domains
Creates, updates, deletes or gets a domain resource or lists domains in a region
Overview
| Name | domains |
| Type | Resource |
| Description | An example resource schema demonstrating some basic constructs and validation rules. |
| Id | awscc.opensearchservice.domains |
Fields
| Name | Datatype | Description |
|---|---|---|
cluster_config | object | |
domain_name | string | |
access_policies | object | |
ip_address_type | string | |
engine_version | string | |
advanced_options | object | |
log_publishing_options | object | |
snapshot_options | object | |
vpc_options | object | |
node_to_node_encryption_options | object | |
domain_endpoint_options | object | |
cognito_options | object | |
advanced_security_options | object | |
domain_endpoint | string | |
domain_endpoint_v2 | string | |
domain_endpoints | object | |
ebs_options | object | |
id | string | |
arn | string | |
domain_arn | string | |
encryption_at_rest_options | object | |
tags | array | An arbitrary set of tags (key-value pairs) for this Domain. |
service_software_options | object | |
off_peak_window_options | object | |
software_update_options | object | |
skip_shard_migration_wait | boolean | |
identity_center_options | object | Options for configuring Identity Center |
region | string | AWS region. |
For more information, see AWS::OpenSearchService::Domain.
Methods
| Name | Accessible by | Required Params |
|---|---|---|
create_resource | INSERT | region |
delete_resource | DELETE | Identifier, region |
update_resource | UPDATE | Identifier, PatchDocument, region |
get_resource | SELECT | Identifier, region |
SELECT examples
Gets all properties from an individual domain.
SELECT
region,
cluster_config,
domain_name,
access_policies,
ip_address_type,
engine_version,
advanced_options,
log_publishing_options,
snapshot_options,
vpc_options,
node_to_node_encryption_options,
domain_endpoint_options,
cognito_options,
advanced_security_options,
domain_endpoint,
domain_endpoint_v2,
domain_endpoints,
ebs_options,
id,
arn,
domain_arn,
encryption_at_rest_options,
tags,
service_software_options,
off_peak_window_options,
software_update_options,
skip_shard_migration_wait,
identity_center_options
FROM awscc.opensearchservice.domains
WHERE
region = 'us-east-1' AND
Identifier = '{{ domain_name }}';
INSERT example
Use the following StackQL query and manifest file to create a new domain resource, using stack-deploy.
- Required Properties
- All Properties
- Manifest
/*+ create */
INSERT INTO awscc.opensearchservice.domains (
ClusterConfig,
DomainName,
AccessPolicies,
IPAddressType,
EngineVersion,
AdvancedOptions,
LogPublishingOptions,
SnapshotOptions,
VPCOptions,
NodeToNodeEncryptionOptions,
DomainEndpointOptions,
CognitoOptions,
AdvancedSecurityOptions,
EBSOptions,
EncryptionAtRestOptions,
Tags,
OffPeakWindowOptions,
SoftwareUpdateOptions,
SkipShardMigrationWait,
IdentityCenterOptions,
region
)
SELECT
'{{ cluster_config }}',
'{{ domain_name }}',
'{{ access_policies }}',
'{{ ip_address_type }}',
'{{ engine_version }}',
'{{ advanced_options }}',
'{{ log_publishing_options }}',
'{{ snapshot_options }}',
'{{ vpc_options }}',
'{{ node_to_node_encryption_options }}',
'{{ domain_endpoint_options }}',
'{{ cognito_options }}',
'{{ advanced_security_options }}',
'{{ ebs_options }}',
'{{ encryption_at_rest_options }}',
'{{ tags }}',
'{{ off_peak_window_options }}',
'{{ software_update_options }}',
'{{ skip_shard_migration_wait }}',
'{{ identity_center_options }}',
'{{ region }}';
/*+ create */
INSERT INTO awscc.opensearchservice.domains (
ClusterConfig,
DomainName,
AccessPolicies,
IPAddressType,
EngineVersion,
AdvancedOptions,
LogPublishingOptions,
SnapshotOptions,
VPCOptions,
NodeToNodeEncryptionOptions,
DomainEndpointOptions,
CognitoOptions,
AdvancedSecurityOptions,
EBSOptions,
EncryptionAtRestOptions,
Tags,
OffPeakWindowOptions,
SoftwareUpdateOptions,
SkipShardMigrationWait,
IdentityCenterOptions,
region
)
SELECT
'{{ cluster_config }}',
'{{ domain_name }}',
'{{ access_policies }}',
'{{ ip_address_type }}',
'{{ engine_version }}',
'{{ advanced_options }}',
'{{ log_publishing_options }}',
'{{ snapshot_options }}',
'{{ vpc_options }}',
'{{ node_to_node_encryption_options }}',
'{{ domain_endpoint_options }}',
'{{ cognito_options }}',
'{{ advanced_security_options }}',
'{{ ebs_options }}',
'{{ encryption_at_rest_options }}',
'{{ tags }}',
'{{ off_peak_window_options }}',
'{{ software_update_options }}',
'{{ skip_shard_migration_wait }}',
'{{ identity_center_options }}',
'{{ region }}';
version: 1
name: stack name
description: stack description
providers:
- aws
globals:
- name: region
value: '{{ vars.AWS_REGION }}'
resources:
- name: domain
props:
- name: cluster_config
value:
instance_count: '{{ instance_count }}'
warm_enabled: '{{ warm_enabled }}'
warm_count: '{{ warm_count }}'
dedicated_master_enabled: '{{ dedicated_master_enabled }}'
zone_awareness_config:
availability_zone_count: '{{ availability_zone_count }}'
dedicated_master_count: '{{ dedicated_master_count }}'
instance_type: '{{ instance_type }}'
warm_type: '{{ warm_type }}'
zone_awareness_enabled: '{{ zone_awareness_enabled }}'
dedicated_master_type: '{{ dedicated_master_type }}'
multi_az_with_standby_enabled: '{{ multi_az_with_standby_enabled }}'
cold_storage_options:
enabled: '{{ enabled }}'
node_options:
- node_type: '{{ node_type }}'
node_config:
enabled: '{{ enabled }}'
type: '{{ type }}'
count: '{{ count }}'
- name: domain_name
value: '{{ domain_name }}'
- name: access_policies
value: {}
- name: ip_address_type
value: '{{ ip_address_type }}'
- name: engine_version
value: '{{ engine_version }}'
- name: advanced_options
value: {}
- name: log_publishing_options
value: {}
- name: snapshot_options
value:
automated_snapshot_start_hour: '{{ automated_snapshot_start_hour }}'
- name: vpc_options
value:
security_group_ids:
- '{{ security_group_ids[0] }}'
subnet_ids:
- '{{ subnet_ids[0] }}'
- name: node_to_node_encryption_options
value:
enabled: '{{ enabled }}'
- name: domain_endpoint_options
value:
custom_endpoint_certificate_arn: '{{ custom_endpoint_certificate_arn }}'
custom_endpoint_enabled: '{{ custom_endpoint_enabled }}'
enforce_ht_tp_s: '{{ enforce_ht_tp_s }}'
custom_endpoint: '{{ custom_endpoint }}'
tls_security_policy: '{{ tls_security_policy }}'
- name: cognito_options
value:
enabled: '{{ enabled }}'
identity_pool_id: '{{ identity_pool_id }}'
user_pool_id: '{{ user_pool_id }}'
role_arn: '{{ role_arn }}'
- name: advanced_security_options
value:
enabled: '{{ enabled }}'
master_user_options:
master_user_password: '{{ master_user_password }}'
master_user_name: '{{ master_user_name }}'
master_user_arn: '{{ master_user_arn }}'
internal_user_database_enabled: '{{ internal_user_database_enabled }}'
anonymous_auth_enabled: '{{ anonymous_auth_enabled }}'
s_aml_options:
enabled: '{{ enabled }}'
idp:
metadata_content: '{{ metadata_content }}'
entity_id: '{{ entity_id }}'
master_user_name: '{{ master_user_name }}'
master_backend_role: '{{ master_backend_role }}'
subject_key: '{{ subject_key }}'
roles_key: '{{ roles_key }}'
session_timeout_minutes: '{{ session_timeout_minutes }}'
j_wt_options:
enabled: '{{ enabled }}'
public_key: '{{ public_key }}'
subject_key: '{{ subject_key }}'
roles_key: '{{ roles_key }}'
iam_federation_options:
enabled: '{{ enabled }}'
roles_key: '{{ roles_key }}'
subject_key: '{{ subject_key }}'
anonymous_auth_disable_date: '{{ anonymous_auth_disable_date }}'
- name: ebs_options
value:
ebs_enabled: '{{ ebs_enabled }}'
volume_type: '{{ volume_type }}'
iops: '{{ iops }}'
volume_size: '{{ volume_size }}'
throughput: '{{ throughput }}'
- name: encryption_at_rest_options
value:
kms_key_id: '{{ kms_key_id }}'
enabled: '{{ enabled }}'
- name: tags
value:
- value: '{{ value }}'
key: '{{ key }}'
- name: off_peak_window_options
value:
enabled: '{{ enabled }}'
off_peak_window:
window_start_time:
hours: '{{ hours }}'
minutes: '{{ minutes }}'
- name: software_update_options
value:
auto_software_update_enabled: '{{ auto_software_update_enabled }}'
- name: skip_shard_migration_wait
value: '{{ skip_shard_migration_wait }}'
- name: identity_center_options
value:
enabled_api_access: '{{ enabled_api_access }}'
identity_center_instance_arn: '{{ identity_center_instance_arn }}'
subject_key: '{{ subject_key }}'
roles_key: '{{ roles_key }}'
identity_center_application_arn: '{{ identity_center_application_arn }}'
identity_store_id: '{{ identity_store_id }}'
UPDATE example
Use the following StackQL query and manifest file to update a domain resource, using stack-deploy.
/*+ update */
UPDATE awscc.opensearchservice.domains
SET PatchDocument = string('{{ {
"ClusterConfig": cluster_config,
"AccessPolicies": access_policies,
"IPAddressType": ip_address_type,
"EngineVersion": engine_version,
"AdvancedOptions": advanced_options,
"LogPublishingOptions": log_publishing_options,
"SnapshotOptions": snapshot_options,
"VPCOptions": vpc_options,
"NodeToNodeEncryptionOptions": node_to_node_encryption_options,
"DomainEndpointOptions": domain_endpoint_options,
"CognitoOptions": cognito_options,
"EBSOptions": ebs_options,
"EncryptionAtRestOptions": encryption_at_rest_options,
"Tags": tags,
"OffPeakWindowOptions": off_peak_window_options,
"SoftwareUpdateOptions": software_update_options,
"SkipShardMigrationWait": skip_shard_migration_wait
} | generate_patch_document }}')
WHERE
region = '{{ region }}' AND
Identifier = '{{ domain_name }}';
DELETE example
/*+ delete */
DELETE FROM awscc.opensearchservice.domains
WHERE
Identifier = '{{ domain_name }}' AND
region = 'us-east-1';
Permissions
To operate on the domains resource, the following permissions are required:
- Create
- Read
- Update
- Delete
es:CreateDomain,
es:DescribeDomain,
es:AddTags,
es:ListTags,
es:DescribeDomainChangeProgress
es:DescribeDomain,
es:ListTags
es:UpdateDomain,
es:UpgradeDomain,
es:DescribeDomain,
es:AddTags,
es:RemoveTags,
es:ListTags,
es:DescribeDomainChangeProgress
es:DeleteDomain,
es:DescribeDomain