Serverless
data class ServerlessAccessPolicyArgs(val description: Output<String>? = null, val name: Output<String>? = null, val policy: Output<String>? = null, val type: Output<String>? = null) : ConvertibleToJava<ServerlessAccessPolicyArgs>
Resource for managing an AWS OpenSearch Serverless Access Policy. See AWS documentation for data access policies and supported data access policy permissions.
Example Usage
Grant all collection and index permissions
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.AwsFunctions;
import com.pulumi.aws.inputs.GetCallerIdentityArgs;
import com.pulumi.aws.opensearch.ServerlessAccessPolicy;
import com.pulumi.aws.opensearch.ServerlessAccessPolicyArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var current = AwsFunctions.getCallerIdentity();
var example = new ServerlessAccessPolicy("example", ServerlessAccessPolicyArgs.builder()
.type("data")
.description("read and write permissions")
.policy(serializeJson(
jsonArray(jsonObject(
jsonProperty("Rules", jsonArray(
jsonObject(
jsonProperty("ResourceType", "index"),
jsonProperty("Resource", jsonArray("index/example-collection/*")),
jsonProperty("Permission", jsonArray("aoss:*"))
),
jsonObject(
jsonProperty("ResourceType", "collection"),
jsonProperty("Resource", jsonArray("collection/example-collection")),
jsonProperty("Permission", jsonArray("aoss:*"))
)
)),
jsonProperty("Principal", jsonArray(current.applyValue(getCallerIdentityResult -> getCallerIdentityResult.arn())))
))))
.build());
}
}Content copied to clipboard
Grant read-only collection and index permissions
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.AwsFunctions;
import com.pulumi.aws.inputs.GetCallerIdentityArgs;
import com.pulumi.aws.opensearch.ServerlessAccessPolicy;
import com.pulumi.aws.opensearch.ServerlessAccessPolicyArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var current = AwsFunctions.getCallerIdentity();
var example = new ServerlessAccessPolicy("example", ServerlessAccessPolicyArgs.builder()
.type("data")
.description("read-only permissions")
.policy(serializeJson(
jsonArray(jsonObject(
jsonProperty("Rules", jsonArray(
jsonObject(
jsonProperty("ResourceType", "index"),
jsonProperty("Resource", jsonArray("index/example-collection/*")),
jsonProperty("Permission", jsonArray(
"aoss:DescribeIndex",
"aoss:ReadDocument"
))
),
jsonObject(
jsonProperty("ResourceType", "collection"),
jsonProperty("Resource", jsonArray("collection/example-collection")),
jsonProperty("Permission", jsonArray("aoss:DescribeCollectionItems"))
)
)),
jsonProperty("Principal", jsonArray(current.applyValue(getCallerIdentityResult -> getCallerIdentityResult.arn())))
))))
.build());
}
}Content copied to clipboard
Grant SAML identity permissions
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.opensearch.ServerlessAccessPolicy;
import com.pulumi.aws.opensearch.ServerlessAccessPolicyArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new ServerlessAccessPolicy("example", ServerlessAccessPolicyArgs.builder()
.type("data")
.description("saml permissions")
.policy(serializeJson(
jsonArray(jsonObject(
jsonProperty("Rules", jsonArray(
jsonObject(
jsonProperty("ResourceType", "index"),
jsonProperty("Resource", jsonArray("index/example-collection/*")),
jsonProperty("Permission", jsonArray("aoss:*"))
),
jsonObject(
jsonProperty("ResourceType", "collection"),
jsonProperty("Resource", jsonArray("collection/example-collection")),
jsonProperty("Permission", jsonArray("aoss:*"))
)
)),
jsonProperty("Principal", jsonArray(
"saml/123456789012/myprovider/user/Annie",
"saml/123456789012/anotherprovider/group/Accounting"
))
))))
.build());
}
}Content copied to clipboard
Import
Using pulumi import, import OpenSearchServerless Access Policy using the name and type arguments separated by a slash (/). For example:
$ pulumi import aws:opensearch/serverlessAccessPolicy:ServerlessAccessPolicy example example/dataContent copied to clipboard
Constructors
Link copied to clipboard
fun ServerlessAccessPolicyArgs(description: Output<String>? = null, name: Output<String>? = null, policy: Output<String>? = null, type: Output<String>? = null)