Member-only story
How to use Fine-grained access control in Amazon OpenSearch Service
How to use Fine-grained access control in Amazon OpenSearch Service
In this blog post, I will show you how to use Fine-grained access control in Amazon OpenSearch Service, which is a fully managed service that makes it easy to deploy, operate, and scale OpenSearch clusters in the AWS Cloud. Fine-grained access control enables you to control who can access your data and how they can access it at the cluster, index, document, and field levels. You can also use Fine-grained access control to enable single sign-on (SSO) for OpenSearch Dashboards, which is a visualization tool for analyzing your search results.
Prerequisites
To follow this tutorial, you need the following:
- An AWS account with permissions to create and manage OpenSearch Service domains.
- A domain running OpenSearch version 2.x or later with Fine-grained access control enabled.
- A dataset that you want to index and search using OpenSearch.
Step 1: Create users and roles for Fine-grained access control
The first step is to create users and roles for Fine-grained access control using the internal user database and the security plugin. Users are the identities that you use to log in to OpenSearch Dashboards or access the OpenSearch REST API. Roles are the collections of permissions that you assign to users or backend roles. Permissions define the actions that users can perform on your domain resources, such as indexes, documents, or fields.
To create users and roles for Fine-grained access control, follow these steps:
- Go to the OpenSearch Service console, select your domain, and click on Open OpenSearch Dashboards.
- Log in as the master user that you created when you enabled Fine-grained access control for your domain.
- On the left menu, go to Security and then Internal users from the secondary menu. Click on the Create…
