Read only access to specific Kibana dashboards

Question

I am running Kibana via AWS OpenSearch Service with user management via Cognito. Is it possible to create a user that only has read only access to Kibana dashboards? And additionally, to only specific dashboards?

Accepted Answer

Hi,

From your question I understand that you would like to create a user who only has read access to specific Kibana dashboards.

I am attaching the following documentation that goes over securing access to Kibana here (1). With this setup you can grant access to users for each ElasticSearch domain. I am also attaching the following documentation for fine grained access controls for OpenSearch (2). For read only access to OpenSearch you can use the AWS managed policy "AmazonOpenSearchServiceReadOnlyAccess" as a guide. You can then craft a policy such as the following to limit read actions to a specific domain.

{
            "Effect": "Allow",
            "Action": [
                "es:Get*",
                "es:List*",
                "es:Describe*"
            ],
            "Resource": "arn:aws:es:us-east-1:XXXXXXXXXXXX:domain/NAMEGOESHERE"
        }

I hope you have a great rest of your day!

References

(1)https://aws.amazon.com/blogs/database/configuring-and-authoring-kibana-dashboards/

(https://docs.aws.amazon.com/opensearch-service/latest/developerguide/fgac.html)

Read only access to specific Kibana dashboards

Relevanter Inhalt