pulumi-aws-kotlin/com.pulumi.aws.opensearch.kotlin/ServerlessAccessPolicy

ServerlessAccessPolicy

class ServerlessAccessPolicy : KotlinCustomResource

Resource for managing an AWS OpenSearch Serverless Access Policy. See AWS documentation for data access policies and supported data access policy permissions.

Example Usage

Grant all collection and index permissions

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.AwsFunctions;
import com.pulumi.aws.inputs.GetCallerIdentityArgs;
import com.pulumi.aws.opensearch.ServerlessAccessPolicy;
import com.pulumi.aws.opensearch.ServerlessAccessPolicyArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        final var current = AwsFunctions.getCallerIdentity();
        var example = new ServerlessAccessPolicy("example", ServerlessAccessPolicyArgs.builder()
            .type("data")
            .description("read and write permissions")
            .policy(serializeJson(
                jsonArray(jsonObject(
                    jsonProperty("Rules", jsonArray(
                        jsonObject(
                            jsonProperty("ResourceType", "index"),
                            jsonProperty("Resource", jsonArray("index/example-collection/*")),
                            jsonProperty("Permission", jsonArray("aoss:*"))
                        ),
                        jsonObject(
                            jsonProperty("ResourceType", "collection"),
                            jsonProperty("Resource", jsonArray("collection/example-collection")),
                            jsonProperty("Permission", jsonArray("aoss:*"))
                        )
                    )),
                    jsonProperty("Principal", jsonArray(current.applyValue(getCallerIdentityResult -> getCallerIdentityResult.arn())))
                ))))
            .build());
    }
}

Grant read-only collection and index permissions

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.AwsFunctions;
import com.pulumi.aws.inputs.GetCallerIdentityArgs;
import com.pulumi.aws.opensearch.ServerlessAccessPolicy;
import com.pulumi.aws.opensearch.ServerlessAccessPolicyArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        final var current = AwsFunctions.getCallerIdentity();
        var example = new ServerlessAccessPolicy("example", ServerlessAccessPolicyArgs.builder()
            .type("data")
            .description("read-only permissions")
            .policy(serializeJson(
                jsonArray(jsonObject(
                    jsonProperty("Rules", jsonArray(
                        jsonObject(
                            jsonProperty("ResourceType", "index"),
                            jsonProperty("Resource", jsonArray("index/example-collection/*")),
                            jsonProperty("Permission", jsonArray(
                                "aoss:DescribeIndex",
                                "aoss:ReadDocument"
                            ))
                        ),
                        jsonObject(
                            jsonProperty("ResourceType", "collection"),
                            jsonProperty("Resource", jsonArray("collection/example-collection")),
                            jsonProperty("Permission", jsonArray("aoss:DescribeCollectionItems"))
                        )
                    )),
                    jsonProperty("Principal", jsonArray(current.applyValue(getCallerIdentityResult -> getCallerIdentityResult.arn())))
                ))))
            .build());
    }
}

Grant SAML identity permissions

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.opensearch.ServerlessAccessPolicy;
import com.pulumi.aws.opensearch.ServerlessAccessPolicyArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var example = new ServerlessAccessPolicy("example", ServerlessAccessPolicyArgs.builder()
            .type("data")
            .description("saml permissions")
            .policy(serializeJson(
                jsonArray(jsonObject(
                    jsonProperty("Rules", jsonArray(
                        jsonObject(
                            jsonProperty("ResourceType", "index"),
                            jsonProperty("Resource", jsonArray("index/example-collection/*")),
                            jsonProperty("Permission", jsonArray("aoss:*"))
                        ),
                        jsonObject(
                            jsonProperty("ResourceType", "collection"),
                            jsonProperty("Resource", jsonArray("collection/example-collection")),
                            jsonProperty("Permission", jsonArray("aoss:*"))
                        )
                    )),
                    jsonProperty("Principal", jsonArray(
                        "saml/123456789012/myprovider/user/Annie",
                        "saml/123456789012/anotherprovider/group/Accounting"
                    ))
                ))))
            .build());
    }
}

Import

Using pulumi import, import OpenSearchServerless Access Policy using the name and type arguments separated by a slash (/). For example:

$ pulumi import aws:opensearch/serverlessAccessPolicy:ServerlessAccessPolicy example example/data

//*/

Properties

description

val description: Output<String>?

Description of the policy. Typically used to store information about the permissions defined in the policy.

val id: Output<String>

name

val name: Output<String>

Name of the policy.

policy

val policy: Output<String>

JSON policy document to use as the content for the new policy

policyVersion

val policyVersion: Output<String>

Version of the policy.

pulumiChildResources

val pulumiChildResources: Set<KotlinResource>

pulumiResourceName

val pulumiResourceName: String

pulumiResourceType

val pulumiResourceType: String

type

val type: Output<String>

Type of access policy. Must be data. The following arguments are optional:

urn

val urn: Output<String>