Followed this tutorial: https://docs.aws.amazon.com/glue/latest/ug/tutorial-elastisearch-connector.html
I know using this connector can connect to Aws Elasticsearch, but this still needs AWS Secrets Manager to store the username and password.
Is it possible to use IAM authentication to connect to Elasticsearch, rather than username & password?
is it possible to use IAM authentication
No, unfortunately.
The Elasticsearch Connector for AWS Glue does not currently support IAM authentication & only supports username and password as an authentication mechanism.
Related
I am trying to add an authentication method to AWS OpenSearch.
By default it comes with basic auth with internal db,
I would like to configure Security Plugin with a second authentication mechanism OpenId Connect
Documentation says to use Update Security Configuration , which doesn't seem to be allowed by AWS.
tried PUT _plugins/_security/api/securityconfig and PUT _plugins/_security/api/securityconfig/authc both seems to be failing with {"Message":"Your request: '/_plugins/_security/api/securityconfig/authc' is not allowed."}
Is there an alternative, all I want to do is , use JWT Token(from OpenID Connect Cognito) to run OpenSearch _search API, rather than using internal database basic auth or IAM Role from Federated Pool.
AWS Opensearch has blocked apis for updating security configuration which is why you see the error. The documentation you have linked is applicable when using opensearch security plugin for your self hosted opensearch service and not AWS hosted solution.
I am not sure if this will be helpful to you but this blog does talk about using OpenId Connect along with AWS Cognito for opensearch auth: https://aws.amazon.com/blogs/apn/use-amazon-opensearch-service-with-kibana-for-identity-federation-auth0/
I'm creating a search service on AWS Elasticsearch and it's only for internal users, so I have to authenticate the users through a Cognito User Pool.
I found the an article on AWS to Configuring Amazon Cognito authentication for Kibana in here: https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/es-cognito-auth.html. But it's only for Kibana, I still can't access the Search Endpoint to do searching.
Please help to advise on how to use the AWS Elastic Search API with the auth token from Cognito.
Thanks
We are migrating an application from AWS to GCP. In AWS, we use Cognito service for maintaining different types of users inside userpools (for example: SSO users has different userpool and users with email and password are configured in different userpool, for MFA users, they have different user pool) In AWS Cognito, we also leverage certain functionalities like appclient id and secret for generating JWT tokens and authorizer lambda in pre-sign up trigger)
How can we achieve the above implementation in GCP?
Google Identity platform looks like amazon Cognito.
You can use Firebase Authentication as a equivalent of Amazon Cognito. This table provides a comparison between Amazon Cognito and Firebase Authentication.
is it possible to create user in AWS SSO programmtically?
all the I founnd is list users, but not create.
Thanks
There is no API for AWS SSO yet to permit this.
However, you can achieve this functionality by connecting an IDP (Okta, AzureAD) to AWS SSO that supports SCIM and then programmatically insert users into the IDP.
i am developing a android application using AWS's RDS and AWS Cognito service. so my question is there any way that i can connect the RDS with Cognito? please help.
I think there are two possible questions here so I'll answer them both.
If the question is, can I access RDS from a Cognito authed app:
RDS does not use AWS credentials for authentication, it uses database credentials. Cognito only vends credentials for AWS services, so you cannot use Cognito credentials to access an RDS database.
If the question is, can I link RDS to Cognito so I can query, manipulate or analyze your end users' datasets:
All access to users' datasets is done through Cognito. There is no export or link feature that allows you to use RDS.