Docs Home
AWS v6.78.0 published on Thursday, Apr 24, 2025 by Pulumi
aws.opensearch.DomainSamlOptions
Explore with Pulumi AI
Manages SAML authentication options for an AWS OpenSearch Domain.
Example Usage
Basic Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * as std from "@pulumi/std";
const example = new aws.opensearch.Domain("example", {
domainName: "example",
engineVersion: "OpenSearch_1.1",
clusterConfig: {
instanceType: "r4.large.search",
},
snapshotOptions: {
automatedSnapshotStartHour: 23,
},
tags: {
Domain: "TestDomain",
},
});
const exampleDomainSamlOptions = new aws.opensearch.DomainSamlOptions("example", {
domainName: example.domainName,
samlOptions: {
enabled: true,
idp: {
entityId: "https://example.com",
metadataContent: std.file({
input: "./saml-metadata.xml",
}).then(invoke => invoke.result),
},
},
});
import pulumi
import pulumi_aws as aws
import pulumi_std as std
example = aws.opensearch.Domain("example",
domain_name="example",
engine_version="OpenSearch_1.1",
cluster_config={
"instance_type": "r4.large.search",
},
snapshot_options={
"automated_snapshot_start_hour": 23,
},
tags={
"Domain": "TestDomain",
})
example_domain_saml_options = aws.opensearch.DomainSamlOptions("example",
domain_name=example.domain_name,
saml_options={
"enabled": True,
"idp": {
"entity_id": "https://example.com",
"metadata_content": std.file(input="./saml-metadata.xml").result,
},
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch"
"github.com/pulumi/pulumi-std/sdk/go/std"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := opensearch.NewDomain(ctx, "example", &opensearch.DomainArgs{
DomainName: pulumi.String("example"),
EngineVersion: pulumi.String("OpenSearch_1.1"),
ClusterConfig: &opensearch.DomainClusterConfigArgs{
InstanceType: pulumi.String("r4.large.search"),
},
SnapshotOptions: &opensearch.DomainSnapshotOptionsArgs{
AutomatedSnapshotStartHour: pulumi.Int(23),
},
Tags: pulumi.StringMap{
"Domain": pulumi.String("TestDomain"),
},
})
if err != nil {
return err
}
invokeFile, err := std.File(ctx, &std.FileArgs{
Input: "./saml-metadata.xml",
}, nil)
if err != nil {
return err
}
_, err = opensearch.NewDomainSamlOptions(ctx, "example", &opensearch.DomainSamlOptionsArgs{
DomainName: example.DomainName,
SamlOptions: &opensearch.DomainSamlOptionsSamlOptionsArgs{
Enabled: pulumi.Bool(true),
Idp: &opensearch.DomainSamlOptionsSamlOptionsIdpArgs{
EntityId: pulumi.String("https://example.com"),
MetadataContent: pulumi.String(invokeFile.Result),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
using Std = Pulumi.Std;
return await Deployment.RunAsync(() =>
{
var example = new Aws.OpenSearch.Domain("example", new()
{
DomainName = "example",
EngineVersion = "OpenSearch_1.1",
ClusterConfig = new Aws.OpenSearch.Inputs.DomainClusterConfigArgs
{
InstanceType = "r4.large.search",
},
SnapshotOptions = new Aws.OpenSearch.Inputs.DomainSnapshotOptionsArgs
{
AutomatedSnapshotStartHour = 23,
},
Tags =
{
{ "Domain", "TestDomain" },
},
});
var exampleDomainSamlOptions = new Aws.OpenSearch.DomainSamlOptions("example", new()
{
DomainName = example.DomainName,
SamlOptions = new Aws.OpenSearch.Inputs.DomainSamlOptionsSamlOptionsArgs
{
Enabled = true,
Idp = new Aws.OpenSearch.Inputs.DomainSamlOptionsSamlOptionsIdpArgs
{
EntityId = "https://example.com",
MetadataContent = Std.File.Invoke(new()
{
Input = "./saml-metadata.xml",
}).Apply(invoke => invoke.Result),
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.opensearch.Domain;
import com.pulumi.aws.opensearch.DomainArgs;
import com.pulumi.aws.opensearch.inputs.DomainClusterConfigArgs;
import com.pulumi.aws.opensearch.inputs.DomainSnapshotOptionsArgs;
import com.pulumi.aws.opensearch.DomainSamlOptions;
import com.pulumi.aws.opensearch.DomainSamlOptionsArgs;
import com.pulumi.aws.opensearch.inputs.DomainSamlOptionsSamlOptionsArgs;
import com.pulumi.aws.opensearch.inputs.DomainSamlOptionsSamlOptionsIdpArgs;
import com.pulumi.std.StdFunctions;
import com.pulumi.std.inputs.FileArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Domain("example", DomainArgs.builder()
.domainName("example")
.engineVersion("OpenSearch_1.1")
.clusterConfig(DomainClusterConfigArgs.builder()
.instanceType("r4.large.search")
.build())
.snapshotOptions(DomainSnapshotOptionsArgs.builder()
.automatedSnapshotStartHour(23)
.build())
.tags(Map.of("Domain", "TestDomain"))
.build());
var exampleDomainSamlOptions = new DomainSamlOptions("exampleDomainSamlOptions", DomainSamlOptionsArgs.builder()
.domainName(example.domainName())
.samlOptions(DomainSamlOptionsSamlOptionsArgs.builder()
.enabled(true)
.idp(DomainSamlOptionsSamlOptionsIdpArgs.builder()
.entityId("https://example.com")
.metadataContent(StdFunctions.file(FileArgs.builder()
.input("./saml-metadata.xml")
.build()).result())
.build())
.build())
.build());
}
}
resources:
example:
type: aws:opensearch:Domain
properties:
domainName: example
engineVersion: OpenSearch_1.1
clusterConfig:
instanceType: r4.large.search
snapshotOptions:
automatedSnapshotStartHour: 23
tags:
Domain: TestDomain
exampleDomainSamlOptions:
type: aws:opensearch:DomainSamlOptions
name: example
properties:
domainName: ${example.domainName}
samlOptions:
enabled: true
idp:
entityId: https://example.com
metadataContent:
fn::invoke:
function: std:file
arguments:
input: ./saml-metadata.xml
return: result
Create DomainSamlOptions Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new DomainSamlOptions(name: string, args: DomainSamlOptionsArgs, opts?: CustomResourceOptions);@overload
def DomainSamlOptions(resource_name: str,
args: DomainSamlOptionsArgs,
opts: Optional[ResourceOptions] = None)
@overload
def DomainSamlOptions(resource_name: str,
opts: Optional[ResourceOptions] = None,
domain_name: Optional[str] = None,
saml_options: Optional[DomainSamlOptionsSamlOptionsArgs] = None)func NewDomainSamlOptions(ctx *Context, name string, args DomainSamlOptionsArgs, opts ...ResourceOption) (*DomainSamlOptions, error)public DomainSamlOptions(string name, DomainSamlOptionsArgs args, CustomResourceOptions? opts = null)public DomainSamlOptions(String name, DomainSamlOptionsArgs args)
public DomainSamlOptions(String name, DomainSamlOptionsArgs args, CustomResourceOptions options)
type: aws:opensearch:DomainSamlOptions
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name
This property is required. string - The unique name of the resource.
- args
This property is required. DomainSamlOptionsArgs - The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name
This property is required. str - The unique name of the resource.
- args
This property is required. DomainSamlOptionsArgs - The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name
This property is required. string - The unique name of the resource.
- args
This property is required. DomainSamlOptionsArgs - The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name
This property is required. string - The unique name of the resource.
- args
This property is required. DomainSamlOptionsArgs - The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name
This property is required. String - The unique name of the resource.
- args
This property is required. DomainSamlOptionsArgs - The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var awsDomainSamlOptionsResource = new Aws.OpenSearch.DomainSamlOptions("awsDomainSamlOptionsResource", new()
{
DomainName = "string",
SamlOptions = new Aws.OpenSearch.Inputs.DomainSamlOptionsSamlOptionsArgs
{
Enabled = false,
Idp = new Aws.OpenSearch.Inputs.DomainSamlOptionsSamlOptionsIdpArgs
{
EntityId = "string",
MetadataContent = "string",
},
MasterBackendRole = "string",
MasterUserName = "string",
RolesKey = "string",
SessionTimeoutMinutes = 0,
SubjectKey = "string",
},
});
example, err := opensearch.NewDomainSamlOptions(ctx, "awsDomainSamlOptionsResource", &opensearch.DomainSamlOptionsArgs{
DomainName: pulumi.String("string"),
SamlOptions: &opensearch.DomainSamlOptionsSamlOptionsArgs{
Enabled: pulumi.Bool(false),
Idp: &opensearch.DomainSamlOptionsSamlOptionsIdpArgs{
EntityId: pulumi.String("string"),
MetadataContent: pulumi.String("string"),
},
MasterBackendRole: pulumi.String("string"),
MasterUserName: pulumi.String("string"),
RolesKey: pulumi.String("string"),
SessionTimeoutMinutes: pulumi.Int(0),
SubjectKey: pulumi.String("string"),
},
})
var awsDomainSamlOptionsResource = new com.pulumi.aws.opensearch.DomainSamlOptions("awsDomainSamlOptionsResource", com.pulumi.aws.opensearch.DomainSamlOptionsArgs.builder()
.domainName("string")
.samlOptions(DomainSamlOptionsSamlOptionsArgs.builder()
.enabled(false)
.idp(DomainSamlOptionsSamlOptionsIdpArgs.builder()
.entityId("string")
.metadataContent("string")
.build())
.masterBackendRole("string")
.masterUserName("string")
.rolesKey("string")
.sessionTimeoutMinutes(0)
.subjectKey("string")
.build())
.build());
aws_domain_saml_options_resource = aws.opensearch.DomainSamlOptions("awsDomainSamlOptionsResource",
domain_name="string",
saml_options={
"enabled": False,
"idp": {
"entity_id": "string",
"metadata_content": "string",
},
"master_backend_role": "string",
"master_user_name": "string",
"roles_key": "string",
"session_timeout_minutes": 0,
"subject_key": "string",
})
const awsDomainSamlOptionsResource = new aws.opensearch.DomainSamlOptions("awsDomainSamlOptionsResource", {
domainName: "string",
samlOptions: {
enabled: false,
idp: {
entityId: "string",
metadataContent: "string",
},
masterBackendRole: "string",
masterUserName: "string",
rolesKey: "string",
sessionTimeoutMinutes: 0,
subjectKey: "string",
},
});
type: aws:opensearch:DomainSamlOptions
properties:
domainName: string
samlOptions:
enabled: false
idp:
entityId: string
metadataContent: string
masterBackendRole: string
masterUserName: string
rolesKey: string
sessionTimeoutMinutes: 0
subjectKey: string
DomainSamlOptions Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The DomainSamlOptions resource accepts the following input properties:
- Domain
Name stringThis property is required. 
Changes to this property will trigger replacement. Name of the domain.
The following arguments are optional:
- Saml
Options DomainSaml Options Saml Options - SAML authentication options for an AWS OpenSearch Domain.
- Domain
Name stringThis property is required. Changes to this property will trigger replacement. Name of the domain.
The following arguments are optional:
- Saml
Options DomainSaml Options Saml Options Args - SAML authentication options for an AWS OpenSearch Domain.
- domain
Name StringThis property is required. Changes to this property will trigger replacement. Name of the domain.
The following arguments are optional:
- saml
Options DomainSaml Options Saml Options - SAML authentication options for an AWS OpenSearch Domain.
- domain
Name stringThis property is required. Changes to this property will trigger replacement. Name of the domain.
The following arguments are optional:
- saml
Options DomainSaml Options Saml Options - SAML authentication options for an AWS OpenSearch Domain.
- domain_
name strThis property is required. Changes to this property will trigger replacement. Name of the domain.
The following arguments are optional:
- saml_
options DomainSaml Options Saml Options Args - SAML authentication options for an AWS OpenSearch Domain.
- domain
Name StringThis property is required. Changes to this property will trigger replacement. Name of the domain.
The following arguments are optional:
- saml
Options Property Map - SAML authentication options for an AWS OpenSearch Domain.
Outputs
All input properties are implicitly available as output properties. Additionally, the DomainSamlOptions resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing DomainSamlOptions Resource
Get an existing DomainSamlOptions resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: DomainSamlOptionsState, opts?: CustomResourceOptions): DomainSamlOptions@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
domain_name: Optional[str] = None,
saml_options: Optional[DomainSamlOptionsSamlOptionsArgs] = None) -> DomainSamlOptionsfunc GetDomainSamlOptions(ctx *Context, name string, id IDInput, state *DomainSamlOptionsState, opts ...ResourceOption) (*DomainSamlOptions, error)public static DomainSamlOptions Get(string name, Input<string> id, DomainSamlOptionsState? state, CustomResourceOptions? opts = null)public static DomainSamlOptions get(String name, Output<String> id, DomainSamlOptionsState state, CustomResourceOptions options)resources: _: type: aws:opensearch:DomainSamlOptions get: id: ${id}- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
The following state arguments are supported:
- Domain
Name Name of the domain.
The following arguments are optional:
- Saml
Options DomainSaml Options Saml Options - SAML authentication options for an AWS OpenSearch Domain.
- Domain
Name Name of the domain.
The following arguments are optional:
- Saml
Options DomainSaml Options Saml Options Args - SAML authentication options for an AWS OpenSearch Domain.
- domain
Name Name of the domain.
The following arguments are optional:
- saml
Options DomainSaml Options Saml Options - SAML authentication options for an AWS OpenSearch Domain.
- domain
Name Name of the domain.
The following arguments are optional:
- saml
Options DomainSaml Options Saml Options - SAML authentication options for an AWS OpenSearch Domain.
- domain_
name Name of the domain.
The following arguments are optional:
- saml_
options DomainSaml Options Saml Options Args - SAML authentication options for an AWS OpenSearch Domain.
- domain
Name Name of the domain.
The following arguments are optional:
- saml
Options Property Map - SAML authentication options for an AWS OpenSearch Domain.
Supporting Types
DomainSamlOptionsSamlOptions, DomainSamlOptionsSamlOptionsArgs
, DomainSamlOptionsSamlOptionsArgs
- Enabled bool
- Whether SAML authentication is enabled.
- Idp
Domain
Saml Options Saml Options Idp - Information from your identity provider.
- Master
Backend stringRole - This backend role from the SAML IdP receives full permissions to the cluster, equivalent to a new master user.
- Master
User stringName - This username from the SAML IdP receives full permissions to the cluster, equivalent to a new master user.
- Roles
Key string - Element of the SAML assertion to use for backend roles. Default is roles.
- Session
Timeout intMinutes - Duration of a session in minutes after a user logs in. Default is 60. Maximum value is 1,440.
- Subject
Key string - Element of the SAML assertion to use for username. Default is NameID.
- Enabled bool
- Whether SAML authentication is enabled.
- Idp
Domain
Saml Options Saml Options Idp - Information from your identity provider.
- Master
Backend stringRole - This backend role from the SAML IdP receives full permissions to the cluster, equivalent to a new master user.
- Master
User stringName - This username from the SAML IdP receives full permissions to the cluster, equivalent to a new master user.
- Roles
Key string - Element of the SAML assertion to use for backend roles. Default is roles.
- Session
Timeout intMinutes - Duration of a session in minutes after a user logs in. Default is 60. Maximum value is 1,440.
- Subject
Key string - Element of the SAML assertion to use for username. Default is NameID.
- enabled Boolean
- Whether SAML authentication is enabled.
- idp
Domain
Saml Options Saml Options Idp - Information from your identity provider.
- master
Backend StringRole - This backend role from the SAML IdP receives full permissions to the cluster, equivalent to a new master user.
- master
User StringName - This username from the SAML IdP receives full permissions to the cluster, equivalent to a new master user.
- roles
Key String - Element of the SAML assertion to use for backend roles. Default is roles.
- session
Timeout IntegerMinutes - Duration of a session in minutes after a user logs in. Default is 60. Maximum value is 1,440.
- subject
Key String - Element of the SAML assertion to use for username. Default is NameID.
- enabled boolean
- Whether SAML authentication is enabled.
- idp
Domain
Saml Options Saml Options Idp - Information from your identity provider.
- master
Backend stringRole - This backend role from the SAML IdP receives full permissions to the cluster, equivalent to a new master user.
- master
User stringName - This username from the SAML IdP receives full permissions to the cluster, equivalent to a new master user.
- roles
Key string - Element of the SAML assertion to use for backend roles. Default is roles.
- session
Timeout numberMinutes - Duration of a session in minutes after a user logs in. Default is 60. Maximum value is 1,440.
- subject
Key string - Element of the SAML assertion to use for username. Default is NameID.
- enabled bool
- Whether SAML authentication is enabled.
- idp
Domain
Saml Options Saml Options Idp - Information from your identity provider.
- master_
backend_ strrole - This backend role from the SAML IdP receives full permissions to the cluster, equivalent to a new master user.
- master_
user_ strname - This username from the SAML IdP receives full permissions to the cluster, equivalent to a new master user.
- roles_
key str - Element of the SAML assertion to use for backend roles. Default is roles.
- session_
timeout_ intminutes - Duration of a session in minutes after a user logs in. Default is 60. Maximum value is 1,440.
- subject_
key str - Element of the SAML assertion to use for username. Default is NameID.
- enabled Boolean
- Whether SAML authentication is enabled.
- idp Property Map
- Information from your identity provider.
- master
Backend StringRole - This backend role from the SAML IdP receives full permissions to the cluster, equivalent to a new master user.
- master
User StringName - This username from the SAML IdP receives full permissions to the cluster, equivalent to a new master user.
- roles
Key String - Element of the SAML assertion to use for backend roles. Default is roles.
- session
Timeout NumberMinutes - Duration of a session in minutes after a user logs in. Default is 60. Maximum value is 1,440.
- subject
Key String - Element of the SAML assertion to use for username. Default is NameID.
DomainSamlOptionsSamlOptionsIdp, DomainSamlOptionsSamlOptionsIdpArgs
, DomainSamlOptionsSamlOptionsIdpArgs
- Entity
Id This property is required. string - Unique Entity ID of the application in SAML Identity Provider.
- Metadata
Content This property is required. string - Metadata of the SAML application in xml format.
- Entity
Id This property is required. string - Unique Entity ID of the application in SAML Identity Provider.
- Metadata
Content This property is required. string - Metadata of the SAML application in xml format.
- entity
Id This property is required. String - Unique Entity ID of the application in SAML Identity Provider.
- metadata
Content This property is required. String - Metadata of the SAML application in xml format.
- entity
Id This property is required. string - Unique Entity ID of the application in SAML Identity Provider.
- metadata
Content This property is required. string - Metadata of the SAML application in xml format.
- entity_
id This property is required. str - Unique Entity ID of the application in SAML Identity Provider.
- metadata_
content This property is required. str - Metadata of the SAML application in xml format.
- entity
Id This property is required. String - Unique Entity ID of the application in SAML Identity Provider.
- metadata
Content This property is required. String - Metadata of the SAML application in xml format.
Import
Using pulumi import, import OpenSearch domains using the domain_name. For example:
$ pulumi import aws:opensearch/domainSamlOptions:DomainSamlOptions example domain_name
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
awsTerraform Provider.