Resource: awsOpensearchDomainSamlOptions
Manages SAML authentication options for an AWS OpenSearch Domain.
Example Usage
Basic Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsOpensearchDomainExample = new aws.opensearchDomain.OpensearchDomain(
this,
"example",
{
clusterConfig: {
instanceType: "r4.large.search",
},
domainName: "example",
engineVersion: "OpenSearch_1.1",
snapshotOptions: {
automatedSnapshotStartHour: 23,
},
tags: {
Domain: "TestDomain",
},
}
);
const awsOpensearchDomainSamlOptionsExample =
new aws.opensearchDomainSamlOptions.OpensearchDomainSamlOptions(
this,
"example_1",
{
domainName: awsOpensearchDomainExample.domainName,
samlOptions: {
enabled: true,
idp: {
entityId: "https://example.com",
metadataContent: '${file("./saml-metadata.xml")}',
},
},
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsOpensearchDomainSamlOptionsExample.overrideLogicalId("example");
Argument Reference
The following arguments are required:
domainName
- (Required) Name of the domain.
The following arguments are optional:
samlOptions
- (Optional) SAML authentication options for an AWS OpenSearch Domain.
samlOptions
enabled
- (Required) Whether SAML authentication is enabled.idp
- (Optional) Information from your identity provider.masterBackendRole
- (Optional) This backend role from the SAML IdP receives full permissions to the cluster, equivalent to a new master user.masterUserName
- (Optional) This username from the SAML IdP receives full permissions to the cluster, equivalent to a new master user.rolesKey
- (Optional) Element of the SAML assertion to use for backend roles. Default is roles.sessionTimeoutMinutes
- (Optional) Duration of a session in minutes after a user logs in. Default is 60. Maximum value is 1,440.subjectKey
- (Optional) Element of the SAML assertion to use for username. Default is NameID.
idp
entityId
- (Required) Unique Entity ID of the application in SAML Identity Provider.metadataContent
- (Required) Metadata of the SAML application in xml format.
Attributes Reference
In addition to all arguments above, the following attributes are exported:
id
- Name of the domain the SAML options are associated with.
Timeouts
update
- (Default180M
)delete
- (Default90M
)
Import
OpenSearch domains can be imported using the domainName
, e.g.,