Domain

Manages an AWS Elasticsearch Domain.

Example Usage

Basic Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
    public MyStack()
    {
        var example = new Aws.ElasticSearch.Domain("example", new Aws.ElasticSearch.DomainArgs
        {
            ClusterConfig = new Aws.ElasticSearch.Inputs.DomainClusterConfigArgs
            {
                InstanceType = "r4.large.elasticsearch",
            },
            ElasticsearchVersion = "1.5",
            SnapshotOptions = new Aws.ElasticSearch.Inputs.DomainSnapshotOptionsArgs
            {
                AutomatedSnapshotStartHour = 23,
            },
            Tags = 
            {
                { "Domain", "TestDomain" },
            },
        });
    }

}

package main

import (
    "github.com/pulumi/pulumi-aws/sdk/v2/go/aws/elasticsearch"
    "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)

func main() {
    pulumi.Run(func(ctx *pulumi.Context) error {
        _, err := elasticsearch.NewDomain(ctx, "example", &elasticsearch.DomainArgs{
            ClusterConfig: &elasticsearch.DomainClusterConfigArgs{
                InstanceType: pulumi.String("r4.large.elasticsearch"),
            },
            ElasticsearchVersion: pulumi.String("1.5"),
            SnapshotOptions: &elasticsearch.DomainSnapshotOptionsArgs{
                AutomatedSnapshotStartHour: pulumi.Int(23),
            },
            Tags: pulumi.StringMap{
                "Domain": pulumi.String("TestDomain"),
            },
        })
        if err != nil {
            return err
        }
        return nil
    })
}

import pulumi
import pulumi_aws as aws

example = aws.elasticsearch.Domain("example",
    cluster_config={
        "instance_type": "r4.large.elasticsearch",
    },
    elasticsearch_version="1.5",
    snapshot_options={
        "automatedSnapshotStartHour": 23,
    },
    tags={
        "Domain": "TestDomain",
    })

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.elasticsearch.Domain("example", {
    clusterConfig: {
        instanceType: "r4.large.elasticsearch",
    },
    elasticsearchVersion: "1.5",
    snapshotOptions: {
        automatedSnapshotStartHour: 23,
    },
    tags: {
        Domain: "TestDomain",
    },
});

Access Policy

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
    public MyStack()
    {
        var config = new Config();
        var domain = config.Get("domain") ?? "tf-test";
        var currentRegion = Output.Create(Aws.GetRegion.InvokeAsync());
        var currentCallerIdentity = Output.Create(Aws.GetCallerIdentity.InvokeAsync());
        var example = new Aws.ElasticSearch.Domain("example", new Aws.ElasticSearch.DomainArgs
        {
            AccessPolicies = Output.Tuple(currentRegion, currentCallerIdentity).Apply(values =>
            {
                var currentRegion = values.Item1;
                var currentCallerIdentity = values.Item2;
                return @$"{{
  ""Version"": ""2012-10-17"",
  ""Statement"": [
    {{
      ""Action"": ""es:*"",
      ""Principal"": ""*"",
      ""Effect"": ""Allow"",
      ""Resource"": ""arn:aws:es:{currentRegion.Name}:{currentCallerIdentity.AccountId}:domain/{domain}/*"",
      ""Condition"": {{
        ""IpAddress"": {{""aws:SourceIp"": [""66.193.100.22/32""]}}
      }}
    }}
  ]
}}

";
            }),
        });
    }

}

package main

import (
    "fmt"

    "github.com/pulumi/pulumi-aws/sdk/v2/go/aws"
    "github.com/pulumi/pulumi-aws/sdk/v2/go/aws/elasticsearch"
    "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)

func main() {
    pulumi.Run(func(ctx *pulumi.Context) error {
        currentRegion, err := aws.GetRegion(ctx, nil, nil)
        if err != nil {
            return err
        }
        currentCallerIdentity, err := aws.GetCallerIdentity(ctx, nil, nil)
        if err != nil {
            return err
        }
        _, err = elasticsearch.NewDomain(ctx, "example", &elasticsearch.DomainArgs{
            AccessPolicies: pulumi.String(fmt.Sprintf("%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v", "{\n", "  \"Version\": \"2012-10-17\",\n", "  \"Statement\": [\n", "    {\n", "      \"Action\": \"es:*\",\n", "      \"Principal\": \"*\",\n", "      \"Effect\": \"Allow\",\n", "      \"Resource\": \"arn:aws:es:", currentRegion.Name, ":", currentCallerIdentity.AccountId, ":domain/", domain, "/*\",\n", "      \"Condition\": {\n", "        \"IpAddress\": {\"aws:SourceIp\": [\"66.193.100.22/32\"]}\n", "      }\n", "    }\n", "  ]\n", "}\n", "\n")),
        })
        if err != nil {
            return err
        }
        return nil
    })
}

import pulumi
import pulumi_aws as aws

config = pulumi.Config()
domain = config.get("domain")
if domain is None:
    domain = "tf-test"
current_region = aws.get_region()
current_caller_identity = aws.get_caller_identity()
example = aws.elasticsearch.Domain("example", access_policies=f"""{{
  "Version": "2012-10-17",
  "Statement": [
    {{
      "Action": "es:*",
      "Principal": "*",
      "Effect": "Allow",
      "Resource": "arn:aws:es:{current_region.name}:{current_caller_identity.account_id}:domain/{domain}/*",
      "Condition": {{
        "IpAddress": {{"aws:SourceIp": ["66.193.100.22/32"]}}
      }}
    }}
  ]
}}

""")

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const config = new pulumi.Config();
const domain = config.get("domain") || "tf-test";

const currentRegion = pulumi.output(aws.getRegion({ async: true }));
const currentCallerIdentity = pulumi.output(aws.getCallerIdentity({ async: true }));
const example = new aws.elasticsearch.Domain("example", {
    accessPolicies: pulumi.interpolate`{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "es:*",
      "Principal": "*",
      "Effect": "Allow",
      "Resource": "arn:aws:es:${currentRegion.name!}:${currentCallerIdentity.accountId}:domain/${domain}/*",
      "Condition": {
        "IpAddress": {"aws:SourceIp": ["66.193.100.22/32"]}
      }
    }
  ]
}
`,
});

Log Publishing to CloudWatch Logs

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
    public MyStack()
    {
        var exampleLogGroup = new Aws.CloudWatch.LogGroup("exampleLogGroup", new Aws.CloudWatch.LogGroupArgs
        {
        });
        var exampleLogResourcePolicy = new Aws.CloudWatch.LogResourcePolicy("exampleLogResourcePolicy", new Aws.CloudWatch.LogResourcePolicyArgs
        {
            PolicyDocument = @"{
  ""Version"": ""2012-10-17"",
  ""Statement"": [
    {
      ""Effect"": ""Allow"",
      ""Principal"": {
        ""Service"": ""es.amazonaws.com""
      },
      ""Action"": [
        ""logs:PutLogEvents"",
        ""logs:PutLogEventsBatch"",
        ""logs:CreateLogStream""
      ],
      ""Resource"": ""arn:aws:logs:*""
    }
  ]
}

",
            PolicyName = "example",
        });
        var exampleDomain = new Aws.ElasticSearch.Domain("exampleDomain", new Aws.ElasticSearch.DomainArgs
        {
            LogPublishingOptions = 
            {
                new Aws.ElasticSearch.Inputs.DomainLogPublishingOptionArgs
                {
                    CloudwatchLogGroupArn = exampleLogGroup.Arn,
                    LogType = "INDEX_SLOW_LOGS",
                },
            },
        });
    }

}

package main

import (
    "fmt"

    "github.com/pulumi/pulumi-aws/sdk/v2/go/aws/cloudwatch"
    "github.com/pulumi/pulumi-aws/sdk/v2/go/aws/elasticsearch"
    "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)

func main() {
    pulumi.Run(func(ctx *pulumi.Context) error {
        exampleLogGroup, err := cloudwatch.NewLogGroup(ctx, "exampleLogGroup", nil)
        if err != nil {
            return err
        }
        _, err = cloudwatch.NewLogResourcePolicy(ctx, "exampleLogResourcePolicy", &cloudwatch.LogResourcePolicyArgs{
            PolicyDocument: pulumi.String(fmt.Sprintf("%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v", "{\n", "  \"Version\": \"2012-10-17\",\n", "  \"Statement\": [\n", "    {\n", "      \"Effect\": \"Allow\",\n", "      \"Principal\": {\n", "        \"Service\": \"es.amazonaws.com\"\n", "      },\n", "      \"Action\": [\n", "        \"logs:PutLogEvents\",\n", "        \"logs:PutLogEventsBatch\",\n", "        \"logs:CreateLogStream\"\n", "      ],\n", "      \"Resource\": \"arn:aws:logs:*\"\n", "    }\n", "  ]\n", "}\n", "\n")),
            PolicyName:     pulumi.String("example"),
        })
        if err != nil {
            return err
        }
        _, err = elasticsearch.NewDomain(ctx, "exampleDomain", &elasticsearch.DomainArgs{
            LogPublishingOptions: elasticsearch.DomainLogPublishingOptionArray{
                &elasticsearch.DomainLogPublishingOptionArgs{
                    CloudwatchLogGroupArn: exampleLogGroup.Arn,
                    LogType:               pulumi.String("INDEX_SLOW_LOGS"),
                },
            },
        })
        if err != nil {
            return err
        }
        return nil
    })
}

import pulumi
import pulumi_aws as aws

example_log_group = aws.cloudwatch.LogGroup("exampleLogGroup")
example_log_resource_policy = aws.cloudwatch.LogResourcePolicy("exampleLogResourcePolicy",
    policy_document="""{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "es.amazonaws.com"
      },
      "Action": [
        "logs:PutLogEvents",
        "logs:PutLogEventsBatch",
        "logs:CreateLogStream"
      ],
      "Resource": "arn:aws:logs:*"
    }
  ]
}

""",
    policy_name="example")
example_domain = aws.elasticsearch.Domain("exampleDomain", log_publishing_options=[{
    "cloudwatch_log_group_arn": example_log_group.arn,
    "logType": "INDEX_SLOW_LOGS",
}])

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const exampleLogGroup = new aws.cloudwatch.LogGroup("example", {});
const exampleLogResourcePolicy = new aws.cloudwatch.LogResourcePolicy("example", {
    policyDocument: `{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "es.amazonaws.com"
      },
      "Action": [
        "logs:PutLogEvents",
        "logs:PutLogEventsBatch",
        "logs:CreateLogStream"
      ],
      "Resource": "arn:aws:logs:*"
    }
  ]
}
`,
    policyName: "example",
});
const exampleDomain = new aws.elasticsearch.Domain("example", {
    logPublishingOptions: [{
        cloudwatchLogGroupArn: exampleLogGroup.arn,
        logType: "INDEX_SLOW_LOGS",
    }],
});

Create a Domain Resource

new Domain(name: string, args?: DomainArgs, opts?: CustomResourceOptions);

def Domain(resource_name, opts=None, access_policies=None, advanced_options=None, advanced_security_options=None, cluster_config=None, cognito_options=None, domain_endpoint_options=None, domain_name=None, ebs_options=None, elasticsearch_version=None, encrypt_at_rest=None, log_publishing_options=None, node_to_node_encryption=None, snapshot_options=None, tags=None, vpc_options=None, __props__=None);

func NewDomain(ctx *Context, name string, args *DomainArgs, opts ...ResourceOption) (*Domain, error)

public Domain(string name, DomainArgs? args = null, CustomResourceOptions? opts = null)

name string: The unique name of the resource.
args DomainArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
opts ResourceOptions: A bag of options that control this resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args DomainArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args DomainArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

Domain Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.

Inputs

The Domain resource accepts the following input properties:

AccessPolicies string: IAM policy document specifying the access policies for the domain
AdvancedOptions Dictionary<string, string>: Key-value string pairs to specify advanced configuration options. Note that the values for these configuration options must be strings (wrapped in quotes) or they may be wrong and cause a perpetual diff, causing this provider to want to recreate your Elasticsearch domain on every apply.
AdvancedSecurityOptions DomainAdvancedSecurityOptionsArgs: Options for fine-grained access control. See below for more details.
ClusterConfig DomainClusterConfigArgs: Cluster configuration of the domain, see below.
CognitoOptions DomainCognitoOptionsArgs
DomainEndpointOptions DomainDomainEndpointOptionsArgs: Domain endpoint HTTP(S) related options. See below.
DomainName string: Name of the domain.
EbsOptions DomainEbsOptionsArgs: EBS related options, may be required based on chosen instance size. See below.
ElasticsearchVersion string: The version of Elasticsearch to deploy. Defaults to 1.5
EncryptAtRest DomainEncryptAtRestArgs: Encrypt at rest options. Only available for certain instance types. See below.
LogPublishingOptions List<DomainLogPublishingOptionArgs>: Options for publishing slow logs to CloudWatch Logs.
NodeToNodeEncryption DomainNodeToNodeEncryptionArgs: Node-to-node encryption options. See below.
SnapshotOptions DomainSnapshotOptionsArgs: Snapshot related options, see below.
Tags Dictionary<string, string>: A map of tags to assign to the resource
VpcOptions DomainVpcOptionsArgs: VPC related options, see below. Adding or removing this configuration forces a new resource (documentation).

AccessPolicies interface{}: IAM policy document specifying the access policies for the domain
AdvancedOptions map[string]string: Key-value string pairs to specify advanced configuration options. Note that the values for these configuration options must be strings (wrapped in quotes) or they may be wrong and cause a perpetual diff, causing this provider to want to recreate your Elasticsearch domain on every apply.
AdvancedSecurityOptions DomainAdvancedSecurityOptions: Options for fine-grained access control. See below for more details.
ClusterConfig DomainClusterConfig: Cluster configuration of the domain, see below.
CognitoOptions DomainCognitoOptions
DomainEndpointOptions DomainDomainEndpointOptions: Domain endpoint HTTP(S) related options. See below.
DomainName string: Name of the domain.
EbsOptions DomainEbsOptions: EBS related options, may be required based on chosen instance size. See below.
ElasticsearchVersion string: The version of Elasticsearch to deploy. Defaults to 1.5
EncryptAtRest DomainEncryptAtRest: Encrypt at rest options. Only available for certain instance types. See below.
LogPublishingOptions []DomainLogPublishingOption: Options for publishing slow logs to CloudWatch Logs.
NodeToNodeEncryption DomainNodeToNodeEncryption: Node-to-node encryption options. See below.
SnapshotOptions DomainSnapshotOptions: Snapshot related options, see below.
Tags map[string]string: A map of tags to assign to the resource
VpcOptions DomainVpcOptions: VPC related options, see below. Adding or removing this configuration forces a new resource (documentation).

accessPolicies string | PolicyDocument: IAM policy document specifying the access policies for the domain
advancedOptions {[key: string]: string}: Key-value string pairs to specify advanced configuration options. Note that the values for these configuration options must be strings (wrapped in quotes) or they may be wrong and cause a perpetual diff, causing this provider to want to recreate your Elasticsearch domain on every apply.
advancedSecurityOptions DomainAdvancedSecurityOptions: Options for fine-grained access control. See below for more details.
clusterConfig DomainClusterConfig: Cluster configuration of the domain, see below.
cognitoOptions DomainCognitoOptions
domainEndpointOptions DomainDomainEndpointOptions: Domain endpoint HTTP(S) related options. See below.
domainName string: Name of the domain.
ebsOptions DomainEbsOptions: EBS related options, may be required based on chosen instance size. See below.
elasticsearchVersion string: The version of Elasticsearch to deploy. Defaults to 1.5
encryptAtRest DomainEncryptAtRest: Encrypt at rest options. Only available for certain instance types. See below.
logPublishingOptions DomainLogPublishingOption[]: Options for publishing slow logs to CloudWatch Logs.
nodeToNodeEncryption DomainNodeToNodeEncryption: Node-to-node encryption options. See below.
snapshotOptions DomainSnapshotOptions: Snapshot related options, see below.
tags {[key: string]: string}: A map of tags to assign to the resource
vpcOptions DomainVpcOptions: VPC related options, see below. Adding or removing this configuration forces a new resource (documentation).

access_policies string | str: IAM policy document specifying the access policies for the domain
advanced_options Dict[str, str]: Key-value string pairs to specify advanced configuration options. Note that the values for these configuration options must be strings (wrapped in quotes) or they may be wrong and cause a perpetual diff, causing this provider to want to recreate your Elasticsearch domain on every apply.
advanced_security_options Dict[DomainAdvancedSecurityOptions]: Options for fine-grained access control. See below for more details.
cluster_config Dict[DomainClusterConfig]: Cluster configuration of the domain, see below.
cognito_options Dict[DomainCognitoOptions]
domain_endpoint_options Dict[DomainDomainEndpointOptions]: Domain endpoint HTTP(S) related options. See below.
domain_name str: Name of the domain.
ebs_options Dict[DomainEbsOptions]: EBS related options, may be required based on chosen instance size. See below.
elasticsearch_version str: The version of Elasticsearch to deploy. Defaults to 1.5
encrypt_at_rest Dict[DomainEncryptAtRest]: Encrypt at rest options. Only available for certain instance types. See below.
log_publishing_options List[DomainLogPublishingOption]: Options for publishing slow logs to CloudWatch Logs.
node_to_node_encryption Dict[DomainNodeToNodeEncryption]: Node-to-node encryption options. See below.
snapshot_options Dict[DomainSnapshotOptions]: Snapshot related options, see below.
tags Dict[str, str]: A map of tags to assign to the resource
vpc_options Dict[DomainVpcOptions]: VPC related options, see below. Adding or removing this configuration forces a new resource (documentation).

Outputs

All input properties are implicitly available as output properties. Additionally, the Domain resource produces the following output properties:

Arn string: Amazon Resource Name (ARN) of the domain.
DomainId string: Unique identifier for the domain.
Endpoint string: Domain-specific endpoint used to submit index, search, and data upload requests.
Id string: The provider-assigned unique ID for this managed resource.
KibanaEndpoint string: Domain-specific endpoint for kibana without https scheme. * vpc_options.0.availability_zones - If the domain was created inside a VPC, the names of the availability zones the configured subnet_ids were created inside. * vpc_options.0.vpc_id - If the domain was created inside a VPC, the ID of the VPC.

Arn string: Amazon Resource Name (ARN) of the domain.
DomainId string: Unique identifier for the domain.
Endpoint string: Domain-specific endpoint used to submit index, search, and data upload requests.
Id string: The provider-assigned unique ID for this managed resource.
KibanaEndpoint string: Domain-specific endpoint for kibana without https scheme. * vpc_options.0.availability_zones - If the domain was created inside a VPC, the names of the availability zones the configured subnet_ids were created inside. * vpc_options.0.vpc_id - If the domain was created inside a VPC, the ID of the VPC.

arn string: Amazon Resource Name (ARN) of the domain.
domainId string: Unique identifier for the domain.
endpoint string: Domain-specific endpoint used to submit index, search, and data upload requests.
id string: The provider-assigned unique ID for this managed resource.
kibanaEndpoint string: Domain-specific endpoint for kibana without https scheme. * vpc_options.0.availability_zones - If the domain was created inside a VPC, the names of the availability zones the configured subnet_ids were created inside. * vpc_options.0.vpc_id - If the domain was created inside a VPC, the ID of the VPC.

arn str: Amazon Resource Name (ARN) of the domain.
domain_id str: Unique identifier for the domain.
endpoint str: Domain-specific endpoint used to submit index, search, and data upload requests.
id str: The provider-assigned unique ID for this managed resource.
kibana_endpoint str: Domain-specific endpoint for kibana without https scheme. * vpc_options.0.availability_zones - If the domain was created inside a VPC, the names of the availability zones the configured subnet_ids were created inside. * vpc_options.0.vpc_id - If the domain was created inside a VPC, the ID of the VPC.

Look up an Existing Domain Resource

Get an existing Domain resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: DomainState, opts?: CustomResourceOptions): Domain

static get(resource_name, id, opts=None, access_policies=None, advanced_options=None, advanced_security_options=None, arn=None, cluster_config=None, cognito_options=None, domain_endpoint_options=None, domain_id=None, domain_name=None, ebs_options=None, elasticsearch_version=None, encrypt_at_rest=None, endpoint=None, kibana_endpoint=None, log_publishing_options=None, node_to_node_encryption=None, snapshot_options=None, tags=None, vpc_options=None, __props__=None);

func GetDomain(ctx *Context, name string, id IDInput, state *DomainState, opts ...ResourceOption) (*Domain, error)

public static Domain Get(string name, Input<string> id, DomainState? state, CustomResourceOptions? opts = null)

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AccessPolicies string: IAM policy document specifying the access policies for the domain
AdvancedOptions Dictionary<string, string>: Key-value string pairs to specify advanced configuration options. Note that the values for these configuration options must be strings (wrapped in quotes) or they may be wrong and cause a perpetual diff, causing this provider to want to recreate your Elasticsearch domain on every apply.
AdvancedSecurityOptions DomainAdvancedSecurityOptionsArgs: Options for fine-grained access control. See below for more details.
Arn string: Amazon Resource Name (ARN) of the domain.
ClusterConfig DomainClusterConfigArgs: Cluster configuration of the domain, see below.
CognitoOptions DomainCognitoOptionsArgs
DomainEndpointOptions DomainDomainEndpointOptionsArgs: Domain endpoint HTTP(S) related options. See below.
DomainId string: Unique identifier for the domain.
DomainName string: Name of the domain.
EbsOptions DomainEbsOptionsArgs: EBS related options, may be required based on chosen instance size. See below.
ElasticsearchVersion string: The version of Elasticsearch to deploy. Defaults to 1.5
EncryptAtRest DomainEncryptAtRestArgs: Encrypt at rest options. Only available for certain instance types. See below.
Endpoint string: Domain-specific endpoint used to submit index, search, and data upload requests.
KibanaEndpoint string: Domain-specific endpoint for kibana without https scheme. * vpc_options.0.availability_zones - If the domain was created inside a VPC, the names of the availability zones the configured subnet_ids were created inside. * vpc_options.0.vpc_id - If the domain was created inside a VPC, the ID of the VPC.
LogPublishingOptions List<DomainLogPublishingOptionArgs>: Options for publishing slow logs to CloudWatch Logs.
NodeToNodeEncryption DomainNodeToNodeEncryptionArgs: Node-to-node encryption options. See below.
SnapshotOptions DomainSnapshotOptionsArgs: Snapshot related options, see below.
Tags Dictionary<string, string>: A map of tags to assign to the resource
VpcOptions DomainVpcOptionsArgs: VPC related options, see below. Adding or removing this configuration forces a new resource (documentation).

AccessPolicies interface{}: IAM policy document specifying the access policies for the domain
AdvancedOptions map[string]string: Key-value string pairs to specify advanced configuration options. Note that the values for these configuration options must be strings (wrapped in quotes) or they may be wrong and cause a perpetual diff, causing this provider to want to recreate your Elasticsearch domain on every apply.
AdvancedSecurityOptions DomainAdvancedSecurityOptions: Options for fine-grained access control. See below for more details.
Arn string: Amazon Resource Name (ARN) of the domain.
ClusterConfig DomainClusterConfig: Cluster configuration of the domain, see below.
CognitoOptions DomainCognitoOptions
DomainEndpointOptions DomainDomainEndpointOptions: Domain endpoint HTTP(S) related options. See below.
DomainId string: Unique identifier for the domain.
DomainName string: Name of the domain.
EbsOptions DomainEbsOptions: EBS related options, may be required based on chosen instance size. See below.
ElasticsearchVersion string: The version of Elasticsearch to deploy. Defaults to 1.5
EncryptAtRest DomainEncryptAtRest: Encrypt at rest options. Only available for certain instance types. See below.
Endpoint string: Domain-specific endpoint used to submit index, search, and data upload requests.
KibanaEndpoint string: Domain-specific endpoint for kibana without https scheme. * vpc_options.0.availability_zones - If the domain was created inside a VPC, the names of the availability zones the configured subnet_ids were created inside. * vpc_options.0.vpc_id - If the domain was created inside a VPC, the ID of the VPC.
LogPublishingOptions []DomainLogPublishingOption: Options for publishing slow logs to CloudWatch Logs.
NodeToNodeEncryption DomainNodeToNodeEncryption: Node-to-node encryption options. See below.
SnapshotOptions DomainSnapshotOptions: Snapshot related options, see below.
Tags map[string]string: A map of tags to assign to the resource
VpcOptions DomainVpcOptions: VPC related options, see below. Adding or removing this configuration forces a new resource (documentation).

accessPolicies string | PolicyDocument: IAM policy document specifying the access policies for the domain
advancedOptions {[key: string]: string}: Key-value string pairs to specify advanced configuration options. Note that the values for these configuration options must be strings (wrapped in quotes) or they may be wrong and cause a perpetual diff, causing this provider to want to recreate your Elasticsearch domain on every apply.
advancedSecurityOptions DomainAdvancedSecurityOptions: Options for fine-grained access control. See below for more details.
arn string: Amazon Resource Name (ARN) of the domain.
clusterConfig DomainClusterConfig: Cluster configuration of the domain, see below.
cognitoOptions DomainCognitoOptions
domainEndpointOptions DomainDomainEndpointOptions: Domain endpoint HTTP(S) related options. See below.
domainId string: Unique identifier for the domain.
domainName string: Name of the domain.
ebsOptions DomainEbsOptions: EBS related options, may be required based on chosen instance size. See below.
elasticsearchVersion string: The version of Elasticsearch to deploy. Defaults to 1.5
encryptAtRest DomainEncryptAtRest: Encrypt at rest options. Only available for certain instance types. See below.
endpoint string: Domain-specific endpoint used to submit index, search, and data upload requests.
kibanaEndpoint string: Domain-specific endpoint for kibana without https scheme. * vpc_options.0.availability_zones - If the domain was created inside a VPC, the names of the availability zones the configured subnet_ids were created inside. * vpc_options.0.vpc_id - If the domain was created inside a VPC, the ID of the VPC.
logPublishingOptions DomainLogPublishingOption[]: Options for publishing slow logs to CloudWatch Logs.
nodeToNodeEncryption DomainNodeToNodeEncryption: Node-to-node encryption options. See below.
snapshotOptions DomainSnapshotOptions: Snapshot related options, see below.
tags {[key: string]: string}: A map of tags to assign to the resource
vpcOptions DomainVpcOptions: VPC related options, see below. Adding or removing this configuration forces a new resource (documentation).

access_policies string | str: IAM policy document specifying the access policies for the domain
advanced_options Dict[str, str]: Key-value string pairs to specify advanced configuration options. Note that the values for these configuration options must be strings (wrapped in quotes) or they may be wrong and cause a perpetual diff, causing this provider to want to recreate your Elasticsearch domain on every apply.
advanced_security_options Dict[DomainAdvancedSecurityOptions]: Options for fine-grained access control. See below for more details.
arn str: Amazon Resource Name (ARN) of the domain.
cluster_config Dict[DomainClusterConfig]: Cluster configuration of the domain, see below.
cognito_options Dict[DomainCognitoOptions]
domain_endpoint_options Dict[DomainDomainEndpointOptions]: Domain endpoint HTTP(S) related options. See below.
domain_id str: Unique identifier for the domain.
domain_name str: Name of the domain.
ebs_options Dict[DomainEbsOptions]: EBS related options, may be required based on chosen instance size. See below.
elasticsearch_version str: The version of Elasticsearch to deploy. Defaults to 1.5
encrypt_at_rest Dict[DomainEncryptAtRest]: Encrypt at rest options. Only available for certain instance types. See below.
endpoint str: Domain-specific endpoint used to submit index, search, and data upload requests.
kibana_endpoint str: Domain-specific endpoint for kibana without https scheme. * vpc_options.0.availability_zones - If the domain was created inside a VPC, the names of the availability zones the configured subnet_ids were created inside. * vpc_options.0.vpc_id - If the domain was created inside a VPC, the ID of the VPC.
log_publishing_options List[DomainLogPublishingOption]: Options for publishing slow logs to CloudWatch Logs.
node_to_node_encryption Dict[DomainNodeToNodeEncryption]: Node-to-node encryption options. See below.
snapshot_options Dict[DomainSnapshotOptions]: Snapshot related options, see below.
tags Dict[str, str]: A map of tags to assign to the resource
vpc_options Dict[DomainVpcOptions]: VPC related options, see below. Adding or removing this configuration forces a new resource (documentation).

Supporting Types

DomainAdvancedSecurityOptions

Enabled bool: Specifies whether Amazon Cognito authentication with Kibana is enabled or not
InternalUserDatabaseEnabled bool: Whether the internal user database is enabled. If not set, defaults to false by the AWS API.
MasterUserOptions DomainAdvancedSecurityOptionsMasterUserOptionsArgs: Credentials for the master user: username and password, or ARN

Enabled bool: Specifies whether Amazon Cognito authentication with Kibana is enabled or not
InternalUserDatabaseEnabled bool: Whether the internal user database is enabled. If not set, defaults to false by the AWS API.
MasterUserOptions DomainAdvancedSecurityOptionsMasterUserOptions: Credentials for the master user: username and password, or ARN

enabled boolean: Specifies whether Amazon Cognito authentication with Kibana is enabled or not
internalUserDatabaseEnabled boolean: Whether the internal user database is enabled. If not set, defaults to false by the AWS API.
masterUserOptions DomainAdvancedSecurityOptionsMasterUserOptions: Credentials for the master user: username and password, or ARN

enabled bool: Specifies whether Amazon Cognito authentication with Kibana is enabled or not
internalUserDatabaseEnabled bool: Whether the internal user database is enabled. If not set, defaults to false by the AWS API.
masterUserOptions Dict[DomainAdvancedSecurityOptionsMasterUserOptions]: Credentials for the master user: username and password, or ARN

DomainAdvancedSecurityOptionsMasterUserOptions

MasterUserArn string: ARN for the master user. Only specify if internal_user_database_enabled is not set or set to false)
MasterUserName string: The master user’s username, which is stored in the Amazon Elasticsearch Service domain’s internal database. Only specify if internal_user_database_enabled is set to true.
MasterUserPassword string: The master user’s password, which is stored in the Amazon Elasticsearch Service domain’s internal database. Only specify if internal_user_database_enabled is set to true.

MasterUserArn string: ARN for the master user. Only specify if internal_user_database_enabled is not set or set to false)
MasterUserName string: The master user’s username, which is stored in the Amazon Elasticsearch Service domain’s internal database. Only specify if internal_user_database_enabled is set to true.
MasterUserPassword string: The master user’s password, which is stored in the Amazon Elasticsearch Service domain’s internal database. Only specify if internal_user_database_enabled is set to true.

masterUserArn string: ARN for the master user. Only specify if internal_user_database_enabled is not set or set to false)
masterUserName string: The master user’s username, which is stored in the Amazon Elasticsearch Service domain’s internal database. Only specify if internal_user_database_enabled is set to true.
masterUserPassword string: The master user’s password, which is stored in the Amazon Elasticsearch Service domain’s internal database. Only specify if internal_user_database_enabled is set to true.

masterUserArn str: ARN for the master user. Only specify if internal_user_database_enabled is not set or set to false)
masterUserName str: The master user’s username, which is stored in the Amazon Elasticsearch Service domain’s internal database. Only specify if internal_user_database_enabled is set to true.
masterUserPassword str: The master user’s password, which is stored in the Amazon Elasticsearch Service domain’s internal database. Only specify if internal_user_database_enabled is set to true.

DomainClusterConfig

DedicatedMasterCount int: Number of dedicated master nodes in the cluster
DedicatedMasterEnabled bool: Indicates whether dedicated master nodes are enabled for the cluster.
DedicatedMasterType string: Instance type of the dedicated master nodes in the cluster.
InstanceCount int: Number of instances in the cluster.
InstanceType string: Instance type of data nodes in the cluster.
WarmCount int: The number of warm nodes in the cluster. Valid values are between 2 and 150. warm_count can be only and must be set when warm_enabled is set to true.
WarmEnabled bool: Indicates whether to enable warm storage.
WarmType string: The instance type for the Elasticsearch cluster’s warm nodes. Valid values are ultrawarm1.medium.elasticsearch, ultrawarm1.large.elasticsearch and ultrawarm1.xlarge.elasticsearch. warm_type can be only and must be set when warm_enabled is set to true.
ZoneAwarenessConfig DomainClusterConfigZoneAwarenessConfigArgs: Configuration block containing zone awareness settings. Documented below.
ZoneAwarenessEnabled bool: Indicates whether zone awareness is enabled, set to true for multi-az deployment. To enable awareness with three Availability Zones, the availability_zone_count within the zone_awareness_config must be set to 3.

DedicatedMasterCount int: Number of dedicated master nodes in the cluster
DedicatedMasterEnabled bool: Indicates whether dedicated master nodes are enabled for the cluster.
DedicatedMasterType string: Instance type of the dedicated master nodes in the cluster.
InstanceCount int: Number of instances in the cluster.
InstanceType string: Instance type of data nodes in the cluster.
WarmCount int: The number of warm nodes in the cluster. Valid values are between 2 and 150. warm_count can be only and must be set when warm_enabled is set to true.
WarmEnabled bool: Indicates whether to enable warm storage.
WarmType string: The instance type for the Elasticsearch cluster’s warm nodes. Valid values are ultrawarm1.medium.elasticsearch, ultrawarm1.large.elasticsearch and ultrawarm1.xlarge.elasticsearch. warm_type can be only and must be set when warm_enabled is set to true.
ZoneAwarenessConfig DomainClusterConfigZoneAwarenessConfig: Configuration block containing zone awareness settings. Documented below.
ZoneAwarenessEnabled bool: Indicates whether zone awareness is enabled, set to true for multi-az deployment. To enable awareness with three Availability Zones, the availability_zone_count within the zone_awareness_config must be set to 3.

dedicatedMasterCount number: Number of dedicated master nodes in the cluster
dedicatedMasterEnabled boolean: Indicates whether dedicated master nodes are enabled for the cluster.
dedicatedMasterType string: Instance type of the dedicated master nodes in the cluster.
instanceCount number: Number of instances in the cluster.
instanceType string: Instance type of data nodes in the cluster.
warmCount number: The number of warm nodes in the cluster. Valid values are between 2 and 150. warm_count can be only and must be set when warm_enabled is set to true.
warmEnabled boolean: Indicates whether to enable warm storage.
warmType string: The instance type for the Elasticsearch cluster’s warm nodes. Valid values are ultrawarm1.medium.elasticsearch, ultrawarm1.large.elasticsearch and ultrawarm1.xlarge.elasticsearch. warm_type can be only and must be set when warm_enabled is set to true.
zoneAwarenessConfig DomainClusterConfigZoneAwarenessConfig: Configuration block containing zone awareness settings. Documented below.
zoneAwarenessEnabled boolean: Indicates whether zone awareness is enabled, set to true for multi-az deployment. To enable awareness with three Availability Zones, the availability_zone_count within the zone_awareness_config must be set to 3.

dedicatedMasterCount float: Number of dedicated master nodes in the cluster
dedicatedMasterEnabled bool: Indicates whether dedicated master nodes are enabled for the cluster.
dedicatedMasterType str: Instance type of the dedicated master nodes in the cluster.
instance_count float: Number of instances in the cluster.
instance_type str: Instance type of data nodes in the cluster.
warmCount float: The number of warm nodes in the cluster. Valid values are between 2 and 150. warm_count can be only and must be set when warm_enabled is set to true.
warmEnabled bool: Indicates whether to enable warm storage.
warmType str: The instance type for the Elasticsearch cluster’s warm nodes. Valid values are ultrawarm1.medium.elasticsearch, ultrawarm1.large.elasticsearch and ultrawarm1.xlarge.elasticsearch. warm_type can be only and must be set when warm_enabled is set to true.
zoneAwarenessConfig Dict[DomainClusterConfigZoneAwarenessConfig]: Configuration block containing zone awareness settings. Documented below.
zoneAwarenessEnabled bool: Indicates whether zone awareness is enabled, set to true for multi-az deployment. To enable awareness with three Availability Zones, the availability_zone_count within the zone_awareness_config must be set to 3.

DomainClusterConfigZoneAwarenessConfig

AvailabilityZoneCount int: Number of Availability Zones for the domain to use with zone_awareness_enabled. Defaults to 2. Valid values: 2 or 3.

AvailabilityZoneCount int: Number of Availability Zones for the domain to use with zone_awareness_enabled. Defaults to 2. Valid values: 2 or 3.

availabilityZoneCount number: Number of Availability Zones for the domain to use with zone_awareness_enabled. Defaults to 2. Valid values: 2 or 3.

availabilityZoneCount float: Number of Availability Zones for the domain to use with zone_awareness_enabled. Defaults to 2. Valid values: 2 or 3.

DomainCognitoOptions

IdentityPoolId string: ID of the Cognito Identity Pool to use
RoleArn string: ARN of the IAM role that has the AmazonESCognitoAccess policy attached
UserPoolId string: ID of the Cognito User Pool to use
Enabled bool: Specifies whether Amazon Cognito authentication with Kibana is enabled or not

IdentityPoolId string: ID of the Cognito Identity Pool to use
RoleArn string: ARN of the IAM role that has the AmazonESCognitoAccess policy attached
UserPoolId string: ID of the Cognito User Pool to use
Enabled bool: Specifies whether Amazon Cognito authentication with Kibana is enabled or not

identityPoolId string: ID of the Cognito Identity Pool to use
roleArn string: ARN of the IAM role that has the AmazonESCognitoAccess policy attached
userPoolId string: ID of the Cognito User Pool to use
enabled boolean: Specifies whether Amazon Cognito authentication with Kibana is enabled or not

identity_pool_id str: ID of the Cognito Identity Pool to use
role_arn str: ARN of the IAM role that has the AmazonESCognitoAccess policy attached
user_pool_id str: ID of the Cognito User Pool to use
enabled bool: Specifies whether Amazon Cognito authentication with Kibana is enabled or not

DomainDomainEndpointOptions

EnforceHttps bool: Whether or not to require HTTPS
TlsSecurityPolicy string: The name of the TLS security policy that needs to be applied to the HTTPS endpoint. Valid values: Policy-Min-TLS-1-0-2019-07 and Policy-Min-TLS-1-2-2019-07. This provider will only perform drift detection if a configuration value is provided.

EnforceHttps bool: Whether or not to require HTTPS
TlsSecurityPolicy string: The name of the TLS security policy that needs to be applied to the HTTPS endpoint. Valid values: Policy-Min-TLS-1-0-2019-07 and Policy-Min-TLS-1-2-2019-07. This provider will only perform drift detection if a configuration value is provided.

enforceHttps boolean: Whether or not to require HTTPS
tlsSecurityPolicy string: The name of the TLS security policy that needs to be applied to the HTTPS endpoint. Valid values: Policy-Min-TLS-1-0-2019-07 and Policy-Min-TLS-1-2-2019-07. This provider will only perform drift detection if a configuration value is provided.

enforceHttps bool: Whether or not to require HTTPS
tlsSecurityPolicy str: The name of the TLS security policy that needs to be applied to the HTTPS endpoint. Valid values: Policy-Min-TLS-1-0-2019-07 and Policy-Min-TLS-1-2-2019-07. This provider will only perform drift detection if a configuration value is provided.

DomainEbsOptions

EbsEnabled bool: Whether EBS volumes are attached to data nodes in the domain.
Iops int: The baseline input/output (I/O) performance of EBS volumes attached to data nodes. Applicable only for the Provisioned IOPS EBS volume type.
VolumeSize int: The size of EBS volumes attached to data nodes (in GB). Required if ebs_enabled is set to true.
VolumeType string: The type of EBS volumes attached to data nodes.

EbsEnabled bool: Whether EBS volumes are attached to data nodes in the domain.
Iops int: The baseline input/output (I/O) performance of EBS volumes attached to data nodes. Applicable only for the Provisioned IOPS EBS volume type.
VolumeSize int: The size of EBS volumes attached to data nodes (in GB). Required if ebs_enabled is set to true.
VolumeType string: The type of EBS volumes attached to data nodes.

ebsEnabled boolean: Whether EBS volumes are attached to data nodes in the domain.
iops number: The baseline input/output (I/O) performance of EBS volumes attached to data nodes. Applicable only for the Provisioned IOPS EBS volume type.
volumeSize number: The size of EBS volumes attached to data nodes (in GB). Required if ebs_enabled is set to true.
volumeType string: The type of EBS volumes attached to data nodes.

ebsEnabled bool: Whether EBS volumes are attached to data nodes in the domain.
iops float: The baseline input/output (I/O) performance of EBS volumes attached to data nodes. Applicable only for the Provisioned IOPS EBS volume type.
volumeType str: The type of EBS volumes attached to data nodes.
volume_size float: The size of EBS volumes attached to data nodes (in GB). Required if ebs_enabled is set to true.

DomainEncryptAtRest

Enabled bool: Specifies whether Amazon Cognito authentication with Kibana is enabled or not
KmsKeyId string: The KMS key id to encrypt the Elasticsearch domain with. If not specified then it defaults to using the aws/es service KMS key.

Enabled bool: Specifies whether Amazon Cognito authentication with Kibana is enabled or not
KmsKeyId string: The KMS key id to encrypt the Elasticsearch domain with. If not specified then it defaults to using the aws/es service KMS key.

enabled boolean: Specifies whether Amazon Cognito authentication with Kibana is enabled or not
kmsKeyId string: The KMS key id to encrypt the Elasticsearch domain with. If not specified then it defaults to using the aws/es service KMS key.

enabled bool: Specifies whether Amazon Cognito authentication with Kibana is enabled or not
kms_key_id str: The KMS key id to encrypt the Elasticsearch domain with. If not specified then it defaults to using the aws/es service KMS key.

DomainLogPublishingOption

CloudwatchLogGroupArn string: ARN of the Cloudwatch log group to which log needs to be published.
LogType string: A type of Elasticsearch log. Valid values: INDEX_SLOW_LOGS, SEARCH_SLOW_LOGS, ES_APPLICATION_LOGS
Enabled bool: Specifies whether Amazon Cognito authentication with Kibana is enabled or not

CloudwatchLogGroupArn string: ARN of the Cloudwatch log group to which log needs to be published.
LogType string: A type of Elasticsearch log. Valid values: INDEX_SLOW_LOGS, SEARCH_SLOW_LOGS, ES_APPLICATION_LOGS
Enabled bool: Specifies whether Amazon Cognito authentication with Kibana is enabled or not

cloudwatchLogGroupArn string: ARN of the Cloudwatch log group to which log needs to be published.
logType string: A type of Elasticsearch log. Valid values: INDEX_SLOW_LOGS, SEARCH_SLOW_LOGS, ES_APPLICATION_LOGS
enabled boolean: Specifies whether Amazon Cognito authentication with Kibana is enabled or not

cloudwatch_log_group_arn str: ARN of the Cloudwatch log group to which log needs to be published.
logType str: A type of Elasticsearch log. Valid values: INDEX_SLOW_LOGS, SEARCH_SLOW_LOGS, ES_APPLICATION_LOGS
enabled bool: Specifies whether Amazon Cognito authentication with Kibana is enabled or not

DomainNodeToNodeEncryption

Enabled bool: Specifies whether Amazon Cognito authentication with Kibana is enabled or not

Enabled bool: Specifies whether Amazon Cognito authentication with Kibana is enabled or not

enabled boolean: Specifies whether Amazon Cognito authentication with Kibana is enabled or not

enabled bool: Specifies whether Amazon Cognito authentication with Kibana is enabled or not

DomainSnapshotOptions

AutomatedSnapshotStartHour int: Hour during which the service takes an automated daily snapshot of the indices in the domain.

AutomatedSnapshotStartHour int: Hour during which the service takes an automated daily snapshot of the indices in the domain.

automatedSnapshotStartHour number: Hour during which the service takes an automated daily snapshot of the indices in the domain.

automatedSnapshotStartHour float: Hour during which the service takes an automated daily snapshot of the indices in the domain.

DomainVpcOptions

AvailabilityZones List<string>
SecurityGroupIds List<string>: List of VPC Security Group IDs to be applied to the Elasticsearch domain endpoints. If omitted, the default Security Group for the VPC will be used.
SubnetIds List<string>: List of VPC Subnet IDs for the Elasticsearch domain endpoints to be created in.
VpcId string

AvailabilityZones []string
SecurityGroupIds []string: List of VPC Security Group IDs to be applied to the Elasticsearch domain endpoints. If omitted, the default Security Group for the VPC will be used.
SubnetIds []string: List of VPC Subnet IDs for the Elasticsearch domain endpoints to be created in.
VpcId string

availabilityZones string[]
securityGroupIds string[]: List of VPC Security Group IDs to be applied to the Elasticsearch domain endpoints. If omitted, the default Security Group for the VPC will be used.
subnetIds string[]: List of VPC Subnet IDs for the Elasticsearch domain endpoints to be created in.
vpcId string

availability_zones List[str]
security_group_ids List[str]: List of VPC Security Group IDs to be applied to the Elasticsearch domain endpoints. If omitted, the default Security Group for the VPC will be used.
subnet_ids List[str]: List of VPC Subnet IDs for the Elasticsearch domain endpoints to be created in.
vpc_id str

Package Details

Repository: https://github.com/pulumi/pulumi-aws
License: Apache-2.0
Notes: This Pulumi package is based on the aws Terraform Provider.

The Pulumi Platform

Get Started

Migrate to Pulumi

Solutions for All Teams and Engineers

Any Code

Any Cloud