Skip to content

Resource: awsOpensearchDomainPolicy

Allows setting policy to an OpenSearch domain while referencing domain attributes (e.g., ARN).

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsOpensearchDomainExample = new aws.opensearchDomain.OpensearchDomain(
  this,
  "example",
  {
    domainName: "tf-test",
    engineVersion: "OpenSearch_1.1",
  }
);
const dataAwsIamPolicyDocumentMain =
  new aws.dataAwsIamPolicyDocument.DataAwsIamPolicyDocument(this, "main", {
    actions: ["es:*"],
    condition: [
      {
        test: "IpAddress",
        values: "127.0.0.1/32",
        variable: "aws:SourceIp",
      },
    ],
    effect: "Allow",
    principals: [
      {
        identifiers: ["*"],
        type: "*",
      },
    ],
    resources: [`\${${awsOpensearchDomainExample.arn}}/*`],
  });
const awsOpensearchDomainPolicyMain =
  new aws.opensearchDomainPolicy.OpensearchDomainPolicy(this, "main_2", {
    accessPolicies: dataAwsIamPolicyDocumentMain.json,
    domainName: awsOpensearchDomainExample.domainName,
  });
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsOpensearchDomainPolicyMain.overrideLogicalId("main");

Argument Reference

The following arguments are supported:

  • accessPolicies - (Optional) IAM policy document specifying the access policies for the domain
  • domainName - (Required) Name of the domain.

Attributes Reference

No additional attributes are exported.

Timeouts

Configuration options:

  • update - (Default 180M)
  • delete - (Default 90M)