AWS::Elasticsearch::Domain

The AWS::Elasticsearch::Domain resource creates an Amazon Elasticsearch Service (Amazon ES) domain.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON { "Type" : "AWS::Elasticsearch::Domain", "Properties" : { "AccessPolicies" : Json , "AdvancedOptions" : { Key : Value , ...} , "AdvancedSecurityOptions" : AdvancedSecurityOptionsInput , "CognitoOptions" : CognitoOptions , "DomainEndpointOptions" : DomainEndpointOptions , "DomainName" : String , "EBSOptions" : EBSOptions , "ElasticsearchClusterConfig" : ElasticsearchClusterConfig , "ElasticsearchVersion" : String , "EncryptionAtRestOptions" : EncryptionAtRestOptions , "LogPublishingOptions" : { Key : Value , ...} , "NodeToNodeEncryptionOptions" : NodeToNodeEncryptionOptions , "SnapshotOptions" : SnapshotOptions , "Tags" : [ Tag, ... ] , "VPCOptions" : VPCOptions } }

YAML Type: AWS::Elasticsearch::Domain Properties: AccessPolicies: Json AdvancedOptions: Key : Value AdvancedSecurityOptions: AdvancedSecurityOptionsInput CognitoOptions: CognitoOptions DomainEndpointOptions: DomainEndpointOptions DomainName: String EBSOptions: EBSOptions ElasticsearchClusterConfig: ElasticsearchClusterConfig ElasticsearchVersion: String EncryptionAtRestOptions: EncryptionAtRestOptions LogPublishingOptions: Key : Value NodeToNodeEncryptionOptions: NodeToNodeEncryptionOptions SnapshotOptions: SnapshotOptions Tags: - Tag VPCOptions: VPCOptions

Properties

Return values

Ref

When the logical ID of this resource is provided to the Ref intrinsic function, Ref returns the resource name, such as mystack-elasticsea-abc1d2efg3h4. For more information about using the Ref function, see Ref.

Fn::GetAtt

Fn::GetAtt returns a value for a specified attribute of this type. For more information, see Fn::GetAtt. The following are the available attributes and sample return values.

Arn The Amazon Resource Name (ARN) of the domain, such as arn:aws:es:us-west-2:123456789012:domain/mystack-elasti-1ab2cdefghij . This returned value is the same as the one returned by AWS::Elasticsearch::Domain.DomainArn . DomainArn The Amazon Resource Name (ARN) of the domain, such as arn:aws:es:us-west-2:123456789012:domain/mystack-elasti-1ab2cdefghij . This returned value is the same as the one returned by AWS::Elasticsearch::Domain.Arn . DomainEndpoint The domain-specific endpoint that's used for requests to the Elasticsearch APIs, such as search-mystack-elasti-1ab2cdefghij-ab1c2deckoyb3hofw7wpqa3cm.us-west-1.es.amazonaws.com .

Examples

Create an Amazon ES domain that contains two data nodes and three master nodes

The following example creates an Amazon ES domain running Elasticsearch 7.4 that contains two data nodes and three dedicated master nodes. The domain has 40 GiB of storage and enables log publishing for application logs, search slow logs, and index slow logs. The access policy permits the root user for the AWS account to make all HTTP requests to the domain, such as indexing documents or searching indices.

JSON "ElasticsearchDomain": { "Type":"AWS::Elasticsearch::Domain", "Properties": { "DomainName":"test", "ElasticsearchClusterConfig": { "DedicatedMasterEnabled":"true", "InstanceCount":"2", "ZoneAwarenessEnabled":"true", "InstanceType":"m3.medium.elasticsearch", "DedicatedMasterType":"m3.medium.elasticsearch", "DedicatedMasterCount":"3" }, "EBSOptions": { "EBSEnabled":true, "Iops":0, "VolumeSize":20, "VolumeType":"gp2" }, "SnapshotOptions": { "AutomatedSnapshotStartHour":"0" }, "AccessPolicies": { "Version":"2012-10-17", "Statement":[ { "Effect":"Allow", "Principal": { "AWS":"arn:aws:iam::123456789012:user/es-user" }, "Action":"es:*", "Resource":"arn:aws:es:us-east-1:123456789012:domain/test/*" } ] }, "AdvancedOptions": { "rest.action.multi.allow_explicit_index":"true" } } }

YAML ElasticsearchDomain: Type: AWS::Elasticsearch::Domain Properties: DomainName: "test" ElasticsearchClusterConfig: DedicatedMasterEnabled: "true" InstanceCount: "2" ZoneAwarenessEnabled: "true" InstanceType: "m3.medium.elasticsearch" DedicatedMasterType: "m3.medium.elasticsearch" DedicatedMasterCount: "3" EBSOptions: EBSEnabled: true Iops: 0 VolumeSize: 20 VolumeType: "gp2" SnapshotOptions: AutomatedSnapshotStartHour: "0" AccessPolicies: Version: "2012-10-17" Statement: - Effect: "Allow" Principal: AWS: "arn:aws:iam::123456789012:user/es-user" Action: "es:*" Resource: "arn:aws:es:us-east-1:846973539254:domain/test/*" AdvancedOptions: rest.action.multi.allow_explicit_index: "true"

Create a domain with VPC options

The following example creates a domain with VPC options.

JSON { "AWSTemplateFormatVersion": "2010-09-09", "Description": "ElasticsearchDomain resource", "Parameters": { "DomainName": { "Description": "User defined Elasticsearch Domain name", "Type": "String" }, "ElasticsearchVersion": { "Description": "User defined Elasticsearch Version", "Type": "String" }, "InstanceType": { "Type": "String" }, "AvailabilityZone": { "Type": "String" }, "CidrBlock": { "Type": "String" }, "GroupDescription": { "Type": "String" }, "SGName": { "Type": "String" } }, "Resources": { "ElasticsearchDomain": { "Type": "AWS::Elasticsearch::Domain", "Properties": { "DomainName": { "Ref": "DomainName" }, "ElasticsearchVersion": { "Ref": "ElasticsearchVersion" }, "ElasticsearchClusterConfig": { "InstanceCount": "1", "InstanceType": { "Ref": "InstanceType" } }, "EBSOptions": { "EBSEnabled": "true", "Iops": 0, "VolumeSize": 10, "VolumeType": "standard" }, "SnapshotOptions": { "AutomatedSnapshotStartHour": "0" }, "AccessPolicies": { "Version": "2012-10-17", "Statement": [ { "Effect": "Deny", "Principal": { "AWS": "*" }, "Action": "es:*", "Resource": "*" } ] }, "LogPublishingOptions": { "SEARCH_SLOW_LOGS": { "CloudWatchLogsLogGroupArn": "arn:aws:logs:us-east-1:123456789012:log-group:/aws/aes/domains/es-slow-logs", "Enabled": "true" }, "INDEX_SLOW_LOGS": { "CloudWatchLogsLogGroupArn": "arn:aws:logs:us-east-1:123456789012:log-group:/aws/aes/domains/es-index-slow-logs", "Enabled": "true" } }, "AdvancedOptions": { "rest.action.multi.allow_explicit_index": "true" }, "Tags": [ { "Key": "foo", "Value": "bar" } ], "VPCOptions": { "SubnetIds": [ { "Ref": "subnet" } ], "SecurityGroupIds": [ { "Ref": "mySecurityGroup" } ] } } }, "vpc": { "Type": "AWS::EC2::VPC", "Properties": { "CidrBlock": "10.0.0.0/16" } }, "subnet": { "Type": "AWS::EC2::Subnet", "Properties": { "VpcId": { "Ref": "vpc" }, "CidrBlock": { "Ref": "CidrBlock" }, "AvailabilityZone": { "Ref": "AvailabilityZone" } } }, "mySecurityGroup": { "Type": "AWS::EC2::SecurityGroup", "Properties": { "GroupDescription": { "Ref": "GroupDescription" }, "VpcId": { "Ref": "vpc" }, "GroupName": { "Ref": "SGName" }, "SecurityGroupIngress": [ { "FromPort": "443", "IpProtocol": "tcp", "ToPort": "443", "CidrIp": "0.0.0.0/0" } ] } } }, "Outputs": { "DomainArn": { "Value": { "Fn::GetAtt": [ "ElasticsearchDomain", "DomainArn" ] } }, "DomainEndpoint": { "Value": { "Fn::GetAtt": [ "ElasticsearchDomain", "DomainEndpoint" ] } }, "SecurityGroupId": { "Value": { "Ref": "mySecurityGroup" } }, "SubnetId": { "Value": { "Ref": "subnet" } } } }