2022-10-17 10:28:22 +02:00
include::../opensearch_description.adoc[]
2022-09-14 14:49:32 +02:00
include::../ask-yourself.adoc[]
2022-10-17 10:28:22 +02:00
include::../opensearch_recommended.adoc[]
2022-09-14 14:49:32 +02:00
== Sensitive Code Example
For https://docs.aws.amazon.com/cdk/api/v2/python/aws_cdk.aws_opensearchservice/Domain.html[aws_cdk.aws_opensearchservice.Domain]:
[source,python]
----
from aws_cdk.aws_opensearchservice import Domain, EngineVersion
class DomainStack(Stack):
def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None:
super().__init__(scope, construct_id, **kwargs)
Domain(self, "Sensitive",
version=EngineVersion.OPENSEARCH_1_3
) # Sensitive, encryption is disabled by default
----
For https://docs.aws.amazon.com/cdk/api/v2/python/aws_cdk.aws_opensearchservice/CfnDomain.html[aws_cdk.aws_opensearchservice.CfnDomain]:
[source,python]
----
from aws_cdk.aws_opensearchservice import CfnDomain
class CfnDomainStack(Stack):
def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None:
super().__init__(scope, construct_id, **kwargs)
CfnDomain(self, "Sensitive") # Sensitive, encryption is disabled by default
----
== Compliant Solution
For https://docs.aws.amazon.com/cdk/api/v2/python/aws_cdk.aws_opensearchservice/Domain.html[aws_cdk.aws_opensearchservice.Domain]:
[source,python]
----
from aws_cdk.aws_opensearchservice import Domain, EncryptionAtRestOptions, EngineVersion
class DomainStack(Stack):
def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None:
super().__init__(scope, construct_id, **kwargs)
Domain(self, "Compliant",
version=EngineVersion.OPENSEARCH_1_3,
encryption_at_rest=EncryptionAtRestOptions(
enabled=True
)
)
----
For https://docs.aws.amazon.com/cdk/api/v2/python/aws_cdk.aws_opensearchservice/CfnDomain.html[aws_cdk.aws_opensearchservice.CfnDomain]:
[source,python]
----
from aws_cdk.aws_opensearchservice import CfnDomain
class CfnDomainStack(Stack):
def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None:
super().__init__(scope, construct_id, **kwargs)
CfnDomain(self, "Compliant",
encryption_at_rest_options=CfnDomain.EncryptionAtRestOptionsProperty(
enabled=True
)
)
----
2022-10-17 10:28:22 +02:00
include::../opensearch_see.adoc[]
2022-09-14 14:49:32 +02:00
ifdef::env-github,rspecator-view[]
'''
== Implementation Specification
(visible only on this page)
2023-05-25 14:18:12 +02:00
=== Message
For CfnDomain:
* Omitting `encryption_at_rest_options` causes encryption of data at rest to be disabled for this {OpenSearch|Elasticsearch} domain. Make sure it is safe here.
* Make sure that using unencrypted {OpenSearch|Elasticsearch} domains is safe here.
For Domain:
* Omitting `encryption_at_rest` causes encryption of data at rest to be disabled for this {OpenSearch|Elasticsearch} domain. Make sure it is safe here.
* Make sure that using unencrypted {OpenSearch|Elasticsearch} domains is safe here.
2022-09-14 14:49:32 +02:00
2022-10-17 10:28:22 +02:00
endif::env-github,rspecator-view[]
