Read only access to specific Kibana dashboards

0

I am running Kibana via AWS OpenSearch Service with user management via Cognito. Is it possible to create a user that only has read only access to Kibana dashboards? And additionally, to only specific dashboards?

1 Answer
1
Accepted Answer

Hi,

From your question I understand that you would like to create a user who only has read access to specific Kibana dashboards.

I am attaching the following documentation that goes over securing access to Kibana here (1). With this setup you can grant access to users for each ElasticSearch domain. I am also attaching the following documentation for fine grained access controls for OpenSearch (2). For read only access to OpenSearch you can use the AWS managed policy "AmazonOpenSearchServiceReadOnlyAccess" as a guide. You can then craft a policy such as the following to limit read actions to a specific domain.

{ "Effect": "Allow", "Action": [ "es:Get*", "es:List*", "es:Describe*" ], "Resource": "arn:aws:es:us-east-1:XXXXXXXXXXXX:domain/NAMEGOESHERE" }

I hope you have a great rest of your day!

References

(1)https://aws.amazon.com/blogs/database/configuring-and-authoring-kibana-dashboards/

(https://docs.aws.amazon.com/opensearch-service/latest/developerguide/fgac.html)

AWS
SUPPORT ENGINEER
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions