En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

What permissions are required to grant for read-only workbench on OpenSearch

0

We have a use-case to grant SQL Workbench access generated by OpenSearch dashboard. With the access, people should be able to run only select queries.

Sujets
Sans serveurAnalytiqueSécurité, identité et conformité
Balises
Service Amazon OpenSearchGroupes d'utilisateurs d’Amazon Cognito
Langue
English
Sarath
demandé il y a 9 mois504 vues
1 réponse
0

Hi,

What you want to do is to leverage the fine-grained access control to your data provided by OpenSearch: https://docs.aws.amazon.com/opensearch-service/latest/developerguide/fgac.html

For use with Cognito, please, follow the guidance of this specific page: https://docs.aws.amazon.com/opensearch-service/latest/developerguide/fgac-walkthrough-iam.html

You may also want to see this in-depth video detailling how to secure OpenSearch dashboards: https://www.youtube.com/watch?v=TgnHBz4i63M

Best,

Didier

profile pictureAWS
EXPERT
Didier_Durand
répondu il y a 9 mois
  • Sarath
    il y a 9 mois

    We are already using FGAC for the opensearch domain. When an RO user is trying to execute a query using workbench it is giving us the following error: SHOW tables LIKE %: Service Unavailable, this query is not runnable.

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents