How to use Fine-grained access control in Amazon OpenSearch Service

How to use Fine-grained access control in Amazon OpenSearch Service

In this blog post, I will show you how to use Fine-grained access control in Amazon OpenSearch Service, which is a fully managed service that makes it easy to deploy, operate, and scale OpenSearch clusters in the AWS Cloud. Fine-grained access control enables you to control who can access your data and how they can access it at the cluster, index, document, and field levels. You can also use Fine-grained access control to enable single sign-on (SSO) for OpenSearch Dashboards, which is a visualization tool for analyzing your search results.

diagram illustrates a common configuration: a VPC access domain with fine-grained access control enabled, an IAM-based access policy, and an IAM master user.

Prerequisites

To follow this tutorial, you need the following:

• An AWS account with permissions to create and manage OpenSearch Service domains.
• A domain running OpenSearch version 2.x or later with Fine-grained access control enabled.
• A dataset that you want to index and search using OpenSearch.

diagram illustrates another common configuration: a public access domain with fine-grained access control enabled, an access policy that doesn’t use IAM principals, and a master user in the internal user database.

Step 1: Create users and roles for…