Enable Field Level Security in AWS Elasticsearch Service with AWS Cognito

Question

I am working on setting up an Elasticsearch index, where the Kibana access would be controlled by AWS Cognito. I would like to set up 2 types of users in Cognito; Type 1 would have access to all data fields in the index, while Type 2 would only have access to selected data fields. For example, suppose my schema is

--Name
--Salary
--JobTitle
--UniqueId
--CreationDate
--Description

I would like Type 1 users to be able to access all fields, while Type 2 users would only be able to access Name, JobTitle, and Description. I found how to enable field level security in Elasticsearch (https://www.elastic.co/guide/en/elastic-stack-overview/7.1/field-level-security.html), but I can't find how to integrate this with Cognito.

score 0 · Answer 1 · answered Aug 20 '19 at 15:45

AWS ES does not support X-pack at the moment. Since field level security being a part of X-Pack you cant enable it on the AWS Elasticsearch.

One thing that you can try is setup your own kibana on EC2 instance and in kibana.yml point it to the AWS Elasticsearch domain. But please note that for kibana having X-Pack you would need to buy a x-pack license.

Also cognito wont provide you such functionality. Hence I dont think so its feasible at the moment.

Enable Field Level Security in AWS Elasticsearch Service with AWS Cognito

1 Answers1