Metric for master JVM memory pressure.
	// Default: maximum over 5 minutes.
	//
	MetricMasterJVMMemoryPressure(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// Metric for the number of nodes.
	// Default: minimum over 1 hour.
	//
	MetricNodes(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// Metric for number of searchable documents.
	// Default: maximum over 5 minutes.
	//
	MetricSearchableDocuments(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// Metric for search latency.
	// Default: p99 over 5 minutes.
	//
	MetricSearchLatency(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// Returns a string representation of this construct.
	ToString() *string
}

Provides an Amazon OpenSearch Service domain.

Example: 

domain := awscdk.NewDomain(this, jsii.String("Domain"), &DomainProps{
	Version: awscdk.EngineVersion_OPENSEARCH_1_0(),
	Ebs: &EbsOptions{
		VolumeSize: jsii.Number(100),
		VolumeType: ec2.EbsDeviceVolumeType_GENERAL_PURPOSE_SSD,
	},
	NodeToNodeEncryption: jsii.Boolean(true),
	EncryptionAtRest: &EncryptionAtRestOptions{
		Enabled: jsii.Boolean(true),
	},
})

func NewDomain 

func NewDomain(scope constructs.Construct, id *string, props *DomainProps) Domain

type DomainAttributes 

type DomainAttributes struct {
	// The ARN of the Amazon OpenSearch Service domain.
	DomainArn *string `field:"required" json:"domainArn" yaml:"domainArn"`
	// The domain endpoint of the Amazon OpenSearch Service domain.
	DomainEndpoint *string `field:"required" json:"domainEndpoint" yaml:"domainEndpoint"`
}

Reference to an Amazon OpenSearch Service domain.

Example: 

domainArn := awscdk.Fn_ImportValue(jsii.String("another-cf-stack-export-domain-arn"))
domainEndpoint := awscdk.Fn_ImportValue(jsii.String("another-cf-stack-export-domain-endpoint"))
domain := awscdk.Domain_FromDomainAttributes(this, jsii.String("ImportedDomain"), &DomainAttributes{
	DomainArn: jsii.String(DomainArn),
	DomainEndpoint: jsii.String(DomainEndpoint),
})

type DomainProps 

type DomainProps struct {
	// The Elasticsearch/OpenSearch version that your domain will leverage.
	Version EngineVersion `field:"required" json:"version" yaml:"version"`
	// Domain access policies.
	// Default: - No access policies.
	//
	AccessPolicies *[]awsiam.PolicyStatement `field:"optional" json:"accessPolicies" yaml:"accessPolicies"`
	// Additional options to specify for the Amazon OpenSearch Service domain.
	// See: https://docs.aws.amazon.com/opensearch-service/latest/developerguide/createupdatedomains.html#createdomain-configure-advanced-options
	//
	// Default: - no advanced options are specified.
	//
	AdvancedOptions *map[string]*string `field:"optional" json:"advancedOptions" yaml:"advancedOptions"`
	// The hour in UTC during which the service takes an automated daily snapshot of the indices in the Amazon OpenSearch Service domain.
	//
	// Only applies for Elasticsearch versions
	// below 5.3.
	// Default: - Hourly automated snapshots not used.
	//
	AutomatedSnapshotStartHour *float64 `field:"optional" json:"automatedSnapshotStartHour" yaml:"automatedSnapshotStartHour"`
	// The cluster capacity configuration for the Amazon OpenSearch Service domain.
	// Default: - 1 r5.large.search data node; no dedicated master nodes.
	//
	Capacity *CapacityConfig `field:"optional" json:"capacity" yaml:"capacity"`
	// Configures Amazon OpenSearch Service to use Amazon Cognito authentication for OpenSearch Dashboards.
	// Default: - Cognito not used for authentication to OpenSearch Dashboards.
	//
	CognitoDashboardsAuth *CognitoOptions `field:"optional" json:"cognitoDashboardsAuth" yaml:"cognitoDashboardsAuth"`
	// Whether to enable or disable cold storage on the domain.
	//
	// You must enable UltraWarm storage to enable cold storage.
	// See: https://docs.aws.amazon.com/opensearch-service/latest/developerguide/cold-storage.html
	//
	// Default: - undefined.
	//
	ColdStorageEnabled *bool `field:"optional" json:"coldStorageEnabled" yaml:"coldStorageEnabled"`
	// To configure a custom domain configure these options.
	//
	// If you specify a Route53 hosted zone it will create a CNAME record and use DNS validation for the certificate.
	// Default: - no custom domain endpoint will be configured.
	//
	CustomEndpoint *CustomEndpointOptions `field:"optional" json:"customEndpoint" yaml:"customEndpoint"`
	// Enforces a particular physical domain name.
	// Default: - A name will be auto-generated.
	//
	DomainName *string `field:"optional" json:"domainName" yaml:"domainName"`
	// The configurations of Amazon Elastic Block Store (Amazon EBS) volumes that are attached to data nodes in the Amazon OpenSearch Service domain.
	// Default: - 10 GiB General Purpose (SSD) volumes per node.
	//
	Ebs *EbsOptions `field:"optional" json:"ebs" yaml:"ebs"`
	// Specifies whether automatic service software updates are enabled for the domain.
	// See: https://docs.aws.amazon.com/it_it/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-softwareupdateoptions.html
	//
	// Default: - false.
	//
	EnableAutoSoftwareUpdate *bool `field:"optional" json:"enableAutoSoftwareUpdate" yaml:"enableAutoSoftwareUpdate"`
	// To upgrade an Amazon OpenSearch Service domain to a new version, rather than replacing the entire domain resource, use the EnableVersionUpgrade update policy.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-updatepolicy.html#cfn-attributes-updatepolicy-upgradeopensearchdomain
	//
	// Default: - false.
	//
	EnableVersionUpgrade *bool `field:"optional" json:"enableVersionUpgrade" yaml:"enableVersionUpgrade"`
	// Encryption at rest options for the cluster.
	// Default: - No encryption at rest.
	//
	EncryptionAtRest *EncryptionAtRestOptions `field:"optional" json:"encryptionAtRest" yaml:"encryptionAtRest"`
	// True to require that all traffic to the domain arrive over HTTPS.
	// Default: - false.
	//
	EnforceHttps *bool `field:"optional" json:"enforceHttps" yaml:"enforceHttps"`
	// Specifies options for fine-grained access control.
	//
	// Requires Elasticsearch version 6.7 or later or OpenSearch version 1.0 or later. Enabling fine-grained access control
	// also requires encryption of data at rest and node-to-node encryption, along with
	// enforced HTTPS.
	// Default: - fine-grained access control is disabled.
	//
	FineGrainedAccessControl *AdvancedSecurityOptions `field:"optional" json:"fineGrainedAccessControl" yaml:"fineGrainedAccessControl"`
	// Specify either dual stack or IPv4 as your IP address type.
	//
	// Dual stack allows you to share domain resources across IPv4 and IPv6 address types, and is the recommended option.
	//
	// If you set your IP address type to dual stack, you can't change your address type later.
	// Default: - IpAddressType.IPV4
	//
	IpAddressType IpAddressType `field:"optional" json:"ipAddressType" yaml:"ipAddressType"`
	// Configuration log publishing configuration options.
	// Default: - No logs are published.
	//
	Logging *LoggingOptions `field:"optional" json:"logging" yaml:"logging"`
	// Specify true to enable node to node encryption.
	//
	// Requires Elasticsearch version 6.0 or later or OpenSearch version 1.0 or later.
	// Default: - Node to node encryption is not enabled.
	//
	NodeToNodeEncryption *bool `field:"optional" json:"nodeToNodeEncryption" yaml:"nodeToNodeEncryption"`
	// Options for enabling a domain's off-peak window, during which OpenSearch Service can perform mandatory configuration changes on the domain.
	//
	// Off-peak windows were introduced on February 16, 2023.
	// All domains created before this date have the off-peak window disabled by default.
	// You must manually enable and configure the off-peak window for these domains.
	// All domains created after this date will have the off-peak window enabled by default.
	// You can't disable the off-peak window for a domain after it's enabled.
	// See: https://docs.aws.amazon.com/it_it/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-offpeakwindow.html
	//
	// Default: - Disabled for domains created before February 16, 2023. Enabled for domains created after. Enabled if `offPeakWindowStart` is set.
	//
	OffPeakWindowEnabled *bool `field:"optional" json:"offPeakWindowEnabled" yaml:"offPeakWindowEnabled"`
	// Start time for the off-peak window, in Coordinated Universal Time (UTC).
	//
	// The window length will always be 10 hours, so you can't specify an end time.
	// For example, if you specify 11:00 P.M. UTC as a start time, the end time will automatically be set to 9:00 A.M.
	// Default: - 10:00 P.M. local time
	//
	OffPeakWindowStart *WindowStartTime `field:"optional" json:"offPeakWindowStart" yaml:"offPeakWindowStart"`
	// Policy to apply when the domain is removed from the stack.
	// Default: RemovalPolicy.RETAIN
	//
	RemovalPolicy awscdk.RemovalPolicy `field:"optional" json:"removalPolicy" yaml:"removalPolicy"`
	// The list of security groups that are associated with the VPC endpoints for the domain.
	//
	// Only used if `vpc` is specified.
	// See: https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html
	//
	// Default: - One new security group is created.
	//
	SecurityGroups *[]awsec2.ISecurityGroup `field:"optional" json:"securityGroups" yaml:"securityGroups"`
	// Specify whether to create a CloudWatch Logs resource policy or not.
	//
	// When logging is enabled for the domain, a CloudWatch Logs resource policy is created by default.
	// However, CloudWatch Logs supports only 10 resource policies per region.
	// If you enable logging for several domains, it may hit the quota and cause an error.
	// By setting this property to true, creating a resource policy is suppressed, allowing you to avoid this problem.
	//
	// If you set this option to true, you must create a resource policy before deployment.
	// See: https://docs.aws.amazon.com/opensearch-service/latest/developerguide/createdomain-configure-slow-logs.html
	//
	// Default: - false.
	//
	SuppressLogsResourcePolicy *bool `field:"optional" json:"suppressLogsResourcePolicy" yaml:"suppressLogsResourcePolicy"`
	// The minimum TLS version required for traffic to the domain.
	// Default: - TLSSecurityPolicy.TLS_1_0
	//
	TlsSecurityPolicy TLSSecurityPolicy `field:"optional" json:"tlsSecurityPolicy" yaml:"tlsSecurityPolicy"`
	// Configures the domain so that unsigned basic auth is enabled.
	//
	// If no master user is provided a default master user
	// with username `admin` and a dynamically generated password stored in KMS is created. The password can be retrieved
	// by getting `masterUserPassword` from the domain instance.
	//
	// Setting this to true will also add an access policy that allows unsigned
	// access, enable node to node encryption, encryption at rest. If conflicting
	// settings are encountered (like disabling encryption at rest) enabling this
	// setting will cause a failure.
	// Default: - false.
	//
	UseUnsignedBasicAuth *bool `field:"optional" json:"useUnsignedBasicAuth" yaml:"useUnsignedBasicAuth"`
	// Place the domain inside this VPC.
	// See: https://docs.aws.amazon.com/opensearch-service/latest/developerguide/vpc.html
	//
	// Default: - Domain is not placed in a VPC.
	//
	Vpc awsec2.IVpc `field:"optional" json:"vpc" yaml:"vpc"`
	// The specific vpc subnets the domain will be placed in.
	//
	// You must provide one subnet for each Availability Zone
	// that your domain uses. For example, you must specify three subnet IDs for a three Availability Zone
	// domain.
	//
	// Only used if `vpc` is specified.
	// See: https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html
	//
	// Default: - All private subnets.
	//
	VpcSubnets *[]*awsec2.SubnetSelection `field:"optional" json:"vpcSubnets" yaml:"vpcSubnets"`
	// The cluster zone awareness configuration for the Amazon OpenSearch Service domain.
	// Default: - no zone awareness (1 AZ).
	//
	ZoneAwareness *ZoneAwarenessConfig `field:"optional" json:"zoneAwareness" yaml:"zoneAwareness"`
}

Properties for an Amazon OpenSearch Service domain.

Example: 

domain := awscdk.NewDomain(this, jsii.String("Domain"), &DomainProps{
	Version: awscdk.EngineVersion_OPENSEARCH_1_0(),
	Ebs: &EbsOptions{
		VolumeSize: jsii.Number(100),
		VolumeType: ec2.EbsDeviceVolumeType_GENERAL_PURPOSE_SSD,
	},
	NodeToNodeEncryption: jsii.Boolean(true),
	EncryptionAtRest: &EncryptionAtRestOptions{
		Enabled: jsii.Boolean(true),
	},
})

type EbsOptions 

type EbsOptions struct {
	// Specifies whether Amazon EBS volumes are attached to data nodes in the Amazon OpenSearch Service domain.
	// Default: - true.
	//
	Enabled *bool `field:"optional" json:"enabled" yaml:"enabled"`
	// The number of I/O operations per second (IOPS) that the volume supports.
	//
	// This property applies only to the gp3 and Provisioned IOPS (SSD) EBS
	// volume type.
	// Default: - iops are not set.
	//
	Iops *float64 `field:"optional" json:"iops" yaml:"iops"`
	// The throughput (in MiB/s) of the EBS volumes attached to data nodes.
	//
	// This property applies only to the gp3 volume type.
	// Default: - throughput is not set.
	//
	Throughput *float64 `field:"optional" json:"throughput" yaml:"throughput"`
	// The size (in GiB) of the EBS volume for each data node.
	//
	// The minimum and
	// maximum size of an EBS volume depends on the EBS volume type and the
	// instance type to which it is attached.  For  valid values, see
	// [EBS volume size limits](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/limits.html#ebsresource)
	// in the Amazon OpenSearch Service Developer Guide.
	// Default: 10.
	//
	VolumeSize *float64 `field:"optional" json:"volumeSize" yaml:"volumeSize"`
	// The EBS volume type to use with the Amazon OpenSearch Service domain, such as standard, gp2, io1.
	// Default: gp2.
	//
	VolumeType awsec2.EbsDeviceVolumeType `field:"optional" json:"volumeType" yaml:"volumeType"`
}

The configurations of Amazon Elastic Block Store (Amazon EBS) volumes that are attached to data nodes in the Amazon OpenSearch Service domain.

For more information, see [Amazon EBS](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AmazonEBS.html) in the Amazon Elastic Compute Cloud Developer Guide.

Example: 

domain := awscdk.NewDomain(this, jsii.String("Domain"), &DomainProps{
	Version: awscdk.EngineVersion_OPENSEARCH_1_0(),
	Ebs: &EbsOptions{
		VolumeSize: jsii.Number(100),
		VolumeType: ec2.EbsDeviceVolumeType_GENERAL_PURPOSE_SSD,
	},
	NodeToNodeEncryption: jsii.Boolean(true),
	EncryptionAtRest: &EncryptionAtRestOptions{
		Enabled: jsii.Boolean(true),
	},
})

type EncryptionAtRestOptions 

type EncryptionAtRestOptions struct {
	// Specify true to enable encryption at rest.
	// Default: - encryption at rest is disabled.
	//
	Enabled *bool `field:"optional" json:"enabled" yaml:"enabled"`
	// Supply if using KMS key for encryption at rest.
	// Default: - uses default aws/es KMS key.
	//
	KmsKey awskms.IKey `field:"optional" json:"kmsKey" yaml:"kmsKey"`
}

Whether the domain should encrypt data at rest, and if so, the AWS Key Management Service (KMS) key to use.

Can only be used to create a new domain, not update an existing one. Requires Elasticsearch version 5.1 or later or OpenSearch version 1.0 or later.

Example: 

domain := awscdk.NewDomain(this, jsii.String("Domain"), &DomainProps{
	Version: awscdk.EngineVersion_OPENSEARCH_1_0(),
	EnforceHttps: jsii.Boolean(true),
	NodeToNodeEncryption: jsii.Boolean(true),
	EncryptionAtRest: &EncryptionAtRestOptions{
		Enabled: jsii.Boolean(true),
	},
	FineGrainedAccessControl: &AdvancedSecurityOptions{
		MasterUserName: jsii.String("master-user"),
		SamlAuthenticationEnabled: jsii.Boolean(true),
		SamlAuthenticationOptions: &SAMLOptionsProperty{
			IdpEntityId: jsii.String("entity-id"),
			IdpMetadataContent: jsii.String("metadata-content-with-quotes-escaped"),
		},
	},
})

type EngineVersion 

type EngineVersion interface {
	// engine version identifier.
	Version() *string
}

OpenSearch version.

Example: 

domain := awscdk.NewDomain(this, jsii.String("Domain"), &DomainProps{
	Version: awscdk.EngineVersion_OPENSEARCH_1_0(),
	Ebs: &EbsOptions{
		VolumeSize: jsii.Number(100),
		VolumeType: ec2.EbsDeviceVolumeType_GENERAL_PURPOSE_SSD,
	},
	NodeToNodeEncryption: jsii.Boolean(true),
	EncryptionAtRest: &EncryptionAtRestOptions{
		Enabled: jsii.Boolean(true),
	},
})

func EngineVersion_ELASTICSEARCH_1_5 

func EngineVersion_ELASTICSEARCH_1_5() EngineVersion

func EngineVersion_ELASTICSEARCH_2_3 

func EngineVersion_ELASTICSEARCH_2_3() EngineVersion

func EngineVersion_ELASTICSEARCH_5_1 

func EngineVersion_ELASTICSEARCH_5_1() EngineVersion

func EngineVersion_ELASTICSEARCH_5_3 

func EngineVersion_ELASTICSEARCH_5_3() EngineVersion

func EngineVersion_ELASTICSEARCH_5_5 

func EngineVersion_ELASTICSEARCH_5_5() EngineVersion

func EngineVersion_ELASTICSEARCH_5_6 

func EngineVersion_ELASTICSEARCH_5_6() EngineVersion

func EngineVersion_ELASTICSEARCH_6_0 

func EngineVersion_ELASTICSEARCH_6_0() EngineVersion

func EngineVersion_ELASTICSEARCH_6_2 

func EngineVersion_ELASTICSEARCH_6_2() EngineVersion

func EngineVersion_ELASTICSEARCH_6_3 

func EngineVersion_ELASTICSEARCH_6_3() EngineVersion

func EngineVersion_ELASTICSEARCH_6_4 

func EngineVersion_ELASTICSEARCH_6_4() EngineVersion

func EngineVersion_ELASTICSEARCH_6_5 

func EngineVersion_ELASTICSEARCH_6_5() EngineVersion

func EngineVersion_ELASTICSEARCH_6_7 

func EngineVersion_ELASTICSEARCH_6_7() EngineVersion

func EngineVersion_ELASTICSEARCH_6_8 

func EngineVersion_ELASTICSEARCH_6_8() EngineVersion

func EngineVersion_ELASTICSEARCH_7_1 

func EngineVersion_ELASTICSEARCH_7_1() EngineVersion

func EngineVersion_ELASTICSEARCH_7_10 

func EngineVersion_ELASTICSEARCH_7_10() EngineVersion

func EngineVersion_ELASTICSEARCH_7_4 

func EngineVersion_ELASTICSEARCH_7_4() EngineVersion

func EngineVersion_ELASTICSEARCH_7_7 

func EngineVersion_ELASTICSEARCH_7_7() EngineVersion

func EngineVersion_ELASTICSEARCH_7_8 

func EngineVersion_ELASTICSEARCH_7_8() EngineVersion

func EngineVersion_ELASTICSEARCH_7_9 

func EngineVersion_ELASTICSEARCH_7_9() EngineVersion

func EngineVersion_Elasticsearch 

func EngineVersion_Elasticsearch(version *string) EngineVersion

Custom ElasticSearch version.

func EngineVersion_OPENSEARCH_1_0 

func EngineVersion_OPENSEARCH_1_0() EngineVersion

func EngineVersion_OPENSEARCH_1_1 added in v2.9.0 

func EngineVersion_OPENSEARCH_1_1() EngineVersion

func EngineVersion_OPENSEARCH_1_2 added in v2.20.0 

func EngineVersion_OPENSEARCH_1_2() EngineVersion

func EngineVersion_OPENSEARCH_1_3 added in v2.35.0 

func EngineVersion_OPENSEARCH_1_3() EngineVersion

func EngineVersion_OPENSEARCH_2_10 added in v2.112.0 

func EngineVersion_OPENSEARCH_2_10() EngineVersion

func EngineVersion_OPENSEARCH_2_11 added in v2.112.0 

func EngineVersion_OPENSEARCH_2_11() EngineVersion

func EngineVersion_OPENSEARCH_2_3 added in v2.61.0 

func EngineVersion_OPENSEARCH_2_3() EngineVersion

func EngineVersion_OPENSEARCH_2_5 added in v2.78.0 

func EngineVersion_OPENSEARCH_2_5() EngineVersion

func EngineVersion_OPENSEARCH_2_7 added in v2.88.0 

func EngineVersion_OPENSEARCH_2_7() EngineVersion

func EngineVersion_OPENSEARCH_2_9 added in v2.103.0 

func EngineVersion_OPENSEARCH_2_9() EngineVersion

func EngineVersion_OpenSearch 

func EngineVersion_OpenSearch(version *string) EngineVersion

Custom OpenSearch version.

type IDomain 

type IDomain interface {
	awscdk.IResource
	// Grant read permissions for an index in this domain to an IAM principal (Role/Group/User).
	GrantIndexRead(index *string, identity awsiam.IGrantable) awsiam.Grant
	// Grant read/write permissions for an index in this domain to an IAM principal (Role/Group/User).
	GrantIndexReadWrite(index *string, identity awsiam.IGrantable) awsiam.Grant
	// Grant write permissions for an index in this domain to an IAM principal (Role/Group/User).
	GrantIndexWrite(index *string, identity awsiam.IGrantable) awsiam.Grant
	// Grant read permissions for a specific path in this domain to an IAM principal (Role/Group/User).
	GrantPathRead(path *string, identity awsiam.IGrantable) awsiam.Grant
	// Grant read/write permissions for a specific path in this domain to an IAM principal (Role/Group/User).
	GrantPathReadWrite(path *string, identity awsiam.IGrantable) awsiam.Grant
	// Grant write permissions for a specific path in this domain to an IAM principal (Role/Group/User).
	GrantPathWrite(path *string, identity awsiam.IGrantable) awsiam.Grant
	// Grant read permissions for this domain and its contents to an IAM principal (Role/Group/User).
	GrantRead(identity awsiam.IGrantable) awsiam.Grant
	// Grant read/write permissions for this domain and its contents to an IAM principal (Role/Group/User).
	GrantReadWrite(identity awsiam.IGrantable) awsiam.Grant
	// Grant write permissions for this domain and its contents to an IAM principal (Role/Group/User).
	GrantWrite(identity awsiam.IGrantable) awsiam.Grant
	// Return the given named metric for this domain.
	Metric(metricName *string, props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// Metric for automated snapshot failures.
	// Default: maximum over 5 minutes.
	//
	MetricAutomatedSnapshotFailure(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// Metric for the cluster blocking index writes.
	// Default: maximum over 1 minute.
	//
	MetricClusterIndexWritesBlocked(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// Metric for the time the cluster status is red.
	// Default: maximum over 5 minutes.
	//
	MetricClusterStatusRed(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// Metric for the time the cluster status is yellow.
	// Default: maximum over 5 minutes.
	//
	MetricClusterStatusYellow(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// Metric for CPU utilization.
	// Default: maximum over 5 minutes.
	//
	MetricCPUUtilization(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// Metric for the storage space of nodes in the cluster.
	// Default: minimum over 5 minutes.
	//
	MetricFreeStorageSpace(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// Metric for indexing latency.
	// Default: p99 over 5 minutes.
	//
	MetricIndexingLatency(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// Metric for JVM memory pressure.
	// Default: maximum over 5 minutes.
	//
	MetricJVMMemoryPressure(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// Metric for KMS key errors.
	// Default: maximum over 5 minutes.
	//
	MetricKMSKeyError(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// Metric for KMS key being inaccessible.
	// Default: maximum over 5 minutes.
	//
	MetricKMSKeyInaccessible(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// Metric for master CPU utilization.
	// Default: maximum over 5 minutes.
	//
	MetricMasterCPUUtilization(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// Metric for master JVM memory pressure.
	// Default: maximum over 5 minutes.
	//
	MetricMasterJVMMemoryPressure(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// Metric for the number of nodes.
	// Default: minimum over 1 hour.
	//
	MetricNodes(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// Metric for number of searchable documents.
	// Default: maximum over 5 minutes.
	//
	MetricSearchableDocuments(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// Metric for search latency.
	// Default: p99 over 5 minutes.
	//
	MetricSearchLatency(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// Arn of the Amazon OpenSearch Service domain.
	DomainArn() *string
	// Endpoint of the Amazon OpenSearch Service domain.
	DomainEndpoint() *string
	// Identifier of the Amazon OpenSearch Service domain.
	DomainId() *string
	// Domain name of the Amazon OpenSearch Service domain.
	DomainName() *string
}

An interface that represents an Amazon OpenSearch Service domain - either created with the CDK, or an existing one.

func Domain_FromDomainAttributes 

func Domain_FromDomainAttributes(scope constructs.Construct, id *string, attrs *DomainAttributes) IDomain

Creates a domain construct that represents an external domain.

func Domain_FromDomainEndpoint 

func Domain_FromDomainEndpoint(scope constructs.Construct, id *string, domainEndpoint *string) IDomain

Creates a domain construct that represents an external domain via domain endpoint.

type IpAddressType added in v2.118.0 

type IpAddressType string

The IP address type for the domain.

Example: 

domain := awscdk.NewDomain(this, jsii.String("Domain"), &DomainProps{
	Version: awscdk.EngineVersion_OPENSEARCH_1_3(),
	IpAddressType: awscdk.IpAddressType_DUAL_STACK,
})

const (
	// IPv4 addresses only.
	IpAddressType_IPV4 IpAddressType = "IPV4"
	// IPv4 and IPv6 addresses.
	IpAddressType_DUAL_STACK IpAddressType = "DUAL_STACK"
)

type LoggingOptions 

type LoggingOptions struct {
	// Specify if Amazon OpenSearch Service application logging should be set up.
	//
	// Requires Elasticsearch version 5.1 or later or OpenSearch version 1.0 or later.
	// An explicit `false` is required when disabling it from `true`.
	// Default: - false.
	//
	AppLogEnabled *bool `field:"optional" json:"appLogEnabled" yaml:"appLogEnabled"`
	// Log Amazon OpenSearch Service application logs to this log group.
	// Default: - a new log group is created if app logging is enabled.
	//
	AppLogGroup awslogs.ILogGroup `field:"optional" json:"appLogGroup" yaml:"appLogGroup"`
	// Specify if Amazon OpenSearch Service audit logging should be set up.
	//
	// Requires Elasticsearch version 6.7 or later or OpenSearch version 1.0 or later and fine grained access control to be enabled.
	// Default: - false.
	//
	AuditLogEnabled *bool `field:"optional" json:"auditLogEnabled" yaml:"auditLogEnabled"`
	// Log Amazon OpenSearch Service audit logs to this log group.
	// Default: - a new log group is created if audit logging is enabled.
	//
	AuditLogGroup awslogs.ILogGroup `field:"optional" json:"auditLogGroup" yaml:"auditLogGroup"`
	// Specify if slow index logging should be set up.
	//
	// Requires Elasticsearch version 5.1 or later or OpenSearch version 1.0 or later.
	// An explicit `false` is required when disabling it from `true`.
	// Default: - false.
	//
	SlowIndexLogEnabled *bool `field:"optional" json:"slowIndexLogEnabled" yaml:"slowIndexLogEnabled"`
	// Log slow indices to this log group.
	// Default: - a new log group is created if slow index logging is enabled.
	//
	SlowIndexLogGroup awslogs.ILogGroup `field:"optional" json:"slowIndexLogGroup" yaml:"slowIndexLogGroup"`
	// Specify if slow search logging should be set up.
	//
	// Requires Elasticsearch version 5.1 or later or OpenSearch version 1.0 or later.
	// An explicit `false` is required when disabling it from `true`.
	// Default: - false.
	//
	SlowSearchLogEnabled *bool `field:"optional" json:"slowSearchLogEnabled" yaml:"slowSearchLogEnabled"`
	// Log slow searches to this log group.
	// Default: - a new log group is created if slow search logging is enabled.
	//
	SlowSearchLogGroup awslogs.ILogGroup `field:"optional" json:"slowSearchLogGroup" yaml:"slowSearchLogGroup"`
}

Configures log settings for the domain.

Example: 

domain := awscdk.NewDomain(this, jsii.String("Domain"), &DomainProps{
	Version: awscdk.EngineVersion_OPENSEARCH_1_0(),
	EnforceHttps: jsii.Boolean(true),
	NodeToNodeEncryption: jsii.Boolean(true),
	EncryptionAtRest: &EncryptionAtRestOptions{
		Enabled: jsii.Boolean(true),
	},
	FineGrainedAccessControl: &AdvancedSecurityOptions{
		MasterUserName: jsii.String("master-user"),
	},
	Logging: &LoggingOptions{
		AuditLogEnabled: jsii.Boolean(true),
		SlowSearchLogEnabled: jsii.Boolean(true),
		AppLogEnabled: jsii.Boolean(true),
		SlowIndexLogEnabled: jsii.Boolean(true),
	},
})

type SAMLOptionsProperty added in v2.92.0 

type SAMLOptionsProperty struct {
	// The unique entity ID of the application in the SAML identity provider.
	IdpEntityId *string `field:"required" json:"idpEntityId" yaml:"idpEntityId"`
	// The metadata of the SAML application, in XML format.
	IdpMetadataContent *string `field:"required" json:"idpMetadataContent" yaml:"idpMetadataContent"`
	// The backend role that the SAML master user is mapped to.
	//
	// Any users with this backend role receives full permission in OpenSearch Dashboards/Kibana.
	// To use a SAML master backend role, configure the `rolesKey` property.
	// Default: - The master user is not mapped to a backend role.
	//
	MasterBackendRole *string `field:"optional" json:"masterBackendRole" yaml:"masterBackendRole"`
	// The SAML master username, which is stored in the domain's internal user database.
	//
	// This SAML user receives full permission in OpenSearch Dashboards/Kibana.
	// Creating a new master username does not delete any existing master usernames.
	// Default: - No master user name is configured.
	//
	MasterUserName *string `field:"optional" json:"masterUserName" yaml:"masterUserName"`
	// Element of the SAML assertion to use for backend roles.
	// Default: - roles.
	//
	RolesKey *string `field:"optional" json:"rolesKey" yaml:"rolesKey"`
	// The duration, in minutes, after which a user session becomes inactive.
	// Default: - 60.
	//
	SessionTimeoutMinutes *float64 `field:"optional" json:"sessionTimeoutMinutes" yaml:"sessionTimeoutMinutes"`
	// Element of the SAML assertion to use for the user name.
	// Default: - NameID element of the SAML assertion fot the user name.
	//
	SubjectKey *string `field:"optional" json:"subjectKey" yaml:"subjectKey"`
}

Container for information about the SAML configuration for OpenSearch Dashboards.

Example: 

domain := awscdk.NewDomain(this, jsii.String("Domain"), &DomainProps{
	Version: awscdk.EngineVersion_OPENSEARCH_1_0(),
	EnforceHttps: jsii.Boolean(true),
	NodeToNodeEncryption: jsii.Boolean(true),
	EncryptionAtRest: &EncryptionAtRestOptions{
		Enabled: jsii.Boolean(true),
	},
	FineGrainedAccessControl: &AdvancedSecurityOptions{
		MasterUserName: jsii.String("master-user"),
		SamlAuthenticationEnabled: jsii.Boolean(true),
		SamlAuthenticationOptions: &SAMLOptionsProperty{
			IdpEntityId: jsii.String("entity-id"),
			IdpMetadataContent: jsii.String("metadata-content-with-quotes-escaped"),
		},
	},
})

type TLSSecurityPolicy 

type TLSSecurityPolicy string

The minimum TLS version required for traffic to the domain. 

const (
	// Cipher suite TLS 1.0.
	TLSSecurityPolicy_TLS_1_0 TLSSecurityPolicy = "TLS_1_0"
	// Cipher suite TLS 1.2.
	TLSSecurityPolicy_TLS_1_2 TLSSecurityPolicy = "TLS_1_2"
	// Cipher suite TLS 1.2 to 1.3 with perfect forward secrecy (PFS).
	TLSSecurityPolicy_TLS_1_2_PFS TLSSecurityPolicy = "TLS_1_2_PFS"
)

type WindowStartTime added in v2.89.0 

type WindowStartTime struct {
	// The start hour of the window in Coordinated Universal Time (UTC), using 24-hour time.
	//
	// For example, 17 refers to 5:00 P.M. UTC.
	// Default: - 22.
	//
	Hours *float64 `field:"required" json:"hours" yaml:"hours"`
	// The start minute of the window, in UTC.
	// Default: - 0.
	//
	Minutes *float64 `field:"required" json:"minutes" yaml:"minutes"`
}

Example: 

domain := awscdk.NewDomain(this, jsii.String("Domain"), &DomainProps{
	Version: awscdk.EngineVersion_OPENSEARCH_1_3(),
	OffPeakWindowEnabled: jsii.Boolean(true),
	 // can be omitted if offPeakWindowStart is set
	OffPeakWindowStart: &WindowStartTime{
		Hours: jsii.Number(20),
		Minutes: jsii.Number(0),
	},
})

type ZoneAwarenessConfig 

type ZoneAwarenessConfig struct {
	// If you enabled multiple Availability Zones (AZs), the number of AZs that you want the domain to use.
	//
	// Valid values are 2 and 3.
	// Default: - 2 if zone awareness is enabled.
	//
	AvailabilityZoneCount *float64 `field:"optional" json:"availabilityZoneCount" yaml:"availabilityZoneCount"`
	// Indicates whether to enable zone awareness for the Amazon OpenSearch Service domain.
	//
	// When you enable zone awareness, Amazon OpenSearch Service allocates the nodes and replica
	// index shards that belong to a cluster across two Availability Zones (AZs)
	// in the same region to prevent data loss and minimize downtime in the event
	// of node or data center failure. Don't enable zone awareness if your cluster
	// has no replica index shards or is a single-node cluster. For more information,
	// see [Configuring a Multi-AZ Domain](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/managedomains-multiaz.html)
	// in the Amazon OpenSearch Service Developer Guide.
	// Default: - false.
	//
	Enabled *bool `field:"optional" json:"enabled" yaml:"enabled"`
}

Specifies zone awareness configuration options.

Example: 

domain := awscdk.NewDomain(this, jsii.String("Domain"), &DomainProps{
	Version: awscdk.EngineVersion_OPENSEARCH_1_3(),
	Ebs: &EbsOptions{
		VolumeSize: jsii.Number(10),
		VolumeType: ec2.EbsDeviceVolumeType_GENERAL_PURPOSE_SSD_GP3,
	},
	ZoneAwareness: &ZoneAwarenessConfig{
		Enabled: jsii.Boolean(true),
		AvailabilityZoneCount: jsii.Number(3),
	},
	Capacity: &CapacityConfig{
		MultiAzWithStandbyEnabled: jsii.Boolean(true),
		MasterNodes: jsii.Number(3),
		DataNodes: jsii.Number(3),
	},
})

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.