1. Docs
  2. Reference
  3. API
  4. @pulumi/aws
  5. elasticsearch

Module elasticsearch

This page documents the language specification for the aws package. If you're looking for help working with the inputs, outputs, or functions of aws resources in a Pulumi program, please see the resource documentation for examples and API reference.

This provider is a derived work of the Terraform Provider distributed under MPL 2.0. If you encounter a bug or missing feature, first check the pulumi/pulumi-aws repo; however, if that doesn’t turn up anything, please consult the source terraform-providers/terraform-provider-aws repo.

Resources

Functions

Others

Resources

Resource Domain

class Domain extends CustomResource

Manages an AWS Elasticsearch Domain.

Example Usage

Basic Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.elasticsearch.Domain("example", {
    clusterConfig: {
        instanceType: "r4.large.elasticsearch",
    },
    elasticsearchVersion: "1.5",
    snapshotOptions: {
        automatedSnapshotStartHour: 23,
    },
    tags: {
        Domain: "TestDomain",
    },
});
Access Policy
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const config = new pulumi.Config();
const domain = config.get("domain") || "tf-test";

const currentRegion = pulumi.output(aws.getRegion({ async: true }));
const currentCallerIdentity = pulumi.output(aws.getCallerIdentity({ async: true }));
const example = new aws.elasticsearch.Domain("example", {
    accessPolicies: pulumi.interpolate`{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "es:*",
      "Principal": "*",
      "Effect": "Allow",
      "Resource": "arn:aws:es:${currentRegion.name!}:${currentCallerIdentity.accountId}:domain/${domain}/*",
      "Condition": {
        "IpAddress": {"aws:SourceIp": ["66.193.100.22/32"]}
      }
    }
  ]
}
`,
});
Log Publishing to CloudWatch Logs
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const exampleLogGroup = new aws.cloudwatch.LogGroup("example", {});
const exampleLogResourcePolicy = new aws.cloudwatch.LogResourcePolicy("example", {
    policyDocument: `{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "es.amazonaws.com"
      },
      "Action": [
        "logs:PutLogEvents",
        "logs:PutLogEventsBatch",
        "logs:CreateLogStream"
      ],
      "Resource": "arn:aws:logs:*"
    }
  ]
}
`,
    policyName: "example",
});
const exampleDomain = new aws.elasticsearch.Domain("example", {
    logPublishingOptions: [{
        cloudwatchLogGroupArn: exampleLogGroup.arn,
        logType: "INDEX_SLOW_LOGS",
    }],
});
VPC based ES
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const config = new pulumi.Config();
const vpc = config.require("vpc");
const domain = config.get("domain") || "tf-test";

const selectedVpc = pulumi.output(aws.ec2.getVpc({
    tags: {
        Name: vpc,
    },
}, { async: true }));
const selectedSubnetIds = selectedVpc.apply(selectedVpc => aws.ec2.getSubnetIds({
    tags: {
        Tier: "private",
    },
    vpcId: selectedVpc.id!,
}, { async: true }));
const currentRegion = pulumi.output(aws.getRegion({ async: true }));
const currentCallerIdentity = pulumi.output(aws.getCallerIdentity({ async: true }));
const esSecurityGroup = new aws.ec2.SecurityGroup("es", {
    description: "Managed by Pulumi",
    ingress: [{
        cidrBlocks: [selectedVpc.cidrBlock!],
        fromPort: 443,
        protocol: "tcp",
        toPort: 443,
    }],
    vpcId: selectedVpc.id!,
});
const esServiceLinkedRole = new aws.iam.ServiceLinkedRole("es", {
    awsServiceName: "es.amazonaws.com",
});
const esDomain = new aws.elasticsearch.Domain("es", {
    accessPolicies: pulumi.interpolate`{
	"Version": "2012-10-17",
	"Statement": [
		{
			"Action": "es:*",
			"Principal": "*",
			"Effect": "Allow",
			"Resource": "arn:aws:es:${currentRegion.name!}:${currentCallerIdentity.accountId}:domain/${domain}/*"
		}
	]
}
`,
    advancedOptions: {
        "rest.action.multi.allow_explicit_index": "true",
    },
    clusterConfig: {
        instanceType: "m4.large.elasticsearch",
    },
    elasticsearchVersion: "6.3",
    snapshotOptions: {
        automatedSnapshotStartHour: 23,
    },
    tags: {
        Domain: "TestDomain",
    },
    vpcOptions: {
        securityGroupIds: [esSecurityGroup.id],
        subnetIds: [
            selectedSubnetIds.apply(selectedSubnetIds => selectedSubnetIds.ids[0]),
            selectedSubnetIds.apply(selectedSubnetIds => selectedSubnetIds.ids[1]),
        ],
    },
}, { dependsOn: [esServiceLinkedRole] });

constructor

new Domain(name: string, args?: DomainArgs, opts?: pulumi.CustomResourceOptions)

Create a Domain resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: DomainState, opts?: pulumi.CustomResourceOptions): Domain

Get an existing Domain resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is Domain

Returns true if the given object is an instance of Domain. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property accessPolicies

public accessPolicies: pulumi.Output<string>;

IAM policy document specifying the access policies for the domain

property advancedOptions

public advancedOptions: pulumi.Output<{[key: string]: any}>;

Key-value string pairs to specify advanced configuration options. Note that the values for these configuration options must be strings (wrapped in quotes) or they may be wrong and cause a perpetual diff, causing this provider to want to recreate your Elasticsearch domain on every apply.

property arn

public arn: pulumi.Output<string>;

Amazon Resource Name (ARN) of the domain.

property clusterConfig

public clusterConfig: pulumi.Output<DomainClusterConfig>;

Cluster configuration of the domain, see below.

property cognitoOptions

public cognitoOptions: pulumi.Output<DomainCognitoOptions | undefined>;

property domainEndpointOptions

public domainEndpointOptions: pulumi.Output<DomainDomainEndpointOptions>;

Domain endpoint HTTP(S) related options. See below.

property domainId

public domainId: pulumi.Output<string>;

Unique identifier for the domain.

property domainName

public domainName: pulumi.Output<string>;

Name of the domain.

property ebsOptions

public ebsOptions: pulumi.Output<DomainEbsOptions>;

EBS related options, may be required based on chosen instance size. See below.

property elasticsearchVersion

public elasticsearchVersion: pulumi.Output<string | undefined>;

The version of Elasticsearch to deploy. Defaults to 1.5

property encryptAtRest

public encryptAtRest: pulumi.Output<DomainEncryptAtRest>;

Encrypt at rest options. Only available for certain instance types. See below.

property endpoint

public endpoint: pulumi.Output<string>;

Domain-specific endpoint used to submit index, search, and data upload requests.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property kibanaEndpoint

public kibanaEndpoint: pulumi.Output<string>;

Domain-specific endpoint for kibana without https scheme. * vpc_options.0.availability_zones - If the domain was created inside a VPC, the names of the availability zones the configured subnetIds were created inside. * vpc_options.0.vpc_id - If the domain was created inside a VPC, the ID of the VPC.

property logPublishingOptions

public logPublishingOptions: pulumi.Output<DomainLogPublishingOption[] | undefined>;

Options for publishing slow logs to CloudWatch Logs.

property nodeToNodeEncryption

public nodeToNodeEncryption: pulumi.Output<DomainNodeToNodeEncryption>;

Node-to-node encryption options. See below.

property snapshotOptions

public snapshotOptions: pulumi.Output<DomainSnapshotOptions | undefined>;

Snapshot related options, see below.

property tags

public tags: pulumi.Output<{[key: string]: any} | undefined>;

A map of tags to assign to the resource

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property vpcOptions

public vpcOptions: pulumi.Output<DomainVpcOptions | undefined>;

VPC related options, see below. Adding or removing this configuration forces a new resource (documentation).

Resource DomainPolicy

class DomainPolicy extends CustomResource

Allows setting policy to an Elasticsearch domain while referencing domain attributes (e.g. ARN)

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.elasticsearch.Domain("example", {
    elasticsearchVersion: "2.3",
});
const main = new aws.elasticsearch.DomainPolicy("main", {
    accessPolicies: pulumi.interpolate`{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": "es:*",
            "Principal": "*",
            "Effect": "Allow",
            "Condition": {
                "IpAddress": {"aws:SourceIp": "127.0.0.1/32"}
            },
            "Resource": "${example.arn}/*"
        }
    ]
}
`,
    domainName: example.domainName,
});

constructor

new DomainPolicy(name: string, args: DomainPolicyArgs, opts?: pulumi.CustomResourceOptions)

Create a DomainPolicy resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: DomainPolicyState, opts?: pulumi.CustomResourceOptions): DomainPolicy

Get an existing DomainPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is DomainPolicy

Returns true if the given object is an instance of DomainPolicy. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property accessPolicies

public accessPolicies: pulumi.Output<string>;

IAM policy document specifying the access policies for the domain

property domainName

public domainName: pulumi.Output<string>;

Name of the domain.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Functions

Function getDomain

getDomain(args: GetDomainArgs, opts?: pulumi.InvokeOptions): Promise<GetDomainResult>

Use this data source to get information about an Elasticsearch Domain

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const myDomain = pulumi.output(aws.elasticsearch.getDomain({
    domainName: "my-domain-name",
}, { async: true }));

Others

interface DomainArgs

interface DomainArgs

The set of arguments for constructing a Domain resource.

property accessPolicies

accessPolicies?: pulumi.Input<string | PolicyDocument>;

IAM policy document specifying the access policies for the domain

property advancedOptions

advancedOptions?: pulumi.Input<{[key: string]: any}>;

Key-value string pairs to specify advanced configuration options. Note that the values for these configuration options must be strings (wrapped in quotes) or they may be wrong and cause a perpetual diff, causing this provider to want to recreate your Elasticsearch domain on every apply.

property clusterConfig

clusterConfig?: pulumi.Input<DomainClusterConfig>;

Cluster configuration of the domain, see below.

property cognitoOptions

cognitoOptions?: pulumi.Input<DomainCognitoOptions>;

property domainEndpointOptions

domainEndpointOptions?: pulumi.Input<DomainDomainEndpointOptions>;

Domain endpoint HTTP(S) related options. See below.

property domainName

domainName?: pulumi.Input<string>;

Name of the domain.

property ebsOptions

ebsOptions?: pulumi.Input<DomainEbsOptions>;

EBS related options, may be required based on chosen instance size. See below.

property elasticsearchVersion

elasticsearchVersion?: pulumi.Input<string>;

The version of Elasticsearch to deploy. Defaults to 1.5

property encryptAtRest

encryptAtRest?: pulumi.Input<DomainEncryptAtRest>;

Encrypt at rest options. Only available for certain instance types. See below.

property logPublishingOptions

logPublishingOptions?: pulumi.Input<pulumi.Input<DomainLogPublishingOption>[]>;

Options for publishing slow logs to CloudWatch Logs.

property nodeToNodeEncryption

nodeToNodeEncryption?: pulumi.Input<DomainNodeToNodeEncryption>;

Node-to-node encryption options. See below.

property snapshotOptions

snapshotOptions?: pulumi.Input<DomainSnapshotOptions>;

Snapshot related options, see below.

property tags

tags?: pulumi.Input<{[key: string]: any}>;

A map of tags to assign to the resource

property vpcOptions

vpcOptions?: pulumi.Input<DomainVpcOptions>;

VPC related options, see below. Adding or removing this configuration forces a new resource (documentation).

interface DomainPolicyArgs

interface DomainPolicyArgs

The set of arguments for constructing a DomainPolicy resource.

property accessPolicies

accessPolicies: pulumi.Input<string | PolicyDocument>;

IAM policy document specifying the access policies for the domain

property domainName

domainName: pulumi.Input<string>;

Name of the domain.

interface DomainPolicyState

interface DomainPolicyState

Input properties used for looking up and filtering DomainPolicy resources.

property accessPolicies

accessPolicies?: pulumi.Input<string | PolicyDocument>;

IAM policy document specifying the access policies for the domain

property domainName

domainName?: pulumi.Input<string>;

Name of the domain.

interface DomainState

interface DomainState

Input properties used for looking up and filtering Domain resources.

property accessPolicies

accessPolicies?: pulumi.Input<string | PolicyDocument>;

IAM policy document specifying the access policies for the domain

property advancedOptions

advancedOptions?: pulumi.Input<{[key: string]: any}>;

Key-value string pairs to specify advanced configuration options. Note that the values for these configuration options must be strings (wrapped in quotes) or they may be wrong and cause a perpetual diff, causing this provider to want to recreate your Elasticsearch domain on every apply.

property arn

arn?: pulumi.Input<string>;

Amazon Resource Name (ARN) of the domain.

property clusterConfig

clusterConfig?: pulumi.Input<DomainClusterConfig>;

Cluster configuration of the domain, see below.

property cognitoOptions

cognitoOptions?: pulumi.Input<DomainCognitoOptions>;

property domainEndpointOptions

domainEndpointOptions?: pulumi.Input<DomainDomainEndpointOptions>;

Domain endpoint HTTP(S) related options. See below.

property domainId

domainId?: pulumi.Input<string>;

Unique identifier for the domain.

property domainName

domainName?: pulumi.Input<string>;

Name of the domain.

property ebsOptions

ebsOptions?: pulumi.Input<DomainEbsOptions>;

EBS related options, may be required based on chosen instance size. See below.

property elasticsearchVersion

elasticsearchVersion?: pulumi.Input<string>;

The version of Elasticsearch to deploy. Defaults to 1.5

property encryptAtRest

encryptAtRest?: pulumi.Input<DomainEncryptAtRest>;

Encrypt at rest options. Only available for certain instance types. See below.

property endpoint

endpoint?: pulumi.Input<string>;

Domain-specific endpoint used to submit index, search, and data upload requests.

property kibanaEndpoint

kibanaEndpoint?: pulumi.Input<string>;

Domain-specific endpoint for kibana without https scheme. * vpc_options.0.availability_zones - If the domain was created inside a VPC, the names of the availability zones the configured subnetIds were created inside. * vpc_options.0.vpc_id - If the domain was created inside a VPC, the ID of the VPC.

property logPublishingOptions

logPublishingOptions?: pulumi.Input<pulumi.Input<DomainLogPublishingOption>[]>;

Options for publishing slow logs to CloudWatch Logs.

property nodeToNodeEncryption

nodeToNodeEncryption?: pulumi.Input<DomainNodeToNodeEncryption>;

Node-to-node encryption options. See below.

property snapshotOptions

snapshotOptions?: pulumi.Input<DomainSnapshotOptions>;

Snapshot related options, see below.

property tags

tags?: pulumi.Input<{[key: string]: any}>;

A map of tags to assign to the resource

property vpcOptions

vpcOptions?: pulumi.Input<DomainVpcOptions>;

VPC related options, see below. Adding or removing this configuration forces a new resource (documentation).

interface GetDomainArgs

interface GetDomainArgs

A collection of arguments for invoking getDomain.

property domainName

domainName: string;

Name of the domain.

property tags

tags?: undefined | {[key: string]: any};

The tags assigned to the domain.

interface GetDomainResult

interface GetDomainResult

A collection of values returned by getDomain.

property accessPolicies

accessPolicies: string;

The policy document attached to the domain.

property advancedOptions

advancedOptions: {[key: string]: any};

Key-value string pairs to specify advanced configuration options.

property arn

arn: string;

The Amazon Resource Name (ARN) of the domain.

property clusterConfigs

clusterConfigs: GetDomainClusterConfig[];

Cluster configuration of the domain.

property cognitoOptions

cognitoOptions: GetDomainCognitoOption[];

Domain Amazon Cognito Authentication options for Kibana.

property created

created: boolean;

Status of the creation of the domain.

property deleted

deleted: boolean;

Status of the deletion of the domain.

property domainId

domainId: string;

Unique identifier for the domain.

property domainName

domainName: string;

property ebsOptions

ebsOptions: GetDomainEbsOption[];

EBS Options for the instances in the domain.

property elasticsearchVersion

elasticsearchVersion: string;

ElasticSearch version for the domain.

property encryptionAtRests

encryptionAtRests: GetDomainEncryptionAtRest[];

Domain encryption at rest related options.

property endpoint

endpoint: string;

Domain-specific endpoint used to submit index, search, and data upload requests.

property id

id: string;

The provider-assigned unique ID for this managed resource.

property kibanaEndpoint

kibanaEndpoint: string;

Domain-specific endpoint used to access the Kibana application.

property logPublishingOptions

logPublishingOptions: GetDomainLogPublishingOption[];

Domain log publishing related options.

property nodeToNodeEncryptions

nodeToNodeEncryptions: GetDomainNodeToNodeEncryption[];

Domain in transit encryption related options.

property processing

processing: boolean;

Status of a configuration change in the domain. * snapshotOptions – Domain snapshot related options.

property snapshotOptions

snapshotOptions: GetDomainSnapshotOption[];

property tags

tags: {[key: string]: any};

The tags assigned to the domain.

property vpcOptions

vpcOptions: GetDomainVpcOption[];

VPC Options for private Elasticsearch domains.