- Newest
- Most votes
- Most comments
Hi,
From your question I understand that you would like to create a user who only has read access to specific Kibana dashboards.
I am attaching the following documentation that goes over securing access to Kibana here (1). With this setup you can grant access to users for each ElasticSearch domain. I am also attaching the following documentation for fine grained access controls for OpenSearch (2). For read only access to OpenSearch you can use the AWS managed policy "AmazonOpenSearchServiceReadOnlyAccess" as a guide. You can then craft a policy such as the following to limit read actions to a specific domain.
{ "Effect": "Allow", "Action": [ "es:Get*", "es:List*", "es:Describe*" ], "Resource": "arn:aws:es:us-east-1:XXXXXXXXXXXX:domain/NAMEGOESHERE" }
I hope you have a great rest of your day!
References
(1)https://aws.amazon.com/blogs/database/configuring-and-authoring-kibana-dashboards/
(https://docs.aws.amazon.com/opensearch-service/latest/developerguide/fgac.html)
Relevant content
- asked 2 years ago
- asked 3 years ago
- asked 2 years ago
- asked 4 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated a year ago