Skip to content

Resource: awsElasticsearchDomainSamlOptions

Manages SAML authentication options for an AWS Elasticsearch Domain.

Example Usage

Basic Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsElasticsearchDomainExample =
  new aws.elasticsearchDomain.ElasticsearchDomain(this, "example", {
    clusterConfig: {
      instanceType: "r4.large.elasticsearch",
    },
    domainName: "example",
    elasticsearchVersion: "1.5",
    snapshotOptions: {
      automatedSnapshotStartHour: 23,
    },
    tags: {
      Domain: "TestDomain",
    },
  });
const awsElasticsearchDomainSamlOptionsExample =
  new aws.elasticsearchDomainSamlOptions.ElasticsearchDomainSamlOptions(
    this,
    "example_1",
    {
      domainName: awsElasticsearchDomainExample.domainName,
      samlOptions: {
        enabled: true,
        idp: {
          entityId: "https://example.com",
          metadataContent: '${file("./saml-metadata.xml")}',
        },
      },
    }
  );
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsElasticsearchDomainSamlOptionsExample.overrideLogicalId("example");

Argument Reference

The following arguments are required:

  • domainName - (Required) Name of the domain.

The following arguments are optional:

  • samlOptions - (Optional) The SAML authentication options for an AWS Elasticsearch Domain.

samlOptions

  • enabled - (Required) Whether SAML authentication is enabled.
  • idp - (Optional) Information from your identity provider.
  • masterBackendRole - (Optional) This backend role from the SAML IdP receives full permissions to the cluster, equivalent to a new master user.
  • masterUserName - (Optional) This username from the SAML IdP receives full permissions to the cluster, equivalent to a new master user.
  • rolesKey - (Optional) Element of the SAML assertion to use for backend roles. Default is roles.
  • sessionTimeoutMinutes - (Optional) Duration of a session in minutes after a user logs in. Default is 60. Maximum value is 1,440.
  • subjectKey - (Optional) Custom SAML attribute to use for user names. Default is an empty string - "". This will cause Elasticsearch to use the nameId element of the subject, which is the default location for name identifiers in the SAML specification.

idp

  • entityId - (Required) The unique Entity ID of the application in SAML Identity Provider.
  • metadataContent - (Required) The Metadata of the SAML application in xml format.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • id - The name of the domain the SAML options are associated with.

Import

Elasticsearch domains can be imported using the domainName, e.g.,

$ terraform import aws_elasticsearch_domain_saml_options.example domain_name