@pulumi/aws/elasticsearch/domain.d.ts

A Pulumi package for creating and managing Amazon Web Services (AWS) cloud resources.

import * as pulumi from "@pulumi/pulumi";
import * as inputs from "../types/input";
import * as outputs from "../types/output";
/**
 * Manages an AWS Elasticsearch Domain.
 *
 * ## Example Usage
 *
 * ### Basic Usage
 *
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as aws from "@pulumi/aws";
 *
 * const example = new aws.elasticsearch.Domain("example", {
 *     domainName: "example",
 *     elasticsearchVersion: "7.10",
 *     clusterConfig: {
 *         instanceType: "r4.large.elasticsearch",
 *     },
 *     tags: {
 *         Domain: "TestDomain",
 *     },
 * });
 * ```
 *
 * ### Access Policy
 *
 * > See also: `aws.elasticsearch.DomainPolicy` resource
 *
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as aws from "@pulumi/aws";
 *
 * const config = new pulumi.Config();
 * const domain = config.get("domain") || "tf-test";
 * const current = aws.getRegion({});
 * const currentGetCallerIdentity = aws.getCallerIdentity({});
 * const example = new aws.elasticsearch.Domain("example", {
 *     domainName: domain,
 *     accessPolicies: Promise.all([current, currentGetCallerIdentity]).then(([current, currentGetCallerIdentity]) => `{
 *   "Version": "2012-10-17",
 *   "Statement": [
 *     {
 *       "Action": "es:*",
 *       "Principal": "*",
 *       "Effect": "Allow",
 *       "Resource": "arn:aws:es:${current.region}:${currentGetCallerIdentity.accountId}:domain/${domain}/*",
 *       "Condition": {
 *         "IpAddress": {"aws:SourceIp": ["66.193.100.22/32"]}
 *       }
 *     }
 *   ]
 * }
 * `),
 * });
 * ```
 *
 * ### Log Publishing to CloudWatch Logs
 *
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as aws from "@pulumi/aws";
 *
 * const exampleLogGroup = new aws.cloudwatch.LogGroup("example", {name: "example"});
 * const example = aws.iam.getPolicyDocument({
 *     statements: [{
 *         effect: "Allow",
 *         principals: [{
 *             type: "Service",
 *             identifiers: ["es.amazonaws.com"],
 *         }],
 *         actions: [
 *             "logs:PutLogEvents",
 *             "logs:PutLogEventsBatch",
 *             "logs:CreateLogStream",
 *         ],
 *         resources: ["arn:aws:logs:*"],
 *     }],
 * });
 * const exampleLogResourcePolicy = new aws.cloudwatch.LogResourcePolicy("example", {
 *     policyName: "example",
 *     policyDocument: example.then(example => example.json),
 * });
 * const exampleDomain = new aws.elasticsearch.Domain("example", {logPublishingOptions: [{
 *     cloudwatchLogGroupArn: exampleLogGroup.arn,
 *     logType: "INDEX_SLOW_LOGS",
 * }]});
 * ```
 *
 * ### VPC based ES
 *
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as aws from "@pulumi/aws";
 *
 * const config = new pulumi.Config();
 * const vpc = config.requireObject<any>("vpc");
 * const domain = config.get("domain") || "tf-test";
 * const selected = aws.ec2.getVpc({
 *     tags: {
 *         Name: vpc,
 *     },
 * });
 * const selectedGetSubnets = selected.then(selected => aws.ec2.getSubnets({
 *     filters: [{
 *         name: "vpc-id",
 *         values: [selected.id],
 *     }],
 *     tags: {
 *         Tier: "private",
 *     },
 * }));
 * const current = aws.getRegion({});
 * const currentGetCallerIdentity = aws.getCallerIdentity({});
 * const es = new aws.ec2.SecurityGroup("es", {
 *     name: `${vpc}-elasticsearch-${domain}`,
 *     description: "Managed by Pulumi",
 *     vpcId: selected.then(selected => selected.id),
 *     ingress: [{
 *         fromPort: 443,
 *         toPort: 443,
 *         protocol: "tcp",
 *         cidrBlocks: [selected.then(selected => selected.cidrBlock)],
 *     }],
 * });
 * const esServiceLinkedRole = new aws.iam.ServiceLinkedRole("es", {awsServiceName: "opensearchservice.amazonaws.com"});
 * const esDomain = new aws.elasticsearch.Domain("es", {
 *     domainName: domain,
 *     elasticsearchVersion: "6.3",
 *     clusterConfig: {
 *         instanceType: "m4.large.elasticsearch",
 *         zoneAwarenessEnabled: true,
 *     },
 *     vpcOptions: {
 *         subnetIds: [
 *             selectedGetSubnets.then(selectedGetSubnets => selectedGetSubnets.ids?.[0]),
 *             selectedGetSubnets.then(selectedGetSubnets => selectedGetSubnets.ids?.[1]),
 *         ],
 *         securityGroupIds: [es.id],
 *     },
 *     advancedOptions: {
 *         "rest.action.multi.allow_explicit_index": "true",
 *     },
 *     accessPolicies: Promise.all([current, currentGetCallerIdentity]).then(([current, currentGetCallerIdentity]) => `{
 * 	"Version": "2012-10-17",
 * 	"Statement": [
 * 		{
 * 			"Action": "es:*",
 * 			"Principal": "*",
 * 			"Effect": "Allow",
 * 			"Resource": "arn:aws:es:${current.region}:${currentGetCallerIdentity.accountId}:domain/${domain}/*"
 * 		}
 * 	]
 * }
 * `),
 *     tags: {
 *         Domain: "TestDomain",
 *     },
 * }, {
 *     dependsOn: [esServiceLinkedRole],
 * });
 * ```
 *
 * ## Import
 *
 * Using `pulumi import`, import Elasticsearch domains using the `domain_name`. For example:
 *
 * ```sh
 * $ pulumi import aws:elasticsearch/domain:Domain example domain_name
 * ```
 */
export declare class Domain extends pulumi.CustomResource {
    /**
     * Get an existing Domain resource's state with the given name, ID, and optional extra
     * properties used to qualify the lookup.
     *
     * @param name The _unique_ name of the resulting resource.
     * @param id The _unique_ provider ID of the resource to lookup.
     * @param state Any extra arguments used during the lookup.
     * @param opts Optional settings to control the behavior of the CustomResource.
     */
    static get(name: string, id: pulumi.Input<pulumi.ID>, state?: DomainState, opts?: pulumi.CustomResourceOptions): Domain;
    /**
     * Returns true if the given object is an instance of Domain.  This is designed to work even
     * when multiple copies of the Pulumi SDK have been loaded into the same process.
     */
    static isInstance(obj: any): obj is Domain;
    /**
     * IAM policy document specifying the access policies for the domain.
     */
    readonly accessPolicies: pulumi.Output<string>;
    /**
     * Key-value string pairs to specify advanced configuration options. Note that the values for these configuration options must be strings (wrapped in quotes) or they may be wrong and cause a perpetual diff, causing the provider to want to recreate your Elasticsearch domain on every apply.
     */
    readonly advancedOptions: pulumi.Output<{
        [key: string]: string;
    }>;
    /**
     * Configuration block for [fine-grained access control](https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/fgac.html). Detailed below.
     */
    readonly advancedSecurityOptions: pulumi.Output<outputs.elasticsearch.DomainAdvancedSecurityOptions>;
    /**
     * ARN of the domain.
     */
    readonly arn: pulumi.Output<string>;
    /**
     * Configuration block for the Auto-Tune options of the domain. Detailed below.
     */
    readonly autoTuneOptions: pulumi.Output<outputs.elasticsearch.DomainAutoTuneOptions>;
    /**
     * Configuration block for the cluster of the domain. Detailed below.
     */
    readonly clusterConfig: pulumi.Output<outputs.elasticsearch.DomainClusterConfig>;
    /**
     * Configuration block for authenticating Kibana with Cognito. Detailed below.
     */
    readonly cognitoOptions: pulumi.Output<outputs.elasticsearch.DomainCognitoOptions | undefined>;
    /**
     * Configuration block for domain endpoint HTTP(S) related options. Detailed below.
     */
    readonly domainEndpointOptions: pulumi.Output<outputs.elasticsearch.DomainDomainEndpointOptions>;
    /**
     * Unique identifier for the domain.
     */
    readonly domainId: pulumi.Output<string>;
    /**
     * Name of the domain.
     *
     * The following arguments are optional:
     */
    readonly domainName: pulumi.Output<string>;
    /**
     * Configuration block for EBS related options, may be required based on chosen [instance size](https://aws.amazon.com/elasticsearch-service/pricing/). Detailed below.
     */
    readonly ebsOptions: pulumi.Output<outputs.elasticsearch.DomainEbsOptions>;
    /**
     * Version of Elasticsearch to deploy. Defaults to `1.5`.
     */
    readonly elasticsearchVersion: pulumi.Output<string | undefined>;
    /**
     * Configuration block for encrypt at rest options. Only available for [certain instance types](http://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/aes-supported-instance-types.html). Detailed below.
     */
    readonly encryptAtRest: pulumi.Output<outputs.elasticsearch.DomainEncryptAtRest>;
    /**
     * Domain-specific endpoint used to submit index, search, and data upload requests.
     */
    readonly endpoint: pulumi.Output<string>;
    /**
     * Domain-specific endpoint for kibana without https scheme.
     */
    readonly kibanaEndpoint: pulumi.Output<string>;
    /**
     * Configuration block for publishing slow and application logs to CloudWatch Logs. This block can be declared multiple times, for each log_type, within the same resource. Detailed below.
     */
    readonly logPublishingOptions: pulumi.Output<outputs.elasticsearch.DomainLogPublishingOption[] | undefined>;
    /**
     * Configuration block for node-to-node encryption options. Detailed below.
     */
    readonly nodeToNodeEncryption: pulumi.Output<outputs.elasticsearch.DomainNodeToNodeEncryption>;
    /**
     * Region where this resource will be [managed](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Defaults to the Region set in the provider configuration.
     */
    readonly region: pulumi.Output<string>;
    /**
     * Configuration block for snapshot related options. Detailed below. DEPRECATED. For domains running Elasticsearch 5.3 and later, Amazon ES takes hourly automated snapshots, making this setting irrelevant. For domains running earlier versions of Elasticsearch, Amazon ES takes daily automated snapshots.
     */
    readonly snapshotOptions: pulumi.Output<outputs.elasticsearch.DomainSnapshotOptions | undefined>;
    /**
     * Map of tags to assign to the resource. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
     */
    readonly tags: pulumi.Output<{
        [key: string]: string;
    } | undefined>;
    /**
     * Map of tags assigned to the resource, including those inherited from the provider `defaultTags` configuration block.
     */
    readonly tagsAll: pulumi.Output<{
        [key: string]: string;
    }>;
    /**
     * Configuration block for VPC related options. Adding or removing this configuration forces a new resource ([documentation](https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/es-vpc.html#es-vpc-limitations)). Detailed below.
     */
    readonly vpcOptions: pulumi.Output<outputs.elasticsearch.DomainVpcOptions | undefined>;
    /**
     * Create a Domain resource with the given unique name, arguments, and options.
     *
     * @param name The _unique_ name of the resource.
     * @param args The arguments to use to populate this resource's properties.
     * @param opts A bag of options that control this resource's behavior.
     */
    constructor(name: string, args?: DomainArgs, opts?: pulumi.CustomResourceOptions);
}
/**
 * Input properties used for looking up and filtering Domain resources.
 */
export interface DomainState {
    /**
     * IAM policy document specifying the access policies for the domain.
     */
    accessPolicies?: pulumi.Input<string | inputs.elasticsearch.PolicyDocument>;
    /**
     * Key-value string pairs to specify advanced configuration options. Note that the values for these configuration options must be strings (wrapped in quotes) or they may be wrong and cause a perpetual diff, causing the provider to want to recreate your Elasticsearch domain on every apply.
     */
    advancedOptions?: pulumi.Input<{
        [key: string]: pulumi.Input<string>;
    }>;
    /**
     * Configuration block for [fine-grained access control](https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/fgac.html). Detailed below.
     */
    advancedSecurityOptions?: pulumi.Input<inputs.elasticsearch.DomainAdvancedSecurityOptions>;
    /**
     * ARN of the domain.
     */
    arn?: pulumi.Input<string>;
    /**
     * Configuration block for the Auto-Tune options of the domain. Detailed below.
     */
    autoTuneOptions?: pulumi.Input<inputs.elasticsearch.DomainAutoTuneOptions>;
    /**
     * Configuration block for the cluster of the domain. Detailed below.
     */
    clusterConfig?: pulumi.Input<inputs.elasticsearch.DomainClusterConfig>;
    /**
     * Configuration block for authenticating Kibana with Cognito. Detailed below.
     */
    cognitoOptions?: pulumi.Input<inputs.elasticsearch.DomainCognitoOptions>;
    /**
     * Configuration block for domain endpoint HTTP(S) related options. Detailed below.
     */
    domainEndpointOptions?: pulumi.Input<inputs.elasticsearch.DomainDomainEndpointOptions>;
    /**
     * Unique identifier for the domain.
     */
    domainId?: pulumi.Input<string>;
    /**
     * Name of the domain.
     *
     * The following arguments are optional:
     */
    domainName?: pulumi.Input<string>;
    /**
     * Configuration block for EBS related options, may be required based on chosen [instance size](https://aws.amazon.com/elasticsearch-service/pricing/). Detailed below.
     */
    ebsOptions?: pulumi.Input<inputs.elasticsearch.DomainEbsOptions>;
    /**
     * Version of Elasticsearch to deploy. Defaults to `1.5`.
     */
    elasticsearchVersion?: pulumi.Input<string>;
    /**
     * Configuration block for encrypt at rest options. Only available for [certain instance types](http://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/aes-supported-instance-types.html). Detailed below.
     */
    encryptAtRest?: pulumi.Input<inputs.elasticsearch.DomainEncryptAtRest>;
    /**
     * Domain-specific endpoint used to submit index, search, and data upload requests.
     */
    endpoint?: pulumi.Input<string>;
    /**
     * Domain-specific endpoint for kibana without https scheme.
     */
    kibanaEndpoint?: pulumi.Input<string>;
    /**
     * Configuration block for publishing slow and application logs to CloudWatch Logs. This block can be declared multiple times, for each log_type, within the same resource. Detailed below.
     */
    logPublishingOptions?: pulumi.Input<pulumi.Input<inputs.elasticsearch.DomainLogPublishingOption>[]>;
    /**
     * Configuration block for node-to-node encryption options. Detailed below.
     */
    nodeToNodeEncryption?: pulumi.Input<inputs.elasticsearch.DomainNodeToNodeEncryption>;
    /**
     * Region where this resource will be [managed](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Defaults to the Region set in the provider configuration.
     */
    region?: pulumi.Input<string>;
    /**
     * Configuration block for snapshot related options. Detailed below. DEPRECATED. For domains running Elasticsearch 5.3 and later, Amazon ES takes hourly automated snapshots, making this setting irrelevant. For domains running earlier versions of Elasticsearch, Amazon ES takes daily automated snapshots.
     */
    snapshotOptions?: pulumi.Input<inputs.elasticsearch.DomainSnapshotOptions>;
    /**
     * Map of tags to assign to the resource. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
     */
    tags?: pulumi.Input<{
        [key: string]: pulumi.Input<string>;
    }>;
    /**
     * Map of tags assigned to the resource, including those inherited from the provider `defaultTags` configuration block.
     */
    tagsAll?: pulumi.Input<{
        [key: string]: pulumi.Input<string>;
    }>;
    /**
     * Configuration block for VPC related options. Adding or removing this configuration forces a new resource ([documentation](https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/es-vpc.html#es-vpc-limitations)). Detailed below.
     */
    vpcOptions?: pulumi.Input<inputs.elasticsearch.DomainVpcOptions>;
}
/**
 * The set of arguments for constructing a Domain resource.
 */
export interface DomainArgs {
    /**
     * IAM policy document specifying the access policies for the domain.
     */
    accessPolicies?: pulumi.Input<string | inputs.elasticsearch.PolicyDocument>;
    /**
     * Key-value string pairs to specify advanced configuration options. Note that the values for these configuration options must be strings (wrapped in quotes) or they may be wrong and cause a perpetual diff, causing the provider to want to recreate your Elasticsearch domain on every apply.
     */
    advancedOptions?: pulumi.Input<{
        [key: string]: pulumi.Input<string>;
    }>;
    /**
     * Configuration block for [fine-grained access control](https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/fgac.html). Detailed below.
     */
    advancedSecurityOptions?: pulumi.Input<inputs.elasticsearch.DomainAdvancedSecurityOptions>;
    /**
     * Configuration block for the Auto-Tune options of the domain. Detailed below.
     */
    autoTuneOptions?: pulumi.Input<inputs.elasticsearch.DomainAutoTuneOptions>;
    /**
     * Configuration block for the cluster of the domain. Detailed below.
     */
    clusterConfig?: pulumi.Input<inputs.elasticsearch.DomainClusterConfig>;
    /**
     * Configuration block for authenticating Kibana with Cognito. Detailed below.
     */
    cognitoOptions?: pulumi.Input<inputs.elasticsearch.DomainCognitoOptions>;
    /**
     * Configuration block for domain endpoint HTTP(S) related options. Detailed below.
     */
    domainEndpointOptions?: pulumi.Input<inputs.elasticsearch.DomainDomainEndpointOptions>;
    /**
     * Name of the domain.
     *
     * The following arguments are optional:
     */
    domainName?: pulumi.Input<string>;
    /**
     * Configuration block for EBS related options, may be required based on chosen [instance size](https://aws.amazon.com/elasticsearch-service/pricing/). Detailed below.
     */
    ebsOptions?: pulumi.Input<inputs.elasticsearch.DomainEbsOptions>;
    /**
     * Version of Elasticsearch to deploy. Defaults to `1.5`.
     */
    elasticsearchVersion?: pulumi.Input<string>;
    /**
     * Configuration block for encrypt at rest options. Only available for [certain instance types](http://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/aes-supported-instance-types.html). Detailed below.
     */
    encryptAtRest?: pulumi.Input<inputs.elasticsearch.DomainEncryptAtRest>;
    /**
     * Configuration block for publishing slow and application logs to CloudWatch Logs. This block can be declared multiple times, for each log_type, within the same resource. Detailed below.
     */
    logPublishingOptions?: pulumi.Input<pulumi.Input<inputs.elasticsearch.DomainLogPublishingOption>[]>;
    /**
     * Configuration block for node-to-node encryption options. Detailed below.
     */
    nodeToNodeEncryption?: pulumi.Input<inputs.elasticsearch.DomainNodeToNodeEncryption>;
    /**
     * Region where this resource will be [managed](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Defaults to the Region set in the provider configuration.
     */
    region?: pulumi.Input<string>;
    /**
     * Configuration block for snapshot related options. Detailed below. DEPRECATED. For domains running Elasticsearch 5.3 and later, Amazon ES takes hourly automated snapshots, making this setting irrelevant. For domains running earlier versions of Elasticsearch, Amazon ES takes daily automated snapshots.
     */
    snapshotOptions?: pulumi.Input<inputs.elasticsearch.DomainSnapshotOptions>;
    /**
     * Map of tags to assign to the resource. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
     */
    tags?: pulumi.Input<{
        [key: string]: pulumi.Input<string>;
    }>;
    /**
     * Configuration block for VPC related options. Adding or removing this configuration forces a new resource ([documentation](https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/es-vpc.html#es-vpc-limitations)). Detailed below.
     */
    vpcOptions?: pulumi.Input<inputs.elasticsearch.DomainVpcOptions>;
}