CreateSecurityPolicy - Amazon OpenSearch Serverless (original) (raw)

Creates a security policy to be used by one or more OpenSearch Serverless collections. Security policies provide access to a collection and its OpenSearch Dashboards endpoint from public networks or specific VPC endpoints. They also allow you to secure a collection with a KMS encryption key. For more information, see Network access for Amazon OpenSearch Serverless and Encryption at rest for Amazon OpenSearch Serverless.

Request Syntax

{
   "clientToken": "string",
   "description": "string",
   "name": "string",
   "policy": "string",
   "type": "string"
}

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.

clientToken

Unique, case-sensitive identifier to ensure idempotency of the request.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 512.

Required: No

description

A description of the policy. Typically used to store information about the permissions defined in the policy.

Type: String

Length Constraints: Minimum length of 0. Maximum length of 1000.

Required: No

name

The name of the policy.

Type: String

Length Constraints: Minimum length of 3. Maximum length of 32.

Pattern: [a-z][a-z0-9-]+

Required: Yes

policy

The JSON policy document to use as the content for the new policy.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 20480.

Pattern: .*[\u0009\u000A\u000D\u0020-\u007E\u00A1-\u00FF]+.*

Required: Yes

type

The type of security policy.

Type: String

Valid Values: encryption | network

Required: Yes

Response Syntax

{
   "securityPolicyDetail": { 
      "createdDate": number,
      "description": "string",
      "lastModifiedDate": number,
      "name": "string",
      "policy": JSON value,
      "policyVersion": "string",
      "type": "string"
   }
}

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

Errors

For information about the errors that are common to all actions, see Common Errors.

ConflictException

When creating a resource, thrown when a resource with the same name already exists or is being created. When deleting a resource, thrown when the resource is not in the ACTIVE or FAILED state.

HTTP Status Code: 400

InternalServerException

Thrown when an error internal to the service occurs while processing a request.

HTTP Status Code: 500

ServiceQuotaExceededException

Thrown when you attempt to create more resources than the service allows based on service quotas.

HTTP Status Code: 400

ValidationException

Thrown when the HTTP request contains invalid input or is missing required input.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface
• AWS SDK for .NET
• AWS SDK for C++
• AWS SDK for Go v2
• AWS SDK for Java V2
• AWS SDK for JavaScript V3
• AWS SDK for Kotlin
• AWS SDK for PHP V3
• AWS SDK for Python
• AWS SDK for Ruby V3