MDAA TS Docs
    Preparing search index...

    A construct for the creation of a compliant Opensearch Domain Specifically, the construct ensures the following:

    • The domain is encrypted at rest using KMS CMK.
    • SSL must be utilized to connect to the domain.
    • The domain is VPC connected and not publicly accessible.

    Hierarchy

    • Domain
      • MdaaOpensearchDomain
    Index

    Constructors

    Properties

    appLogGroup?: ILogGroup

    Log group that application logs are logged to.

    auditLogGroup?: ILogGroup

    Log group that audit logs are logged to.

    domainArn: string
    domainEndpoint: string
    domainId: string
    domainName: string
    env: ResourceEnvironment

    The environment this resource belongs to. For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.

    masterUserPassword?: SecretValue

    Master user password if fine grained access control is configured.

    node: Node

    The tree node.

    physicalName: string

    Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.

    This value will resolve to one of the following:

    • a concrete value (e.g. "my-awesome-bucket")
    • undefined, when a name should be generated by CloudFormation
    • a concrete name generated automatically during synthesis, in cross-environment scenarios.
    slowIndexLogGroup?: ILogGroup

    Log group that slow indices are logged to.

    slowSearchLogGroup?: ILogGroup

    Log group that slow searches are logged to.

    stack: Stack

    The stack in which this resource is defined.

    PROPERTY_INJECTION_ID: string

    Uniquely identifies this class.

    Accessors

    • get connections(): Connections

      Manages network connections to the domain. This will throw an error in case the domain is not placed inside a VPC.

      Returns Connections

    Methods

    • Internal

      Called when this resource is referenced across environments (account/region) to order to request that a physical name will be generated for this resource during synthesis, so the resource can be referenced through its absolute name/arn.

      Returns void

    • Add policy statements to the domain access policy

      Parameters

      • ...accessPolicyStatements: PolicyStatement[]

      Returns void

    • Apply the given removal policy to this resource

      The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.

      The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN).

      Parameters

      • policy: RemovalPolicy

      Returns void

    • Returns string

    • Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. bucket.bucketArn).

      Normally, this token will resolve to arnAttr, but if the resource is referenced across environments, arnComponents will be used to synthesize a concrete ARN with the resource's physical name. Make sure to reference this.physicalName in arnComponents.

      Parameters

      • arnAttr: string

        The CFN attribute which resolves to the ARN of the resource. Commonly it will be called "Arn" (e.g. resource.attrArn), but sometimes it's the CFN resource's ref.

      • arnComponents: ArnComponents

        The format of the ARN of this resource. You must reference this.physicalName somewhere within the ARN in order for cross-environment references to work.

      Returns string

    • Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. bucket.bucketName).

      Normally, this token will resolve to nameAttr, but if the resource is referenced across environments, it will be resolved to this.physicalName, which will be a concrete name.

      Parameters

      • nameAttr: string

        The CFN attribute which resolves to the resource's name. Commonly this is the resource's ref.

      Returns string

    • Grant read permissions for an index in this domain to an IAM principal (Role/Group/User).

      Parameters

      • index: string

        The index to grant permissions for

      • identity: IGrantable

        The principal

      Returns Grant

    • Grant read/write permissions for an index in this domain to an IAM principal (Role/Group/User).

      Parameters

      • index: string

        The index to grant permissions for

      • identity: IGrantable

        The principal

      Returns Grant

    • Grant write permissions for an index in this domain to an IAM principal (Role/Group/User).

      Parameters

      • index: string

        The index to grant permissions for

      • identity: IGrantable

        The principal

      Returns Grant

    • Grant read permissions for a specific path in this domain to an IAM principal (Role/Group/User).

      Parameters

      • path: string

        The path to grant permissions for

      • identity: IGrantable

        The principal

      Returns Grant

    • Grant read/write permissions for a specific path in this domain to an IAM principal (Role/Group/User).

      Parameters

      • path: string

        The path to grant permissions for

      • identity: IGrantable

        The principal

      Returns Grant

    • Grant write permissions for a specific path in this domain to an IAM principal (Role/Group/User).

      Parameters

      • path: string

        The path to grant permissions for

      • identity: IGrantable

        The principal

      Returns Grant

    • Grant read permissions for this domain and its contents to an IAM principal (Role/Group/User).

      Parameters

      • identity: IGrantable

        The principal

      Returns Grant

    • Grant read/write permissions for this domain and its contents to an IAM principal (Role/Group/User).

      Parameters

      • identity: IGrantable

        The principal

      Returns Grant

    • Grant write permissions for this domain and its contents to an IAM principal (Role/Group/User).

      Parameters

      • identity: IGrantable

        The principal

      Returns Grant

    • Return the given named metric for this domain.

      Parameters

      • metricName: string
      • Optionalprops: MetricOptions

      Returns Metric

    • Metric for automated snapshot failures.

      Parameters

      • Optionalprops: MetricOptions

      Returns Metric

      maximum over 5 minutes
      
    • Metric for the cluster blocking index writes.

      Parameters

      • Optionalprops: MetricOptions

      Returns Metric

      maximum over 1 minute
      
    • Metric for the time the cluster status is red.

      Parameters

      • Optionalprops: MetricOptions

      Returns Metric

      maximum over 5 minutes
      
    • Metric for the time the cluster status is yellow.

      Parameters

      • Optionalprops: MetricOptions

      Returns Metric

      maximum over 5 minutes
      
    • Metric for CPU utilization.

      Parameters

      • Optionalprops: MetricOptions

      Returns Metric

      maximum over 5 minutes
      
    • Metric for the storage space of nodes in the cluster.

      Parameters

      • Optionalprops: MetricOptions

      Returns Metric

      minimum over 5 minutes
      
    • Metric for indexing latency.

      Parameters

      • Optionalprops: MetricOptions

      Returns Metric

      p99 over 5 minutes
      
    • Metric for JVM memory pressure.

      Parameters

      • Optionalprops: MetricOptions

      Returns Metric

      maximum over 5 minutes
      
    • Metric for KMS key errors.

      Parameters

      • Optionalprops: MetricOptions

      Returns Metric

      maximum over 5 minutes
      
    • Metric for KMS key being inaccessible.

      Parameters

      • Optionalprops: MetricOptions

      Returns Metric

      maximum over 5 minutes
      
    • Metric for master CPU utilization.

      Parameters

      • Optionalprops: MetricOptions

      Returns Metric

      maximum over 5 minutes
      
    • Metric for master JVM memory pressure.

      Parameters

      • Optionalprops: MetricOptions

      Returns Metric

      maximum over 5 minutes
      
    • Metric for the number of nodes.

      Parameters

      • Optionalprops: MetricOptions

      Returns Metric

      minimum over 1 hour
      
    • Metric for number of searchable documents.

      Parameters

      • Optionalprops: MetricOptions

      Returns Metric

      maximum over 5 minutes
      
    • Metric for search latency.

      Parameters

      • Optionalprops: MetricOptions

      Returns Metric

      p99 over 5 minutes
      
    • Returns a string representation of this construct.

      Returns string

    • Creates a domain construct that represents an external domain.

      Parameters

      • scope: Construct

        The parent creating construct (usually this).

      • id: string

        The construct's name.

      • attrs: DomainAttributes

        A DomainAttributes object.

      Returns IDomain

    • Creates a domain construct that represents an external domain via domain endpoint.

      Parameters

      • scope: Construct

        The parent creating construct (usually this).

      • id: string

        The construct's name.

      • domainEndpoint: string

        The domain's endpoint.

      Returns IDomain

    • Checks if x is a construct.

      Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

      Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.

      Parameters

      • x: any

        Any object

      Returns x is Construct

      true if x is an object created from a class which extends Construct.

    • Returns true if the construct was created by CDK, and false otherwise

      Parameters

      • construct: IConstruct

      Returns boolean

    • Check whether the given construct is a Resource

      Parameters

      • construct: IConstruct

      Returns construct is Resource