daniel/agent-claw
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

agent-claw: automated task changes

Browse Source
This commit is contained in:
daniel
2026-05-06 18:55:16 -05:00
parent 38905bb1e9
commit 732b00fb66
8494 changed files with 2018127 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
cdk/node_modules/aws-cdk-lib/aws-elasticsearch/.jsiirc.json generated vendored Normal file
View File

@@ -0,0 +1,13 @@
{
"targets": {
"java": {
"package": "software.amazon.awscdk.services.elasticsearch"
},
"dotnet": {
"namespace": "Amazon.CDK.AWS.Elasticsearch"
},
"python": {
"module": "aws_cdk.aws_elasticsearch"
}
}
}

441
cdk/node_modules/aws-cdk-lib/aws-elasticsearch/README.md generated vendored Normal file
View File

@@ -0,0 +1,441 @@
# Amazon OpenSearch Service Construct Library
> Instead of this module, we recommend using the [aws-cdk-lib/aws-opensearchservice](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_opensearchservice-readme.html) module. See [Amazon OpenSearch Service FAQs](https://aws.amazon.com/opensearch-service/faqs/#Name_change) for details. See [Migrating to OpenSearch](#migrating-to-opensearch) for migration instructions.
## Quick start
Create a development cluster by simply specifying the version:
```ts
const devDomain = new es.Domain(this, 'Domain', {
version: es.ElasticsearchVersion.V7_1,
});
```
To perform version upgrades without replacing the entire domain, specify the `enableVersionUpgrade` property.
```ts
const devDomain = new es.Domain(this, 'Domain', {
version: es.ElasticsearchVersion.V7_10,
enableVersionUpgrade: true, // defaults to false
});
```
Create a production grade cluster by also specifying things like capacity and az distribution
```ts
const prodDomain = new es.Domain(this, 'Domain', {
version: es.ElasticsearchVersion.V7_1,
capacity: {
masterNodes: 5,
dataNodes: 20,
},
ebs: {
volumeSize: 20,
},
zoneAwareness: {
availabilityZoneCount: 3,
},
logging: {
slowSearchLogEnabled: true,
appLogEnabled: true,
slowIndexLogEnabled: true,
},
});
```
This creates an Elasticsearch cluster and automatically sets up log groups for
logging the domain logs and slow search logs.
## A note about SLR
Some cluster configurations (e.g VPC access) require the existence of the [`AWSServiceRoleForAmazonElasticsearchService`](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/slr.html) service-linked role.
When performing such operations via the AWS Console, this SLR is created automatically when needed. However, this is not the behavior when using CloudFormation. If an SLR is needed, but doesn't exist, you will encounter a failure message similar to:
```console
Before you can proceed, you must enable a service-linked role to give Amazon ES...
```
To resolve this, you need to [create](https://docs.aws.amazon.com/IAM/latest/UserGuide/using-service-linked-roles.html#create-service-linked-role) the SLR. We recommend using the AWS CLI:
```console
aws iam create-service-linked-role --aws-service-name es.amazonaws.com
```
You can also create it using the CDK, **but note that only the first application deploying this will succeed**:
```ts
const slr = new iam.CfnServiceLinkedRole(this, 'ElasticSLR', {
awsServiceName: 'es.amazonaws.com',
});
```
## Importing existing domains
To import an existing domain into your CDK application, use the `Domain.fromDomainEndpoint` factory method.
This method accepts a domain endpoint of an already existing domain:
```ts
const domainEndpoint = 'https://my-domain-jcjotrt6f7otem4sqcwbch3c4u.us-east-1.es.amazonaws.com';
const domain = es.Domain.fromDomainEndpoint(this, 'ImportedDomain', domainEndpoint);
```
## Permissions
### IAM
Helper methods also exist for managing access to the domain.
```ts
declare const fn: lambda.Function;
declare const domain: es.Domain;
// Grant write access to the app-search index
domain.grantIndexWrite('app-search', fn);
// Grant read access to the 'app-search/_search' path
domain.grantPathRead('app-search/_search', fn);
```
## Encryption
The domain can also be created with encryption enabled:
```ts
const domain = new es.Domain(this, 'Domain', {
version: es.ElasticsearchVersion.V7_4,
ebs: {
volumeSize: 100,
volumeType: ec2.EbsDeviceVolumeType.GENERAL_PURPOSE_SSD,
},
nodeToNodeEncryption: true,
encryptionAtRest: {
enabled: true,
},
});
```
This sets up the domain with node to node encryption and encryption at
rest. You can also choose to supply your own KMS key to use for encryption at
rest.
## VPC Support
Elasticsearch domains can be placed inside a VPC, providing a secure communication between Amazon ES and other services within the VPC without the need for an internet gateway, NAT device, or VPN connection.
> See [Launching your Amazon OpenSearch Service domains within a VPC](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/vpc.html) for more details.
```ts
const vpc = new ec2.Vpc(this, 'Vpc');
const domainProps: es.DomainProps = {
version: es.ElasticsearchVersion.V7_1,
removalPolicy: RemovalPolicy.DESTROY,
vpc,
// must be enabled since our VPC contains multiple private subnets.
zoneAwareness: {
enabled: true,
},
capacity: {
// must be an even number since the default az count is 2.
dataNodes: 2,
},
};
new es.Domain(this, 'Domain', domainProps);
```
In addition, you can use the `vpcSubnets` property to control which specific subnets will be used, and the `securityGroups` property to control
which security groups will be attached to the domain. By default, CDK will select all *private* subnets in the VPC, and create one dedicated security group.
## Metrics
Helper methods exist to access common domain metrics for example:
```ts
declare const domain: es.Domain;
const freeStorageSpace = domain.metricFreeStorageSpace();
const masterSysMemoryUtilization = domain.metric('MasterSysMemoryUtilization');
```
This module is part of the [AWS Cloud Development Kit](https://github.com/aws/aws-cdk) project.
## Fine grained access control
The domain can also be created with a master user configured. The password can
be supplied or dynamically created if not supplied.
```ts
const domain = new es.Domain(this, 'Domain', {
version: es.ElasticsearchVersion.V7_1,
enforceHttps: true,
nodeToNodeEncryption: true,
encryptionAtRest: {
enabled: true,
},
fineGrainedAccessControl: {
masterUserName: 'master-user',
},
});
const masterUserPassword = domain.masterUserPassword;
```
## Using unsigned basic auth
For convenience, the domain can be configured to allow unsigned HTTP requests
that use basic auth. Unless the domain is configured to be part of a VPC this
means anyone can access the domain using the configured master username and
password.
To enable unsigned basic auth access the domain is configured with an access
policy that allows anonymous requests, HTTPS required, node to node encryption,
encryption at rest and fine grained access control.
If the above settings are not set they will be configured as part of enabling
unsigned basic auth. If they are set with conflicting values, an error will be
thrown.
If no master user is configured a default master user is created with the
username `admin`.
If no password is configured a default master user password is created and
stored in the AWS Secrets Manager as secret. The secret has the prefix
`<domain id>MasterUser`.
```ts
const domain = new es.Domain(this, 'Domain', {
version: es.ElasticsearchVersion.V7_1,
useUnsignedBasicAuth: true,
});
const masterUserPassword = domain.masterUserPassword;
```
## Custom access policies
If the domain requires custom access control it can be configured either as a
constructor property, or later by means of a helper method.
For simple permissions the `accessPolicies` constructor may be sufficient:
```ts
const domain = new es.Domain(this, 'Domain', {
version: es.ElasticsearchVersion.V7_1,
accessPolicies: [
new iam.PolicyStatement({
actions: ['es:*ESHttpPost', 'es:ESHttpPut*'],
effect: iam.Effect.ALLOW,
principals: [new iam.AccountPrincipal('123456789012')],
resources: ['*'],
}),
]
});
```
For more complex use-cases, for example, to set the domain up to receive data from a
[cross-account Amazon Data Firehose](https://aws.amazon.com/premiumsupport/knowledge-center/kinesis-firehose-cross-account-streaming/) the `addAccessPolicies` helper method
allows for policies that include the explicit domain ARN.
```ts
const domain = new es.Domain(this, 'Domain', {
version: es.ElasticsearchVersion.V7_1,
});
domain.addAccessPolicies(
new iam.PolicyStatement({
actions: ['es:ESHttpPost', 'es:ESHttpPut'],
effect: iam.Effect.ALLOW,
principals: [new iam.AccountPrincipal('123456789012')],
resources: [domain.domainArn, `${domain.domainArn}/*`],
}),
new iam.PolicyStatement({
actions: ['es:ESHttpGet'],
effect: iam.Effect.ALLOW,
principals: [new iam.AccountPrincipal('123456789012')],
resources: [
`${domain.domainArn}/_all/_settings`,
`${domain.domainArn}/_cluster/stats`,
`${domain.domainArn}/index-name*/_mapping/type-name`,
`${domain.domainArn}/roletest*/_mapping/roletest`,
`${domain.domainArn}/_nodes`,
`${domain.domainArn}/_nodes/stats`,
`${domain.domainArn}/_nodes/*/stats`,
`${domain.domainArn}/_stats`,
`${domain.domainArn}/index-name*/_stats`,
`${domain.domainArn}/roletest*/_stat`,
],
}),
);
```
## Audit logs
Audit logs can be enabled for a domain, but only when fine-grained access control is enabled.
```ts
const domain = new es.Domain(this, 'Domain', {
version: es.ElasticsearchVersion.V7_1,
enforceHttps: true,
nodeToNodeEncryption: true,
encryptionAtRest: {
enabled: true,
},
fineGrainedAccessControl: {
masterUserName: 'master-user',
},
logging: {
auditLogEnabled: true,
slowSearchLogEnabled: true,
appLogEnabled: true,
slowIndexLogEnabled: true,
},
});
```
## UltraWarm
UltraWarm nodes can be enabled to provide a cost-effective way to store large amounts of read-only data.
```ts
const domain = new es.Domain(this, 'Domain', {
version: es.ElasticsearchVersion.V7_10,
capacity: {
masterNodes: 2,
warmNodes: 2,
warmInstanceType: 'ultrawarm1.medium.elasticsearch',
},
});
```
## Custom endpoint
Custom endpoints can be configured to reach the ES domain under a custom domain name.
```ts
new es.Domain(this, 'Domain', {
version: es.ElasticsearchVersion.V7_7,
customEndpoint: {
domainName: 'search.example.com',
},
});
```
It is also possible to specify a custom certificate instead of the auto-generated one.
Additionally, an automatic CNAME-Record is created if a hosted zone is provided for the custom endpoint
## Advanced options
[Advanced cluster settings](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/createupdatedomains.html#createdomain-configure-advanced-options) can used to configure additional options.
```ts
new es.Domain(this, 'Domain', {
version: es.ElasticsearchVersion.V7_7,
advancedOptions: {
'rest.action.multi.allow_explicit_index': 'false',
'indices.fielddata.cache.size': '25',
'indices.query.bool.max_clause_count': '2048',
},
});
```
## Migrating to OpenSearch
To migrate from this module (`aws-cdk-lib/aws-elasticsearch`) to the new `aws-cdk-lib/aws-opensearchservice` module, you must modify your CDK application to refer to the new module (including some associated changes) and then perform a CloudFormation resource deletion/import.
### Necessary CDK Modifications
Make the following modifications to your CDK application to migrate to the `aws-cdk-lib/aws-opensearchservice` module.
- Rewrite module imports to use `'aws-cdk-lib/aws-opensearchservice` to `'aws-cdk-lib/aws-elasticsearch`.
For example:
```ts nofixture
import * as es from 'aws-cdk-lib/aws-elasticsearch';
import { Domain } from 'aws-cdk-lib/aws-elasticsearch';
```
...becomes...
```ts nofixture
import * as opensearch from 'aws-cdk-lib/aws-opensearchservice';
import { Domain } from 'aws-cdk-lib/aws-opensearchservice';
```
- Replace instances of `es.ElasticsearchVersion` with `opensearch.EngineVersion`.
For example:
```ts fixture=migrate-opensearch
const version = es.ElasticsearchVersion.V7_1;
```
...becomes...
```ts fixture=migrate-opensearch
const version = opensearch.EngineVersion.ELASTICSEARCH_7_1;
```
- Replace the `cognitoKibanaAuth` property of `DomainProps` with `cognitoDashboardsAuth`.
For example:
```ts fixture=migrate-opensearch
new es.Domain(this, 'Domain', {
cognitoKibanaAuth: {
identityPoolId: 'test-identity-pool-id',
userPoolId: 'test-user-pool-id',
role: role,
},
version: elasticsearchVersion,
});
```
...becomes...
```ts fixture=migrate-opensearch
new opensearch.Domain(this, 'Domain', {
cognitoDashboardsAuth: {
identityPoolId: 'test-identity-pool-id',
userPoolId: 'test-user-pool-id',
role: role,
},
version: openSearchVersion,
});
```
- Rewrite instance type suffixes from `.elasticsearch` to `.search`.
For example:
```ts fixture=migrate-opensearch
new es.Domain(this, 'Domain', {
capacity: {
masterNodeInstanceType: 'r5.large.elasticsearch',
},
version: elasticsearchVersion,
});
```
...becomes...
```ts fixture=migrate-opensearch
new opensearch.Domain(this, 'Domain', {
capacity: {
masterNodeInstanceType: 'r5.large.search',
},
version: openSearchVersion,
});
```
- Any `CfnInclude`'d domains will need to be re-written in their original template in
order to be successfully included as a `opensearch.CfnDomain`
### CloudFormation Migration
Follow these steps to migrate your application without data loss:
- Ensure that the [removal policy](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_core.RemovalPolicy.html) on your domains are set to `RemovalPolicy.RETAIN`. This is the default for the domain construct, so nothing is required unless you have specifically set the removal policy to some other value.
- Remove the domain resource from your CloudFormation stacks by manually modifying the synthesized templates used to create the CloudFormation stacks. This may also involve modifying or deleting dependent resources, such as the custom resources that CDK creates to manage the domain's access policy or any other resource you have connected to the domain. You will need to search for references to each domain's logical ID to determine which other resources refer to it and replace or delete those references. Do not remove resources that are dependencies of the domain or you will have to recreate or import them before importing the domain. After modification, deploy the stacks through the AWS Management Console or using the AWS CLI.
- Migrate your CDK application to use the new `aws-cdk-lib/aws-opensearchservice` module by applying the necessary modifications listed above. Synthesize your application and obtain the resulting stack templates.
- Copy just the definition of the domain from the "migrated" templates to the corresponding "stripped" templates that you deployed above. [Import](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/resource-import-existing-stack.html) the orphaned domains into your CloudFormation stacks using these templates.
- Synthesize and deploy your CDK application to reconfigure/recreate the modified dependent resources. The CloudFormation stacks should now contain the same resources as existed prior to migration.
- Proceed with development as normal!

38
cdk/node_modules/aws-cdk-lib/aws-elasticsearch/grants.json generated vendored Normal file
View File

@@ -0,0 +1,38 @@
{
"resources": {
"Domain": {
"grants": {
"read": {
"actions": [
"es:ESHttpGet",
"es:ESHttpHead"
],
"arnFormat": ["${domainArn}", "${domainArn}/*"],
"docSummary": "Grant read permissions for this domain and its contents to an IAM\nprincipal (Role/Group/User)."
},
"write": {
"actions": [
"es:ESHttpDelete",
"es:ESHttpPost",
"es:ESHttpPut",
"es:ESHttpPatch"
],
"arnFormat": ["${domainArn}", "${domainArn}/*"],
"docSummary": "Grant write permissions for this domain and its contents to an IAM\nprincipal (Role/Group/User)."
},
"readWrite": {
"actions": [
"es:ESHttpGet",
"es:ESHttpHead",
"es:ESHttpDelete",
"es:ESHttpPost",
"es:ESHttpPut",
"es:ESHttpPatch"
],
"arnFormat": ["${domainArn}", "${domainArn}/*"],
"docSummary": "Grant read/write permissions for this domain and its contents to an IAM\nprincipal (Role/Group/User)."
}
}
}
}
}

1
cdk/node_modules/aws-cdk-lib/aws-elasticsearch/index.d.ts generated vendored Normal file
View File

@@ -0,0 +1 @@
export * from './lib';

1
cdk/node_modules/aws-cdk-lib/aws-elasticsearch/index.js generated vendored Normal file
View File

@@ -0,0 +1 @@
"use strict";var __createBinding=exports&&exports.__createBinding||(Object.create?(function(o,m,k,k2){k2===void 0&&(k2=k);var desc=Object.getOwnPropertyDescriptor(m,k);(!desc||("get"in desc?!m.__esModule:desc.writable||desc.configurable))&&(desc={enumerable:!0,get:function(){return m[k]}}),Object.defineProperty(o,k2,desc)}):(function(o,m,k,k2){k2===void 0&&(k2=k),o[k2]=m[k]})),__exportStar=exports&&exports.__exportStar||function(m,exports2){for(var p in m)p!=="default"&&!Object.prototype.hasOwnProperty.call(exports2,p)&&__createBinding(exports2,m,p)};Object.defineProperty(exports,"__esModule",{value:!0});var _noFold;exports.ElasticsearchVersion=void 0,Object.defineProperty(exports,_noFold="ElasticsearchVersion",{enumerable:!0,configurable:!0,get:()=>{var value=require("./lib").ElasticsearchVersion;return Object.defineProperty(exports,_noFold="ElasticsearchVersion",{enumerable:!0,configurable:!0,value}),value}}),exports.TLSSecurityPolicy=void 0,Object.defineProperty(exports,_noFold="TLSSecurityPolicy",{enumerable:!0,configurable:!0,get:()=>{var value=require("./lib").TLSSecurityPolicy;return Object.defineProperty(exports,_noFold="TLSSecurityPolicy",{enumerable:!0,configurable:!0,value}),value}}),exports.Domain=void 0,Object.defineProperty(exports,_noFold="Domain",{enumerable:!0,configurable:!0,get:()=>{var value=require("./lib").Domain;return Object.defineProperty(exports,_noFold="Domain",{enumerable:!0,configurable:!0,value}),value}}),exports.CfnDomain=void 0,Object.defineProperty(exports,_noFold="CfnDomain",{enumerable:!0,configurable:!0,get:()=>{var value=require("./lib").CfnDomain;return Object.defineProperty(exports,_noFold="CfnDomain",{enumerable:!0,configurable:!0,value}),value}}),exports.DomainGrants=void 0,Object.defineProperty(exports,_noFold="DomainGrants",{enumerable:!0,configurable:!0,get:()=>{var value=require("./lib").DomainGrants;return Object.defineProperty(exports,_noFold="DomainGrants",{enumerable:!0,configurable:!0,value}),value}});

1168
cdk/node_modules/aws-cdk-lib/aws-elasticsearch/lib/domain.d.ts generated vendored Normal file
View File

File diff suppressed because it is too large Load Diff

1
cdk/node_modules/aws-cdk-lib/aws-elasticsearch/lib/domain.js generated vendored Normal file
View File

File diff suppressed because one or more lines are too long

31
cdk/node_modules/aws-cdk-lib/aws-elasticsearch/lib/elasticsearch-access-policy.d.ts generated vendored Normal file
View File

@@ -0,0 +1,31 @@
import type { Construct } from 'constructs';
import * as iam from '../../aws-iam';
import * as cr from '../../custom-resources';
/**
* Construction properties for ElasticsearchAccessPolicy
*/
export interface ElasticsearchAccessPolicyProps {
/**
* The Elasticsearch Domain name
*/
readonly domainName: string;
/**
* The Elasticsearch Domain ARN
*/
readonly domainArn: string;
/**
* The access policy statements for the Elasticsearch cluster
*/
readonly accessPolicies: iam.PolicyStatement[];
}
/**
* Creates LogGroup resource policies.
*/
export declare class ElasticsearchAccessPolicy extends cr.AwsCustomResource {
private accessPolicyStatements;
constructor(scope: Construct, id: string, props: ElasticsearchAccessPolicyProps);
/**
* Add policy statements to the domain access policy
*/
addAccessPolicies(...accessPolicyStatements: iam.PolicyStatement[]): void;
}

1
cdk/node_modules/aws-cdk-lib/aws-elasticsearch/lib/elasticsearch-access-policy.js generated vendored Normal file
View File

@@ -0,0 +1 @@
"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.ElasticsearchAccessPolicy=void 0;var iam=()=>{var tmp=require("../../aws-iam");return iam=()=>tmp,tmp},cdk=()=>{var tmp=require("../../core");return cdk=()=>tmp,tmp},cr=()=>{var tmp=require("../../custom-resources");return cr=()=>tmp,tmp};class ElasticsearchAccessPolicy extends cr().AwsCustomResource{accessPolicyStatements=[];constructor(scope,id,props){super(scope,id,{resourceType:"Custom::ElasticsearchAccessPolicy",installLatestAwsSdk:!1,onUpdate:{action:"updateElasticsearchDomainConfig",service:"ES",parameters:{DomainName:props.domainName,AccessPolicies:cdk().Lazy.string({produce:()=>JSON.stringify(new(iam()).PolicyDocument({statements:this.accessPolicyStatements}).toJSON())})},outputPaths:["DomainConfig.ElasticsearchClusterConfig.AccessPolicies"],physicalResourceId:cr().PhysicalResourceId.of(`${props.domainName}AccessPolicy`)},policy:cr().AwsCustomResourcePolicy.fromSdkCalls({resources:[props.domainArn]})}),this.addAccessPolicies(...props.accessPolicies)}addAccessPolicies(...accessPolicyStatements){this.accessPolicyStatements.push(...accessPolicyStatements)}}exports.ElasticsearchAccessPolicy=ElasticsearchAccessPolicy;

33
cdk/node_modules/aws-cdk-lib/aws-elasticsearch/lib/elasticsearch-grants.generated.d.ts generated vendored Normal file
View File

@@ -0,0 +1,33 @@
import * as elasticsearch from "./elasticsearch.generated";
import * as iam from "../../aws-iam";
import * as cdk from "../../core/lib";
/**
* Collection of grant methods for a IDomainRef
*/
export declare class DomainGrants {
/**
* Creates grants for DomainGrants
*/
static fromDomain(resource: elasticsearch.IDomainRef): DomainGrants;
protected readonly resource: elasticsearch.IDomainRef;
private constructor();
/**
* Grant the given identity custom permissions
*/
actions(grantee: iam.IGrantable, actions: Array<string>, options?: cdk.PermissionsOptions): iam.Grant;
/**
* Grant read permissions for this domain and its contents to an IAM
* principal (Role/Group/User).
*/
read(grantee: iam.IGrantable): iam.Grant;
/**
* Grant write permissions for this domain and its contents to an IAM
* principal (Role/Group/User).
*/
write(grantee: iam.IGrantable): iam.Grant;
/**
* Grant read/write permissions for this domain and its contents to an IAM
* principal (Role/Group/User).
*/
readWrite(grantee: iam.IGrantable): iam.Grant;
}

1
cdk/node_modules/aws-cdk-lib/aws-elasticsearch/lib/elasticsearch-grants.generated.js generated vendored Normal file
View File

@@ -0,0 +1 @@
"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.DomainGrants=void 0;var jsiiDeprecationWarnings=()=>{var tmp=require("../../.warnings.jsii.js");return jsiiDeprecationWarnings=()=>tmp,tmp};const JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti");var elasticsearch=()=>{var tmp=require("./elasticsearch.generated");return elasticsearch=()=>tmp,tmp},iam=()=>{var tmp=require("../../aws-iam");return iam=()=>tmp,tmp};class DomainGrants{static[JSII_RTTI_SYMBOL_1]={fqn:"aws-cdk-lib.aws_elasticsearch.DomainGrants",version:"2.252.0"};static fromDomain(resource){try{jsiiDeprecationWarnings().aws_cdk_lib_interfaces_aws_elasticsearch_IDomainRef(resource)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.fromDomain),error}return new DomainGrants({resource})}resource;constructor(props){this.resource=props.resource}actions(grantee,actions,options={}){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_iam_IGrantable(grantee),jsiiDeprecationWarnings().aws_cdk_lib_PermissionsOptions(options)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.actions),error}return iam().Grant.addToPrincipal({actions,grantee,resourceArns:options.resourceArns??[elasticsearch().CfnDomain.arnForDomain(this.resource)]})}read(grantee){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_iam_IGrantable(grantee)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.read),error}const actions=["es:ESHttpGet","es:ESHttpHead"];return this.actions(grantee,actions,{resourceArns:[elasticsearch().CfnDomain.arnForDomain(this.resource),elasticsearch().CfnDomain.arnForDomain(this.resource)+"/*"]})}write(grantee){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_iam_IGrantable(grantee)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.write),error}const actions=["es:ESHttpDelete","es:ESHttpPost","es:ESHttpPut","es:ESHttpPatch"];return this.actions(grantee,actions,{resourceArns:[elasticsearch().CfnDomain.arnForDomain(this.resource),elasticsearch().CfnDomain.arnForDomain(this.resource)+"/*"]})}readWrite(grantee){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_iam_IGrantable(grantee)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.readWrite),error}const actions=["es:ESHttpGet","es:ESHttpHead","es:ESHttpDelete","es:ESHttpPost","es:ESHttpPut","es:ESHttpPatch"];return this.actions(grantee,actions,{resourceArns:[elasticsearch().CfnDomain.arnForDomain(this.resource),elasticsearch().CfnDomain.arnForDomain(this.resource)+"/*"]})}}exports.DomainGrants=DomainGrants;

849
cdk/node_modules/aws-cdk-lib/aws-elasticsearch/lib/elasticsearch.generated.d.ts generated vendored Normal file
View File

@@ -0,0 +1,849 @@
import * as cdk from "../../core/lib";
import * as constructs from "constructs";
import * as cfn_parse from "../../core/lib/helpers-internal";
import { DomainReference, IDomainRef } from "../../interfaces/generated/aws-elasticsearch-interfaces.generated";
/**
* The AWS::Elasticsearch::Domain resource creates an Amazon OpenSearch Service domain.
*
* > The `AWS::Elasticsearch::Domain` resource is being replaced by the [AWS::OpenSearchService::Domain](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html) resource. While the legacy Elasticsearch resource and options are still supported, we recommend modifying your existing Cloudformation templates to use the new OpenSearch Service resource, which supports both OpenSearch and legacy Elasticsearch. For instructions to upgrade domains defined within CloudFormation from Elasticsearch to OpenSearch, see [Remarks](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html#aws-resource-opensearchservice-domain--remarks) .
*
* @cloudformationResource AWS::Elasticsearch::Domain
* @stability external
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticsearch-domain.html
*/
export declare class CfnDomain extends cdk.CfnResource implements cdk.IInspectable, IDomainRef, cdk.ITaggable {
/**
* The CloudFormation resource type name for this resource class.
*/
static readonly CFN_RESOURCE_TYPE_NAME: string;
/**
* Build a CfnDomain from CloudFormation properties
*
* A factory method that creates a new instance of this class from an object
* containing the CloudFormation properties of this resource.
* Used in the @aws-cdk/cloudformation-include module.
*
* @internal
*/
static _fromCloudFormation(scope: constructs.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnDomain;
/**
* Checks whether the given object is a CfnDomain
*/
static isCfnDomain(x: any): x is CfnDomain;
/**
* Creates a new IDomainRef from an ARN
*/
static fromDomainArn(scope: constructs.Construct, id: string, arn: string): IDomainRef;
/**
* Creates a new IDomainRef from a domainName
*/
static fromDomainName(scope: constructs.Construct, id: string, domainName: string): IDomainRef;
static arnForDomain(resource: IDomainRef): string;
/**
* An AWS Identity and Access Management ( IAM ) policy document that specifies who can access the OpenSearch Service domain and their permissions.
*/
private _accessPolicies?;
/**
* Additional options to specify for the OpenSearch Service domain.
*/
private _advancedOptions?;
/**
* Specifies options for fine-grained access control.
*/
private _advancedSecurityOptions?;
/**
* Configures OpenSearch Service to use Amazon Cognito authentication for OpenSearch Dashboards.
*/
private _cognitoOptions?;
private _domainArn?;
/**
* Specifies additional options for the domain endpoint, such as whether to require HTTPS for all traffic or whether to use a custom endpoint rather than the default endpoint.
*/
private _domainEndpointOptions?;
/**
* A name for the OpenSearch Service domain.
*/
private _domainName?;
/**
* The configurations of Amazon Elastic Block Store (Amazon EBS) volumes that are attached to data nodes in the OpenSearch Service domain.
*/
private _ebsOptions?;
/**
* ElasticsearchClusterConfig is a property of the AWS::Elasticsearch::Domain resource that configures the cluster of an Amazon OpenSearch Service domain.
*/
private _elasticsearchClusterConfig?;
/**
* The version of Elasticsearch to use, such as 2.3. If not specified, 1.5 is used as the default. For information about the versions that OpenSearch Service supports, see [Supported versions of OpenSearch and Elasticsearch](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/what-is.html#choosing-version) in the *Amazon OpenSearch Service Developer Guide* .
*/
private _elasticsearchVersion?;
/**
* Whether the domain should encrypt data at rest, and if so, the AWS Key Management Service key to use.
*/
private _encryptionAtRestOptions?;
/**
* An object with one or more of the following keys: `SEARCH_SLOW_LOGS` , `ES_APPLICATION_LOGS` , `INDEX_SLOW_LOGS` , `AUDIT_LOGS` , depending on the types of logs you want to publish.
*/
private _logPublishingOptions?;
/**
* Specifies whether node-to-node encryption is enabled.
*/
private _nodeToNodeEncryptionOptions?;
/**
* *DEPRECATED* .
*/
private _snapshotOptions?;
/**
* Tag Manager which manages the tags for this resource
*/
readonly tags: cdk.TagManager;
/**
* An arbitrary set of tags (keyvalue pairs) to associate with the OpenSearch Service domain.
*/
private _tagsRaw?;
/**
* The virtual private cloud (VPC) configuration for the OpenSearch Service domain.
*/
private _vpcOptions?;
protected readonly cfnPropertyNames: Record<string, string>;
/**
* Create a new `AWS::Elasticsearch::Domain`.
*
* @param scope Scope in which this resource is defined
* @param id Construct identifier for this resource (unique in its scope)
* @param props Resource properties
*/
constructor(scope: constructs.Construct, id: string, props?: CfnDomainProps);
get domainRef(): DomainReference;
/**
* An AWS Identity and Access Management ( IAM ) policy document that specifies who can access the OpenSearch Service domain and their permissions.
*/
get accessPolicies(): any | cdk.IResolvable | undefined;
/**
* An AWS Identity and Access Management ( IAM ) policy document that specifies who can access the OpenSearch Service domain and their permissions.
*/
set accessPolicies(value: any | cdk.IResolvable | undefined);
/**
* Additional options to specify for the OpenSearch Service domain.
*/
get advancedOptions(): cdk.IResolvable | Record<string, string> | undefined;
/**
* Additional options to specify for the OpenSearch Service domain.
*/
set advancedOptions(value: cdk.IResolvable | Record<string, string> | undefined);
/**
* Specifies options for fine-grained access control.
*/
get advancedSecurityOptions(): CfnDomain.AdvancedSecurityOptionsInputProperty | cdk.IResolvable | undefined;
/**
* Specifies options for fine-grained access control.
*/
set advancedSecurityOptions(value: CfnDomain.AdvancedSecurityOptionsInputProperty | cdk.IResolvable | undefined);
/**
* Configures OpenSearch Service to use Amazon Cognito authentication for OpenSearch Dashboards.
*/
get cognitoOptions(): CfnDomain.CognitoOptionsProperty | cdk.IResolvable | undefined;
/**
* Configures OpenSearch Service to use Amazon Cognito authentication for OpenSearch Dashboards.
*/
set cognitoOptions(value: CfnDomain.CognitoOptionsProperty | cdk.IResolvable | undefined);
get domainArn(): string | undefined;
set domainArn(value: string | undefined);
/**
* Specifies additional options for the domain endpoint, such as whether to require HTTPS for all traffic or whether to use a custom endpoint rather than the default endpoint.
*/
get domainEndpointOptions(): CfnDomain.DomainEndpointOptionsProperty | cdk.IResolvable | undefined;
/**
* Specifies additional options for the domain endpoint, such as whether to require HTTPS for all traffic or whether to use a custom endpoint rather than the default endpoint.
*/
set domainEndpointOptions(value: CfnDomain.DomainEndpointOptionsProperty | cdk.IResolvable | undefined);
/**
* A name for the OpenSearch Service domain.
*/
get domainName(): string | undefined;
/**
* A name for the OpenSearch Service domain.
*/
set domainName(value: string | undefined);
/**
* The configurations of Amazon Elastic Block Store (Amazon EBS) volumes that are attached to data nodes in the OpenSearch Service domain.
*/
get ebsOptions(): CfnDomain.EBSOptionsProperty | cdk.IResolvable | undefined;
/**
* The configurations of Amazon Elastic Block Store (Amazon EBS) volumes that are attached to data nodes in the OpenSearch Service domain.
*/
set ebsOptions(value: CfnDomain.EBSOptionsProperty | cdk.IResolvable | undefined);
/**
* ElasticsearchClusterConfig is a property of the AWS::Elasticsearch::Domain resource that configures the cluster of an Amazon OpenSearch Service domain.
*/
get elasticsearchClusterConfig(): CfnDomain.ElasticsearchClusterConfigProperty | cdk.IResolvable | undefined;
/**
* ElasticsearchClusterConfig is a property of the AWS::Elasticsearch::Domain resource that configures the cluster of an Amazon OpenSearch Service domain.
*/
set elasticsearchClusterConfig(value: CfnDomain.ElasticsearchClusterConfigProperty | cdk.IResolvable | undefined);
/**
* The version of Elasticsearch to use, such as 2.3. If not specified, 1.5 is used as the default. For information about the versions that OpenSearch Service supports, see [Supported versions of OpenSearch and Elasticsearch](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/what-is.html#choosing-version) in the *Amazon OpenSearch Service Developer Guide* .
*/
get elasticsearchVersion(): string | undefined;
/**
* The version of Elasticsearch to use, such as 2.3. If not specified, 1.5 is used as the default. For information about the versions that OpenSearch Service supports, see [Supported versions of OpenSearch and Elasticsearch](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/what-is.html#choosing-version) in the *Amazon OpenSearch Service Developer Guide* .
*/
set elasticsearchVersion(value: string | undefined);
/**
* Whether the domain should encrypt data at rest, and if so, the AWS Key Management Service key to use.
*/
get encryptionAtRestOptions(): CfnDomain.EncryptionAtRestOptionsProperty | cdk.IResolvable | undefined;
/**
* Whether the domain should encrypt data at rest, and if so, the AWS Key Management Service key to use.
*/
set encryptionAtRestOptions(value: CfnDomain.EncryptionAtRestOptionsProperty | cdk.IResolvable | undefined);
/**
* An object with one or more of the following keys: `SEARCH_SLOW_LOGS` , `ES_APPLICATION_LOGS` , `INDEX_SLOW_LOGS` , `AUDIT_LOGS` , depending on the types of logs you want to publish.
*/
get logPublishingOptions(): cdk.IResolvable | Record<string, cdk.IResolvable | CfnDomain.LogPublishingOptionProperty> | undefined;
/**
* An object with one or more of the following keys: `SEARCH_SLOW_LOGS` , `ES_APPLICATION_LOGS` , `INDEX_SLOW_LOGS` , `AUDIT_LOGS` , depending on the types of logs you want to publish.
*/
set logPublishingOptions(value: cdk.IResolvable | Record<string, cdk.IResolvable | CfnDomain.LogPublishingOptionProperty> | undefined);
/**
* Specifies whether node-to-node encryption is enabled.
*/
get nodeToNodeEncryptionOptions(): cdk.IResolvable | CfnDomain.NodeToNodeEncryptionOptionsProperty | undefined;
/**
* Specifies whether node-to-node encryption is enabled.
*/
set nodeToNodeEncryptionOptions(value: cdk.IResolvable | CfnDomain.NodeToNodeEncryptionOptionsProperty | undefined);
/**
* *DEPRECATED* .
*/
get snapshotOptions(): cdk.IResolvable | CfnDomain.SnapshotOptionsProperty | undefined;
/**
* *DEPRECATED* .
*/
set snapshotOptions(value: cdk.IResolvable | CfnDomain.SnapshotOptionsProperty | undefined);
/**
* An arbitrary set of tags (keyvalue pairs) to associate with the OpenSearch Service domain.
*/
get tagsRaw(): Array<cdk.CfnTag> | undefined;
/**
* An arbitrary set of tags (keyvalue pairs) to associate with the OpenSearch Service domain.
*/
set tagsRaw(value: Array<cdk.CfnTag> | undefined);
/**
* The virtual private cloud (VPC) configuration for the OpenSearch Service domain.
*/
get vpcOptions(): cdk.IResolvable | CfnDomain.VPCOptionsProperty | undefined;
/**
* The virtual private cloud (VPC) configuration for the OpenSearch Service domain.
*/
set vpcOptions(value: cdk.IResolvable | CfnDomain.VPCOptionsProperty | undefined);
/**
* The Amazon Resource Name (ARN) of the domain, such as `arn:aws:es:us-west-2:123456789012:domain/mystack-elasti-1ab2cdefghij` . This returned value is the same as the one returned by `AWS::Elasticsearch::Domain.DomainArn` .
*
* @cloudformationAttribute Arn
*/
get attrArn(): string;
/**
* The domain-specific endpoint that's used for requests to the OpenSearch APIs, such as `search-mystack-elasti-1ab2cdefghij-ab1c2deckoyb3hofw7wpqa3cm.us-west-1.es.amazonaws.com` .
*
* @cloudformationAttribute DomainEndpoint
*/
get attrDomainEndpoint(): string;
/**
* @cloudformationAttribute Id
*/
get attrId(): string;
protected get cfnProperties(): Record<string, any>;
/**
* Examines the CloudFormation resource and discloses attributes
*
* @param inspector tree inspector to collect and process attributes
*/
inspect(inspector: cdk.TreeInspector): void;
protected renderProperties(props: Record<string, any>): Record<string, any>;
}
export declare namespace CfnDomain {
/**
* Specifies options for fine-grained access control.
*
* > The `AWS::Elasticsearch::Domain` resource is being replaced by the [AWS::OpenSearchService::Domain](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html) resource. While the legacy Elasticsearch resource and options are still supported, we recommend modifying your existing Cloudformation templates to use the new OpenSearch Service resource, which supports both OpenSearch and Elasticsearch. For more information about the service rename, see [New resource types](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/rename.html#rename-resource) in the *Amazon OpenSearch Service Developer Guide* .
*
* @struct
* @stability external
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticsearch-domain-advancedsecurityoptionsinput.html
*/
interface AdvancedSecurityOptionsInputProperty {
/**
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticsearch-domain-advancedsecurityoptionsinput.html#cfn-elasticsearch-domain-advancedsecurityoptionsinput-anonymousauthenabled
*/
readonly anonymousAuthEnabled?: boolean | cdk.IResolvable;
/**
* True to enable fine-grained access control.
*
* You must also enable encryption of data at rest and node-to-node encryption.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticsearch-domain-advancedsecurityoptionsinput.html#cfn-elasticsearch-domain-advancedsecurityoptionsinput-enabled
*/
readonly enabled?: boolean | cdk.IResolvable;
/**
* True to enable the internal user database.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticsearch-domain-advancedsecurityoptionsinput.html#cfn-elasticsearch-domain-advancedsecurityoptionsinput-internaluserdatabaseenabled
*/
readonly internalUserDatabaseEnabled?: boolean | cdk.IResolvable;
/**
* Specifies information about the master user.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticsearch-domain-advancedsecurityoptionsinput.html#cfn-elasticsearch-domain-advancedsecurityoptionsinput-masteruseroptions
*/
readonly masterUserOptions?: cdk.IResolvable | CfnDomain.MasterUserOptionsProperty;
}
/**
* Specifies information about the master user. Required if you enabled the internal user database.
*
* > The `AWS::Elasticsearch::Domain` resource is being replaced by the [AWS::OpenSearchService::Domain](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html) resource. While the legacy Elasticsearch resource and options are still supported, we recommend modifying your existing Cloudformation templates to use the new OpenSearch Service resource, which supports both OpenSearch and Elasticsearch. For more information about the service rename, see [New resource types](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/rename.html#rename-resource) in the *Amazon OpenSearch Service Developer Guide* .
*
* @struct
* @stability external
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticsearch-domain-masteruseroptions.html
*/
interface MasterUserOptionsProperty {
/**
* ARN for the master user.
*
* Only specify if `InternalUserDatabaseEnabled` is false in `AdvancedSecurityOptions` .
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticsearch-domain-masteruseroptions.html#cfn-elasticsearch-domain-masteruseroptions-masteruserarn
*/
readonly masterUserArn?: string;
/**
* Username for the master user.
*
* Only specify if `InternalUserDatabaseEnabled` is true in `AdvancedSecurityOptions` .
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticsearch-domain-masteruseroptions.html#cfn-elasticsearch-domain-masteruseroptions-masterusername
*/
readonly masterUserName?: string;
/**
* Password for the master user.
*
* Only specify if `InternalUserDatabaseEnabled` is true in `AdvancedSecurityOptions` .
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticsearch-domain-masteruseroptions.html#cfn-elasticsearch-domain-masteruseroptions-masteruserpassword
*/
readonly masterUserPassword?: string;
}
/**
* Configures OpenSearch Service to use Amazon Cognito authentication for OpenSearch Dashboards.
*
* > The `AWS::Elasticsearch::Domain` resource is being replaced by the [AWS::OpenSearchService::Domain](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html) resource. While the legacy Elasticsearch resource and options are still supported, we recommend modifying your existing Cloudformation templates to use the new OpenSearch Service resource, which supports both OpenSearch and Elasticsearch. For more information about the service rename, see [New resource types](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/rename.html#rename-resource) in the *Amazon OpenSearch Service Developer Guide* .
*
* @struct
* @stability external
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticsearch-domain-cognitooptions.html
*/
interface CognitoOptionsProperty {
/**
* Whether to enable or disable Amazon Cognito authentication for OpenSearch Dashboards.
*
* See [Amazon Cognito authentication for OpenSearch Dashboards](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/cognito-auth.html) .
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticsearch-domain-cognitooptions.html#cfn-elasticsearch-domain-cognitooptions-enabled
*/
readonly enabled?: boolean | cdk.IResolvable;
/**
* The Amazon Cognito identity pool ID that you want OpenSearch Service to use for OpenSearch Dashboards authentication.
*
* Required if you enable Cognito authentication.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticsearch-domain-cognitooptions.html#cfn-elasticsearch-domain-cognitooptions-identitypoolid
*/
readonly identityPoolId?: string;
/**
* The `AmazonESCognitoAccess` role that allows OpenSearch Service to configure your user pool and identity pool.
*
* Required if you enable Cognito authentication.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticsearch-domain-cognitooptions.html#cfn-elasticsearch-domain-cognitooptions-rolearn
*/
readonly roleArn?: string;
/**
* The Amazon Cognito user pool ID that you want OpenSearch Service to use for OpenSearch Dashboards authentication.
*
* Required if you enable Cognito authentication.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticsearch-domain-cognitooptions.html#cfn-elasticsearch-domain-cognitooptions-userpoolid
*/
readonly userPoolId?: string;
}
/**
* Specifies additional options for the domain endpoint, such as whether to require HTTPS for all traffic or whether to use a custom endpoint rather than the default endpoint.
*
* > The `AWS::Elasticsearch::Domain` resource is being replaced by the [AWS::OpenSearchService::Domain](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html) resource. While the legacy Elasticsearch resource and options are still supported, we recommend modifying your existing Cloudformation templates to use the new OpenSearch Service resource, which supports both OpenSearch and Elasticsearch. For more information about the service rename, see [New resource types](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/rename.html#rename-resource) in the *Amazon OpenSearch Service Developer Guide* .
*
* @struct
* @stability external
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticsearch-domain-domainendpointoptions.html
*/
interface DomainEndpointOptionsProperty {
/**
* The fully qualified URL for your custom endpoint.
*
* Required if you enabled a custom endpoint for the domain.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticsearch-domain-domainendpointoptions.html#cfn-elasticsearch-domain-domainendpointoptions-customendpoint
*/
readonly customEndpoint?: string;
/**
* The Certificate Manager ARN for your domain's SSL/TLS certificate.
*
* Required if you enabled a custom endpoint for the domain.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticsearch-domain-domainendpointoptions.html#cfn-elasticsearch-domain-domainendpointoptions-customendpointcertificatearn
*/
readonly customEndpointCertificateArn?: string;
/**
* True to enable a custom endpoint for the domain.
*
* If enabled, you must also provide values for `CustomEndpoint` and `CustomEndpointCertificateArn` .
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticsearch-domain-domainendpointoptions.html#cfn-elasticsearch-domain-domainendpointoptions-customendpointenabled
*/
readonly customEndpointEnabled?: boolean | cdk.IResolvable;
/**
* True to require that all traffic to the domain arrive over HTTPS.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticsearch-domain-domainendpointoptions.html#cfn-elasticsearch-domain-domainendpointoptions-enforcehttps
*/
readonly enforceHttps?: boolean | cdk.IResolvable;
/**
* The minimum TLS version required for traffic to the domain. Valid values are TLS 1.3 (recommended) or 1.2:.
*
* - `Policy-Min-TLS-1-0-2019-07`
* - `Policy-Min-TLS-1-2-2019-07`
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticsearch-domain-domainendpointoptions.html#cfn-elasticsearch-domain-domainendpointoptions-tlssecuritypolicy
*/
readonly tlsSecurityPolicy?: string;
}
/**
* The configurations of Amazon Elastic Block Store (Amazon EBS) volumes that are attached to data nodes in the OpenSearch Service domain.
*
* For more information, see [EBS volume size limits](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/limits.html#ebsresource) in the *Amazon OpenSearch Service Developer Guide* .
*
* > The `AWS::Elasticsearch::Domain` resource is being replaced by the [AWS::OpenSearchService::Domain](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html) resource. While the legacy Elasticsearch resource and options are still supported, we recommend modifying your existing Cloudformation templates to use the new OpenSearch Service resource, which supports both OpenSearch and Elasticsearch. For more information about the service rename, see [New resource types](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/rename.html#rename-resource) in the *Amazon OpenSearch Service Developer Guide* .
*
* @struct
* @stability external
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticsearch-domain-ebsoptions.html
*/
interface EBSOptionsProperty {
/**
* Specifies whether Amazon EBS volumes are attached to data nodes in the OpenSearch Service domain.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticsearch-domain-ebsoptions.html#cfn-elasticsearch-domain-ebsoptions-ebsenabled
*/
readonly ebsEnabled?: boolean | cdk.IResolvable;
/**
* The number of I/O operations per second (IOPS) that the volume supports.
*
* This property applies only to provisioned IOPS EBS volume types.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticsearch-domain-ebsoptions.html#cfn-elasticsearch-domain-ebsoptions-iops
*/
readonly iops?: number;
/**
* The size (in GiB) of the EBS volume for each data node.
*
* The minimum and maximum size of an EBS volume depends on the EBS volume type and the instance type to which it is attached. For more information, see [EBS volume size limits](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/limits.html#ebsresource) in the *Amazon OpenSearch Service Developer Guide* .
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticsearch-domain-ebsoptions.html#cfn-elasticsearch-domain-ebsoptions-volumesize
*/
readonly volumeSize?: number;
/**
* The EBS volume type to use with the OpenSearch Service domain, such as standard, gp2, or io1.
*
* For more information about each type, see [Amazon EBS volume types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html) in the *Amazon EC2 User Guide for Linux Instances* .
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticsearch-domain-ebsoptions.html#cfn-elasticsearch-domain-ebsoptions-volumetype
*/
readonly volumeType?: string;
}
/**
* The cluster configuration for the OpenSearch Service domain.
*
* You can specify options such as the instance type and the number of instances. For more information, see [Creating and managing Amazon OpenSearch Service domains](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/createupdatedomains.html) in the *Amazon OpenSearch Service Developer Guide* .
*
* > The `AWS::Elasticsearch::Domain` resource is being replaced by the [AWS::OpenSearchService::Domain](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html) resource. While the legacy Elasticsearch resource and options are still supported, we recommend modifying your existing Cloudformation templates to use the new OpenSearch Service resource, which supports both OpenSearch and Elasticsearch. For more information about the service rename, see [New resource types](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/rename.html#rename-resource) in the *Amazon OpenSearch Service Developer Guide* .
*
* @struct
* @stability external
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticsearch-domain-elasticsearchclusterconfig.html
*/
interface ElasticsearchClusterConfigProperty {
/**
* Specifies cold storage options for the domain.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticsearch-domain-elasticsearchclusterconfig.html#cfn-elasticsearch-domain-elasticsearchclusterconfig-coldstorageoptions
*/
readonly coldStorageOptions?: CfnDomain.ColdStorageOptionsProperty | cdk.IResolvable;
/**
* The number of instances to use for the master node.
*
* If you specify this property, you must specify true for the DedicatedMasterEnabled property.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticsearch-domain-elasticsearchclusterconfig.html#cfn-elasticsearch-domain-elasticsearchclusterconfig-dedicatedmastercount
*/
readonly dedicatedMasterCount?: number;
/**
* Indicates whether to use a dedicated master node for the OpenSearch Service domain.
*
* A dedicated master node is a cluster node that performs cluster management tasks, but doesn't hold data or respond to data upload requests. Dedicated master nodes offload cluster management tasks to increase the stability of your search clusters. See [Dedicated master nodes in Amazon OpenSearch Service](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/managedomains-dedicatedmasternodes.html) .
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticsearch-domain-elasticsearchclusterconfig.html#cfn-elasticsearch-domain-elasticsearchclusterconfig-dedicatedmasterenabled
*/
readonly dedicatedMasterEnabled?: boolean | cdk.IResolvable;
/**
* The hardware configuration of the computer that hosts the dedicated master node, such as `m3.medium.elasticsearch` . If you specify this property, you must specify true for the `DedicatedMasterEnabled` property. For valid values, see [Supported instance types in Amazon OpenSearch Service](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/supported-instance-types.html) .
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticsearch-domain-elasticsearchclusterconfig.html#cfn-elasticsearch-domain-elasticsearchclusterconfig-dedicatedmastertype
*/
readonly dedicatedMasterType?: string;
/**
* The number of data nodes (instances) to use in the OpenSearch Service domain.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticsearch-domain-elasticsearchclusterconfig.html#cfn-elasticsearch-domain-elasticsearchclusterconfig-instancecount
*/
readonly instanceCount?: number;
/**
* The instance type for your data nodes, such as `m3.medium.elasticsearch` . For valid values, see [Supported instance types in Amazon OpenSearch Service](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/supported-instance-types.html) .
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticsearch-domain-elasticsearchclusterconfig.html#cfn-elasticsearch-domain-elasticsearchclusterconfig-instancetype
*/
readonly instanceType?: string;
/**
* The number of warm nodes in the cluster.
*
* Required if you enable warm storage.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticsearch-domain-elasticsearchclusterconfig.html#cfn-elasticsearch-domain-elasticsearchclusterconfig-warmcount
*/
readonly warmCount?: number;
/**
* Whether to enable warm storage for the cluster.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticsearch-domain-elasticsearchclusterconfig.html#cfn-elasticsearch-domain-elasticsearchclusterconfig-warmenabled
*/
readonly warmEnabled?: boolean | cdk.IResolvable;
/**
* The instance type for the cluster's warm nodes.
*
* Required if you enable warm storage.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticsearch-domain-elasticsearchclusterconfig.html#cfn-elasticsearch-domain-elasticsearchclusterconfig-warmtype
*/
readonly warmType?: string;
/**
* Specifies zone awareness configuration options.
*
* Only use if `ZoneAwarenessEnabled` is `true` .
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticsearch-domain-elasticsearchclusterconfig.html#cfn-elasticsearch-domain-elasticsearchclusterconfig-zoneawarenessconfig
*/
readonly zoneAwarenessConfig?: cdk.IResolvable | CfnDomain.ZoneAwarenessConfigProperty;
/**
* Indicates whether to enable zone awareness for the OpenSearch Service domain.
*
* When you enable zone awareness, OpenSearch Service allocates the nodes and replica index shards that belong to a cluster across two Availability Zones (AZs) in the same region to prevent data loss and minimize downtime in the event of node or data center failure. Don't enable zone awareness if your cluster has no replica index shards or is a single-node cluster. For more information, see [Configuring a multi-AZ domain in Amazon OpenSearch Service](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/managedomains-multiaz.html) .
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticsearch-domain-elasticsearchclusterconfig.html#cfn-elasticsearch-domain-elasticsearchclusterconfig-zoneawarenessenabled
*/
readonly zoneAwarenessEnabled?: boolean | cdk.IResolvable;
}
/**
* Specifies options for cold storage. For more information, see [Cold storage for Amazon Elasticsearch Service](https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/cold-storage.html) .
*
* > The `AWS::Elasticsearch::Domain` resource is being replaced by the [AWS::OpenSearchService::Domain](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html) resource. While the legacy Elasticsearch resource and options are still supported, we recommend modifying your existing Cloudformation templates to use the new OpenSearch Service resource, which supports both OpenSearch and Elasticsearch. For more information about the service rename, see [New resource types](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/rename.html#rename-resource) in the *Amazon OpenSearch Service Developer Guide* .
*
* @struct
* @stability external
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticsearch-domain-coldstorageoptions.html
*/
interface ColdStorageOptionsProperty {
/**
* Whether to enable or disable cold storage on the domain.
*
* You must enable UltraWarm storage in order to enable cold storage.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticsearch-domain-coldstorageoptions.html#cfn-elasticsearch-domain-coldstorageoptions-enabled
*/
readonly enabled?: boolean | cdk.IResolvable;
}
/**
* Specifies zone awareness configuration options. Only use if `ZoneAwarenessEnabled` is `true` .
*
* > The `AWS::Elasticsearch::Domain` resource is being replaced by the [AWS::OpenSearchService::Domain](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html) resource. While the legacy Elasticsearch resource and options are still supported, we recommend modifying your existing Cloudformation templates to use the new OpenSearch Service resource, which supports both OpenSearch and Elasticsearch. For more information about the service rename, see [New resource types](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/rename.html#rename-resource) in the *Amazon OpenSearch Service Developer Guide* .
*
* @struct
* @stability external
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticsearch-domain-zoneawarenessconfig.html
*/
interface ZoneAwarenessConfigProperty {
/**
* If you enabled multiple Availability Zones (AZs), the number of AZs that you want the domain to use.
*
* Valid values are `2` and `3` . Default is 2.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticsearch-domain-zoneawarenessconfig.html#cfn-elasticsearch-domain-zoneawarenessconfig-availabilityzonecount
*/
readonly availabilityZoneCount?: number;
}
/**
* Whether the domain should encrypt data at rest, and if so, the AWS Key Management Service key to use.
*
* > The `AWS::Elasticsearch::Domain` resource is being replaced by the [AWS::OpenSearchService::Domain](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html) resource. While the legacy Elasticsearch resource and options are still supported, we recommend modifying your existing Cloudformation templates to use the new OpenSearch Service resource, which supports both OpenSearch and Elasticsearch. For more information about the service rename, see [New resource types](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/rename.html#rename-resource) in the *Amazon OpenSearch Service Developer Guide* .
*
* @struct
* @stability external
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticsearch-domain-encryptionatrestoptions.html
*/
interface EncryptionAtRestOptionsProperty {
/**
* Specify `true` to enable encryption at rest.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticsearch-domain-encryptionatrestoptions.html#cfn-elasticsearch-domain-encryptionatrestoptions-enabled
*/
readonly enabled?: boolean | cdk.IResolvable;
/**
* The KMS key ID.
*
* Takes the form `1a2a3a4-1a2a-3a4a-5a6a-1a2a3a4a5a6a` . Required if you enable encryption at rest.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticsearch-domain-encryptionatrestoptions.html#cfn-elasticsearch-domain-encryptionatrestoptions-kmskeyid
*/
readonly kmsKeyId?: string;
}
/**
* > The `AWS::Elasticsearch::Domain` resource is being replaced by the [AWS::OpenSearchService::Domain](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html) resource. While the legacy Elasticsearch resource and options are still supported, we recommend modifying your existing Cloudformation templates to use the new OpenSearch Service resource, which supports both OpenSearch and Elasticsearch. For more information about the service rename, see [New resource types](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/rename.html#rename-resource) in the *Amazon OpenSearch Service Developer Guide* .
*
* Specifies whether the OpenSearch Service domain publishes the Elasticsearch application, search slow logs, or index slow logs to Amazon CloudWatch. Each option must be an object of name `SEARCH_SLOW_LOGS` , `ES_APPLICATION_LOGS` , `INDEX_SLOW_LOGS` , or `AUDIT_LOGS` depending on the type of logs you want to publish.
*
* If you enable a slow log, you still have to enable the *collection* of slow logs using the Configuration API. To learn more, see [Enabling log publishing ( AWS CLI)](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/createdomain-configure-slow-logs.html#createdomain-configure-slow-logs-cli) .
*
* @struct
* @stability external
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticsearch-domain-logpublishingoption.html
*/
interface LogPublishingOptionProperty {
/**
* Specifies the CloudWatch log group to publish to.
*
* Required if you enable log publishing for the domain.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticsearch-domain-logpublishingoption.html#cfn-elasticsearch-domain-logpublishingoption-cloudwatchlogsloggrouparn
*/
readonly cloudWatchLogsLogGroupArn?: string;
/**
* If `true` , enables the publishing of logs to CloudWatch.
*
* Default: `false` .
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticsearch-domain-logpublishingoption.html#cfn-elasticsearch-domain-logpublishingoption-enabled
*/
readonly enabled?: boolean | cdk.IResolvable;
}
/**
* Specifies whether node-to-node encryption is enabled.
*
* > The `AWS::Elasticsearch::Domain` resource is being replaced by the [AWS::OpenSearchService::Domain](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html) resource. While the legacy Elasticsearch resource and options are still supported, we recommend modifying your existing Cloudformation templates to use the new OpenSearch Service resource, which supports both OpenSearch and Elasticsearch. For more information about the service rename, see [New resource types](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/rename.html#rename-resource) in the *Amazon OpenSearch Service Developer Guide* .
*
* @struct
* @stability external
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticsearch-domain-nodetonodeencryptionoptions.html
*/
interface NodeToNodeEncryptionOptionsProperty {
/**
* Specifies whether node-to-node encryption is enabled, as a Boolean.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticsearch-domain-nodetonodeencryptionoptions.html#cfn-elasticsearch-domain-nodetonodeencryptionoptions-enabled
*/
readonly enabled?: boolean | cdk.IResolvable;
}
/**
* > The `AWS::Elasticsearch::Domain` resource is being replaced by the [AWS::OpenSearchService::Domain](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html) resource. While the legacy Elasticsearch resource and options are still supported, we recommend modifying your existing Cloudformation templates to use the new OpenSearch Service resource, which supports both OpenSearch and Elasticsearch. For more information about the service rename, see [New resource types](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/rename.html#rename-resource) in the *Amazon OpenSearch Service Developer Guide* .
*
* *DEPRECATED* . For domains running Elasticsearch 5.3 and later, OpenSearch Service takes hourly automated snapshots, making this setting irrelevant. For domains running earlier versions of Elasticsearch, OpenSearch Service takes daily automated snapshots.
*
* The automated snapshot configuration for the OpenSearch Service domain indices.
*
* @struct
* @stability external
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticsearch-domain-snapshotoptions.html
*/
interface SnapshotOptionsProperty {
/**
* The hour in UTC during which the service takes an automated daily snapshot of the indices in the OpenSearch Service domain.
*
* For example, if you specify 0, OpenSearch Service takes an automated snapshot everyday between midnight and 1 am. You can specify a value between 0 and 23.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticsearch-domain-snapshotoptions.html#cfn-elasticsearch-domain-snapshotoptions-automatedsnapshotstarthour
*/
readonly automatedSnapshotStartHour?: number;
}
/**
* The virtual private cloud (VPC) configuration for the OpenSearch Service domain.
*
* For more information, see [Launching your Amazon OpenSearch Service domains using a VPC](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/vpc.html) in the *Amazon OpenSearch Service Developer Guide* .
*
* > The `AWS::Elasticsearch::Domain` resource is being replaced by the [AWS::OpenSearchService::Domain](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html) resource. While the legacy Elasticsearch resource and options are still supported, we recommend modifying your existing Cloudformation templates to use the new OpenSearch Service resource, which supports both OpenSearch and Elasticsearch. For more information about the service rename, see [New resource types](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/rename.html#rename-resource) in the *Amazon OpenSearch Service Developer Guide* .
*
* @struct
* @stability external
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticsearch-domain-vpcoptions.html
*/
interface VPCOptionsProperty {
/**
* The list of security group IDs that are associated with the VPC endpoints for the domain.
*
* If you don't provide a security group ID, OpenSearch Service uses the default security group for the VPC. To learn more, see [Security groups for your VPC](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html) in the *Amazon VPC User Guide* .
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticsearch-domain-vpcoptions.html#cfn-elasticsearch-domain-vpcoptions-securitygroupids
*/
readonly securityGroupIds?: Array<string>;
/**
* Provide one subnet ID for each Availability Zone that your domain uses.
*
* For example, you must specify three subnet IDs for a three Availability Zone domain. To learn more, see [VPCs and subnets](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html) in the *Amazon VPC User Guide* .
*
* Required if you're creating your domain inside a VPC.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticsearch-domain-vpcoptions.html#cfn-elasticsearch-domain-vpcoptions-subnetids
*/
readonly subnetIds?: Array<string>;
}
}
/**
* Properties for defining a `CfnDomain`
*
* @struct
* @stability external
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticsearch-domain.html
*/
export interface CfnDomainProps {
/**
* An AWS Identity and Access Management ( IAM ) policy document that specifies who can access the OpenSearch Service domain and their permissions.
*
* For more information, see [Configuring access policies](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/ac.html#ac-creating) in the *Amazon OpenSearch Service Developer Guid* e.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticsearch-domain.html#cfn-elasticsearch-domain-accesspolicies
*/
readonly accessPolicies?: any | cdk.IResolvable;
/**
* Additional options to specify for the OpenSearch Service domain.
*
* For more information, see [Advanced cluster parameters](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/createupdatedomains.html#createdomain-configure-advanced-options) in the *Amazon OpenSearch Service Developer Guide* .
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticsearch-domain.html#cfn-elasticsearch-domain-advancedoptions
*/
readonly advancedOptions?: cdk.IResolvable | Record<string, string>;
/**
* Specifies options for fine-grained access control.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticsearch-domain.html#cfn-elasticsearch-domain-advancedsecurityoptions
*/
readonly advancedSecurityOptions?: CfnDomain.AdvancedSecurityOptionsInputProperty | cdk.IResolvable;
/**
* Configures OpenSearch Service to use Amazon Cognito authentication for OpenSearch Dashboards.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticsearch-domain.html#cfn-elasticsearch-domain-cognitooptions
*/
readonly cognitoOptions?: CfnDomain.CognitoOptionsProperty | cdk.IResolvable;
/**
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticsearch-domain.html#cfn-elasticsearch-domain-domainarn
*/
readonly domainArn?: string;
/**
* Specifies additional options for the domain endpoint, such as whether to require HTTPS for all traffic or whether to use a custom endpoint rather than the default endpoint.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticsearch-domain.html#cfn-elasticsearch-domain-domainendpointoptions
*/
readonly domainEndpointOptions?: CfnDomain.DomainEndpointOptionsProperty | cdk.IResolvable;
/**
* A name for the OpenSearch Service domain.
*
* For valid values, see the [DomainName](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/configuration-api.html#configuration-api-datatypes-domainname) data type in the *Amazon OpenSearch Service Developer Guide* . If you don't specify a name, CloudFormation generates a unique physical ID and uses that ID for the domain name. For more information, see [Name Type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html) .
*
* > If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticsearch-domain.html#cfn-elasticsearch-domain-domainname
*/
readonly domainName?: string;
/**
* The configurations of Amazon Elastic Block Store (Amazon EBS) volumes that are attached to data nodes in the OpenSearch Service domain.
*
* For more information, see [EBS volume size limits](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/limits.html#ebsresource) in the *Amazon OpenSearch Service Developer Guide* .
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticsearch-domain.html#cfn-elasticsearch-domain-ebsoptions
*/
readonly ebsOptions?: CfnDomain.EBSOptionsProperty | cdk.IResolvable;
/**
* ElasticsearchClusterConfig is a property of the AWS::Elasticsearch::Domain resource that configures the cluster of an Amazon OpenSearch Service domain.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticsearch-domain.html#cfn-elasticsearch-domain-elasticsearchclusterconfig
*/
readonly elasticsearchClusterConfig?: CfnDomain.ElasticsearchClusterConfigProperty | cdk.IResolvable;
/**
* The version of Elasticsearch to use, such as 2.3. If not specified, 1.5 is used as the default. For information about the versions that OpenSearch Service supports, see [Supported versions of OpenSearch and Elasticsearch](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/what-is.html#choosing-version) in the *Amazon OpenSearch Service Developer Guide* .
*
* If you set the [EnableVersionUpgrade](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-updatepolicy.html#cfn-attributes-updatepolicy-upgradeopensearchdomain) update policy to `true` , you can update `ElasticsearchVersion` without interruption. When `EnableVersionUpgrade` is set to `false` , or is not specified, updating `ElasticsearchVersion` results in [replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) .
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticsearch-domain.html#cfn-elasticsearch-domain-elasticsearchversion
*/
readonly elasticsearchVersion?: string;
/**
* Whether the domain should encrypt data at rest, and if so, the AWS Key Management Service key to use.
*
* See [Encryption of data at rest for Amazon OpenSearch Service](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/encryption-at-rest.html) .
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticsearch-domain.html#cfn-elasticsearch-domain-encryptionatrestoptions
*/
readonly encryptionAtRestOptions?: CfnDomain.EncryptionAtRestOptionsProperty | cdk.IResolvable;
/**
* An object with one or more of the following keys: `SEARCH_SLOW_LOGS` , `ES_APPLICATION_LOGS` , `INDEX_SLOW_LOGS` , `AUDIT_LOGS` , depending on the types of logs you want to publish.
*
* Each key needs a valid `LogPublishingOption` value.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticsearch-domain.html#cfn-elasticsearch-domain-logpublishingoptions
*/
readonly logPublishingOptions?: cdk.IResolvable | Record<string, cdk.IResolvable | CfnDomain.LogPublishingOptionProperty>;
/**
* Specifies whether node-to-node encryption is enabled.
*
* See [Node-to-node encryption for Amazon OpenSearch Service](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/ntn.html) .
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticsearch-domain.html#cfn-elasticsearch-domain-nodetonodeencryptionoptions
*/
readonly nodeToNodeEncryptionOptions?: cdk.IResolvable | CfnDomain.NodeToNodeEncryptionOptionsProperty;
/**
* *DEPRECATED* .
*
* The automated snapshot configuration for the OpenSearch Service domain indices.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticsearch-domain.html#cfn-elasticsearch-domain-snapshotoptions
*/
readonly snapshotOptions?: cdk.IResolvable | CfnDomain.SnapshotOptionsProperty;
/**
* An arbitrary set of tags (keyvalue pairs) to associate with the OpenSearch Service domain.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticsearch-domain.html#cfn-elasticsearch-domain-tags
*/
readonly tags?: Array<cdk.CfnTag>;
/**
* The virtual private cloud (VPC) configuration for the OpenSearch Service domain.
*
* For more information, see [Launching your Amazon OpenSearch Service domains within a VPC](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/vpc.html) in the *Amazon OpenSearch Service Developer Guide* .
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticsearch-domain.html#cfn-elasticsearch-domain-vpcoptions
*/
readonly vpcOptions?: cdk.IResolvable | CfnDomain.VPCOptionsProperty;
}
export type { IDomainRef, DomainReference };

1
cdk/node_modules/aws-cdk-lib/aws-elasticsearch/lib/elasticsearch.generated.js generated vendored Normal file
View File

File diff suppressed because one or more lines are too long

3
cdk/node_modules/aws-cdk-lib/aws-elasticsearch/lib/index.d.ts generated vendored Normal file
View File

@@ -0,0 +1,3 @@
export * from './domain';
export * from './elasticsearch.generated';
export * from './elasticsearch-grants.generated';

1
cdk/node_modules/aws-cdk-lib/aws-elasticsearch/lib/index.js generated vendored Normal file
View File

@@ -0,0 +1 @@
"use strict";var __createBinding=exports&&exports.__createBinding||(Object.create?(function(o,m,k,k2){k2===void 0&&(k2=k);var desc=Object.getOwnPropertyDescriptor(m,k);(!desc||("get"in desc?!m.__esModule:desc.writable||desc.configurable))&&(desc={enumerable:!0,get:function(){return m[k]}}),Object.defineProperty(o,k2,desc)}):(function(o,m,k,k2){k2===void 0&&(k2=k),o[k2]=m[k]})),__exportStar=exports&&exports.__exportStar||function(m,exports2){for(var p in m)p!=="default"&&!Object.prototype.hasOwnProperty.call(exports2,p)&&__createBinding(exports2,m,p)};Object.defineProperty(exports,"__esModule",{value:!0});var _noFold;exports.ElasticsearchVersion=void 0,Object.defineProperty(exports,_noFold="ElasticsearchVersion",{enumerable:!0,configurable:!0,get:()=>{var value=require("./domain").ElasticsearchVersion;return Object.defineProperty(exports,_noFold="ElasticsearchVersion",{enumerable:!0,configurable:!0,value}),value}}),exports.TLSSecurityPolicy=void 0,Object.defineProperty(exports,_noFold="TLSSecurityPolicy",{enumerable:!0,configurable:!0,get:()=>{var value=require("./domain").TLSSecurityPolicy;return Object.defineProperty(exports,_noFold="TLSSecurityPolicy",{enumerable:!0,configurable:!0,value}),value}}),exports.Domain=void 0,Object.defineProperty(exports,_noFold="Domain",{enumerable:!0,configurable:!0,get:()=>{var value=require("./domain").Domain;return Object.defineProperty(exports,_noFold="Domain",{enumerable:!0,configurable:!0,value}),value}}),exports.CfnDomain=void 0,Object.defineProperty(exports,_noFold="CfnDomain",{enumerable:!0,configurable:!0,get:()=>{var value=require("./elasticsearch.generated").CfnDomain;return Object.defineProperty(exports,_noFold="CfnDomain",{enumerable:!0,configurable:!0,value}),value}}),exports.DomainGrants=void 0,Object.defineProperty(exports,_noFold="DomainGrants",{enumerable:!0,configurable:!0,get:()=>{var value=require("./elasticsearch-grants.generated").DomainGrants;return Object.defineProperty(exports,_noFold="DomainGrants",{enumerable:!0,configurable:!0,value}),value}});

22
cdk/node_modules/aws-cdk-lib/aws-elasticsearch/lib/log-group-resource-policy.d.ts generated vendored Normal file
View File

@@ -0,0 +1,22 @@
import type { Construct } from 'constructs';
import * as iam from '../../aws-iam';
import * as cr from '../../custom-resources';
/**
* Construction properties for LogGroupResourcePolicy
*/
export interface LogGroupResourcePolicyProps {
/**
* The log group resource policy name
*/
readonly policyName: string;
/**
* The policy statements for the log group resource logs
*/
readonly policyStatements: [iam.PolicyStatement];
}
/**
* Creates LogGroup resource policies.
*/
export declare class LogGroupResourcePolicy extends cr.AwsCustomResource {
constructor(scope: Construct, id: string, props: LogGroupResourcePolicyProps);
}

1
cdk/node_modules/aws-cdk-lib/aws-elasticsearch/lib/log-group-resource-policy.js generated vendored Normal file
View File

@@ -0,0 +1 @@
"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.LogGroupResourcePolicy=void 0;var iam=()=>{var tmp=require("../../aws-iam");return iam=()=>tmp,tmp},cr=()=>{var tmp=require("../../custom-resources");return cr=()=>tmp,tmp};class LogGroupResourcePolicy extends cr().AwsCustomResource{constructor(scope,id,props){const policyDocument=new(iam()).PolicyDocument({statements:props.policyStatements});super(scope,id,{resourceType:"Custom::CloudwatchLogResourcePolicy",onUpdate:{service:"CloudWatchLogs",action:"putResourcePolicy",parameters:{policyName:props.policyName,policyDocument:JSON.stringify(policyDocument)},physicalResourceId:cr().PhysicalResourceId.of(id)},onDelete:{service:"CloudWatchLogs",action:"deleteResourcePolicy",parameters:{policyName:props.policyName},ignoreErrorCodesMatching:"ResourceNotFoundException"},policy:cr().AwsCustomResourcePolicy.fromSdkCalls({resources:["*"]})})}}exports.LogGroupResourcePolicy=LogGroupResourcePolicy;

3
cdk/node_modules/aws-cdk-lib/aws-elasticsearch/lib/perms.d.ts generated vendored Normal file
View File

@@ -0,0 +1,3 @@
export declare const ES_READ_ACTIONS: string[];
export declare const ES_WRITE_ACTIONS: string[];
export declare const ES_READ_WRITE_ACTIONS: string[];

1
cdk/node_modules/aws-cdk-lib/aws-elasticsearch/lib/perms.js generated vendored Normal file
View File

@@ -0,0 +1 @@
"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.ES_READ_WRITE_ACTIONS=exports.ES_WRITE_ACTIONS=exports.ES_READ_ACTIONS=void 0,exports.ES_READ_ACTIONS=["es:ESHttpGet","es:ESHttpHead"],exports.ES_WRITE_ACTIONS=["es:ESHttpDelete","es:ESHttpPost","es:ESHttpPut","es:ESHttpPatch"],exports.ES_READ_WRITE_ACTIONS=[...exports.ES_READ_ACTIONS,...exports.ES_WRITE_ACTIONS];