En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

Combining Basic Auth & Cognito Auth in ES

0

A customer wants to use HTTP Basic Auth for direct ES API access and use Cognito based federate Auth for Kibana access. Leaving aside the security issues with using Basic Auth, do we have any caveat that I should be aware of in this approach?

Sujets
Sans serveurAnalytique
Balises
Service Amazon OpenSearch
Langue
English
pprakash
demandé il y a 4 ans958 vues
1 réponse
0
Réponse acceptée

You can use Internal master user option. WIth this, the HTTP Basic Auth for direct ES API will work with a username password as well as Cognito integration will work seamlessly. (https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/fgac.html)

With the internal master user, The rest APIs and signing request will require username and password. See below for examples :

Rest :

curl --user 'username:Password01' https://vpc-testgranular01-xxxxxx.us-west-2.es.amazonaws.com

Signed Req:

es = Elasticsearch(
    hosts = [{'host': host, 'port': 443}],
    http_auth = ('username','Password01'),
    use_ssl = True,
    verify_certs = True,
    connection_class = RequestsHttpConnection
)

The Cognito Kibana will work too without any issues. However if youchoose IAM for the master user and don't enable Amazon Cognito authentication, Kibana displays a nonfunctional sign-in page and basic auth will not work.

AWS-User-3964373
répondu il y a 4 ans

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents