Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

Read only access to specific Kibana dashboards

0

I am running Kibana via AWS OpenSearch Service with user management via Cognito. Is it possible to create a user that only has read only access to Kibana dashboards? And additionally, to only specific dashboards?

Temas
Seguridad, identidad y cumplimientoSin servidorAnálisis
Etiquetas
Amazon CognitoAmazon OpenSearch ServicePolíticas de IAM
Idioma
English
Ian K
preguntada hace 2 años1303 visualizaciones
1 Respuesta
1
Respuesta aceptada

Hi,

From your question I understand that you would like to create a user who only has read access to specific Kibana dashboards.

I am attaching the following documentation that goes over securing access to Kibana here (1). With this setup you can grant access to users for each ElasticSearch domain. I am also attaching the following documentation for fine grained access controls for OpenSearch (2). For read only access to OpenSearch you can use the AWS managed policy "AmazonOpenSearchServiceReadOnlyAccess" as a guide. You can then craft a policy such as the following to limit read actions to a specific domain.

{ "Effect": "Allow", "Action": [ "es:Get*", "es:List*", "es:Describe*" ], "Resource": "arn:aws:es:us-east-1:XXXXXXXXXXXX:domain/NAMEGOESHERE" }

I hope you have a great rest of your day!

References

(1)https://aws.amazon.com/blogs/database/configuring-and-authoring-kibana-dashboards/

(https://docs.aws.amazon.com/opensearch-service/latest/developerguide/fgac.html)

AWS
INGENIERO DE SOPORTE
Patrick_V
respondido hace 2 años

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante