Resource: awsElasticsearchDomainSamlOptions
Manages SAML authentication options for an AWS Elasticsearch Domain.
Example Usage
Basic Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsElasticsearchDomainExample =
new aws.elasticsearchDomain.ElasticsearchDomain(this, "example", {
clusterConfig: {
instanceType: "r4.large.elasticsearch",
},
domainName: "example",
elasticsearchVersion: "1.5",
snapshotOptions: {
automatedSnapshotStartHour: 23,
},
tags: {
Domain: "TestDomain",
},
});
const awsElasticsearchDomainSamlOptionsExample =
new aws.elasticsearchDomainSamlOptions.ElasticsearchDomainSamlOptions(
this,
"example_1",
{
domainName: awsElasticsearchDomainExample.domainName,
samlOptions: {
enabled: true,
idp: {
entityId: "https://example.com",
metadataContent: '${file("./saml-metadata.xml")}',
},
},
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsElasticsearchDomainSamlOptionsExample.overrideLogicalId("example");
Argument Reference
The following arguments are required:
domainName
- (Required) Name of the domain.
The following arguments are optional:
samlOptions
- (Optional) The SAML authentication options for an AWS Elasticsearch Domain.
samlOptions
enabled
- (Required) Whether SAML authentication is enabled.idp
- (Optional) Information from your identity provider.masterBackendRole
- (Optional) This backend role from the SAML IdP receives full permissions to the cluster, equivalent to a new master user.masterUserName
- (Optional) This username from the SAML IdP receives full permissions to the cluster, equivalent to a new master user.rolesKey
- (Optional) Element of the SAML assertion to use for backend roles. Default is roles.sessionTimeoutMinutes
- (Optional) Duration of a session in minutes after a user logs in. Default is 60. Maximum value is 1,440.subjectKey
- (Optional) Custom SAML attribute to use for user names. Default is an empty string -""
. This will cause Elasticsearch to use thenameId
element of thesubject
, which is the default location for name identifiers in the SAML specification.
idp
entityId
- (Required) The unique Entity ID of the application in SAML Identity Provider.metadataContent
- (Required) The Metadata of the SAML application in xml format.
Attributes Reference
In addition to all arguments above, the following attributes are exported:
id
- The name of the domain the SAML options are associated with.
Import
Elasticsearch domains can be imported using the domainName
, e.g.,