Documentation

Architecture & Concepts ▹

Architecture & Concepts ▾

Programming Model

Projects

Stacks

Configuration and Secrets

Organizing Stacks and Projects

How Pulumi Works

State and Backends

Command Line ▹

Command Line ▾

Cancel

Config

Destroy

Logout

Logs

New

Plugin

Preview

Refresh

Stack

State

Update

Teams & Collaboration ▹

Teams & Collaboration ▾

Organizations

Teams

Roles and Access Controls

GitHub App

Pulumi Webhooks

Creating a 'Deploy with Pulumi' Button

Continuous Delivery ▹

Continuous Delivery ▾

AWS Code Services

Azure DevOps

CircleCI

GitHub Actions

GitLab CI

Travis CI

Supported Clouds

Supported Languages ▹

Supported Languages ▾

Node.js

Python

Compared to Others ▹

Compared to Others ▾

Terraform

Cloud Templates

Cloud SDKs

Serverless

Kubernetes YAML

Chef, Puppet, etc.

Custom Solutions

API Reference ▹

API Reference ▾

Node.js

pulumi

aws

aws-infra

aws-serverless

azure

azure-serverless

cloud

cloud-aws

cloud-azure

docker

eks

gcp

kubernetes

openstack

vsphere

f5bigip

packet

Python

pulumi

pulumi_aws

pulumi_azure

pulumi_gcp

pulumi_kubernetes

pulumi_random

pulumi_openstack

pulumi_f5bigip

FAQ

Changelog

Troubleshooting & Support

Edit This Page

Module elasticsearch

@pulumi/aws > elasticsearch

Index ▹

elasticsearch/domain.ts elasticsearch/domainPolicy.ts

Example Usage

Basic Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.elasticsearch.Domain("example", {
    clusterConfig: {
        instanceType: "r4.large.elasticsearch",
    },
    domainName: "example",
    elasticsearchVersion: "1.5",
    snapshotOptions: {
        automatedSnapshotStartHour: 23,
    },
    tags: {
        Domain: "TestDomain",
    },
});

Access Policy

See also: aws_elasticsearch_domain_policy resource

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const config = new pulumi.Config();
const domain = config.get("domain") || "tf-test";

const currentCallerIdentity = pulumi.output(aws.getCallerIdentity({}));
const currentRegion = pulumi.output(aws.getRegion({}));
const example = new aws.elasticsearch.Domain("example", {
    accessPolicies: pulumi.all([currentRegion, currentCallerIdentity]).apply(([currentRegion, currentCallerIdentity]) => `{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "es:*",
      "Principal": "*",
      "Effect": "Allow",
      "Resource": "arn:aws:es:${currentRegion.name}:${currentCallerIdentity.accountId}:domain/${domain}/*",
      "Condition": {
        "IpAddress": {"aws:SourceIp": ["66.193.100.22/32"]}
      }
    }
  ]
}
`),
    domainName: domain,
});

Log Publishing to CloudWatch Logs

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const exampleLogGroup = new aws.cloudwatch.LogGroup("example", {});
const exampleLogResourcePolicy = new aws.cloudwatch.LogResourcePolicy("example", {
    policyDocument: `{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "es.amazonaws.com"
      },
      "Action": [
        "logs:PutLogEvents",
        "logs:PutLogEventsBatch",
        "logs:CreateLogStream"
      ],
      "Resource": "arn:aws:logs:*"
    }
  ]
}
`,
    policyName: "example",
});
const exampleDomain = new aws.elasticsearch.Domain("example", {
    logPublishingOptions: [{
        cloudwatchLogGroupArn: exampleLogGroup.arn,
        logType: "INDEX_SLOW_LOGS",
    }],
});

VPC based ES

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const config = new pulumi.Config();
const domain = config.get("domain") || "tf-test";
const vpc = config.require("vpc");

const esServiceLinkedRole = new aws.iam.ServiceLinkedRole("es", {
    awsServiceName: "es.amazonaws.com",
});
const currentCallerIdentity = pulumi.output(aws.getCallerIdentity({}));
const currentRegion = pulumi.output(aws.getRegion({}));
const selectedVpc = pulumi.output(aws.ec2.getVpc({
    tags: {
        Name: vpc,
    },
}));
const selectedSubnetIds = pulumi.output(aws.ec2.getSubnetIds({
    tags: {
        Tier: "private",
    },
    vpcId: selectedVpc.apply(selectedVpc => selectedVpc.id),
}));
const esDomain = new aws.elasticsearch.Domain("es", {
    accessPolicies: pulumi.all([currentRegion, currentCallerIdentity]).apply(([currentRegion, currentCallerIdentity]) => `{
	"Version": "2012-10-17",
	"Statement": [
		{
			"Action": "es:*",
			"Principal": "*",
			"Effect": "Allow",
			"Resource": "arn:aws:es:${currentRegion.name}:${currentCallerIdentity.accountId}:domain/${domain}/*"
		}
	]
}
`),
    advancedOptions: {
        "rest.action.multi.allow_explicit_index": "true",
    },
    clusterConfig: {
        instanceType: "m4.large.elasticsearch",
    },
    domainName: domain,
    elasticsearchVersion: "6.3",
    snapshotOptions: {
        automatedSnapshotStartHour: 23,
    },
    tags: {
        Domain: "TestDomain",
    },
    vpcOptions: {
        securityGroupIds: [aws_security_group_elasticsearch.id],
        subnetIds: [
            selectedSubnetIds.apply(selectedSubnetIds => selectedSubnetIds.ids[0]),
            selectedSubnetIds.apply(selectedSubnetIds => selectedSubnetIds.ids[1]),
        ],
    },
}, {dependsOn: [esServiceLinkedRole]});
const esSecurityGroup = new aws.ec2.SecurityGroup("es", {
    description: "Managed by Terraform",
    ingress: [{
        cidrBlocks: [selectedVpc.apply(selectedVpc => selectedVpc.cidrBlocks)],
        fromPort: 443,
        protocol: "tcp",
        toPort: 443,
    }],
    vpcId: selectedVpc.apply(selectedVpc => selectedVpc.id),
});

constructor

new Domain(name: string, args?: DomainArgs, opts?: pulumi.CustomResourceOptions)

Create a Domain resource with the given unique name, arguments, and options.

name The unique name of the resource.
args The arguments to use to populate this resource's properties.
opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: DomainState, opts?: pulumi.CustomResourceOptions): Domain

Get an existing Domain resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property accessPolicies

public accessPolicies: pulumi.Output<string>;

IAM policy document specifying the access policies for the domain

property advancedOptions

public advancedOptions: pulumi.Output<{[key: string]: any}>;

Key-value string pairs to specify advanced configuration options. Note that the values for these configuration options must be strings (wrapped in quotes) or they may be wrong and cause a perpetual diff, causing Terraform to want to recreate your Elasticsearch domain on every apply.

property arn

public arn: pulumi.Output<string>;

Amazon Resource Name (ARN) of the domain.

property clusterConfig

public clusterConfig: pulumi.Output<{
    dedicatedMasterCount: number;
    dedicatedMasterEnabled: boolean;
    dedicatedMasterType: string;
    instanceCount: number;
    instanceType: string;
    zoneAwarenessEnabled: boolean;
}>;

Cluster configuration of the domain, see below.

property cognitoOptions

public cognitoOptions: pulumi.Output<{
    enabled: boolean;
    identityPoolId: string;
    roleArn: string;
    userPoolId: string;
} | undefined>;

property domainId

public domainId: pulumi.Output<string>;

Unique identifier for the domain.

property domainName

public domainName: pulumi.Output<string>;

Name of the domain.

property ebsOptions

public ebsOptions: pulumi.Output<{
    ebsEnabled: boolean;
    iops: number;
    volumeSize: number;
    volumeType: string;
}>;

EBS related options, may be required based on chosen instance size. See below.

property elasticsearchVersion

public elasticsearchVersion: pulumi.Output<string | undefined>;

The version of Elasticsearch to deploy. Defaults to 1.5

property encryptAtRest

public encryptAtRest: pulumi.Output<{
    enabled: boolean;
    kmsKeyId: string;
}>;

Encrypt at rest options. Only available for certain instance types. See below.

property endpoint

public endpoint: pulumi.Output<string>;

Domain-specific endpoint used to submit index, search, and data upload requests.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property kibanaEndpoint

public kibanaEndpoint: pulumi.Output<string>;

Domain-specific endpoint for kibana without https scheme.

vpc_options.0.availability_zones - If the domain was created inside a VPC, the names of the availability zones the configured subnet_ids were created inside.
vpc_options.0.vpc_id - If the domain was created inside a VPC, the ID of the VPC.

property logPublishingOptions

public logPublishingOptions: pulumi.Output<{
    cloudwatchLogGroupArn: string;
    enabled: boolean;
    logType: string;
}[] | undefined>;

Options for publishing slow logs to CloudWatch Logs.

property nodeToNodeEncryption

public nodeToNodeEncryption: pulumi.Output<{
    enabled: boolean;
}>;

Node-to-node encryption options. See below.

property snapshotOptions

public snapshotOptions: pulumi.Output<{
    automatedSnapshotStartHour: number;
} | undefined>;

Snapshot related options, see below.

property tags

public tags: pulumi.Output<{[key: string]: any} | undefined>;

A mapping of tags to assign to the resource

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property vpcOptions

public vpcOptions: pulumi.Output<{
    availabilityZones: string[];
    securityGroupIds: string[];
    subnetIds: string[];
    vpcId: string;
} | undefined>;

VPC related options, see below. Adding or removing this configuration forces a new resource (documentation).

class DomainPolicy

extends CustomResource

Allows setting policy to an Elasticsearch domain while referencing domain attributes (e.g. ARN)

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.elasticsearch.Domain("example", {
    domainName: "tf-test",
    elasticsearchVersion: "2.3",
});
const main = new aws.elasticsearch.DomainPolicy("main", {
    accessPolicies: example.arn.apply(arn => `{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": "es:*",
            "Principal": "*",
            "Effect": "Allow",
            "Condition": {
                "IpAddress": {"aws:SourceIp": "127.0.0.1/32"}
            },
            "Resource": "${arn}/*"
        }
    ]
}
`),
    domainName: example.domainName,
});

constructor

new DomainPolicy(name: string, args: DomainPolicyArgs, opts?: pulumi.CustomResourceOptions)

Create a DomainPolicy resource with the given unique name, arguments, and options.

name The unique name of the resource.
args The arguments to use to populate this resource's properties.
opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: DomainPolicyState, opts?: pulumi.CustomResourceOptions): DomainPolicy

Get an existing DomainPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property accessPolicies

public accessPolicies: pulumi.Output<string>;

IAM policy document specifying the access policies for the domain

property domainName

public domainName: pulumi.Output<string>;

Name of the domain.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

interface DomainArgs

The set of arguments for constructing a Domain resource.

property accessPolicies

accessPolicies?: pulumi.Input<string>;

IAM policy document specifying the access policies for the domain

property advancedOptions

advancedOptions?: pulumi.Input<{[key: string]: any}>;

property clusterConfig

clusterConfig?: pulumi.Input<{
    dedicatedMasterCount: pulumi.Input<number>;
    dedicatedMasterEnabled: pulumi.Input<boolean>;
    dedicatedMasterType: pulumi.Input<string>;
    instanceCount: pulumi.Input<number>;
    instanceType: pulumi.Input<string>;
    zoneAwarenessEnabled: pulumi.Input<boolean>;
}>;

Cluster configuration of the domain, see below.

property cognitoOptions

cognitoOptions?: pulumi.Input<{
    enabled: pulumi.Input<boolean>;
    identityPoolId: pulumi.Input<string>;
    roleArn: pulumi.Input<string>;
    userPoolId: pulumi.Input<string>;
}>;

property domainName

domainName?: pulumi.Input<string>;

Name of the domain.

property ebsOptions

ebsOptions?: pulumi.Input<{
    ebsEnabled: pulumi.Input<boolean>;
    iops: pulumi.Input<number>;
    volumeSize: pulumi.Input<number>;
    volumeType: pulumi.Input<string>;
}>;

EBS related options, may be required based on chosen instance size. See below.

property elasticsearchVersion

elasticsearchVersion?: pulumi.Input<string>;

The version of Elasticsearch to deploy. Defaults to 1.5

property encryptAtRest

encryptAtRest?: pulumi.Input<{
    enabled: pulumi.Input<boolean>;
    kmsKeyId: pulumi.Input<string>;
}>;

Encrypt at rest options. Only available for certain instance types. See below.

property logPublishingOptions

logPublishingOptions?: pulumi.Input<pulumi.Input<{
    cloudwatchLogGroupArn: pulumi.Input<string>;
    enabled: pulumi.Input<boolean>;
    logType: pulumi.Input<string>;
}>[]>;

Options for publishing slow logs to CloudWatch Logs.

property nodeToNodeEncryption

nodeToNodeEncryption?: pulumi.Input<{
    enabled: pulumi.Input<boolean>;
}>;

Node-to-node encryption options. See below.

property snapshotOptions

snapshotOptions?: pulumi.Input<{
    automatedSnapshotStartHour: pulumi.Input<number>;
}>;

Snapshot related options, see below.

property tags

tags?: pulumi.Input<{[key: string]: any}>;

A mapping of tags to assign to the resource

property vpcOptions

vpcOptions?: pulumi.Input<{
    availabilityZones: pulumi.Input<pulumi.Input<string>[]>;
    securityGroupIds: pulumi.Input<pulumi.Input<string>[]>;
    subnetIds: pulumi.Input<pulumi.Input<string>[]>;
    vpcId: pulumi.Input<string>;
}>;

VPC related options, see below. Adding or removing this configuration forces a new resource (documentation).

interface DomainPolicyArgs

The set of arguments for constructing a DomainPolicy resource.

property accessPolicies

accessPolicies: pulumi.Input<string>;

IAM policy document specifying the access policies for the domain

property domainName

domainName: pulumi.Input<string>;

Name of the domain.

interface DomainPolicyState

Input properties used for looking up and filtering DomainPolicy resources.

property accessPolicies

accessPolicies?: pulumi.Input<string>;

IAM policy document specifying the access policies for the domain

property domainName

domainName?: pulumi.Input<string>;

Name of the domain.

interface DomainState

Input properties used for looking up and filtering Domain resources.

property accessPolicies

accessPolicies?: pulumi.Input<string>;

IAM policy document specifying the access policies for the domain

property advancedOptions

advancedOptions?: pulumi.Input<{[key: string]: any}>;

property arn

arn?: pulumi.Input<string>;

Amazon Resource Name (ARN) of the domain.

property clusterConfig

clusterConfig?: pulumi.Input<{
    dedicatedMasterCount: pulumi.Input<number>;
    dedicatedMasterEnabled: pulumi.Input<boolean>;
    dedicatedMasterType: pulumi.Input<string>;
    instanceCount: pulumi.Input<number>;
    instanceType: pulumi.Input<string>;
    zoneAwarenessEnabled: pulumi.Input<boolean>;
}>;

Cluster configuration of the domain, see below.

property cognitoOptions

cognitoOptions?: pulumi.Input<{
    enabled: pulumi.Input<boolean>;
    identityPoolId: pulumi.Input<string>;
    roleArn: pulumi.Input<string>;
    userPoolId: pulumi.Input<string>;
}>;

property domainId

domainId?: pulumi.Input<string>;

Unique identifier for the domain.

property domainName

domainName?: pulumi.Input<string>;

Name of the domain.

property ebsOptions

ebsOptions?: pulumi.Input<{
    ebsEnabled: pulumi.Input<boolean>;
    iops: pulumi.Input<number>;
    volumeSize: pulumi.Input<number>;
    volumeType: pulumi.Input<string>;
}>;

EBS related options, may be required based on chosen instance size. See below.

property elasticsearchVersion

elasticsearchVersion?: pulumi.Input<string>;

The version of Elasticsearch to deploy. Defaults to 1.5

property encryptAtRest

encryptAtRest?: pulumi.Input<{
    enabled: pulumi.Input<boolean>;
    kmsKeyId: pulumi.Input<string>;
}>;

Encrypt at rest options. Only available for certain instance types. See below.

property endpoint

endpoint?: pulumi.Input<string>;

Domain-specific endpoint used to submit index, search, and data upload requests.

property kibanaEndpoint

kibanaEndpoint?: pulumi.Input<string>;

Domain-specific endpoint for kibana without https scheme.

vpc_options.0.availability_zones - If the domain was created inside a VPC, the names of the availability zones the configured subnet_ids were created inside.
vpc_options.0.vpc_id - If the domain was created inside a VPC, the ID of the VPC.

property logPublishingOptions

logPublishingOptions?: pulumi.Input<pulumi.Input<{
    cloudwatchLogGroupArn: pulumi.Input<string>;
    enabled: pulumi.Input<boolean>;
    logType: pulumi.Input<string>;
}>[]>;

Options for publishing slow logs to CloudWatch Logs.

property nodeToNodeEncryption

nodeToNodeEncryption?: pulumi.Input<{
    enabled: pulumi.Input<boolean>;
}>;

Node-to-node encryption options. See below.

property snapshotOptions

snapshotOptions?: pulumi.Input<{
    automatedSnapshotStartHour: pulumi.Input<number>;
}>;

Snapshot related options, see below.

property tags

tags?: pulumi.Input<{[key: string]: any}>;

A mapping of tags to assign to the resource

property vpcOptions

vpcOptions?: pulumi.Input<{
    availabilityZones: pulumi.Input<pulumi.Input<string>[]>;
    securityGroupIds: pulumi.Input<pulumi.Input<string>[]>;
    subnetIds: pulumi.Input<pulumi.Input<string>[]>;
    vpcId: pulumi.Input<string>;
}>;

VPC related options, see below. Adding or removing this configuration forces a new resource (documentation).