Closed pkennedyvt closed 3 years ago
Hi, This won't actually work, because it won't protect Kibana URL. I've modified the solution, so that it won't be possible to register in Kibana by new users. Plus I have added in the documentation, that in 'production' cases a proxy should be used in front of it.
Upon launch the url is world accessible. It can be left to the user to address that, or it can be codified. Either way it should be called out in the documentation.
One quick solution would be to add a condition to the AuthenticatedPolicy:. Something like:
"Action": "es:Http", "Condition": { "IpAddress": { "aws:SourceIp": [ "111.222.333.444/32"
And make the SourceIp a parameter in the template. I want to think a little more about that, but it's a good first start at securing the access.
Adding VPC would be a long term goal.