By Implementation

Service Control PoliciesConfig RulesAuto Remediation RulesConformance PacksAmazon GuardDutyAmazon InspectorAWS Security HubAWS Network FirewallRoute53 Resolver SecurityAmazon MacieS3 Bucket PoliciesCloudWatch Alarms and Event RulesAWS WAFAWS Secrets ManagerAWS Systems ManagerSecurity Groups & NACLsAWS KMSIAM PoliciesAmazon ECRRDS Event Subscriptions

By Service Protected

Configuration Packages

Strategy Guides

Other

OpenSearch/Elasticsearch Security Controls

Amazon OpenSearch Domain

Configuration template to provision an OpenSearch Domain (formerly Amazon Elasticsearch Domain), with settings such as VPC access, number of master and data nodes, encryption (at-rest and node-to-node), logging settings, and more.

The following OpenSearch/Elasticsearch domain settings can be customized in this template: 

  • Domain Name: Provide the name of the OpenSearch domain
  • Engine Version: Supports versions for Amazon Elasticsearch (up to 7.10) and Amazon OpenSearch from 1.0 
  • VPC Access: Enables provisioning direct VPC access for the OpenSearch cluster and requires Subnet IDs and Security Groups to be provided
  • Log Publishing Settings supports configuring Search and Index Slow Logs, Application Logs, and Audit Logs
  • Master Node Settings: Dedicated master nodes can be enabled and the number of nodes and instance types specified
  • Data Node Settings: Specify the number of data nodes, instance types and data storage type (EBS or Instance storage)
Items
1
Size
0.9 KB
Missing Parameters
AWSTemplateFormatVersion: "2010-09-09"
Description: ""
Resources:
  OpenSearchDomain:
    Type: "AWS::OpenSearchService::Domain"
    Properties:
      EngineVersion: "OpenSearch_1.0"
      ClusterConfig:
        DedicatedMasterEnabled: true
        InstanceCount: 3
        InstanceType: "r6g.large.search"
        DedicatedMasterCount: 3
        DedicatedMasterType: "r6g.large.search"
        ZoneAwarenessEnabled: false
      EncryptionAtRestOptions:
        Enabled: false
      LogPublishingOptions:
        SEARCH_SLOW_LOGS:
          Enabled: false
        ES_APPLICATION_LOGS:
          Enabled: false
        INDEX_SLOW_LOGS:
          Enabled: false
        AUDIT_LOGS:
          Enabled: false
      NodeToNodeEncryptionOptions:
        Enabled: false
      EBSOptions:
        EBSEnabled: true
        VolumeSize: 50
Parameters: {}
Metadata: {}
Conditions: {}

Actions



Customize Template

Cluster Settings

Node Settings

* Required field