Advanced parameters for Aiven for OpenSearch®

Below you can find a summary of every configuration option available for Aiven for OpenSearch® service:

additional_backup_regions

Title: Additional Cloud Regions for Backup Replication

Type: array

opensearch_version

Title: OpenSearch major version

Type: string,null

disable_replication_factor_adjustment

Title: Disable replication factor adjustment

Description: DEPRECATED: Disable automatic replication factor adjustment for multi-node services. By default, Aiven ensures all indexes are replicated at least to two nodes. Note: Due to potential data loss in case of losing a service node, this setting can no longer be activated.

Type: boolean,null

custom_domain

Title: Custom domain

Description: Serve the web frontend using a custom CNAME pointing to the Aiven DNS name

Type: string,null

ip_filter

Title: IP filter

Description: Allow incoming connections from CIDR address block, e.g. '10.20.0.0/16'

Type: array

service_log

Title: Service logging

Description: Store logs for the service so that they are available in the HTTP API and console.

Type: boolean,null

static_ips

Title: Static IP addresses

Description: Use static public IP addresses

Type: boolean

saml

Title: OpenSearch SAML configuration

Type: object

enabled

Title: Enable or disable OpenSearch SAML authentication

Description: Enables or disables SAML-based authentication for OpenSearch. When enabled, users can authenticate using SAML with an Identity Provider.

Type: boolean

idp_metadata_url

Title: Identity Provider (IdP) SAML metadata URL

Description: The URL of the SAML metadata for the Identity Provider (IdP). This is used to configure SAML-based authentication with the IdP.

Type: string

idp_entity_id

Title: Identity Provider Entity ID

Description: The unique identifier for the Identity Provider (IdP) entity that is used for SAML authentication. This value is typically provided by the IdP.

Type: string

sp_entity_id

Title: Service Provider Entity ID

Description: The unique identifier for the Service Provider (SP) entity that is used for SAML authentication. This value is typically provided by the SP.

Type: string

subject_key

Title: SAML response subject attribute

Description: Optional. Specifies the attribute in the SAML response where the subject identifier is stored. If not configured, the NameID attribute is used by default.

Type: string,null

roles_key

Title: SAML response role attribute

Description: Optional. Specifies the attribute in the SAML response where role information is stored, if available. Role attributes are not required for SAML authentication, but can be included in SAML assertions by most Identity Providers (IdPs) to determine user access levels or permissions.

Type: string,null

idp_pemtrustedcas_content

Title: PEM-encoded root CA Content for SAML IdP server verification

Description: This parameter specifies the PEM-encoded root certificate authority (CA) content for the SAML identity provider (IdP) server verification. The root CA content is used to verify the SSL/TLS certificate presented by the server.

Type: string,null

openid

Title: OpenSearch OpenID Connect Configuration

Type: object

enabled

Title: Enable or disable OpenSearch OpenID Connect authentication

Description: Enables or disables OpenID Connect authentication for OpenSearch. When enabled, users can authenticate using OpenID Connect with an Identity Provider.

Type: boolean

connect_url

Title: OpenID Connect metadata/configuration URL

Description: The URL of your IdP where the Security plugin can find the OpenID Connect metadata/configuration settings.

Type: string

roles_key

Title: The key in the JSON payload that stores the user’s roles

Description: The key in the JSON payload that stores the user’s roles. The value of this key must be a comma-separated list of roles. Required only if you want to use roles in the JWT

Type: string,null

subject_key

Title: The key in the JSON payload that stores the user’s name

Description: The key in the JSON payload that stores the user’s name. If not defined, the subject registered claim is used. Most IdP providers use the preferred_username claim. Optional.

Type: string,null

jwt_header

Title: The HTTP header that stores the token

Description: The HTTP header that stores the token. Typically the Authorization header with the Bearer schema: Authorization: Bearer <token>. Optional. Default is Authorization.

Type: string,null

jwt_url_parameter

Title: URL JWT token.

Description: If the token is not transmitted in the HTTP header, but as an URL parameter, define the name of the parameter here. Optional.

Type: string,null

refresh_rate_limit_count

Title: The maximum number of unknown key IDs in the time frame

Description: The maximum number of unknown key IDs in the time frame. Default is 10. Optional.

Type: integer,null

refresh_rate_limit_time_window_ms

Title: The time frame to use when checking the maximum number of unknown key IDs, in milliseconds

Description: The time frame to use when checking the maximum number of unknown key IDs, in milliseconds. Optional.Default is 10000 (10 seconds).

Type: integer,null

client_id

Title: The ID of the OpenID Connect client

Description: The ID of the OpenID Connect client configured in your IdP. Required.

Type: string

client_secret

Title: The client secret of the OpenID Connect

Description: The client secret of the OpenID Connect client configured in your IdP. Required.

Type: string

scope

Title: The scope of the identity token issued by the IdP

Description: The scope of the identity token issued by the IdP. Optional. Default is openid profile email address phone.

Type: string

Title: HTTP header name of the JWT token

Description: HTTP header name of the JWT token. Optional. Default is Authorization.

Type: string

index_patterns

Title: Index patterns

Type: array

max_index_count

Title: Maximum index count

Description: DEPRECATED: use index_patterns instead

Type: integer

keep_index_refresh_interval

Title: Don't reset index.refresh_interval to the default value

Description: Aiven automation resets index.refresh_interval to default value for every index to be sure that indices are always visible to search. If it doesn't fit your case, you can disable this by setting up this flag to true.

Type: boolean

opensearch_dashboards

Title: OpenSearch Dashboards settings

Type: object

enabled

Title: Enable or disable OpenSearch Dashboards

Type: boolean

max_old_space_size

Title: max_old_space_size

Description: Limits the maximum amount of memory (in MiB) the OpenSearch Dashboards process can use. This sets the max_old_space_size option of the nodejs running the OpenSearch Dashboards. Note: the memory reserved by OpenSearch Dashboards is not available for OpenSearch.

Type: integer

opensearch_request_timeout

Title: Timeout in milliseconds for requests made by OpenSearch Dashboards towards OpenSearch

Type: integer

opensearch

Title: OpenSearch settings

Type: object

reindex_remote_whitelist

Title: reindex_remote_whitelist

Description: Whitelisted addresses for reindexing. Changing this value will cause all OpenSearch instances to restart.

Type: array,null

http_max_content_length

Title: http.max_content_length

Description: Maximum content length for HTTP requests to the OpenSearch HTTP API, in bytes.

Type: integer

http_max_header_size

Title: http.max_header_size

Description: The max size of allowed headers, in bytes

Type: integer

http_max_initial_line_length

Title: http.max_initial_line_length

Description: The max length of an HTTP URL, in bytes

Type: integer

indices_query_bool_max_clause_count

Title: indices.query.bool.max_clause_count

Description: Maximum number of clauses Lucene BooleanQuery can have. The default value (1024) is relatively high, and increasing it may cause performance issues. Investigate other approaches first before increasing this value.

Type: integer

search_max_buckets

Title: search.max_buckets

Description: Maximum number of aggregation buckets allowed in a single response. OpenSearch default value is used when this is not defined.

Type: integer,null

indices_fielddata_cache_size

Title: indices.fielddata.cache.size

Description: Relative amount. Maximum amount of heap memory used for field data cache. This is an expert setting; decreasing the value too much will increase overhead of loading field data; too much memory used for field data cache will decrease amount of heap available for other operations.

Type: integer,null

indices_memory_index_buffer_size

Title: indices.memory.index_buffer_size

Description: Percentage value. Default is 10%. Total amount of heap used for indexing buffer, before writing segments to disk. This is an expert setting. Too low value will slow down indexing; too high value will increase indexing performance but causes performance issues for query performance.

Type: integer

indices_memory_min_index_buffer_size

Title: indices.memory.min_index_buffer_size

Description: Absolute value. Default is 48mb. Doesn't work without indices.memory.index_buffer_size. Minimum amount of heap used for query cache, an absolute indices.memory.index_buffer_size minimal hard limit.

Type: integer

indices_memory_max_index_buffer_size

Title: indices.memory.max_index_buffer_size

Description: Absolute value. Default is unbound. Doesn't work without indices.memory.index_buffer_size. Maximum amount of heap used for query cache, an absolute indices.memory.index_buffer_size maximum hard limit.

Type: integer

indices_queries_cache_size

Title: indices.queries.cache.size

Description: Percentage value. Default is 10%. Maximum amount of heap used for query cache. This is an expert setting. Too low value will decrease query performance and increase performance for other operations; too high value will cause issues with other OpenSearch functionality.

Type: integer

indices_recovery_max_bytes_per_sec

Title: indices.recovery.max_bytes_per_sec

Description: Limits total inbound and outbound recovery traffic for each node. Applies to both peer recoveries as well as snapshot recoveries (i.e., restores from a snapshot). Defaults to 40mb

Type: integer

indices_recovery_max_concurrent_file_chunks

Title: indices.recovery.max_concurrent_file_chunks

Description: Number of file chunks sent in parallel for each recovery. Defaults to 2.

Type: integer

action_auto_create_index_enabled

Title: action.auto_create_index

Description: Explicitly allow or block automatic creation of indices. Defaults to true

Type: boolean

plugins_alerting_filter_by_backend_roles

Title: plugins.alerting.filter_by_backend_roles

Description: Enable or disable filtering of alerting by backend roles. Requires Security plugin. Defaults to false

Type: boolean

auth_failure_listeners

Title: Opensearch Security Plugin Settings

Type: object

enable_security_audit

Title: Enable/Disable security audit

Type: boolean

thread_pool_search_size

Title: search thread pool size

Description: Size for the thread pool. See documentation for exact details. Do note this may have maximum value depending on CPU count - value is automatically lowered if set to higher than maximum value.

Type: integer

thread_pool_search_throttled_size

Title: search_throttled thread pool size

Type: integer

thread_pool_get_size

Title: get thread pool size

Type: integer

thread_pool_analyze_size

Title: analyze thread pool size

Type: integer

thread_pool_write_size

Title: write thread pool size

Type: integer

thread_pool_force_merge_size

Title: force_merge thread pool size

Type: integer