Open jtaub opened 2 years ago
Hello, Is there anything on AWS' road map related to this issue?
A possible workaround? https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_opensearchservice.CfnDomain.SAMLOptionsProperty.html
e.g.
const cfnDomain = domain.node.defaultChild as opensearch.CfnDomain
cfnDomain.advancedSecurityOptions = {
enabled: true,
samlOptions: {
enabled: true,
idp: {
entityId: "entityId",
metadataContent: "metadataContent",
},
masterBackendRole: "masterBackendRole",
masterUserName: "masterUserName",
rolesKey: "rolesKey",
sessionTimeoutMinutes: 123,
subjectKey: "subjectKey",
},
}
Describe the feature
There is no option in the CDK to enable SAML for Opensearch Dashboards/Kibana, although it is supported in the AWS console.
Use Case
A common use case is to integrate with corporate SSO and restrict write access.
Proposed Solution
No response
Other Information
There is a relatively long guide to setting up SAML here https://docs.aws.amazon.com/opensearch-service/latest/developerguide/saml.html
Would be nice to have as some of it automated via the CDK, even if it's not possible to automate all of it.
Acknowledgements
CDK version used
2.28.1 (build d035432)
Environment details (OS name and version, etc.)
Windows 10