The general recommendation is to use high level constructs and due to lack of High level construct for this feature, the CDK template needs to be migrated to use CFN constructs if there is a need to Create an OpenSearchDomain with SAMLOptionsProperty. This serves as a hinderance to the adoption of the SAMLOptionsProperty feature for AWS OpenSearch Domains.
const domain = new Domain(this, 'Domain', {
version: EngineVersion.OPENSEARCH_1_0,
enforceHttps: true,
nodeToNodeEncryption: true,
encryptionAtRest: {
enabled: true,
},
fineGrainedAccessControl: {
masterUserName: 'master-user',
samlOptions: {
enabled: true,
idp: {
entityId: 'entityId',
metadataContent: 'metadataContent',
},
masterBackendRole: 'masterBackendRole',
masterUserName: 'masterUserName',
rolesKey: 'rolesKey',
sessionTimeoutMinutes: 123,
subjectKey: 'subjectKey',
}
},
logging: {
auditLogEnabled: true,
slowSearchLogEnabled: true,
appLogEnabled: true,
slowIndexLogEnabled: true,
},
});
Describe the feature
SAMLOptions is an existing Feature for OpenSearch Domain. Feature Documentation Link. According to the CDK docs currently there is no high level CDK construct for this feature.CDK Docs link for the SamlOptions
Use Case
The general recommendation is to use high level constructs and due to lack of High level construct for this feature, the CDK template needs to be migrated to use CFN constructs if there is a need to Create an OpenSearchDomain with SAMLOptionsProperty. This serves as a hinderance to the adoption of the SAMLOptionsProperty feature for AWS OpenSearch Domains.
Proposed Solution
Add the SAMLOptionsProperty to the AdvancedSecurityOptions interface object CDK Doc for AdvancedSecurityOptions Attribute .
A SamlOptions enabeld OpenSearchDomain created using CDK high level constructs should look like
Other Information
No response
Acknowledgements
CDK version used
2.84.0
Environment details (OS name and version, etc.)
macOS Ventura 13.4