En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

Read only access to specific Kibana dashboards

0

I am running Kibana via AWS OpenSearch Service with user management via Cognito. Is it possible to create a user that only has read only access to Kibana dashboards? And additionally, to only specific dashboards?

Sujets
Sécurité, identité et conformitéSans serveurAnalytique
Balises
Amazon CognitoService Amazon OpenSearchPolitiques IAM
Langue
English
Ian K
demandé il y a 2 ans1303 vues
1 réponse
1
Réponse acceptée

Hi,

From your question I understand that you would like to create a user who only has read access to specific Kibana dashboards.

I am attaching the following documentation that goes over securing access to Kibana here (1). With this setup you can grant access to users for each ElasticSearch domain. I am also attaching the following documentation for fine grained access controls for OpenSearch (2). For read only access to OpenSearch you can use the AWS managed policy "AmazonOpenSearchServiceReadOnlyAccess" as a guide. You can then craft a policy such as the following to limit read actions to a specific domain.

{ "Effect": "Allow", "Action": [ "es:Get*", "es:List*", "es:Describe*" ], "Resource": "arn:aws:es:us-east-1:XXXXXXXXXXXX:domain/NAMEGOESHERE" }

I hope you have a great rest of your day!

References

(1)https://aws.amazon.com/blogs/database/configuring-and-authoring-kibana-dashboards/

(https://docs.aws.amazon.com/opensearch-service/latest/developerguide/fgac.html)

AWS
INGÉNIEUR EN ASSISTANCE TECHNIQUE
Patrick_V
répondu il y a 2 ans

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents