create_domain
(**kwargs)¶Creates an Amazon OpenSearch Service domain. For more information, see Creating and managing Amazon OpenSearch Service domains.
See also: AWS API Documentation
Request Syntax
response = client.create_domain(
DomainName='string',
EngineVersion='string',
ClusterConfig={
'InstanceType': 'm3.medium.search'|'m3.large.search'|'m3.xlarge.search'|'m3.2xlarge.search'|'m4.large.search'|'m4.xlarge.search'|'m4.2xlarge.search'|'m4.4xlarge.search'|'m4.10xlarge.search'|'m5.large.search'|'m5.xlarge.search'|'m5.2xlarge.search'|'m5.4xlarge.search'|'m5.12xlarge.search'|'m5.24xlarge.search'|'r5.large.search'|'r5.xlarge.search'|'r5.2xlarge.search'|'r5.4xlarge.search'|'r5.12xlarge.search'|'r5.24xlarge.search'|'c5.large.search'|'c5.xlarge.search'|'c5.2xlarge.search'|'c5.4xlarge.search'|'c5.9xlarge.search'|'c5.18xlarge.search'|'t3.nano.search'|'t3.micro.search'|'t3.small.search'|'t3.medium.search'|'t3.large.search'|'t3.xlarge.search'|'t3.2xlarge.search'|'ultrawarm1.medium.search'|'ultrawarm1.large.search'|'ultrawarm1.xlarge.search'|'t2.micro.search'|'t2.small.search'|'t2.medium.search'|'r3.large.search'|'r3.xlarge.search'|'r3.2xlarge.search'|'r3.4xlarge.search'|'r3.8xlarge.search'|'i2.xlarge.search'|'i2.2xlarge.search'|'d2.xlarge.search'|'d2.2xlarge.search'|'d2.4xlarge.search'|'d2.8xlarge.search'|'c4.large.search'|'c4.xlarge.search'|'c4.2xlarge.search'|'c4.4xlarge.search'|'c4.8xlarge.search'|'r4.large.search'|'r4.xlarge.search'|'r4.2xlarge.search'|'r4.4xlarge.search'|'r4.8xlarge.search'|'r4.16xlarge.search'|'i3.large.search'|'i3.xlarge.search'|'i3.2xlarge.search'|'i3.4xlarge.search'|'i3.8xlarge.search'|'i3.16xlarge.search'|'r6g.large.search'|'r6g.xlarge.search'|'r6g.2xlarge.search'|'r6g.4xlarge.search'|'r6g.8xlarge.search'|'r6g.12xlarge.search'|'m6g.large.search'|'m6g.xlarge.search'|'m6g.2xlarge.search'|'m6g.4xlarge.search'|'m6g.8xlarge.search'|'m6g.12xlarge.search'|'c6g.large.search'|'c6g.xlarge.search'|'c6g.2xlarge.search'|'c6g.4xlarge.search'|'c6g.8xlarge.search'|'c6g.12xlarge.search'|'r6gd.large.search'|'r6gd.xlarge.search'|'r6gd.2xlarge.search'|'r6gd.4xlarge.search'|'r6gd.8xlarge.search'|'r6gd.12xlarge.search'|'r6gd.16xlarge.search'|'t4g.small.search'|'t4g.medium.search',
'InstanceCount': 123,
'DedicatedMasterEnabled': True|False,
'ZoneAwarenessEnabled': True|False,
'ZoneAwarenessConfig': {
'AvailabilityZoneCount': 123
},
'DedicatedMasterType': 'm3.medium.search'|'m3.large.search'|'m3.xlarge.search'|'m3.2xlarge.search'|'m4.large.search'|'m4.xlarge.search'|'m4.2xlarge.search'|'m4.4xlarge.search'|'m4.10xlarge.search'|'m5.large.search'|'m5.xlarge.search'|'m5.2xlarge.search'|'m5.4xlarge.search'|'m5.12xlarge.search'|'m5.24xlarge.search'|'r5.large.search'|'r5.xlarge.search'|'r5.2xlarge.search'|'r5.4xlarge.search'|'r5.12xlarge.search'|'r5.24xlarge.search'|'c5.large.search'|'c5.xlarge.search'|'c5.2xlarge.search'|'c5.4xlarge.search'|'c5.9xlarge.search'|'c5.18xlarge.search'|'t3.nano.search'|'t3.micro.search'|'t3.small.search'|'t3.medium.search'|'t3.large.search'|'t3.xlarge.search'|'t3.2xlarge.search'|'ultrawarm1.medium.search'|'ultrawarm1.large.search'|'ultrawarm1.xlarge.search'|'t2.micro.search'|'t2.small.search'|'t2.medium.search'|'r3.large.search'|'r3.xlarge.search'|'r3.2xlarge.search'|'r3.4xlarge.search'|'r3.8xlarge.search'|'i2.xlarge.search'|'i2.2xlarge.search'|'d2.xlarge.search'|'d2.2xlarge.search'|'d2.4xlarge.search'|'d2.8xlarge.search'|'c4.large.search'|'c4.xlarge.search'|'c4.2xlarge.search'|'c4.4xlarge.search'|'c4.8xlarge.search'|'r4.large.search'|'r4.xlarge.search'|'r4.2xlarge.search'|'r4.4xlarge.search'|'r4.8xlarge.search'|'r4.16xlarge.search'|'i3.large.search'|'i3.xlarge.search'|'i3.2xlarge.search'|'i3.4xlarge.search'|'i3.8xlarge.search'|'i3.16xlarge.search'|'r6g.large.search'|'r6g.xlarge.search'|'r6g.2xlarge.search'|'r6g.4xlarge.search'|'r6g.8xlarge.search'|'r6g.12xlarge.search'|'m6g.large.search'|'m6g.xlarge.search'|'m6g.2xlarge.search'|'m6g.4xlarge.search'|'m6g.8xlarge.search'|'m6g.12xlarge.search'|'c6g.large.search'|'c6g.xlarge.search'|'c6g.2xlarge.search'|'c6g.4xlarge.search'|'c6g.8xlarge.search'|'c6g.12xlarge.search'|'r6gd.large.search'|'r6gd.xlarge.search'|'r6gd.2xlarge.search'|'r6gd.4xlarge.search'|'r6gd.8xlarge.search'|'r6gd.12xlarge.search'|'r6gd.16xlarge.search'|'t4g.small.search'|'t4g.medium.search',
'DedicatedMasterCount': 123,
'WarmEnabled': True|False,
'WarmType': 'ultrawarm1.medium.search'|'ultrawarm1.large.search'|'ultrawarm1.xlarge.search',
'WarmCount': 123,
'ColdStorageOptions': {
'Enabled': True|False
}
},
EBSOptions={
'EBSEnabled': True|False,
'VolumeType': 'standard'|'gp2'|'io1'|'gp3',
'VolumeSize': 123,
'Iops': 123,
'Throughput': 123
},
AccessPolicies='string',
SnapshotOptions={
'AutomatedSnapshotStartHour': 123
},
VPCOptions={
'SubnetIds': [
'string',
],
'SecurityGroupIds': [
'string',
]
},
CognitoOptions={
'Enabled': True|False,
'UserPoolId': 'string',
'IdentityPoolId': 'string',
'RoleArn': 'string'
},
EncryptionAtRestOptions={
'Enabled': True|False,
'KmsKeyId': 'string'
},
NodeToNodeEncryptionOptions={
'Enabled': True|False
},
AdvancedOptions={
'string': 'string'
},
LogPublishingOptions={
'string': {
'CloudWatchLogsLogGroupArn': 'string',
'Enabled': True|False
}
},
DomainEndpointOptions={
'EnforceHTTPS': True|False,
'TLSSecurityPolicy': 'Policy-Min-TLS-1-0-2019-07'|'Policy-Min-TLS-1-2-2019-07',
'CustomEndpointEnabled': True|False,
'CustomEndpoint': 'string',
'CustomEndpointCertificateArn': 'string'
},
AdvancedSecurityOptions={
'Enabled': True|False,
'InternalUserDatabaseEnabled': True|False,
'MasterUserOptions': {
'MasterUserARN': 'string',
'MasterUserName': 'string',
'MasterUserPassword': 'string'
},
'SAMLOptions': {
'Enabled': True|False,
'Idp': {
'MetadataContent': 'string',
'EntityId': 'string'
},
'MasterUserName': 'string',
'MasterBackendRole': 'string',
'SubjectKey': 'string',
'RolesKey': 'string',
'SessionTimeoutMinutes': 123
},
'AnonymousAuthEnabled': True|False
},
TagList=[
{
'Key': 'string',
'Value': 'string'
},
],
AutoTuneOptions={
'DesiredState': 'ENABLED'|'DISABLED',
'MaintenanceSchedules': [
{
'StartAt': datetime(2015, 1, 1),
'Duration': {
'Value': 123,
'Unit': 'HOURS'
},
'CronExpressionForRecurrence': 'string'
},
],
'UseOffPeakWindow': True|False
},
OffPeakWindowOptions={
'Enabled': True|False,
'OffPeakWindow': {
'WindowStartTime': {
'Hours': 123,
'Minutes': 123
}
}
},
SoftwareUpdateOptions={
'AutoSoftwareUpdateEnabled': True|False
}
)
[REQUIRED]
Name of the OpenSearch Service domain to create. Domain names are unique across the domains owned by an account within an Amazon Web Services Region.
OpenSearch_1.0
or Elasticsearch_7.9
. For more information, see Creating and managing Amazon OpenSearch Service domains.Container for the cluster configuration of a domain.
Instance type of data nodes in the cluster.
Number of dedicated master nodes in the cluster. This number must be greater than 1, otherwise you receive a validation exception.
Indicates whether dedicated master nodes are enabled for the cluster. True
if the cluster will use a dedicated master node. False
if the cluster will not.
Indicates whether multiple Availability Zones are enabled. For more information, see Configuring a multi-AZ domain in Amazon OpenSearch Service.
Container for zone awareness configuration options. Only required if ZoneAwarenessEnabled
is true
.
If you enabled multiple Availability Zones, this value is the number of zones that you want the domain to use. Valid values are 2
and 3
. If your domain is provisioned within a VPC, this value be equal to number of subnets.
OpenSearch Service instance type of the dedicated master nodes in the cluster.
Number of dedicated master nodes in the cluster. This number must be greater than 1, otherwise you receive a validation exception.
Whether to enable warm storage for the cluster.
The instance type for the cluster's warm nodes.
The number of warm nodes in the cluster.
Container for cold storage configuration options.
Whether to enable or disable cold storage on the domain.
Container for the parameters required to enable EBS-based storage for an OpenSearch Service domain.
Indicates whether EBS volumes are attached to data nodes in an OpenSearch Service domain.
Specifies the type of EBS volumes attached to data nodes.
Specifies the size (in GiB) of EBS volumes attached to data nodes.
Specifies the baseline input/output (I/O) performance of EBS volumes attached to data nodes. Applicable only for the gp3
and provisioned IOPS EBS volume types.
Specifies the throughput (in MiB/s) of the EBS volumes attached to data nodes. Applicable only for the gp3
volume type.
DEPRECATED. Container for the parameters required to configure automated snapshots of domain indexes.
The time, in UTC format, when OpenSearch Service takes a daily automated snapshot of the specified domain. Default is 0
hours.
Container for the values required to configure VPC access domains. If you don't specify these values, OpenSearch Service creates the domain with a public endpoint. For more information, see Launching your Amazon OpenSearch Service domains using a VPC.
A list of subnet IDs associated with the VPC endpoints for the domain. If your domain uses multiple Availability Zones, you need to provide two subnet IDs, one per zone. Otherwise, provide only one.
The list of security group IDs associated with the VPC endpoints for the domain. If you do not provide a security group ID, OpenSearch Service uses the default security group for the VPC.
Key-value pairs to configure Amazon Cognito authentication. For more information, see Configuring Amazon Cognito authentication for OpenSearch Dashboards.
Whether to enable or disable Amazon Cognito authentication for OpenSearch Dashboards.
The Amazon Cognito user pool ID that you want OpenSearch Service to use for OpenSearch Dashboards authentication.
The Amazon Cognito identity pool ID that you want OpenSearch Service to use for OpenSearch Dashboards authentication.
The AmazonOpenSearchServiceCognitoAccess
role that allows OpenSearch Service to configure your user pool and identity pool.
Key-value pairs to enable encryption at rest.
True to enable encryption at rest.
The KMS key ID. Takes the form 1a2a3a4-1a2a-3a4a-5a6a-1a2a3a4a5a6a
.
Enables node-to-node encryption.
True to enable node-to-node encryption.
Key-value pairs to specify advanced configuration options. The following key-value pairs are supported:
"rest.action.multi.allow_explicit_index": "true" | "false"
- Note the use of a string rather than a boolean. Specifies whether explicit references to indexes are allowed inside the body of HTTP requests. If you want to configure access policies for domain sub-resources, such as specific indexes and domain APIs, you must disable this property. Default is true."indices.fielddata.cache.size": "80"
- Note the use of a string rather than a boolean. Specifies the percentage of heap space allocated to field data. Default is unbounded."indices.query.bool.max_clause_count": "1024"
- Note the use of a string rather than a boolean. Specifies the maximum number of clauses allowed in a Lucene boolean query. Default is 1,024. Queries with more than the permitted number of clauses result in a TooManyClauses
error."override_main_response_version": "true" | "false"
- Note the use of a string rather than a boolean. Specifies whether the domain reports its version as 7.10 to allow Elasticsearch OSS clients and plugins to continue working with it. Default is false when creating a domain and true when upgrading a domain.For more information, see Advanced cluster parameters.
Key-value pairs to configure slow log publishing.
The type of log file. Can be one of the following:
Specifies whether the Amazon OpenSearch Service domain publishes the OpenSearch application and slow logs to Amazon CloudWatch. For more information, see Monitoring OpenSearch logs with Amazon CloudWatch Logs.
Note
After you enable log publishing, you still have to enable the collection of slow logs using the OpenSearch REST API.
The Amazon Resource Name (ARN) of the CloudWatch Logs group to publish logs to.
Whether the log should be published.
Additional options for the domain endpoint, such as whether to require HTTPS for all traffic.
True to require that all traffic to the domain arrive over HTTPS.
Specify the TLS security policy to apply to the HTTPS endpoint of the domain.
Can be one of the following values:
Whether to enable a custom endpoint for the domain.
The fully qualified URL for the custom endpoint.
The ARN for your security certificate, managed in Amazon Web Services Certificate Manager (ACM).
Options for fine-grained access control.
True to enable fine-grained access control.
True to enable the internal user database.
Container for information about the master user.
Amazon Resource Name (ARN) for the master user. Only specify if InternalUserDatabaseEnabled
is false
.
User name for the master user. Only specify if InternalUserDatabaseEnabled
is true
.
Password for the master user. Only specify if InternalUserDatabaseEnabled
is true
.
Container for information about the SAML configuration for OpenSearch Dashboards.
True to enable SAML authentication for a domain.
The SAML Identity Provider's information.
The metadata of the SAML application, in XML format.
The unique entity ID of the application in the SAML identity provider.
The SAML master user name, which is stored in the domain's internal user database.
The backend role that the SAML master user is mapped to.
Element of the SAML assertion to use for the user name. Default is NameID
.
Element of the SAML assertion to use for backend roles. Default is roles
.
The duration, in minutes, after which a user session becomes inactive. Acceptable values are between 1 and 1440, and the default value is 60.
True to enable a 30-day migration period during which administrators can create role mappings. Only necessary when enabling fine-grained access control on an existing domain.
List of tags to add to the domain upon creation.
A tag (key-value pair) for an Amazon OpenSearch Service resource.
The tag key. Tag keys must be unique for the domain to which they are attached.
The value assigned to the corresponding tag key. Tag values can be null and don't have to be unique in a tag set. For example, you can have a key value pair in a tag set of project : Trinity
and cost-center : Trinity
Options for Auto-Tune.
Whether Auto-Tune is enabled or disabled.
A list of maintenance schedules during which Auto-Tune can deploy changes. Maintenance windows are deprecated and have been replaced with off-peak windows.
Note
This object is deprecated. Use the domain's off-peak window to schedule Auto-Tune optimizations. For migration instructions, see Migrating from Auto-Tune maintenance windows.
The Auto-Tune maintenance schedule. For more information, see Auto-Tune for Amazon OpenSearch Service.
The Epoch timestamp at which the Auto-Tune maintenance schedule starts.
The duration of the maintenance schedule. For example, "Duration": {"Value": 2, "Unit": "HOURS"}
.
Integer to specify the value of a maintenance schedule duration.
The unit of measurement for the duration of a maintenance schedule.
A cron expression for a recurring maintenance schedule during which Auto-Tune can deploy changes.
Whether to schedule Auto-Tune optimizations that require blue/green deployments during the domain's configured daily off-peak window.
Specifies a daily 10-hour time block during which OpenSearch Service can perform configuration changes on the domain, including service software updates and Auto-Tune enhancements that require a blue/green deployment. If no options are specified, the default start time of 10:00 P.M. local time (for the Region that the domain is created in) is used.
Whether to enable an off-peak window.
This option is only available when modifying a domain created prior to February 13, 2023, not when creating a new domain. All domains created after this date have the off-peak window enabled by default. You can't disable the off-peak window after it's enabled for a domain.
Off-peak window settings for the domain.
A custom start time for the off-peak window, in Coordinated Universal Time (UTC). The window length will always be 10 hours, so you can't specify an end time. For example, if you specify 11:00 P.M. UTC as a start time, the end time will automatically be set to 9:00 A.M.
The start hour of the window in Coordinated Universal Time (UTC), using 24-hour time. For example, 17
refers to 5:00 P.M. UTC.
The start minute of the window, in UTC.
Software update options for the domain.
Whether automatic service software updates are enabled for the domain.
dict
Response Syntax
{
'DomainStatus': {
'DomainId': 'string',
'DomainName': 'string',
'ARN': 'string',
'Created': True|False,
'Deleted': True|False,
'Endpoint': 'string',
'Endpoints': {
'string': 'string'
},
'Processing': True|False,
'UpgradeProcessing': True|False,
'EngineVersion': 'string',
'ClusterConfig': {
'InstanceType': 'm3.medium.search'|'m3.large.search'|'m3.xlarge.search'|'m3.2xlarge.search'|'m4.large.search'|'m4.xlarge.search'|'m4.2xlarge.search'|'m4.4xlarge.search'|'m4.10xlarge.search'|'m5.large.search'|'m5.xlarge.search'|'m5.2xlarge.search'|'m5.4xlarge.search'|'m5.12xlarge.search'|'m5.24xlarge.search'|'r5.large.search'|'r5.xlarge.search'|'r5.2xlarge.search'|'r5.4xlarge.search'|'r5.12xlarge.search'|'r5.24xlarge.search'|'c5.large.search'|'c5.xlarge.search'|'c5.2xlarge.search'|'c5.4xlarge.search'|'c5.9xlarge.search'|'c5.18xlarge.search'|'t3.nano.search'|'t3.micro.search'|'t3.small.search'|'t3.medium.search'|'t3.large.search'|'t3.xlarge.search'|'t3.2xlarge.search'|'ultrawarm1.medium.search'|'ultrawarm1.large.search'|'ultrawarm1.xlarge.search'|'t2.micro.search'|'t2.small.search'|'t2.medium.search'|'r3.large.search'|'r3.xlarge.search'|'r3.2xlarge.search'|'r3.4xlarge.search'|'r3.8xlarge.search'|'i2.xlarge.search'|'i2.2xlarge.search'|'d2.xlarge.search'|'d2.2xlarge.search'|'d2.4xlarge.search'|'d2.8xlarge.search'|'c4.large.search'|'c4.xlarge.search'|'c4.2xlarge.search'|'c4.4xlarge.search'|'c4.8xlarge.search'|'r4.large.search'|'r4.xlarge.search'|'r4.2xlarge.search'|'r4.4xlarge.search'|'r4.8xlarge.search'|'r4.16xlarge.search'|'i3.large.search'|'i3.xlarge.search'|'i3.2xlarge.search'|'i3.4xlarge.search'|'i3.8xlarge.search'|'i3.16xlarge.search'|'r6g.large.search'|'r6g.xlarge.search'|'r6g.2xlarge.search'|'r6g.4xlarge.search'|'r6g.8xlarge.search'|'r6g.12xlarge.search'|'m6g.large.search'|'m6g.xlarge.search'|'m6g.2xlarge.search'|'m6g.4xlarge.search'|'m6g.8xlarge.search'|'m6g.12xlarge.search'|'c6g.large.search'|'c6g.xlarge.search'|'c6g.2xlarge.search'|'c6g.4xlarge.search'|'c6g.8xlarge.search'|'c6g.12xlarge.search'|'r6gd.large.search'|'r6gd.xlarge.search'|'r6gd.2xlarge.search'|'r6gd.4xlarge.search'|'r6gd.8xlarge.search'|'r6gd.12xlarge.search'|'r6gd.16xlarge.search'|'t4g.small.search'|'t4g.medium.search',
'InstanceCount': 123,
'DedicatedMasterEnabled': True|False,
'ZoneAwarenessEnabled': True|False,
'ZoneAwarenessConfig': {
'AvailabilityZoneCount': 123
},
'DedicatedMasterType': 'm3.medium.search'|'m3.large.search'|'m3.xlarge.search'|'m3.2xlarge.search'|'m4.large.search'|'m4.xlarge.search'|'m4.2xlarge.search'|'m4.4xlarge.search'|'m4.10xlarge.search'|'m5.large.search'|'m5.xlarge.search'|'m5.2xlarge.search'|'m5.4xlarge.search'|'m5.12xlarge.search'|'m5.24xlarge.search'|'r5.large.search'|'r5.xlarge.search'|'r5.2xlarge.search'|'r5.4xlarge.search'|'r5.12xlarge.search'|'r5.24xlarge.search'|'c5.large.search'|'c5.xlarge.search'|'c5.2xlarge.search'|'c5.4xlarge.search'|'c5.9xlarge.search'|'c5.18xlarge.search'|'t3.nano.search'|'t3.micro.search'|'t3.small.search'|'t3.medium.search'|'t3.large.search'|'t3.xlarge.search'|'t3.2xlarge.search'|'ultrawarm1.medium.search'|'ultrawarm1.large.search'|'ultrawarm1.xlarge.search'|'t2.micro.search'|'t2.small.search'|'t2.medium.search'|'r3.large.search'|'r3.xlarge.search'|'r3.2xlarge.search'|'r3.4xlarge.search'|'r3.8xlarge.search'|'i2.xlarge.search'|'i2.2xlarge.search'|'d2.xlarge.search'|'d2.2xlarge.search'|'d2.4xlarge.search'|'d2.8xlarge.search'|'c4.large.search'|'c4.xlarge.search'|'c4.2xlarge.search'|'c4.4xlarge.search'|'c4.8xlarge.search'|'r4.large.search'|'r4.xlarge.search'|'r4.2xlarge.search'|'r4.4xlarge.search'|'r4.8xlarge.search'|'r4.16xlarge.search'|'i3.large.search'|'i3.xlarge.search'|'i3.2xlarge.search'|'i3.4xlarge.search'|'i3.8xlarge.search'|'i3.16xlarge.search'|'r6g.large.search'|'r6g.xlarge.search'|'r6g.2xlarge.search'|'r6g.4xlarge.search'|'r6g.8xlarge.search'|'r6g.12xlarge.search'|'m6g.large.search'|'m6g.xlarge.search'|'m6g.2xlarge.search'|'m6g.4xlarge.search'|'m6g.8xlarge.search'|'m6g.12xlarge.search'|'c6g.large.search'|'c6g.xlarge.search'|'c6g.2xlarge.search'|'c6g.4xlarge.search'|'c6g.8xlarge.search'|'c6g.12xlarge.search'|'r6gd.large.search'|'r6gd.xlarge.search'|'r6gd.2xlarge.search'|'r6gd.4xlarge.search'|'r6gd.8xlarge.search'|'r6gd.12xlarge.search'|'r6gd.16xlarge.search'|'t4g.small.search'|'t4g.medium.search',
'DedicatedMasterCount': 123,
'WarmEnabled': True|False,
'WarmType': 'ultrawarm1.medium.search'|'ultrawarm1.large.search'|'ultrawarm1.xlarge.search',
'WarmCount': 123,
'ColdStorageOptions': {
'Enabled': True|False
}
},
'EBSOptions': {
'EBSEnabled': True|False,
'VolumeType': 'standard'|'gp2'|'io1'|'gp3',
'VolumeSize': 123,
'Iops': 123,
'Throughput': 123
},
'AccessPolicies': 'string',
'SnapshotOptions': {
'AutomatedSnapshotStartHour': 123
},
'VPCOptions': {
'VPCId': 'string',
'SubnetIds': [
'string',
],
'AvailabilityZones': [
'string',
],
'SecurityGroupIds': [
'string',
]
},
'CognitoOptions': {
'Enabled': True|False,
'UserPoolId': 'string',
'IdentityPoolId': 'string',
'RoleArn': 'string'
},
'EncryptionAtRestOptions': {
'Enabled': True|False,
'KmsKeyId': 'string'
},
'NodeToNodeEncryptionOptions': {
'Enabled': True|False
},
'AdvancedOptions': {
'string': 'string'
},
'LogPublishingOptions': {
'string': {
'CloudWatchLogsLogGroupArn': 'string',
'Enabled': True|False
}
},
'ServiceSoftwareOptions': {
'CurrentVersion': 'string',
'NewVersion': 'string',
'UpdateAvailable': True|False,
'Cancellable': True|False,
'UpdateStatus': 'PENDING_UPDATE'|'IN_PROGRESS'|'COMPLETED'|'NOT_ELIGIBLE'|'ELIGIBLE',
'Description': 'string',
'AutomatedUpdateDate': datetime(2015, 1, 1),
'OptionalDeployment': True|False
},
'DomainEndpointOptions': {
'EnforceHTTPS': True|False,
'TLSSecurityPolicy': 'Policy-Min-TLS-1-0-2019-07'|'Policy-Min-TLS-1-2-2019-07',
'CustomEndpointEnabled': True|False,
'CustomEndpoint': 'string',
'CustomEndpointCertificateArn': 'string'
},
'AdvancedSecurityOptions': {
'Enabled': True|False,
'InternalUserDatabaseEnabled': True|False,
'SAMLOptions': {
'Enabled': True|False,
'Idp': {
'MetadataContent': 'string',
'EntityId': 'string'
},
'SubjectKey': 'string',
'RolesKey': 'string',
'SessionTimeoutMinutes': 123
},
'AnonymousAuthDisableDate': datetime(2015, 1, 1),
'AnonymousAuthEnabled': True|False
},
'AutoTuneOptions': {
'State': 'ENABLED'|'DISABLED'|'ENABLE_IN_PROGRESS'|'DISABLE_IN_PROGRESS'|'DISABLED_AND_ROLLBACK_SCHEDULED'|'DISABLED_AND_ROLLBACK_IN_PROGRESS'|'DISABLED_AND_ROLLBACK_COMPLETE'|'DISABLED_AND_ROLLBACK_ERROR'|'ERROR',
'ErrorMessage': 'string',
'UseOffPeakWindow': True|False
},
'ChangeProgressDetails': {
'ChangeId': 'string',
'Message': 'string'
},
'OffPeakWindowOptions': {
'Enabled': True|False,
'OffPeakWindow': {
'WindowStartTime': {
'Hours': 123,
'Minutes': 123
}
}
},
'SoftwareUpdateOptions': {
'AutoSoftwareUpdateEnabled': True|False
}
}
}
Response Structure
(dict) --
The result of a CreateDomain
operation. Contains the status of the newly created domain.
DomainStatus (dict) --
The status of the newly created domain.
DomainId (string) --
Unique identifier for the domain.
DomainName (string) --
Name of the domain. Domain names are unique across all domains owned by the same account within an Amazon Web Services Region.
ARN (string) --
The Amazon Resource Name (ARN) of the domain. For more information, see IAM identifiers in the AWS Identity and Access Management User Guide .
Created (boolean) --
Creation status of an OpenSearch Service domain. True if domain creation is complete. False if domain creation is still in progress.
Deleted (boolean) --
Deletion status of an OpenSearch Service domain. True if domain deletion is complete. False if domain deletion is still in progress. Once deletion is complete, the status of the domain is no longer returned.
Endpoint (string) --
Domain-specific endpoint used to submit index, search, and data upload requests to the domain.
Endpoints (dict) --
The key-value pair that exists if the OpenSearch Service domain uses VPC endpoints.. Example key, value
: 'vpc','vpc-endpoint-h2dsd34efgyghrtguk5gt6j2foh4.us-east-1.es.amazonaws.com'
.
(string) --
(string) --
The domain endpoint to which index and search requests are submitted. For example, search-imdb-movies-oopcnjfn6ugo.eu-west-1.es.amazonaws.com
or doc-imdb-movies-oopcnjfn6u.eu-west-1.es.amazonaws.com
.
Processing (boolean) --
The status of the domain configuration. True if OpenSearch Service is processing configuration changes. False if the configuration is active.
UpgradeProcessing (boolean) --
The status of a domain version upgrade to a new version of OpenSearch or Elasticsearch. True if OpenSearch Service is in the process of a version upgrade. False if the configuration is active.
EngineVersion (string) --
Version of OpenSearch or Elasticsearch that the domain is running, in the format Elasticsearch_X.Y
or OpenSearch_X.Y
.
ClusterConfig (dict) --
Container for the cluster configuration of the domain.
InstanceType (string) --
Instance type of data nodes in the cluster.
InstanceCount (integer) --
Number of dedicated master nodes in the cluster. This number must be greater than 1, otherwise you receive a validation exception.
DedicatedMasterEnabled (boolean) --
Indicates whether dedicated master nodes are enabled for the cluster. True
if the cluster will use a dedicated master node. False
if the cluster will not.
ZoneAwarenessEnabled (boolean) --
Indicates whether multiple Availability Zones are enabled. For more information, see Configuring a multi-AZ domain in Amazon OpenSearch Service.
ZoneAwarenessConfig (dict) --
Container for zone awareness configuration options. Only required if ZoneAwarenessEnabled
is true
.
AvailabilityZoneCount (integer) --
If you enabled multiple Availability Zones, this value is the number of zones that you want the domain to use. Valid values are 2
and 3
. If your domain is provisioned within a VPC, this value be equal to number of subnets.
DedicatedMasterType (string) --
OpenSearch Service instance type of the dedicated master nodes in the cluster.
DedicatedMasterCount (integer) --
Number of dedicated master nodes in the cluster. This number must be greater than 1, otherwise you receive a validation exception.
WarmEnabled (boolean) --
Whether to enable warm storage for the cluster.
WarmType (string) --
The instance type for the cluster's warm nodes.
WarmCount (integer) --
The number of warm nodes in the cluster.
ColdStorageOptions (dict) --
Container for cold storage configuration options.
Enabled (boolean) --
Whether to enable or disable cold storage on the domain.
EBSOptions (dict) --
Container for EBS-based storage settings for the domain.
EBSEnabled (boolean) --
Indicates whether EBS volumes are attached to data nodes in an OpenSearch Service domain.
VolumeType (string) --
Specifies the type of EBS volumes attached to data nodes.
VolumeSize (integer) --
Specifies the size (in GiB) of EBS volumes attached to data nodes.
Iops (integer) --
Specifies the baseline input/output (I/O) performance of EBS volumes attached to data nodes. Applicable only for the gp3
and provisioned IOPS EBS volume types.
Throughput (integer) --
Specifies the throughput (in MiB/s) of the EBS volumes attached to data nodes. Applicable only for the gp3
volume type.
AccessPolicies (string) --
Identity and Access Management (IAM) policy document specifying the access policies for the domain.
SnapshotOptions (dict) --
DEPRECATED. Container for parameters required to configure automated snapshots of domain indexes.
AutomatedSnapshotStartHour (integer) --
The time, in UTC format, when OpenSearch Service takes a daily automated snapshot of the specified domain. Default is 0
hours.
VPCOptions (dict) --
The VPC configuration for the domain.
VPCId (string) --
The ID for your VPC. Amazon VPC generates this value when you create a VPC.
SubnetIds (list) --
A list of subnet IDs associated with the VPC endpoints for the domain.
AvailabilityZones (list) --
The list of Availability Zones associated with the VPC subnets.
SecurityGroupIds (list) --
The list of security group IDs associated with the VPC endpoints for the domain.
CognitoOptions (dict) --
Key-value pairs to configure Amazon Cognito authentication for OpenSearch Dashboards.
Enabled (boolean) --
Whether to enable or disable Amazon Cognito authentication for OpenSearch Dashboards.
UserPoolId (string) --
The Amazon Cognito user pool ID that you want OpenSearch Service to use for OpenSearch Dashboards authentication.
IdentityPoolId (string) --
The Amazon Cognito identity pool ID that you want OpenSearch Service to use for OpenSearch Dashboards authentication.
RoleArn (string) --
The AmazonOpenSearchServiceCognitoAccess
role that allows OpenSearch Service to configure your user pool and identity pool.
EncryptionAtRestOptions (dict) --
Encryption at rest settings for the domain.
Enabled (boolean) --
True to enable encryption at rest.
KmsKeyId (string) --
The KMS key ID. Takes the form 1a2a3a4-1a2a-3a4a-5a6a-1a2a3a4a5a6a
.
NodeToNodeEncryptionOptions (dict) --
Whether node-to-node encryption is enabled or disabled.
Enabled (boolean) --
True to enable node-to-node encryption.
AdvancedOptions (dict) --
Key-value pairs that specify advanced configuration options.
LogPublishingOptions (dict) --
Log publishing options for the domain.
(string) --
The type of log file. Can be one of the following:
(dict) --
Specifies whether the Amazon OpenSearch Service domain publishes the OpenSearch application and slow logs to Amazon CloudWatch. For more information, see Monitoring OpenSearch logs with Amazon CloudWatch Logs.
Note
After you enable log publishing, you still have to enable the collection of slow logs using the OpenSearch REST API.
CloudWatchLogsLogGroupArn (string) --
The Amazon Resource Name (ARN) of the CloudWatch Logs group to publish logs to.
Enabled (boolean) --
Whether the log should be published.
ServiceSoftwareOptions (dict) --
The current status of the domain's service software.
CurrentVersion (string) --
The current service software version present on the domain.
NewVersion (string) --
The new service software version, if one is available.
UpdateAvailable (boolean) --
True if you're able to update your service software version. False if you can't update your service software version.
Cancellable (boolean) --
True if you're able to cancel your service software version update. False if you can't cancel your service software update.
UpdateStatus (string) --
The status of your service software update.
Description (string) --
A description of the service software update status.
AutomatedUpdateDate (datetime) --
The timestamp, in Epoch time, until which you can manually request a service software update. After this date, we automatically update your service software.
OptionalDeployment (boolean) --
True if a service software is never automatically updated. False if a service software is automatically updated after the automated update date.
DomainEndpointOptions (dict) --
Additional options for the domain endpoint, such as whether to require HTTPS for all traffic.
EnforceHTTPS (boolean) --
True to require that all traffic to the domain arrive over HTTPS.
TLSSecurityPolicy (string) --
Specify the TLS security policy to apply to the HTTPS endpoint of the domain.
Can be one of the following values:
CustomEndpointEnabled (boolean) --
Whether to enable a custom endpoint for the domain.
CustomEndpoint (string) --
The fully qualified URL for the custom endpoint.
CustomEndpointCertificateArn (string) --
The ARN for your security certificate, managed in Amazon Web Services Certificate Manager (ACM).
AdvancedSecurityOptions (dict) --
Settings for fine-grained access control.
Enabled (boolean) --
True if fine-grained access control is enabled.
InternalUserDatabaseEnabled (boolean) --
True if the internal user database is enabled.
SAMLOptions (dict) --
Container for information about the SAML configuration for OpenSearch Dashboards.
Enabled (boolean) --
True if SAML is enabled.
Idp (dict) --
Describes the SAML identity provider's information.
MetadataContent (string) --
The metadata of the SAML application, in XML format.
EntityId (string) --
The unique entity ID of the application in the SAML identity provider.
SubjectKey (string) --
The key used for matching the SAML subject attribute.
RolesKey (string) --
The key used for matching the SAML roles attribute.
SessionTimeoutMinutes (integer) --
The duration, in minutes, after which a user session becomes inactive.
AnonymousAuthDisableDate (datetime) --
Date and time when the migration period will be disabled. Only necessary when enabling fine-grained access control on an existing domain.
AnonymousAuthEnabled (boolean) --
True if a 30-day migration period is enabled, during which administrators can create role mappings. Only necessary when enabling fine-grained access control on an existing domain.
AutoTuneOptions (dict) --
Auto-Tune settings for the domain.
State (string) --
The current state of Auto-Tune on the domain.
ErrorMessage (string) --
Any errors that occurred while enabling or disabling Auto-Tune.
UseOffPeakWindow (boolean) --
Whether the domain's off-peak window will be used to deploy Auto-Tune changes rather than a maintenance schedule.
ChangeProgressDetails (dict) --
Information about a configuration change happening on the domain.
ChangeId (string) --
The ID of the configuration change.
Message (string) --
A message corresponding to the status of the configuration change.
OffPeakWindowOptions (dict) --
Options that specify a custom 10-hour window during which OpenSearch Service can perform configuration changes on the domain.
Enabled (boolean) --
Whether to enable an off-peak window.
This option is only available when modifying a domain created prior to February 13, 2023, not when creating a new domain. All domains created after this date have the off-peak window enabled by default. You can't disable the off-peak window after it's enabled for a domain.
OffPeakWindow (dict) --
Off-peak window settings for the domain.
WindowStartTime (dict) --
A custom start time for the off-peak window, in Coordinated Universal Time (UTC). The window length will always be 10 hours, so you can't specify an end time. For example, if you specify 11:00 P.M. UTC as a start time, the end time will automatically be set to 9:00 A.M.
Hours (integer) --
The start hour of the window in Coordinated Universal Time (UTC), using 24-hour time. For example, 17
refers to 5:00 P.M. UTC.
Minutes (integer) --
The start minute of the window, in UTC.
SoftwareUpdateOptions (dict) --
Service software update options for the domain.
AutoSoftwareUpdateEnabled (boolean) --
Whether automatic service software updates are enabled for the domain.
Exceptions
OpenSearchService.Client.exceptions.BaseException
OpenSearchService.Client.exceptions.DisabledOperationException
OpenSearchService.Client.exceptions.InternalException
OpenSearchService.Client.exceptions.InvalidTypeException
OpenSearchService.Client.exceptions.LimitExceededException
OpenSearchService.Client.exceptions.ResourceAlreadyExistsException
OpenSearchService.Client.exceptions.ValidationException