En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

Securing Kibana and ElasticSearch without X-Pack-Security plugin

0

A customer integrated the ELK stack into their application. If they run their own ES cluster, or use the managed service provided by elastic.co, they can lock down access to Kibana and ES using the X-Pack-Security plugin.

They're aware of the approach outlined in https://aws.amazon.com/blogs/security/how-to-control-access-to-your-amazon-elasticsearch-service-domain/, but want to avoid the need to run a proxy to handle authentication between Kibana & ES.

Do we have any alternative suggestion?

Sujets
Sans serveurAnalytique
Balises
Service Amazon OpenSearch
Langue
English
AWS-User-8801015
demandé il y a 7 ans468 vues
1 réponse
0
Réponse acceptée

Rather than use a proxy server that is allowed access via IP which requires you running an extra instance, you can enable IAM access and use the aws-es-kibana proxy which runs locally on the client and uses the clients IAM credentials to do the SigV4 signing. Here's another local proxy that supports IAM roles which the first one I mentioned doesn't.

AWS
EXPERT
Adam_W
répondu il y a 7 ans

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents