1

I am trying to add an authentication method to AWS OpenSearch. By default it comes with basic auth with internal db, enter image description here

I would like to configure Security Plugin with a second authentication mechanism OpenId Connect

Documentation says to use Update Security Configuration , which doesn't seem to be allowed by AWS.

tried PUT _plugins/_security/api/securityconfig and PUT _plugins/_security/api/securityconfig/authc both seems to be failing with {"Message":"Your request: '/_plugins/_security/api/securityconfig/authc' is not allowed."}

Is there an alternative, all I want to do is , use JWT Token(from OpenID Connect Cognito) to run OpenSearch _search API, rather than using internal database basic auth or IAM Role from Federated Pool.

jtlz2
  • 7,700
  • 9
  • 64
  • 114
Balu Vyamajala
  • 9,287
  • 1
  • 20
  • 42

1 Answers1

1

AWS Opensearch has blocked apis for updating security configuration which is why you see the error. The documentation you have linked is applicable when using opensearch security plugin for your self hosted opensearch service and not AWS hosted solution.

I am not sure if this will be helpful to you but this blog does talk about using OpenId Connect along with AWS Cognito for opensearch auth: https://aws.amazon.com/blogs/apn/use-amazon-opensearch-service-with-kibana-for-identity-federation-auth0/

Dhiresh Jain
  • 464
  • 5
  • 15