2025/07/29 - OpenSearch Service Serverless - 4 updated api methods
Changes This is to support Granular access control support for SAML with IAMFedraton in AOSS
{'iamFederationOptions': {'groupAttribute': 'string',
'userAttribute': 'string'},
'type': {'iamfederation'}}
Response {'securityConfigDetail': {'iamFederationOptions': {'groupAttribute': 'string',
'userAttribute': 'string'},
'type': {'iamfederation'}}}
Specifies a security configuration for OpenSearch Serverless. For more information, see SAML authentication for Amazon OpenSearch Serverless.
See also: AWS API Documentation
Request Syntax
client.create_security_config(
type='saml'|'iamidentitycenter'|'iamfederation',
name='string',
description='string',
samlOptions={
'metadata': 'string',
'userAttribute': 'string',
'groupAttribute': 'string',
'openSearchServerlessEntityId': 'string',
'sessionTimeout': 123
},
iamIdentityCenterOptions={
'instanceArn': 'string',
'userAttribute': 'UserId'|'UserName'|'Email',
'groupAttribute': 'GroupId'|'GroupName'
},
iamFederationOptions={
'groupAttribute': 'string',
'userAttribute': 'string'
},
clientToken='string'
)
string
[REQUIRED]
The type of security configuration.
string
[REQUIRED]
The name of the security configuration.
string
A description of the security configuration.
dict
Describes SAML options in in the form of a key-value map. This field is required if you specify SAML for the type parameter.
metadata (string) -- [REQUIRED]
The XML IdP metadata file generated from your identity provider.
userAttribute (string) --
A user attribute for this SAML integration.
groupAttribute (string) --
The group attribute for this SAML integration.
openSearchServerlessEntityId (string) --
Custom entity ID attribute to override the default entity ID for this SAML integration.
sessionTimeout (integer) --
The session timeout, in minutes. Default is 60 minutes (12 hours).
dict
Describes IAM Identity Center options in the form of a key-value map. This field is required if you specify iamidentitycenter for the type parameter.
instanceArn (string) -- [REQUIRED]
The ARN of the IAM Identity Center instance used to integrate with OpenSearch Serverless.
userAttribute (string) --
The user attribute for this IAM Identity Center integration. Defaults to UserId.
groupAttribute (string) --
The group attribute for this IAM Identity Center integration. Defaults to GroupId.
dict
Describes IAM federation options in the form of a key-value map. This field is required if you specify iamFederation for the type parameter.
groupAttribute (string) --
The group attribute for this IAM federation integration. This attribute is used to map identity provider groups to OpenSearch Serverless permissions.
userAttribute (string) --
The user attribute for this IAM federation integration. This attribute is used to identify users in the federated authentication process.
string
Unique, case-sensitive identifier to ensure idempotency of the request.
This field is autopopulated if not provided.
dict
Response Syntax
{
'securityConfigDetail': {
'id': 'string',
'type': 'saml'|'iamidentitycenter'|'iamfederation',
'configVersion': 'string',
'description': 'string',
'samlOptions': {
'metadata': 'string',
'userAttribute': 'string',
'groupAttribute': 'string',
'openSearchServerlessEntityId': 'string',
'sessionTimeout': 123
},
'iamIdentityCenterOptions': {
'instanceArn': 'string',
'applicationArn': 'string',
'applicationName': 'string',
'applicationDescription': 'string',
'userAttribute': 'UserId'|'UserName'|'Email',
'groupAttribute': 'GroupId'|'GroupName'
},
'iamFederationOptions': {
'groupAttribute': 'string',
'userAttribute': 'string'
},
'createdDate': 123,
'lastModifiedDate': 123
}
}
Response Structure
(dict) --
securityConfigDetail (dict) --
Details about the created security configuration.
id (string) --
The unique identifier of the security configuration.
type (string) --
The type of security configuration.
configVersion (string) --
The version of the security configuration.
description (string) --
The description of the security configuration.
samlOptions (dict) --
SAML options for the security configuration in the form of a key-value map.
metadata (string) --
The XML IdP metadata file generated from your identity provider.
userAttribute (string) --
A user attribute for this SAML integration.
groupAttribute (string) --
The group attribute for this SAML integration.
openSearchServerlessEntityId (string) --
Custom entity ID attribute to override the default entity ID for this SAML integration.
sessionTimeout (integer) --
The session timeout, in minutes. Default is 60 minutes (12 hours).
iamIdentityCenterOptions (dict) --
Describes IAM Identity Center options in the form of a key-value map.
instanceArn (string) --
The ARN of the IAM Identity Center instance used to integrate with OpenSearch Serverless.
applicationArn (string) --
The ARN of the IAM Identity Center application used to integrate with OpenSearch Serverless.
applicationName (string) --
The name of the IAM Identity Center application used to integrate with OpenSearch Serverless.
applicationDescription (string) --
The description of the IAM Identity Center application used to integrate with OpenSearch Serverless.
userAttribute (string) --
The user attribute for this IAM Identity Center integration. Defaults to UserId
groupAttribute (string) --
The group attribute for this IAM Identity Center integration. Defaults to GroupId.
iamFederationOptions (dict) --
Describes IAM federation options in the form of a key-value map. Contains configuration details about how OpenSearch Serverless integrates with external identity providers through federation.
groupAttribute (string) --
The group attribute for this IAM federation integration. This attribute is used to map identity provider groups to OpenSearch Serverless permissions.
userAttribute (string) --
The user attribute for this IAM federation integration. This attribute is used to identify users in the federated authentication process.
createdDate (integer) --
The date the configuration was created.
lastModifiedDate (integer) --
The timestamp of when the configuration was last modified.
{'securityConfigDetail': {'iamFederationOptions': {'groupAttribute': 'string',
'userAttribute': 'string'},
'type': {'iamfederation'}}}
Returns information about an OpenSearch Serverless security configuration. For more information, see SAML authentication for Amazon OpenSearch Serverless.
See also: AWS API Documentation
Request Syntax
client.get_security_config(
id='string'
)
string
[REQUIRED]
The unique identifier of the security configuration.
dict
Response Syntax
{
'securityConfigDetail': {
'id': 'string',
'type': 'saml'|'iamidentitycenter'|'iamfederation',
'configVersion': 'string',
'description': 'string',
'samlOptions': {
'metadata': 'string',
'userAttribute': 'string',
'groupAttribute': 'string',
'openSearchServerlessEntityId': 'string',
'sessionTimeout': 123
},
'iamIdentityCenterOptions': {
'instanceArn': 'string',
'applicationArn': 'string',
'applicationName': 'string',
'applicationDescription': 'string',
'userAttribute': 'UserId'|'UserName'|'Email',
'groupAttribute': 'GroupId'|'GroupName'
},
'iamFederationOptions': {
'groupAttribute': 'string',
'userAttribute': 'string'
},
'createdDate': 123,
'lastModifiedDate': 123
}
}
Response Structure
(dict) --
securityConfigDetail (dict) --
Details of the requested security configuration.
id (string) --
The unique identifier of the security configuration.
type (string) --
The type of security configuration.
configVersion (string) --
The version of the security configuration.
description (string) --
The description of the security configuration.
samlOptions (dict) --
SAML options for the security configuration in the form of a key-value map.
metadata (string) --
The XML IdP metadata file generated from your identity provider.
userAttribute (string) --
A user attribute for this SAML integration.
groupAttribute (string) --
The group attribute for this SAML integration.
openSearchServerlessEntityId (string) --
Custom entity ID attribute to override the default entity ID for this SAML integration.
sessionTimeout (integer) --
The session timeout, in minutes. Default is 60 minutes (12 hours).
iamIdentityCenterOptions (dict) --
Describes IAM Identity Center options in the form of a key-value map.
instanceArn (string) --
The ARN of the IAM Identity Center instance used to integrate with OpenSearch Serverless.
applicationArn (string) --
The ARN of the IAM Identity Center application used to integrate with OpenSearch Serverless.
applicationName (string) --
The name of the IAM Identity Center application used to integrate with OpenSearch Serverless.
applicationDescription (string) --
The description of the IAM Identity Center application used to integrate with OpenSearch Serverless.
userAttribute (string) --
The user attribute for this IAM Identity Center integration. Defaults to UserId
groupAttribute (string) --
The group attribute for this IAM Identity Center integration. Defaults to GroupId.
iamFederationOptions (dict) --
Describes IAM federation options in the form of a key-value map. Contains configuration details about how OpenSearch Serverless integrates with external identity providers through federation.
groupAttribute (string) --
The group attribute for this IAM federation integration. This attribute is used to map identity provider groups to OpenSearch Serverless permissions.
userAttribute (string) --
The user attribute for this IAM federation integration. This attribute is used to identify users in the federated authentication process.
createdDate (integer) --
The date the configuration was created.
lastModifiedDate (integer) --
The timestamp of when the configuration was last modified.
{'type': {'iamfederation'}}
Response {'securityConfigSummaries': {'type': {'iamfederation'}}}
Returns information about configured OpenSearch Serverless security configurations. For more information, see SAML authentication for Amazon OpenSearch Serverless.
See also: AWS API Documentation
Request Syntax
client.list_security_configs(
type='saml'|'iamidentitycenter'|'iamfederation',
nextToken='string',
maxResults=123
)
string
[REQUIRED]
The type of security configuration.
string
If your initial ListSecurityConfigs operation returns a nextToken, you can include the returned nextToken in subsequent ListSecurityConfigs operations, which returns results in the next page.
integer
An optional parameter that specifies the maximum number of results to return. You can use nextToken to get the next page of results. The default is 20.
dict
Response Syntax
{
'securityConfigSummaries': [
{
'id': 'string',
'type': 'saml'|'iamidentitycenter'|'iamfederation',
'configVersion': 'string',
'description': 'string',
'createdDate': 123,
'lastModifiedDate': 123
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
securityConfigSummaries (list) --
Details about the security configurations in your account.
(dict) --
A summary of a security configuration for OpenSearch Serverless.
id (string) --
The unique identifier of the security configuration.
type (string) --
The type of security configuration.
configVersion (string) --
The version of the security configuration.
description (string) --
The description of the security configuration.
createdDate (integer) --
The Epoch time when the security configuration was created.
lastModifiedDate (integer) --
The timestamp of when the configuration was last modified.
nextToken (string) --
When nextToken is returned, there are more results available. The value of nextToken is a unique pagination token for each page. Make the call again using the returned token to retrieve the next page.
{'iamFederationOptions': {'groupAttribute': 'string',
'userAttribute': 'string'}}
Response {'securityConfigDetail': {'iamFederationOptions': {'groupAttribute': 'string',
'userAttribute': 'string'},
'type': {'iamfederation'}}}
Updates a security configuration for OpenSearch Serverless. For more information, see SAML authentication for Amazon OpenSearch Serverless.
See also: AWS API Documentation
Request Syntax
client.update_security_config(
id='string',
configVersion='string',
description='string',
samlOptions={
'metadata': 'string',
'userAttribute': 'string',
'groupAttribute': 'string',
'openSearchServerlessEntityId': 'string',
'sessionTimeout': 123
},
iamIdentityCenterOptionsUpdates={
'userAttribute': 'UserId'|'UserName'|'Email',
'groupAttribute': 'GroupId'|'GroupName'
},
iamFederationOptions={
'groupAttribute': 'string',
'userAttribute': 'string'
},
clientToken='string'
)
string
[REQUIRED]
The security configuration identifier. For SAML the ID will be saml/<accountId>/<idpProviderName>. For example, saml/123456789123/OKTADev.
string
[REQUIRED]
The version of the security configuration to be updated. You can find the most recent version of a security configuration using the GetSecurityPolicy command.
string
A description of the security configuration.
dict
SAML options in in the form of a key-value map.
metadata (string) -- [REQUIRED]
The XML IdP metadata file generated from your identity provider.
userAttribute (string) --
A user attribute for this SAML integration.
groupAttribute (string) --
The group attribute for this SAML integration.
openSearchServerlessEntityId (string) --
Custom entity ID attribute to override the default entity ID for this SAML integration.
sessionTimeout (integer) --
The session timeout, in minutes. Default is 60 minutes (12 hours).
dict
Describes IAM Identity Center options in the form of a key-value map.
userAttribute (string) --
The user attribute for this IAM Identity Center integration. Defaults to UserId.
groupAttribute (string) --
The group attribute for this IAM Identity Center integration. Defaults to GroupId.
dict
Describes IAM federation options in the form of a key-value map for updating an existing security configuration. Use this field to modify IAM federation settings for the security configuration.
groupAttribute (string) --
The group attribute for this IAM federation integration. This attribute is used to map identity provider groups to OpenSearch Serverless permissions.
userAttribute (string) --
The user attribute for this IAM federation integration. This attribute is used to identify users in the federated authentication process.
string
Unique, case-sensitive identifier to ensure idempotency of the request.
This field is autopopulated if not provided.
dict
Response Syntax
{
'securityConfigDetail': {
'id': 'string',
'type': 'saml'|'iamidentitycenter'|'iamfederation',
'configVersion': 'string',
'description': 'string',
'samlOptions': {
'metadata': 'string',
'userAttribute': 'string',
'groupAttribute': 'string',
'openSearchServerlessEntityId': 'string',
'sessionTimeout': 123
},
'iamIdentityCenterOptions': {
'instanceArn': 'string',
'applicationArn': 'string',
'applicationName': 'string',
'applicationDescription': 'string',
'userAttribute': 'UserId'|'UserName'|'Email',
'groupAttribute': 'GroupId'|'GroupName'
},
'iamFederationOptions': {
'groupAttribute': 'string',
'userAttribute': 'string'
},
'createdDate': 123,
'lastModifiedDate': 123
}
}
Response Structure
(dict) --
securityConfigDetail (dict) --
Details about the updated security configuration.
id (string) --
The unique identifier of the security configuration.
type (string) --
The type of security configuration.
configVersion (string) --
The version of the security configuration.
description (string) --
The description of the security configuration.
samlOptions (dict) --
SAML options for the security configuration in the form of a key-value map.
metadata (string) --
The XML IdP metadata file generated from your identity provider.
userAttribute (string) --
A user attribute for this SAML integration.
groupAttribute (string) --
The group attribute for this SAML integration.
openSearchServerlessEntityId (string) --
Custom entity ID attribute to override the default entity ID for this SAML integration.
sessionTimeout (integer) --
The session timeout, in minutes. Default is 60 minutes (12 hours).
iamIdentityCenterOptions (dict) --
Describes IAM Identity Center options in the form of a key-value map.
instanceArn (string) --
The ARN of the IAM Identity Center instance used to integrate with OpenSearch Serverless.
applicationArn (string) --
The ARN of the IAM Identity Center application used to integrate with OpenSearch Serverless.
applicationName (string) --
The name of the IAM Identity Center application used to integrate with OpenSearch Serverless.
applicationDescription (string) --
The description of the IAM Identity Center application used to integrate with OpenSearch Serverless.
userAttribute (string) --
The user attribute for this IAM Identity Center integration. Defaults to UserId
groupAttribute (string) --
The group attribute for this IAM Identity Center integration. Defaults to GroupId.
iamFederationOptions (dict) --
Describes IAM federation options in the form of a key-value map. Contains configuration details about how OpenSearch Serverless integrates with external identity providers through federation.
groupAttribute (string) --
The group attribute for this IAM federation integration. This attribute is used to map identity provider groups to OpenSearch Serverless permissions.
userAttribute (string) --
The user attribute for this IAM federation integration. This attribute is used to identify users in the federated authentication process.
createdDate (integer) --
The date the configuration was created.
lastModifiedDate (integer) --
The timestamp of when the configuration was last modified.