Domain
data class DomainServiceAccessPolicyArgs(val accessPolicy: Output<String>? = null, val domainName: Output<String>? = null) : ConvertibleToJava<DomainServiceAccessPolicyArgs>
Provides an CloudSearch domain service access policy resource. The provider waits for the domain service access policy to become Active when applying a configuration.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const exampleDomain = new aws.cloudsearch.Domain("example", {name: "example-domain"});
const example = aws.iam.getPolicyDocument({
statements: [{
sid: "search_only",
effect: "Allow",
principals: [{
type: "*",
identifiers: ["*"],
}],
actions: [
"cloudsearch:search",
"cloudsearch:document",
],
conditions: [{
test: "IpAddress",
variable: "aws:SourceIp",
values: ["192.0.2.0/32"],
}],
}],
});
const exampleDomainServiceAccessPolicy = new aws.cloudsearch.DomainServiceAccessPolicy("example", {
domainName: exampleDomain.id,
accessPolicy: example.then(example => example.json),
});Content copied to clipboard
import pulumi
import pulumi_aws as aws
example_domain = aws.cloudsearch.Domain("example", name="example-domain")
example = aws.iam.get_policy_document(statements=[{
"sid": "search_only",
"effect": "Allow",
"principals": [{
"type": "*",
"identifiers": ["*"],
}],
"actions": [
"cloudsearch:search",
"cloudsearch:document",
],
"conditions": [{
"test": "IpAddress",
"variable": "aws:SourceIp",
"values": ["192.0.2.0/32"],
}],
}])
example_domain_service_access_policy = aws.cloudsearch.DomainServiceAccessPolicy("example",
domain_name=example_domain.id,
access_policy=example.json)Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var exampleDomain = new Aws.CloudSearch.Domain("example", new()
{
Name = "example-domain",
});
var example = Aws.Iam.GetPolicyDocument.Invoke(new()
{
Statements = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
{
Sid = "search_only",
Effect = "Allow",
Principals = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs
{
Type = "*",
Identifiers = new[]
{
"*",
},
},
},
Actions = new[]
{
"cloudsearch:search",
"cloudsearch:document",
},
Conditions = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs
{
Test = "IpAddress",
Variable = "aws:SourceIp",
Values = new[]
{
"192.0.2.0/32",
},
},
},
},
},
});
var exampleDomainServiceAccessPolicy = new Aws.CloudSearch.DomainServiceAccessPolicy("example", new()
{
DomainName = exampleDomain.Id,
AccessPolicy = example.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudsearch"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
exampleDomain, err := cloudsearch.NewDomain(ctx, "example", &cloudsearch.DomainArgs{
Name: pulumi.String("example-domain"),
})
if err != nil {
return err
}
example, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{
Statements: []iam.GetPolicyDocumentStatement{
{
Sid: pulumi.StringRef("search_only"),
Effect: pulumi.StringRef("Allow"),
Principals: []iam.GetPolicyDocumentStatementPrincipal{
{
Type: "*",
Identifiers: []string{
"*",
},
},
},
Actions: []string{
"cloudsearch:search",
"cloudsearch:document",
},
Conditions: []iam.GetPolicyDocumentStatementCondition{
{
Test: "IpAddress",
Variable: "aws:SourceIp",
Values: []string{
"192.0.2.0/32",
},
},
},
},
},
}, nil)
if err != nil {
return err
}
_, err = cloudsearch.NewDomainServiceAccessPolicy(ctx, "example", &cloudsearch.DomainServiceAccessPolicyArgs{
DomainName: exampleDomain.ID(),
AccessPolicy: pulumi.String(example.Json),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.cloudsearch.Domain;
import com.pulumi.aws.cloudsearch.DomainArgs;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.cloudsearch.DomainServiceAccessPolicy;
import com.pulumi.aws.cloudsearch.DomainServiceAccessPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var exampleDomain = new Domain("exampleDomain", DomainArgs.builder()
.name("example-domain")
.build());
final var example = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
.statements(GetPolicyDocumentStatementArgs.builder()
.sid("search_only")
.effect("Allow")
.principals(GetPolicyDocumentStatementPrincipalArgs.builder()
.type("*")
.identifiers("*")
.build())
.actions(
"cloudsearch:search",
"cloudsearch:document")
.conditions(GetPolicyDocumentStatementConditionArgs.builder()
.test("IpAddress")
.variable("aws:SourceIp")
.values("192.0.2.0/32")
.build())
.build())
.build());
var exampleDomainServiceAccessPolicy = new DomainServiceAccessPolicy("exampleDomainServiceAccessPolicy", DomainServiceAccessPolicyArgs.builder()
.domainName(exampleDomain.id())
.accessPolicy(example.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json()))
.build());
}
}Content copied to clipboard
resources:
exampleDomain:
type: aws:cloudsearch:Domain
name: example
properties:
name: example-domain
exampleDomainServiceAccessPolicy:
type: aws:cloudsearch:DomainServiceAccessPolicy
name: example
properties:
domainName: ${exampleDomain.id}
accessPolicy: ${example.json}
variables:
example:
fn::invoke:
function: aws:iam:getPolicyDocument
arguments:
statements:
- sid: search_only
effect: Allow
principals:
- type: '*'
identifiers:
- '*'
actions:
- cloudsearch:search
- cloudsearch:document
conditions:
- test: IpAddress
variable: aws:SourceIp
values:
- 192.0.2.0/32Content copied to clipboard
Import
Using pulumi import, import CloudSearch domain service access policies using the domain name. For example:
$ pulumi import aws:cloudsearch/domainServiceAccessPolicy:DomainServiceAccessPolicy example example-domainContent copied to clipboard
Properties
Link copied to clipboard
The access rules you want to configure. These rules replace any existing rules. See the AWS documentation for details.
Link copied to clipboard
The CloudSearch domain name the policy applies to.