search

aws / aws-cdk

The AWS Cloud Development Kit is a framework for defining cloud infrastructure in code
https://aws.amazon.com/cdk
Apache License 2.0
11.37k stars 3.77k forks source link

(opensearch): SAML authentication for Dashboards/Kibana #20838

Open jtaub opened 2 years ago

jtaub commented 2 years ago

Describe the feature

There is no option in the CDK to enable SAML for Opensearch Dashboards/Kibana, although it is supported in the AWS console.

Use Case

A common use case is to integrate with corporate SSO and restrict write access.

Proposed Solution

No response

Other Information

There is a relatively long guide to setting up SAML here https://docs.aws.amazon.com/opensearch-service/latest/developerguide/saml.html

Would be nice to have as some of it automated via the CDK, even if it's not possible to automate all of it.

Acknowledgements

CDK version used

2.28.1 (build d035432)

Environment details (OS name and version, etc.)

Windows 10

PrettySolution commented 1 year ago

Hello, Is there anything on AWS' road map related to this issue?

danwunderlich commented 11 months ago

A possible workaround? https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_opensearchservice.CfnDomain.SAMLOptionsProperty.html

e.g. 

      const cfnDomain = domain.node.defaultChild as opensearch.CfnDomain
      cfnDomain.advancedSecurityOptions = {
          enabled: true,
          samlOptions: {
              enabled: true,
              idp: {
                  entityId: "entityId",
                  metadataContent: "metadataContent",
              },
              masterBackendRole: "masterBackendRole",
              masterUserName: "masterUserName",
              rolesKey: "rolesKey",
              sessionTimeoutMinutes: 123,
              subjectKey: "subjectKey",
          },
      }