domains
Creates, updates, deletes or gets a domain resource or lists domains in a region
Overview
| Name | domains |
| Type | Resource |
| Description | An example resource schema demonstrating some basic constructs and validation rules. |
| Id | awscc.opensearchservice.domains |
Fields
| Name | Datatype | Description |
|---|---|---|
cluster_config | object | |
domain_name | string | |
access_policies | object | |
ip_address_type | string | |
engine_version | string | |
advanced_options | object | |
log_publishing_options | object | |
snapshot_options | object | |
vpc_options | object | |
node_to_node_encryption_options | object | |
domain_endpoint_options | object | |
cognito_options | object | |
advanced_security_options | object | |
domain_endpoint | string | |
domain_endpoint_v2 | string | |
domain_endpoints | object | |
ebs_options | object | |
id | string | |
arn | string | |
domain_arn | string | |
encryption_at_rest_options | object | |
tags | array | An arbitrary set of tags (key-value pairs) for this Domain. |
service_software_options | object | |
off_peak_window_options | object | |
software_update_options | object | |
skip_shard_migration_wait | boolean | |
identity_center_options | object | Options for configuring Identity Center |
region | string | AWS region. |
For more information, see AWS::OpenSearchService::Domain.
Methods
| Name | Accessible by | Required Params |
|---|---|---|
create_resource | INSERT | region |
delete_resource | DELETE | Identifier, region |
update_resource | UPDATE | Identifier, PatchDocument, region |
get_resource | SELECT | Identifier, region |
SELECT examples
Gets all properties from an individual domain.
SELECT
region,
cluster_config,
domain_name,
access_policies,
ip_address_type,
engine_version,
advanced_options,
log_publishing_options,
snapshot_options,
vpc_options,
node_to_node_encryption_options,
domain_endpoint_options,
cognito_options,
advanced_security_options,
domain_endpoint,
domain_endpoint_v2,
domain_endpoints,
ebs_options,
id,
arn,
domain_arn,
encryption_at_rest_options,
tags,
service_software_options,
off_peak_window_options,
software_update_options,
skip_shard_migration_wait,
identity_center_options
FROM awscc.opensearchservice.domains
WHERE
region = '{{ region }}' AND
Identifier = '{{ domain_name }}';
INSERT example
Use the following StackQL query and manifest file to create a new domain resource, using stack-deploy.
- Required Properties
- All Properties
- Manifest
/*+ create */
INSERT INTO awscc.opensearchservice.domains (
ClusterConfig,
DomainName,
AccessPolicies,
IPAddressType,
EngineVersion,
AdvancedOptions,
LogPublishingOptions,
SnapshotOptions,
VPCOptions,
NodeToNodeEncryptionOptions,
DomainEndpointOptions,
CognitoOptions,
AdvancedSecurityOptions,
EBSOptions,
EncryptionAtRestOptions,
Tags,
OffPeakWindowOptions,
SoftwareUpdateOptions,
SkipShardMigrationWait,
IdentityCenterOptions,
region
)
SELECT
'{{ cluster_config }}',
'{{ domain_name }}',
'{{ access_policies }}',
'{{ ip_address_type }}',
'{{ engine_version }}',
'{{ advanced_options }}',
'{{ log_publishing_options }}',
'{{ snapshot_options }}',
'{{ vpc_options }}',
'{{ node_to_node_encryption_options }}',
'{{ domain_endpoint_options }}',
'{{ cognito_options }}',
'{{ advanced_security_options }}',
'{{ ebs_options }}',
'{{ encryption_at_rest_options }}',
'{{ tags }}',
'{{ off_peak_window_options }}',
'{{ software_update_options }}',
'{{ skip_shard_migration_wait }}',
'{{ identity_center_options }}',
'{{ region }}'
RETURNING
ErrorCode,
EventTime,
Identifier,
Operation,
OperationStatus,
RequestToken,
ResourceModel,
RetryAfter,
StatusMessage,
TypeName
;
/*+ create */
INSERT INTO awscc.opensearchservice.domains (
ClusterConfig,
DomainName,
AccessPolicies,
IPAddressType,
EngineVersion,
AdvancedOptions,
LogPublishingOptions,
SnapshotOptions,
VPCOptions,
NodeToNodeEncryptionOptions,
DomainEndpointOptions,
CognitoOptions,
AdvancedSecurityOptions,
EBSOptions,
EncryptionAtRestOptions,
Tags,
OffPeakWindowOptions,
SoftwareUpdateOptions,
SkipShardMigrationWait,
IdentityCenterOptions,
region
)
SELECT
'{{ cluster_config }}',
'{{ domain_name }}',
'{{ access_policies }}',
'{{ ip_address_type }}',
'{{ engine_version }}',
'{{ advanced_options }}',
'{{ log_publishing_options }}',
'{{ snapshot_options }}',
'{{ vpc_options }}',
'{{ node_to_node_encryption_options }}',
'{{ domain_endpoint_options }}',
'{{ cognito_options }}',
'{{ advanced_security_options }}',
'{{ ebs_options }}',
'{{ encryption_at_rest_options }}',
'{{ tags }}',
'{{ off_peak_window_options }}',
'{{ software_update_options }}',
'{{ skip_shard_migration_wait }}',
'{{ identity_center_options }}',
'{{ region }}'
RETURNING
ErrorCode,
EventTime,
Identifier,
Operation,
OperationStatus,
RequestToken,
ResourceModel,
RetryAfter,
StatusMessage,
TypeName
;
version: 1
name: stack name
description: stack description
providers:
- aws
globals:
- name: region
value: '{{ vars.AWS_REGION }}'
resources:
- name: domain
props:
- name: cluster_config
value:
instance_count: '{{ instance_count }}'
warm_enabled: '{{ warm_enabled }}'
warm_count: '{{ warm_count }}'
dedicated_master_enabled: '{{ dedicated_master_enabled }}'
zone_awareness_config:
availability_zone_count: '{{ availability_zone_count }}'
dedicated_master_count: '{{ dedicated_master_count }}'
instance_type: '{{ instance_type }}'
warm_type: '{{ warm_type }}'
zone_awareness_enabled: '{{ zone_awareness_enabled }}'
dedicated_master_type: '{{ dedicated_master_type }}'
multi_az_with_standby_enabled: '{{ multi_az_with_standby_enabled }}'
cold_storage_options:
enabled: '{{ enabled }}'
node_options:
- node_type: '{{ node_type }}'
node_config:
enabled: '{{ enabled }}'
type: '{{ type }}'
count: '{{ count }}'
- name: domain_name
value: '{{ domain_name }}'
- name: access_policies
value: {}
- name: ip_address_type
value: '{{ ip_address_type }}'
- name: engine_version
value: '{{ engine_version }}'
- name: advanced_options
value: {}
- name: log_publishing_options
value: {}
- name: snapshot_options
value:
automated_snapshot_start_hour: '{{ automated_snapshot_start_hour }}'
- name: vpc_options
value:
security_group_ids:
- '{{ security_group_ids[0] }}'
subnet_ids:
- '{{ subnet_ids[0] }}'
- name: node_to_node_encryption_options
value:
enabled: '{{ enabled }}'
- name: domain_endpoint_options
value:
custom_endpoint_certificate_arn: '{{ custom_endpoint_certificate_arn }}'
custom_endpoint_enabled: '{{ custom_endpoint_enabled }}'
enforce_ht_tp_s: '{{ enforce_ht_tp_s }}'
custom_endpoint: '{{ custom_endpoint }}'
tls_security_policy: '{{ tls_security_policy }}'
- name: cognito_options
value:
enabled: '{{ enabled }}'
identity_pool_id: '{{ identity_pool_id }}'
user_pool_id: '{{ user_pool_id }}'
role_arn: '{{ role_arn }}'
- name: advanced_security_options
value:
enabled: '{{ enabled }}'
master_user_options:
master_user_password: '{{ master_user_password }}'
master_user_name: '{{ master_user_name }}'
master_user_arn: '{{ master_user_arn }}'
internal_user_database_enabled: '{{ internal_user_database_enabled }}'
anonymous_auth_enabled: '{{ anonymous_auth_enabled }}'
s_aml_options:
enabled: '{{ enabled }}'
idp:
metadata_content: '{{ metadata_content }}'
entity_id: '{{ entity_id }}'
master_user_name: '{{ master_user_name }}'
master_backend_role: '{{ master_backend_role }}'
subject_key: '{{ subject_key }}'
roles_key: '{{ roles_key }}'
session_timeout_minutes: '{{ session_timeout_minutes }}'
j_wt_options:
enabled: '{{ enabled }}'
public_key: '{{ public_key }}'
subject_key: '{{ subject_key }}'
roles_key: '{{ roles_key }}'
iam_federation_options:
enabled: '{{ enabled }}'
roles_key: '{{ roles_key }}'
subject_key: '{{ subject_key }}'
anonymous_auth_disable_date: '{{ anonymous_auth_disable_date }}'
- name: ebs_options
value:
ebs_enabled: '{{ ebs_enabled }}'
volume_type: '{{ volume_type }}'
iops: '{{ iops }}'
volume_size: '{{ volume_size }}'
throughput: '{{ throughput }}'
- name: encryption_at_rest_options
value:
kms_key_id: '{{ kms_key_id }}'
enabled: '{{ enabled }}'
- name: tags
value:
- value: '{{ value }}'
key: '{{ key }}'
- name: off_peak_window_options
value:
enabled: '{{ enabled }}'
off_peak_window:
window_start_time:
hours: '{{ hours }}'
minutes: '{{ minutes }}'
- name: software_update_options
value:
auto_software_update_enabled: '{{ auto_software_update_enabled }}'
- name: skip_shard_migration_wait
value: '{{ skip_shard_migration_wait }}'
- name: identity_center_options
value:
enabled_api_access: '{{ enabled_api_access }}'
identity_center_instance_arn: '{{ identity_center_instance_arn }}'
subject_key: '{{ subject_key }}'
roles_key: '{{ roles_key }}'
identity_center_application_arn: '{{ identity_center_application_arn }}'
identity_store_id: '{{ identity_store_id }}'
UPDATE example
Use the following StackQL query and manifest file to update a domain resource, using stack-deploy.
/*+ update */
UPDATE awscc.opensearchservice.domains
SET PatchDocument = string('{{ {
"ClusterConfig": cluster_config,
"AccessPolicies": access_policies,
"IPAddressType": ip_address_type,
"EngineVersion": engine_version,
"AdvancedOptions": advanced_options,
"LogPublishingOptions": log_publishing_options,
"SnapshotOptions": snapshot_options,
"VPCOptions": vpc_options,
"NodeToNodeEncryptionOptions": node_to_node_encryption_options,
"DomainEndpointOptions": domain_endpoint_options,
"CognitoOptions": cognito_options,
"EBSOptions": ebs_options,
"EncryptionAtRestOptions": encryption_at_rest_options,
"Tags": tags,
"OffPeakWindowOptions": off_peak_window_options,
"SoftwareUpdateOptions": software_update_options,
"SkipShardMigrationWait": skip_shard_migration_wait
} | generate_patch_document }}')
WHERE
region = '{{ region }}' AND
Identifier = '{{ domain_name }}'
RETURNING
ErrorCode,
EventTime,
Identifier,
Operation,
OperationStatus,
RequestToken,
ResourceModel,
RetryAfter,
StatusMessage,
TypeName
;
DELETE example
/*+ delete */
DELETE FROM awscc.opensearchservice.domains
WHERE
Identifier = '{{ domain_name }}' AND
region = '{{ region }}'
RETURNING
ErrorCode,
EventTime,
Identifier,
Operation,
OperationStatus,
RequestToken,
ResourceModel,
RetryAfter,
StatusMessage,
TypeName
;
Additional Parameters
Mutable resources in the Cloud Control provider support additional optional parameters which can be supplied with INSERT, UPDATE, or DELETE operations. These include:
| Parameter | Description |
|---|---|
ClientToken | A unique identifier to ensure the idempotency of the resource request.This allows the provider to accurately distinguish between retries and new requests.A client token is valid for 36 hours once used. After that, a resource request with the same client token is treated as a new request. If you do not specify a client token, one is generated for inclusion in the request. |
RoleArn | The ARN of the IAM role used to perform this resource operation.The role specified must have the permissions required for this operation.If you do not specify a role, a temporary session is created using your AWS user credentials. |
TypeVersionId | For private resource types, the type version to use in this resource operation.If you do not specify a resource version, the default version is used. |
Permissions
To operate on the domains resource, the following permissions are required:
- Create
- Read
- Update
- Delete
es:CreateDomain,
es:DescribeDomain,
es:AddTags,
es:ListTags,
es:DescribeDomainChangeProgress
es:DescribeDomain,
es:ListTags
es:UpdateDomain,
es:UpgradeDomain,
es:DescribeDomain,
es:AddTags,
es:RemoveTags,
es:ListTags,
es:DescribeDomainChangeProgress
es:DeleteDomain,
es:DescribeDomain