Class Domain

Manages an AWS Elasticsearch Domain.

Example Usage

Basic Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var example = new Aws.ElasticSearch.Domain("example", new Aws.ElasticSearch.DomainArgs
    {
        ClusterConfig = new Aws.ElasticSearch.Inputs.DomainClusterConfigArgs
        {
            ClusterConfig = "r4.large.elasticsearch",
        },
        ElasticsearchVersion = "1.5",
        SnapshotOptions = new Aws.ElasticSearch.Inputs.DomainSnapshotOptionsArgs
        {
            SnapshotOptions = 23,
        },
        Tags = 
        {
            { "Domain", "TestDomain" },
        },
    });
}

}

Access Policy

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var config = new Config();
    var domain = config.Get("domain") ?? "tf-test";
    var currentRegion = Output.Create(Aws.GetRegion.InvokeAsync());
    var currentCallerIdentity = Output.Create(Aws.GetCallerIdentity.InvokeAsync());
    var example = new Aws.ElasticSearch.Domain("example", new Aws.ElasticSearch.DomainArgs
    {
        AccessPolicies = Output.Tuple(currentRegion, currentCallerIdentity).Apply(values =>
        {
            var currentRegion = values.Item1;
            var currentCallerIdentity = values.Item2;
            return @$"{{
""Version"": ""2012-10-17"",
""Statement"": [
{{
  ""Action"": ""es:*"",
  ""Principal"": ""*"",
  ""Effect"": ""Allow"",
  ""Resource"": ""arn:aws:es:{currentRegion.Name}:{currentCallerIdentity.AccountId}:domain/{domain}/*"",
  ""Condition"": {{
    ""IpAddress"": {{""aws:SourceIp"": [""66.193.100.22/32""]}}
  }}
}}
]
}}

";
        }),
    });
}

}

Log Publishing to CloudWatch Logs

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var exampleLogGroup = new Aws.CloudWatch.LogGroup("exampleLogGroup", new Aws.CloudWatch.LogGroupArgs
    {
    });
    var exampleLogResourcePolicy = new Aws.CloudWatch.LogResourcePolicy("exampleLogResourcePolicy", new Aws.CloudWatch.LogResourcePolicyArgs
    {
        PolicyDocument = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
  ""Effect"": ""Allow"",
  ""Principal"": {
    ""Service"": ""es.amazonaws.com""
  },
  ""Action"": [
    ""logs:PutLogEvents"",
    ""logs:PutLogEventsBatch"",
    ""logs:CreateLogStream""
  ],
  ""Resource"": ""arn:aws:logs:*""
}
]
}

",
        PolicyName = "example",
    });
    var exampleDomain = new Aws.ElasticSearch.Domain("exampleDomain", new Aws.ElasticSearch.DomainArgs
    {
        LogPublishingOptions = 
        {
            new Aws.ElasticSearch.Inputs.DomainLogPublishingOptionArgs
            {
                CloudwatchLogGroupArn = exampleLogGroup.Arn,
                LogType = "INDEX_SLOW_LOGS",
            },
        },
    });
}

}

VPC based ES

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var config = new Config();
    var vpc = config.RequireObject<dynamic>("vpc");
    var domain = config.Get("domain") ?? "tf-test";
    var selectedVpc = Output.Create(Aws.Ec2.GetVpc.InvokeAsync(new Aws.Ec2.GetVpcArgs
    {
        Tags = 
        {
            { "Name", vpc },
        },
    }));
    var selectedSubnetIds = selectedVpc.Apply(selectedVpc => Output.Create(Aws.Ec2.GetSubnetIds.InvokeAsync(new Aws.Ec2.GetSubnetIdsArgs
    {
        Tags = 
        {
            { "Tier", "private" },
        },
        VpcId = selectedVpc.Id,
    })));
    var currentRegion = Output.Create(Aws.GetRegion.InvokeAsync());
    var currentCallerIdentity = Output.Create(Aws.GetCallerIdentity.InvokeAsync());
    var esSecurityGroup = new Aws.Ec2.SecurityGroup("esSecurityGroup", new Aws.Ec2.SecurityGroupArgs
    {
        Description = "Managed by Pulumi",
        Ingress = 
        {
            new Aws.Ec2.Inputs.SecurityGroupIngressArgs
            {
                CidrBlocks = 
                {
                    selectedVpc.Apply(selectedVpc => selectedVpc.CidrBlock),
                },
                FromPort = 443,
                Protocol = "tcp",
                ToPort = 443,
            },
        },
        VpcId = selectedVpc.Apply(selectedVpc => selectedVpc.Id),
    });
    var esServiceLinkedRole = new Aws.Iam.ServiceLinkedRole("esServiceLinkedRole", new Aws.Iam.ServiceLinkedRoleArgs
    {
        AwsServiceName = "es.amazonaws.com",
    });
    var esDomain = new Aws.ElasticSearch.Domain("esDomain", new Aws.ElasticSearch.DomainArgs
    {
        AccessPolicies = Output.Tuple(currentRegion, currentCallerIdentity).Apply(values =>
        {
            var currentRegion = values.Item1;
            var currentCallerIdentity = values.Item2;
            return @$"{{
""Version"": ""2012-10-17"",
""Statement"": [
{{
""Action"": ""es:*"",
""Principal"": ""*"",
""Effect"": ""Allow"",
""Resource"": ""arn:aws:es:{currentRegion.Name}:{currentCallerIdentity.AccountId}:domain/{domain}/*""
}}
]
}}

";
        }),
        AdvancedOptions = 
        {
            { "rest.action.multi.allow_explicit_index", "true" },
        },
        ClusterConfig = new Aws.ElasticSearch.Inputs.DomainClusterConfigArgs
        {
            ClusterConfig = "m4.large.elasticsearch",
        },
        ElasticsearchVersion = "6.3",
        SnapshotOptions = new Aws.ElasticSearch.Inputs.DomainSnapshotOptionsArgs
        {
            SnapshotOptions = 23,
        },
        Tags = 
        {
            { "Domain", "TestDomain" },
        },
        VpcOptions = new Aws.ElasticSearch.Inputs.DomainVpcOptionsArgs
        {
            SecurityGroupIds = 
            {
                esSecurityGroup.Id,
            },
            SubnetIds = 
            {
                selectedSubnetIds.Apply(selectedSubnetIds => selectedSubnetIds.Ids[0]),
                selectedSubnetIds.Apply(selectedSubnetIds => selectedSubnetIds.Ids[1]),
            },
        },
    });
}

}
Inheritance
System.Object
Resource
CustomResource
Domain
Inherited Members
System.Object.Equals(System.Object)
System.Object.Equals(System.Object, System.Object)
System.Object.GetHashCode()
System.Object.GetType()
System.Object.MemberwiseClone()
System.Object.ReferenceEquals(System.Object, System.Object)
System.Object.ToString()
Namespace: Pulumi.Aws.ElasticSearch
Assembly: Pulumi.Aws.dll
Syntax
public class Domain : CustomResource

Constructors

View Source

Domain(String, DomainArgs, CustomResourceOptions)

Create a Domain resource with the given unique name, arguments, and options.

Declaration
public Domain(string name, DomainArgs args = null, CustomResourceOptions options = null)
Parameters
Type Name Description
System.String name

The unique name of the resource
DomainArgs args

The arguments used to populate this resource's properties
CustomResourceOptions options

A bag of options that control this resource's behavior

Properties

View Source

AccessPolicies

IAM policy document specifying the access policies for the domain

Declaration
public Output<string> AccessPolicies { get; }
Property Value
Type Description
Output<System.String>
View Source

AdvancedOptions

Key-value string pairs to specify advanced configuration options. Note that the values for these configuration options must be strings (wrapped in quotes) or they may be wrong and cause a perpetual diff, causing this provider to want to recreate your Elasticsearch domain on every apply.

Declaration
public Output<ImmutableDictionary<string, object>> AdvancedOptions { get; }
Property Value
Type Description
Output<System.Collections.Immutable.ImmutableDictionary<System.String, System.Object>>
View Source

Arn

Amazon Resource Name (ARN) of the domain.

Declaration
public Output<string> Arn { get; }
Property Value
Type Description
Output<System.String>
View Source

ClusterConfig

Cluster configuration of the domain, see below.

Declaration
public Output<DomainClusterConfig> ClusterConfig { get; }
Property Value
Type Description
Output<DomainClusterConfig>
View Source

CognitoOptions

Declaration
public Output<DomainCognitoOptions> CognitoOptions { get; }
Property Value
Type Description
Output<DomainCognitoOptions>
View Source

DomainEndpointOptions

Domain endpoint HTTP(S) related options. See below.

Declaration
public Output<DomainDomainEndpointOptions> DomainEndpointOptions { get; }
Property Value
Type Description
Output<DomainDomainEndpointOptions>
View Source

DomainId

Unique identifier for the domain.

Declaration
public Output<string> DomainId { get; }
Property Value
Type Description
Output<System.String>
View Source

DomainName

Name of the domain.

Declaration
public Output<string> DomainName { get; }
Property Value
Type Description
Output<System.String>
View Source

EbsOptions

EBS related options, may be required based on chosen instance size. See below.

Declaration
public Output<DomainEbsOptions> EbsOptions { get; }
Property Value
Type Description
Output<DomainEbsOptions>
View Source

ElasticsearchVersion

The version of Elasticsearch to deploy. Defaults to 1.5

Declaration
public Output<string> ElasticsearchVersion { get; }
Property Value
Type Description
Output<System.String>
View Source

EncryptAtRest

Encrypt at rest options. Only available for certain instance types. See below.

Declaration
public Output<DomainEncryptAtRest> EncryptAtRest { get; }
Property Value
Type Description
Output<DomainEncryptAtRest>
View Source

Endpoint

Domain-specific endpoint used to submit index, search, and data upload requests.

Declaration
public Output<string> Endpoint { get; }
Property Value
Type Description
Output<System.String>
View Source

KibanaEndpoint

Domain-specific endpoint for kibana without https scheme.

  • vpc_options.0.availability_zones - If the domain was created inside a VPC, the names of the availability zones the configured subnet_ids were created inside.
  • vpc_options.0.vpc_id - If the domain was created inside a VPC, the ID of the VPC.
Declaration
public Output<string> KibanaEndpoint { get; }
Property Value
Type Description
Output<System.String>
View Source

LogPublishingOptions

Options for publishing slow logs to CloudWatch Logs.

Declaration
public Output<ImmutableArray<DomainLogPublishingOption>> LogPublishingOptions { get; }
Property Value
Type Description
Output<System.Collections.Immutable.ImmutableArray<DomainLogPublishingOption>>
View Source

NodeToNodeEncryption

Node-to-node encryption options. See below.

Declaration
public Output<DomainNodeToNodeEncryption> NodeToNodeEncryption { get; }
Property Value
Type Description
Output<DomainNodeToNodeEncryption>
View Source

SnapshotOptions

Snapshot related options, see below.

Declaration
public Output<DomainSnapshotOptions> SnapshotOptions { get; }
Property Value
Type Description
Output<DomainSnapshotOptions>
View Source

Tags

A map of tags to assign to the resource

Declaration
public Output<ImmutableDictionary<string, object>> Tags { get; }
Property Value
Type Description
Output<System.Collections.Immutable.ImmutableDictionary<System.String, System.Object>>
View Source

VpcOptions

VPC related options, see below. Adding or removing this configuration forces a new resource (documentation).

Declaration
public Output<DomainVpcOptions> VpcOptions { get; }
Property Value
Type Description
Output<DomainVpcOptions>

Methods

View Source

Get(String, Input<String>, DomainState, CustomResourceOptions)

Get an existing Domain resource's state with the given name, ID, and optional extra properties used to qualify the lookup.

Declaration
public static Domain Get(string name, Input<string> id, DomainState state = null, CustomResourceOptions options = null)
Parameters
Type Name Description
System.String name

The unique name of the resulting resource.
Input<System.String> id

The unique provider ID of the resource to lookup.
DomainState state

Any extra arguments used during the lookup.
CustomResourceOptions options

A bag of options that control this resource's behavior
Returns
Type Description
Domain