Skip to content

Commit d941f58

Browse files
author
AWS
committed
Amazon Elasticsearch Service Update: This release adds support for new or existing Amazon OpenSearch domains to enable TLS 1.3 or TLS 1.2 with perfect forward secrecy cipher suites for domain endpoints.
1 parent 97ec80f commit d941f58

File tree

4 files changed

+107
-25
lines changed

4 files changed

+107
-25
lines changed

.changes/next-release/feature-AmazonElasticsearchService-b1e6db8.json

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
{
2+
"type": "feature",
3+
"category": "Amazon Elasticsearch Service",
4+
"contributor": "",
5+
"description": "This release adds support for new or existing Amazon OpenSearch domains to enable TLS 1.3 or TLS 1.2 with perfect forward secrecy cipher suites for domain endpoints."
6+
}

services/elasticsearch/src/main/resources/codegen-resources/endpoint-rule-set.json

Lines changed: 95 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -40,7 +40,6 @@
4040
]
4141
}
4242
],
43-
"type": "tree",
4443
"rules": [
4544
{
4645
"conditions": [
@@ -83,7 +82,8 @@
8382
},
8483
"type": "endpoint"
8584
}
86-
]
85+
],
86+
"type": "tree"
8787
},
8888
{
8989
"conditions": [
@@ -96,7 +96,6 @@
9696
]
9797
}
9898
],
99-
"type": "tree",
10099
"rules": [
101100
{
102101
"conditions": [
@@ -110,7 +109,6 @@
110109
"assign": "PartitionResult"
111110
}
112111
],
113-
"type": "tree",
114112
"rules": [
115113
{
116114
"conditions": [
@@ -133,7 +131,6 @@
133131
]
134132
}
135133
],
136-
"type": "tree",
137134
"rules": [
138135
{
139136
"conditions": [
@@ -168,7 +165,6 @@
168165
]
169166
}
170167
],
171-
"type": "tree",
172168
"rules": [
173169
{
174170
"conditions": [],
@@ -179,14 +175,16 @@
179175
},
180176
"type": "endpoint"
181177
}
182-
]
178+
],
179+
"type": "tree"
183180
},
184181
{
185182
"conditions": [],
186183
"error": "FIPS and DualStack are enabled, but this partition does not support one or both",
187184
"type": "error"
188185
}
189-
]
186+
],
187+
"type": "tree"
190188
},
191189
{
192190
"conditions": [
@@ -200,14 +198,12 @@
200198
]
201199
}
202200
],
203-
"type": "tree",
204201
"rules": [
205202
{
206203
"conditions": [
207204
{
208205
"fn": "booleanEquals",
209206
"argv": [
210-
true,
211207
{
212208
"fn": "getAttr",
213209
"argv": [
@@ -216,11 +212,11 @@
216212
},
217213
"supportsFIPS"
218214
]
219-
}
215+
},
216+
true
220217
]
221218
}
222219
],
223-
"type": "tree",
224220
"rules": [
225221
{
226222
"conditions": [],
@@ -231,14 +227,16 @@
231227
},
232228
"type": "endpoint"
233229
}
234-
]
230+
],
231+
"type": "tree"
235232
},
236233
{
237234
"conditions": [],
238235
"error": "FIPS is enabled but this partition does not support FIPS",
239236
"type": "error"
240237
}
241-
]
238+
],
239+
"type": "tree"
242240
},
243241
{
244242
"conditions": [
@@ -252,7 +250,6 @@
252250
]
253251
}
254252
],
255-
"type": "tree",
256253
"rules": [
257254
{
258255
"conditions": [
@@ -272,8 +269,82 @@
272269
]
273270
}
274271
],
275-
"type": "tree",
276272
"rules": [
273+
{
274+
"conditions": [
275+
{
276+
"fn": "stringEquals",
277+
"argv": [
278+
"aws",
279+
{
280+
"fn": "getAttr",
281+
"argv": [
282+
{
283+
"ref": "PartitionResult"
284+
},
285+
"name"
286+
]
287+
}
288+
]
289+
}
290+
],
291+
"endpoint": {
292+
"url": "https://aos.{Region}.api.aws",
293+
"properties": {},
294+
"headers": {}
295+
},
296+
"type": "endpoint"
297+
},
298+
{
299+
"conditions": [
300+
{
301+
"fn": "stringEquals",
302+
"argv": [
303+
"aws-cn",
304+
{
305+
"fn": "getAttr",
306+
"argv": [
307+
{
308+
"ref": "PartitionResult"
309+
},
310+
"name"
311+
]
312+
}
313+
]
314+
}
315+
],
316+
"endpoint": {
317+
"url": "https://aos.{Region}.api.amazonwebservices.com.cn",
318+
"properties": {},
319+
"headers": {}
320+
},
321+
"type": "endpoint"
322+
},
323+
{
324+
"conditions": [
325+
{
326+
"fn": "stringEquals",
327+
"argv": [
328+
"aws-us-gov",
329+
{
330+
"fn": "getAttr",
331+
"argv": [
332+
{
333+
"ref": "PartitionResult"
334+
},
335+
"name"
336+
]
337+
}
338+
]
339+
}
340+
],
341+
"endpoint": {
342+
"url": "https://aos.{Region}.api.aws",
343+
"properties": {},
344+
"headers": {}
345+
},
346+
"type": "endpoint"
347+
},
277348
{
278349
"conditions": [],
279350
"endpoint": {
@@ -283,14 +354,16 @@
283354
},
284355
"type": "endpoint"
285356
}
286-
]
357+
],
358+
"type": "tree"
287359
},
288360
{
289361
"conditions": [],
290362
"error": "DualStack is enabled but this partition does not support DualStack",
291363
"type": "error"
292364
}
293-
]
365+
],
366+
"type": "tree"
294367
},
295368
{
296369
"conditions": [],
@@ -301,9 +374,11 @@
301374
},
302375
"type": "endpoint"
303376
}
304-
]
377+
],
378+
"type": "tree"
305379
}
306-
]
380+
],
381+
"type": "tree"
307382
},
308383
{
309384
"conditions": [],

services/elasticsearch/src/main/resources/codegen-resources/endpoint-tests.json

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -355,7 +355,7 @@
355355
"documentation": "For region us-east-1 with FIPS disabled and DualStack enabled",
356356
"expect": {
357357
"endpoint": {
358-
"url": "https://es.us-east-1.api.aws"
358+
"url": "https://aos.us-east-1.api.aws"
359359
}
360360
},
361361
"params": {
@@ -420,7 +420,7 @@
420420
"documentation": "For region cn-north-1 with FIPS disabled and DualStack enabled",
421421
"expect": {
422422
"endpoint": {
423-
"url": "https://es.cn-north-1.api.amazonwebservices.com.cn"
423+
"url": "https://aos.cn-north-1.api.amazonwebservices.com.cn"
424424
}
425425
},
426426
"params": {
@@ -498,7 +498,7 @@
498498
"documentation": "For region us-gov-east-1 with FIPS disabled and DualStack enabled",
499499
"expect": {
500500
"endpoint": {
501-
"url": "https://es.us-gov-east-1.api.aws"
501+
"url": "https://aos.us-gov-east-1.api.aws"
502502
}
503503
},
504504
"params": {

services/elasticsearch/src/main/resources/codegen-resources/service-2.json

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2278,7 +2278,7 @@
22782278
},
22792279
"TLSSecurityPolicy":{
22802280
"shape":"TLSSecurityPolicy",
2281-
"documentation":"<p>Specify the TLS security policy that needs to be applied to the HTTPS endpoint of Elasticsearch domain. <br/> It can be one of the following values: <ul> <li><b>Policy-Min-TLS-1-0-2019-07: </b> TLS security policy which supports TLSv1.0 and higher.</li> <li><b>Policy-Min-TLS-1-2-2019-07: </b> TLS security policy which supports only TLSv1.2</li> </ul> </p>"
2281+
"documentation":"<p>Specify the TLS security policy that needs to be applied to the HTTPS endpoint of Elasticsearch domain. <br/> It can be one of the following values: <ul> <li><b>Policy-Min-TLS-1-0-2019-07: </b> TLS security policy that supports TLS version 1.0 to TLS version 1.2</li> <li><b>Policy-Min-TLS-1-2-2019-07: </b> TLS security policy that supports only TLS version 1.2</li> <li><b>Policy-Min-TLS-1-2-PFS-2023-10: </b> TLS security policy that supports TLS version 1.2 to TLS version 1.3 with perfect forward secrecy cipher suites</li> </ul> </p>"
22822282
},
22832283
"CustomEndpointEnabled":{
22842284
"shape":"Boolean",
@@ -4389,7 +4389,8 @@
43894389
"type":"string",
43904390
"enum":[
43914391
"Policy-Min-TLS-1-0-2019-07",
4392-
"Policy-Min-TLS-1-2-2019-07"
4392+
"Policy-Min-TLS-1-2-2019-07",
4393+
"Policy-Min-TLS-1-2-PFS-2023-10"
43934394
]
43944395
},
43954396
"Tag":{

0 commit comments

Comments
 (0)