aws_opensearch_domain

access_policies

Type: STRING
Provider name: AccessPolicies
Description: Identity and Access Management (IAM) policy document specifying the access policies for the domain.

account_id

Type: STRING

advanced_options

Type: MAP_STRING_STRING
Provider name: AdvancedOptions
Description: Key-value pairs that specify advanced configuration options.

advanced_security_options

Type: STRUCT
Provider name: AdvancedSecurityOptions
Description: Settings for fine-grained access control.

  • anonymous_auth_disable_date
    Type: TIMESTAMP
    Provider name: AnonymousAuthDisableDate
    Description: Date and time when the migration period will be disabled. Only necessary when enabling fine-grained access control on an existing domain.
  • anonymous_auth_enabled
    Type: BOOLEAN
    Provider name: AnonymousAuthEnabled
    Description: True if a 30-day migration period is enabled, during which administrators can create role mappings. Only necessary when enabling fine-grained access control on an existing domain.
  • enabled
    Type: BOOLEAN
    Provider name: Enabled
    Description: True if fine-grained access control is enabled.
  • internal_user_database_enabled
    Type: BOOLEAN
    Provider name: InternalUserDatabaseEnabled
    Description: True if the internal user database is enabled.
  • saml_options
    Type: STRUCT
    Provider name: SAMLOptions
    Description: Container for information about the SAML configuration for OpenSearch Dashboards.
    • enabled
      Type: BOOLEAN
      Provider name: Enabled
      Description: True if SAML is enabled.
    • idp
      Type: STRUCT
      Provider name: Idp
      Description: Describes the SAML identity provider’s information.
      • entity_id
        Type: STRING
        Provider name: EntityId
        Description: The unique entity ID of the application in the SAML identity provider.
      • metadata_content
        Type: STRING
        Provider name: MetadataContent
        Description: The metadata of the SAML application, in XML format.
    • roles_key
      Type: STRING
      Provider name: RolesKey
      Description: The key used for matching the SAML roles attribute.
    • session_timeout_minutes
      Type: INT32
      Provider name: SessionTimeoutMinutes
      Description: The duration, in minutes, after which a user session becomes inactive.
    • subject_key
      Type: STRING
      Provider name: SubjectKey
      Description: The key used for matching the SAML subject attribute.

arn

Type: STRING
Provider name: ARN
Description: The Amazon Resource Name (ARN) of the domain. For more information, see IAM identifiers in the AWS Identity and Access Management User Guide.

auto_tune_options

Type: STRUCT
Provider name: AutoTuneOptions
Description: Auto-Tune settings for the domain.

  • error_message
    Type: STRING
    Provider name: ErrorMessage
    Description: Any errors that occurred while enabling or disabling Auto-Tune.
  • state
    Type: STRING
    Provider name: State
    Description: The current state of Auto-Tune on the domain.
  • use_off_peak_window
    Type: BOOLEAN
    Provider name: UseOffPeakWindow
    Description: Whether the domain’s off-peak window will be used to deploy Auto-Tune changes rather than a maintenance schedule.

change_progress_details

Type: STRUCT
Provider name: ChangeProgressDetails
Description: Information about a configuration change happening on the domain.

  • change_id
    Type: STRING
    Provider name: ChangeId
    Description: The ID of the configuration change.
  • config_change_status
    Type: STRING
    Provider name: ConfigChangeStatus
    Description: The current status of the configuration change.
  • initiated_by
    Type: STRING
    Provider name: InitiatedBy
    Description: The IAM principal who initiated the configuration change.
  • last_updated_time
    Type: TIMESTAMP
    Provider name: LastUpdatedTime
    Description: The last time that the configuration change was updated.
  • message
    Type: STRING
    Provider name: Message
    Description: A message corresponding to the status of the configuration change.
  • start_time
    Type: TIMESTAMP
    Provider name: StartTime
    Description: The time that the configuration change was initiated, in Universal Coordinated Time (UTC).

cluster_config

Type: STRUCT
Provider name: ClusterConfig
Description: Container for the cluster configuration of the domain.

  • cold_storage_options
    Type: STRUCT
    Provider name: ColdStorageOptions
    Description: Container for cold storage configuration options.
    • enabled
      Type: BOOLEAN
      Provider name: Enabled
      Description: Whether to enable or disable cold storage on the domain. You must enable UltraWarm storage to enable cold storage.
  • dedicated_master_count
    Type: INT32
    Provider name: DedicatedMasterCount
    Description: Number of dedicated master nodes in the cluster. This number must be greater than 2 and not 4, otherwise you receive a validation exception.
  • dedicated_master_enabled
    Type: BOOLEAN
    Provider name: DedicatedMasterEnabled
    Description: Indicates whether dedicated master nodes are enabled for the cluster.True if the cluster will use a dedicated master node.False if the cluster will not.
  • dedicated_master_type
    Type: STRING
    Provider name: DedicatedMasterType
    Description: OpenSearch Service instance type of the dedicated master nodes in the cluster.
  • instance_count
    Type: INT32
    Provider name: InstanceCount
    Description: Number of data nodes in the cluster. This number must be greater than 1, otherwise you receive a validation exception.
  • instance_type
    Type: STRING
    Provider name: InstanceType
    Description: Instance type of data nodes in the cluster.
  • multi_az_with_standby_enabled
    Type: BOOLEAN
    Provider name: MultiAZWithStandbyEnabled
    Description: A boolean that indicates whether a multi-AZ domain is turned on with a standby AZ. For more information, see Configuring a multi-AZ domain in Amazon OpenSearch Service.
  • warm_count
    Type: INT32
    Provider name: WarmCount
    Description: The number of warm nodes in the cluster.
  • warm_enabled
    Type: BOOLEAN
    Provider name: WarmEnabled
    Description: Whether to enable warm storage for the cluster.
  • warm_type
    Type: STRING
    Provider name: WarmType
    Description: The instance type for the cluster’s warm nodes.
  • zone_awareness_config
    Type: STRUCT
    Provider name: ZoneAwarenessConfig
    Description: Container for zone awareness configuration options. Only required if ZoneAwarenessEnabled is true.
    • availability_zone_count
      Type: INT32
      Provider name: AvailabilityZoneCount
      Description: If you enabled multiple Availability Zones, this value is the number of zones that you want the domain to use. Valid values are 2 and 3. If your domain is provisioned within a VPC, this value be equal to number of subnets.
  • zone_awareness_enabled
    Type: BOOLEAN
    Provider name: ZoneAwarenessEnabled
    Description: Indicates whether multiple Availability Zones are enabled. For more information, see Configuring a multi-AZ domain in Amazon OpenSearch Service.

cognito_options

Type: STRUCT
Provider name: CognitoOptions
Description: Key-value pairs to configure Amazon Cognito authentication for OpenSearch Dashboards.

  • enabled
    Type: BOOLEAN
    Provider name: Enabled
    Description: Whether to enable or disable Amazon Cognito authentication for OpenSearch Dashboards.
  • identity_pool_id
    Type: STRING
    Provider name: IdentityPoolId
    Description: The Amazon Cognito identity pool ID that you want OpenSearch Service to use for OpenSearch Dashboards authentication.
  • role_arn
    Type: STRING
    Provider name: RoleArn
    Description: The AmazonOpenSearchServiceCognitoAccess role that allows OpenSearch Service to configure your user pool and identity pool.
  • user_pool_id
    Type: STRING
    Provider name: UserPoolId
    Description: The Amazon Cognito user pool ID that you want OpenSearch Service to use for OpenSearch Dashboards authentication.

created

Type: BOOLEAN
Provider name: Created
Description: Creation status of an OpenSearch Service domain. True if domain creation is complete. False if domain creation is still in progress.

deleted

Type: BOOLEAN
Provider name: Deleted
Description: Deletion status of an OpenSearch Service domain. True if domain deletion is complete. False if domain deletion is still in progress. Once deletion is complete, the status of the domain is no longer returned.

domain_endpoint_options

Type: STRUCT
Provider name: DomainEndpointOptions
Description: Additional options for the domain endpoint, such as whether to require HTTPS for all traffic.

  • custom_endpoint
    Type: STRING
    Provider name: CustomEndpoint
    Description: The fully qualified URL for the custom endpoint.
  • custom_endpoint_certificate_arn
    Type: STRING
    Provider name: CustomEndpointCertificateArn
    Description: The ARN for your security certificate, managed in Amazon Web Services Certificate Manager (ACM).
  • custom_endpoint_enabled
    Type: BOOLEAN
    Provider name: CustomEndpointEnabled
    Description: Whether to enable a custom endpoint for the domain.
  • enforce_https
    Type: BOOLEAN
    Provider name: EnforceHTTPS
    Description: True to require that all traffic to the domain arrive over HTTPS.
  • tls_security_policy
    Type: STRING
    Provider name: TLSSecurityPolicy
    Description: Specify the TLS security policy to apply to the HTTPS endpoint of the domain. The policy can be one of the following values:
    • Policy-Min-TLS-1-0-2019-07: TLS security policy that supports TLS version 1.0 to TLS version 1.2
    • Policy-Min-TLS-1-2-2019-07: TLS security policy that supports only TLS version 1.2
    • Policy-Min-TLS-1-2-PFS-2023-10: TLS security policy that supports TLS version 1.2 to TLS version 1.3 with perfect forward secrecy cipher suites

domain_endpoint_v2_hosted_zone_id

Type: STRING
Provider name: DomainEndpointV2HostedZoneId
Description: The DualStack Hosted Zone Id for the domain.

domain_id

Type: STRING
Provider name: DomainId
Description: Unique identifier for the domain.

domain_name

Type: STRING
Provider name: DomainName
Description: Name of the domain. Domain names are unique across all domains owned by the same account within an Amazon Web Services Region.

domain_processing_status

Type: STRING
Provider name: DomainProcessingStatus
Description: The status of any changes that are currently in progress for the domain.

ebs_options

Type: STRUCT
Provider name: EBSOptions
Description: Container for EBS-based storage settings for the domain.

  • ebs_enabled
    Type: BOOLEAN
    Provider name: EBSEnabled
    Description: Indicates whether EBS volumes are attached to data nodes in an OpenSearch Service domain.
  • iops
    Type: INT32
    Provider name: Iops
    Description: Specifies the baseline input/output (I/O) performance of EBS volumes attached to data nodes. Applicable only for the gp3 and provisioned IOPS EBS volume types.
  • throughput
    Type: INT32
    Provider name: Throughput
    Description: Specifies the throughput (in MiB/s) of the EBS volumes attached to data nodes. Applicable only for the gp3 volume type.
  • volume_size
    Type: INT32
    Provider name: VolumeSize
    Description: Specifies the size (in GiB) of EBS volumes attached to data nodes.
  • volume_type
    Type: STRING
    Provider name: VolumeType
    Description: Specifies the type of EBS volumes attached to data nodes.

encryption_at_rest_options

Type: STRUCT
Provider name: EncryptionAtRestOptions
Description: Encryption at rest settings for the domain.

  • enabled
    Type: BOOLEAN
    Provider name: Enabled
    Description: True to enable encryption at rest.
  • kms_key_id
    Type: STRING
    Provider name: KmsKeyId
    Description: The KMS key ID. Takes the form 1a2a3a4-1a2a-3a4a-5a6a-1a2a3a4a5a6a.

endpoint

Type: STRING
Provider name: Endpoint
Description: Domain-specific endpoint used to submit index, search, and data upload requests to the domain.

endpoint_v2

Type: STRING
Provider name: EndpointV2
Description: If IPAddressType to set to dualstack, a version 2 domain endpoint is provisioned. This endpoint functions like a normal endpoint, except that it works with both IPv4 and IPv6 IP addresses. Normal endpoints work only with IPv4 IP addresses.

endpoints

Type: MAP_STRING_STRING
Provider name: Endpoints
Description: The key-value pair that exists if the OpenSearch Service domain uses VPC endpoints. For example:

  • IPv4 IP addresses - ‘vpc’,‘vpc-endpoint-h2dsd34efgyghrtguk5gt6j2foh4.us-east-1.es.amazonaws.com’
  • Dual stack IP addresses - ‘vpcv2’:‘vpc-endpoint-h2dsd34efgyghrtguk5gt6j2foh4.aos.us-east-1.on.aws’

engine_version

Type: STRING
Provider name: EngineVersion
Description: Version of OpenSearch or Elasticsearch that the domain is running, in the format Elasticsearch_X.Y or OpenSearch_X.Y.

ip_address_type

Type: STRING
Provider name: IPAddressType
Description: The type of IP addresses supported by the endpoint for the domain.

log_publishing_options

Type: STRING
Provider name: LogPublishingOptions
Description: Log publishing options for the domain.

modifying_properties

Type: UNORDERED_LIST_STRUCT
Provider name: ModifyingProperties
Description: Information about the domain properties that are currently being modified.

  • active_value
    Type: STRING
    Provider name: ActiveValue
    Description: The current value of the domain property that is being modified.
  • name
    Type: STRING
    Provider name: Name
    Description: The name of the property that is currently being modified.
  • pending_value
    Type: STRING
    Provider name: PendingValue
    Description: The value that the property that is currently being modified will eventually have.
  • value_type
    Type: STRING
    Provider name: ValueType
    Description: The type of value that is currently being modified. Properties can have two types:
    • PLAIN_TEXT: Contain direct values such as “1”, “True”, or “c5.large.search”.
    • STRINGIFIED_JSON: Contain content in JSON format, such as {“Enabled”:“True”}".

node_to_node_encryption_options

Type: STRUCT
Provider name: NodeToNodeEncryptionOptions
Description: Whether node-to-node encryption is enabled or disabled.

  • enabled
    Type: BOOLEAN
    Provider name: Enabled
    Description: True to enable node-to-node encryption.

off_peak_window_options

Type: STRUCT
Provider name: OffPeakWindowOptions
Description: Options that specify a custom 10-hour window during which OpenSearch Service can perform configuration changes on the domain.

  • enabled
    Type: BOOLEAN
    Provider name: Enabled
    Description: Whether to enable an off-peak window. This option is only available when modifying a domain created prior to February 16, 2023, not when creating a new domain. All domains created after this date have the off-peak window enabled by default. You can’t disable the off-peak window after it’s enabled for a domain.
  • off_peak_window
    Type: STRUCT
    Provider name: OffPeakWindow
    Description: Off-peak window settings for the domain.
    • window_start_time
      Type: STRUCT
      Provider name: WindowStartTime
      Description: A custom start time for the off-peak window, in Coordinated Universal Time (UTC). The window length will always be 10 hours, so you can’t specify an end time. For example, if you specify 11:00 P.M. UTC as a start time, the end time will automatically be set to 9:00 A.M.
      • hours
        Type: INT64
        Provider name: Hours
        Description: The start hour of the window in Coordinated Universal Time (UTC), using 24-hour time. For example, 17 refers to 5:00 P.M. UTC.
      • minutes
        Type: INT64
        Provider name: Minutes
        Description: The start minute of the window, in UTC.

processing

Type: BOOLEAN
Provider name: Processing
Description: The status of the domain configuration. True if OpenSearch Service is processing configuration changes. False if the configuration is active.

service_software_options

Type: STRUCT
Provider name: ServiceSoftwareOptions
Description: The current status of the domain’s service software.

  • automated_update_date
    Type: TIMESTAMP
    Provider name: AutomatedUpdateDate
    Description: The timestamp, in Epoch time, until which you can manually request a service software update. After this date, we automatically update your service software.
  • cancellable
    Type: BOOLEAN
    Provider name: Cancellable
    Description: True if you’re able to cancel your service software version update. False if you can’t cancel your service software update.
  • current_version
    Type: STRING
    Provider name: CurrentVersion
    Description: The current service software version present on the domain.
  • description
    Type: STRING
    Provider name: Description
    Description: A description of the service software update status.
  • new_version
    Type: STRING
    Provider name: NewVersion
    Description: The new service software version, if one is available.
  • optional_deployment
    Type: BOOLEAN
    Provider name: OptionalDeployment
    Description: True if a service software is never automatically updated. False if a service software is automatically updated after the automated update date.
  • update_available
    Type: BOOLEAN
    Provider name: UpdateAvailable
    Description: True if you’re able to update your service software version. False if you can’t update your service software version.
  • update_status
    Type: STRING
    Provider name: UpdateStatus
    Description: The status of your service software update.

snapshot_options

Type: STRUCT
Provider name: SnapshotOptions
Description: DEPRECATED. Container for parameters required to configure automated snapshots of domain indexes.

  • automated_snapshot_start_hour
    Type: INT32
    Provider name: AutomatedSnapshotStartHour
    Description: The time, in UTC format, when OpenSearch Service takes a daily automated snapshot of the specified domain. Default is 0 hours.

software_update_options

Type: STRUCT
Provider name: SoftwareUpdateOptions
Description: Service software update options for the domain.

  • auto_software_update_enabled
    Type: BOOLEAN
    Provider name: AutoSoftwareUpdateEnabled
    Description: Whether automatic service software updates are enabled for the domain.

tags

Type: UNORDERED_LIST_STRING

upgrade_processing

Type: BOOLEAN
Provider name: UpgradeProcessing
Description: The status of a domain version upgrade to a new version of OpenSearch or Elasticsearch. True if OpenSearch Service is in the process of a version upgrade. False if the configuration is active.

vpc_options

Type: STRUCT
Provider name: VPCOptions
Description: The VPC configuration for the domain.

  • availability_zones
    Type: UNORDERED_LIST_STRING
    Provider name: AvailabilityZones
    Description: The list of Availability Zones associated with the VPC subnets.
  • security_group_ids
    Type: UNORDERED_LIST_STRING
    Provider name: SecurityGroupIds
    Description: The list of security group IDs associated with the VPC endpoints for the domain.
  • subnet_ids
    Type: UNORDERED_LIST_STRING
    Provider name: SubnetIds
    Description: A list of subnet IDs associated with the VPC endpoints for the domain.
  • vpc_id
    Type: STRING
    Provider name: VPCId
    Description: The ID for your VPC. Amazon VPC generates this value when you create a VPC.