03/15/2023, 10:35 PM
Hi, love pulumi but I could use some guidance with a project I am working on. I am trying to deploy AWS OpenSearch Serverless using typescript but Googling doesn't yield a lot of results. I keep running into encryption related errors when deploying to AWS. Anyone know if it's possible to deploy OpenSearch Serverless right now or can provide some insights/working examples?
// Create a new encryption policy
const analyticsEncryptionPolicy = new aws_native.opensearchserverless.SecurityPolicy("analytics-encryption-policy", {
  securityPolicyName: "analytics-encryption-policy",
  securityPolicyDescription: "Encryption policy for OpenSearch Serverless",
  keyId: "alias/aws/opensearchserverless",
  keyType: "AWS_OWNED_KEY",
  policy: JSON.stringify({
    accessType: "PUBLIC",
    Type: "Encryption",
    Rules: [
        ResourceType: "*",
        Subject: {
          AWS: "*",
        Effect: "Allow",
        Action: "*",

// Create a serverless collection for OpenSearch
const elasticsearchServerless = new aws_native.opensearchserverless.Collection("collection", {
  name: "analytics-es-serverless",
  description: "Analytics OpenSearch Serverless Collection",
  collectionType: "TimeSeries",
  encryptionPolicies: [
      securityPolicyName: analyticsEncryptionPolicy.securityPolicyName,
  networkPolicy: {
    accessType: "PUBLIC",
    resourceType: ["COLLECTION", "DASHBOARD"],
    prefixCollectionNmae: "analytics",
  dataPolicy: {
    policyName: "analytics-data-policy",
    rules: [
        grantedResources: ["index/analytics/*"],
        resourceType: "INDEX",
        permissions: ["aoss:CreateIndex", "aoss:DeleteIndex", "aoss:UpdateIndex", "aoss:ReadIndex", "aossReadDocument", "aoss:WriteDocument"],
        principal: firehoseRole,