:doc:`OpenSearchServiceServerless <../../opensearchserverless>` / Client / create_security_config

**********************
create_security_config
**********************



.. py:method:: OpenSearchServiceServerless.Client.create_security_config(**kwargs)

  

  Specifies a security configuration for OpenSearch Serverless. For more information, see `SAML authentication for Amazon OpenSearch Serverless <https://docs.aws.amazon.com/opensearch-service/latest/developerguide/serverless-saml.html>`__.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/opensearchserverless-2021-11-01/CreateSecurityConfig>`_  


  **Request Syntax**
  ::

    response = client.create_security_config(
        type='saml'|'iamidentitycenter'|'iamfederation',
        name='string',
        description='string',
        samlOptions={
            'metadata': 'string',
            'userAttribute': 'string',
            'groupAttribute': 'string',
            'openSearchServerlessEntityId': 'string',
            'sessionTimeout': 123
        },
        iamIdentityCenterOptions={
            'instanceArn': 'string',
            'userAttribute': 'UserId'|'UserName'|'Email',
            'groupAttribute': 'GroupId'|'GroupName'
        },
        iamFederationOptions={
            'groupAttribute': 'string',
            'userAttribute': 'string'
        },
        clientToken='string'
    )
    
  :type type: string
  :param type: **[REQUIRED]** 

    The type of security configuration.

    

  
  :type name: string
  :param name: **[REQUIRED]** 

    The name of the security configuration.

    

  
  :type description: string
  :param description: 

    A description of the security configuration.

    

  
  :type samlOptions: dict
  :param samlOptions: 

    Describes SAML options in the form of a key-value map. This field is required if you specify ``SAML`` for the ``type`` parameter.

    

  
    - **metadata** *(string) --* **[REQUIRED]** 

      The XML IdP metadata file generated from your identity provider.

      

    
    - **userAttribute** *(string) --* 

      A user attribute for this SAML integration.

      

    
    - **groupAttribute** *(string) --* 

      The group attribute for this SAML integration.

      

    
    - **openSearchServerlessEntityId** *(string) --* 

      Custom entity ID attribute to override the default entity ID for this SAML integration.

      

    
    - **sessionTimeout** *(integer) --* 

      The session timeout, in minutes. Default is 60 minutes (12 hours).

      

    
  
  :type iamIdentityCenterOptions: dict
  :param iamIdentityCenterOptions: 

    Describes IAM Identity Center options in the form of a key-value map. This field is required if you specify ``iamidentitycenter`` for the ``type`` parameter.

    

  
    - **instanceArn** *(string) --* **[REQUIRED]** 

      The ARN of the IAM Identity Center instance used to integrate with OpenSearch Serverless.

      

    
    - **userAttribute** *(string) --* 

      The user attribute for this IAM Identity Center integration. Defaults to ``UserId``.

      

    
    - **groupAttribute** *(string) --* 

      The group attribute for this IAM Identity Center integration. Defaults to ``GroupId``.

      

    
  
  :type iamFederationOptions: dict
  :param iamFederationOptions: 

    Describes IAM federation options in the form of a key-value map. This field is required if you specify ``iamFederation`` for the ``type`` parameter.

    

  
    - **groupAttribute** *(string) --* 

      The group attribute for this IAM federation integration. This attribute is used to map identity provider groups to OpenSearch Serverless permissions.

      

    
    - **userAttribute** *(string) --* 

      The user attribute for this IAM federation integration. This attribute is used to identify users in the federated authentication process.

      

    
  
  :type clientToken: string
  :param clientToken: 

    Unique, case-sensitive identifier to ensure idempotency of the request.

    This field is autopopulated if not provided.

  
  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'securityConfigDetail': {
              'id': 'string',
              'type': 'saml'|'iamidentitycenter'|'iamfederation',
              'configVersion': 'string',
              'description': 'string',
              'samlOptions': {
                  'metadata': 'string',
                  'userAttribute': 'string',
                  'groupAttribute': 'string',
                  'openSearchServerlessEntityId': 'string',
                  'sessionTimeout': 123
              },
              'iamIdentityCenterOptions': {
                  'instanceArn': 'string',
                  'applicationArn': 'string',
                  'applicationName': 'string',
                  'applicationDescription': 'string',
                  'userAttribute': 'UserId'|'UserName'|'Email',
                  'groupAttribute': 'GroupId'|'GroupName'
              },
              'iamFederationOptions': {
                  'groupAttribute': 'string',
                  'userAttribute': 'string'
              },
              'createdDate': 123,
              'lastModifiedDate': 123
          }
      }
      
    **Response Structure**

    

    - *(dict) --* 
      

      - **securityConfigDetail** *(dict) --* 

        Details about the created security configuration.

        
        

        - **id** *(string) --* 

          The unique identifier of the security configuration.

          
        

        - **type** *(string) --* 

          The type of security configuration.

          
        

        - **configVersion** *(string) --* 

          The version of the security configuration.

          
        

        - **description** *(string) --* 

          The description of the security configuration.

          
        

        - **samlOptions** *(dict) --* 

          SAML options for the security configuration in the form of a key-value map.

          
          

          - **metadata** *(string) --* 

            The XML IdP metadata file generated from your identity provider.

            
          

          - **userAttribute** *(string) --* 

            A user attribute for this SAML integration.

            
          

          - **groupAttribute** *(string) --* 

            The group attribute for this SAML integration.

            
          

          - **openSearchServerlessEntityId** *(string) --* 

            Custom entity ID attribute to override the default entity ID for this SAML integration.

            
          

          - **sessionTimeout** *(integer) --* 

            The session timeout, in minutes. Default is 60 minutes (12 hours).

            
      
        

        - **iamIdentityCenterOptions** *(dict) --* 

          Describes IAM Identity Center options in the form of a key-value map.

          
          

          - **instanceArn** *(string) --* 

            The ARN of the IAM Identity Center instance used to integrate with OpenSearch Serverless.

            
          

          - **applicationArn** *(string) --* 

            The ARN of the IAM Identity Center application used to integrate with OpenSearch Serverless.

            
          

          - **applicationName** *(string) --* 

            The name of the IAM Identity Center application used to integrate with OpenSearch Serverless.

            
          

          - **applicationDescription** *(string) --* 

            The description of the IAM Identity Center application used to integrate with OpenSearch Serverless.

            
          

          - **userAttribute** *(string) --* 

            The user attribute for this IAM Identity Center integration. Defaults to ``UserId``

            
          

          - **groupAttribute** *(string) --* 

            The group attribute for this IAM Identity Center integration. Defaults to ``GroupId``.

            
      
        

        - **iamFederationOptions** *(dict) --* 

          Describes IAM federation options in the form of a key-value map. Contains configuration details about how OpenSearch Serverless integrates with external identity providers through federation.

          
          

          - **groupAttribute** *(string) --* 

            The group attribute for this IAM federation integration. This attribute is used to map identity provider groups to OpenSearch Serverless permissions.

            
          

          - **userAttribute** *(string) --* 

            The user attribute for this IAM federation integration. This attribute is used to identify users in the federated authentication process.

            
      
        

        - **createdDate** *(integer) --* 

          The date the configuration was created.

          
        

        - **lastModifiedDate** *(integer) --* 

          The timestamp of when the configuration was last modified.

          
    
  
  **Exceptions**
  
  *   :py:class:`OpenSearchServiceServerless.Client.exceptions.InternalServerException`

  
  *   :py:class:`OpenSearchServiceServerless.Client.exceptions.ConflictException`

  
  *   :py:class:`OpenSearchServiceServerless.Client.exceptions.ValidationException`

  
  *   :py:class:`OpenSearchServiceServerless.Client.exceptions.ServiceQuotaExceededException`

  