Serverless
Resource for managing an AWS OpenSearch Serverless Security Policy. See AWS documentation for encryption policies and network policies.
Example Usage
Encryption Security Policy
Applies to a single collection
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.opensearch.ServerlessSecurityPolicy;
import com.pulumi.aws.opensearch.ServerlessSecurityPolicyArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new ServerlessSecurityPolicy("example", ServerlessSecurityPolicyArgs.builder()
.type("encryption")
.description("encryption security policy for example-collection")
.policy(serializeJson(
jsonObject(
jsonProperty("Rules", jsonArray(jsonObject(
jsonProperty("Resource", jsonArray("collection/example-collection")),
jsonProperty("ResourceType", "collection")
))),
jsonProperty("AWSOwnedKey", true)
)))
.build());
}
}Content copied to clipboard
Applies to multiple collections
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.opensearch.ServerlessSecurityPolicy;
import com.pulumi.aws.opensearch.ServerlessSecurityPolicyArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new ServerlessSecurityPolicy("example", ServerlessSecurityPolicyArgs.builder()
.type("encryption")
.description("encryption security policy for collections that begin with \"example\"")
.policy(serializeJson(
jsonObject(
jsonProperty("Rules", jsonArray(jsonObject(
jsonProperty("Resource", jsonArray("collection/example*")),
jsonProperty("ResourceType", "collection")
))),
jsonProperty("AWSOwnedKey", true)
)))
.build());
}
}Content copied to clipboard
Using a customer managed key
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.opensearch.ServerlessSecurityPolicy;
import com.pulumi.aws.opensearch.ServerlessSecurityPolicyArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new ServerlessSecurityPolicy("example", ServerlessSecurityPolicyArgs.builder()
.type("encryption")
.description("encryption security policy using customer KMS key")
.policy(serializeJson(
jsonObject(
jsonProperty("Rules", jsonArray(jsonObject(
jsonProperty("Resource", jsonArray("collection/customer-managed-key-collection")),
jsonProperty("ResourceType", "collection")
))),
jsonProperty("AWSOwnedKey", false),
jsonProperty("KmsARN", "arn:aws:kms:us-east-1:123456789012:key/93fd6da4-a317-4c17-bfe9-382b5d988b36")
)))
.build());
}
}Content copied to clipboard
Allow public access to the collection endpoint and the Dashboards endpoint
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.opensearch.ServerlessSecurityPolicy;
import com.pulumi.aws.opensearch.ServerlessSecurityPolicyArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new ServerlessSecurityPolicy("example", ServerlessSecurityPolicyArgs.builder()
.type("network")
.description("Public access")
.policy(serializeJson(
jsonArray(jsonObject(
jsonProperty("Description", "Public access to collection and Dashboards endpoint for example collection"),
jsonProperty("Rules", jsonArray(
jsonObject(
jsonProperty("ResourceType", "collection"),
jsonProperty("Resource", jsonArray("collection/example-collection"))
),
jsonObject(
jsonProperty("ResourceType", "dashboard"),
jsonProperty("Resource", jsonArray("collection/example-collection"))
)
)),
jsonProperty("AllowFromPublic", true)
))))
.build());
}
}Content copied to clipboard
Allow VPC access to the collection endpoint and the Dashboards endpoint
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.opensearch.ServerlessSecurityPolicy;
import com.pulumi.aws.opensearch.ServerlessSecurityPolicyArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new ServerlessSecurityPolicy("example", ServerlessSecurityPolicyArgs.builder()
.type("network")
.description("VPC access")
.policy(serializeJson(
jsonArray(jsonObject(
jsonProperty("Description", "VPC access to collection and Dashboards endpoint for example collection"),
jsonProperty("Rules", jsonArray(
jsonObject(
jsonProperty("ResourceType", "collection"),
jsonProperty("Resource", jsonArray("collection/example-collection"))
),
jsonObject(
jsonProperty("ResourceType", "dashboard"),
jsonProperty("Resource", jsonArray("collection/example-collection"))
)
)),
jsonProperty("AllowFromPublic", false),
jsonProperty("SourceVPCEs", jsonArray("vpce-050f79086ee71ac05"))
))))
.build());
}
}Content copied to clipboard
Mixed access for different collections
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.opensearch.ServerlessSecurityPolicy;
import com.pulumi.aws.opensearch.ServerlessSecurityPolicyArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new ServerlessSecurityPolicy("example", ServerlessSecurityPolicyArgs.builder()
.type("network")
.description("Mixed access for marketing and sales")
.policy(serializeJson(
jsonArray(
jsonObject(
jsonProperty("Description", "Marketing access"),
jsonProperty("Rules", jsonArray(
jsonObject(
jsonProperty("ResourceType", "collection"),
jsonProperty("Resource", jsonArray("collection/marketing*"))
),
jsonObject(
jsonProperty("ResourceType", "dashboard"),
jsonProperty("Resource", jsonArray("collection/marketing*"))
)
)),
jsonProperty("AllowFromPublic", false),
jsonProperty("SourceVPCEs", jsonArray("vpce-050f79086ee71ac05"))
),
jsonObject(
jsonProperty("Description", "Sales access"),
jsonProperty("Rules", jsonArray(jsonObject(
jsonProperty("ResourceType", "collection"),
jsonProperty("Resource", jsonArray("collection/finance"))
))),
jsonProperty("AllowFromPublic", true)
)
)))
.build());
}
}Content copied to clipboard
Import
Using pulumi import, import OpenSearchServerless Security Policy using the name and type arguments separated by a slash (/). For example:
$ pulumi import aws:opensearch/serverlessSecurityPolicy:ServerlessSecurityPolicy example example/encryptionContent copied to clipboard