Skip to content

Resource: awsOpensearchDomainSamlOptions

Manages SAML authentication options for an AWS OpenSearch Domain.

Example Usage

Basic Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsOpensearchDomainExample = new aws.opensearchDomain.OpensearchDomain(
  this,
  "example",
  {
    clusterConfig: {
      instanceType: "r4.large.search",
    },
    domainName: "example",
    engineVersion: "OpenSearch_1.1",
    snapshotOptions: {
      automatedSnapshotStartHour: 23,
    },
    tags: {
      Domain: "TestDomain",
    },
  }
);
const awsOpensearchDomainSamlOptionsExample =
  new aws.opensearchDomainSamlOptions.OpensearchDomainSamlOptions(
    this,
    "example_1",
    {
      domainName: awsOpensearchDomainExample.domainName,
      samlOptions: {
        enabled: true,
        idp: {
          entityId: "https://example.com",
          metadataContent: '${file("./saml-metadata.xml")}',
        },
      },
    }
  );
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsOpensearchDomainSamlOptionsExample.overrideLogicalId("example");

Argument Reference

The following arguments are required:

  • domainName - (Required) Name of the domain.

The following arguments are optional:

  • samlOptions - (Optional) SAML authentication options for an AWS OpenSearch Domain.

samlOptions

  • enabled - (Required) Whether SAML authentication is enabled.
  • idp - (Optional) Information from your identity provider.
  • masterBackendRole - (Optional) This backend role from the SAML IdP receives full permissions to the cluster, equivalent to a new master user.
  • masterUserName - (Optional) This username from the SAML IdP receives full permissions to the cluster, equivalent to a new master user.
  • rolesKey - (Optional) Element of the SAML assertion to use for backend roles. Default is roles.
  • sessionTimeoutMinutes - (Optional) Duration of a session in minutes after a user logs in. Default is 60. Maximum value is 1,440.
  • subjectKey - (Optional) Element of the SAML assertion to use for username. Default is NameID.

idp

  • entityId - (Required) Unique Entity ID of the application in SAML Identity Provider.
  • metadataContent - (Required) Metadata of the SAML application in xml format.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • id - Name of the domain the SAML options are associated with.

Timeouts

Configuration options:

  • update - (Default 180M)
  • delete - (Default 90M)

Import

OpenSearch domains can be imported using the domainName, e.g.,

$ terraform import aws_opensearch_domain_saml_options.example domain_name