I am trying to add an authentication method to AWS OpenSearch.
By default it comes with basic auth with internal db,
I would like to configure Security Plugin with a second authentication mechanism OpenId Connect
Documentation says to use Update Security Configuration , which doesn't seem to be allowed by AWS.
tried PUT _plugins/_security/api/securityconfig and PUT _plugins/_security/api/securityconfig/authc both seems to be failing with {"Message":"Your request: '/_plugins/_security/api/securityconfig/authc' is not allowed."}
Is there an alternative, all I want to do is , use JWT Token(from OpenID Connect Cognito) to run OpenSearch _search API, rather than using internal database basic auth or IAM Role from Federated Pool.
AWS Opensearch has blocked apis for updating security configuration which is why you see the error. The documentation you have linked is applicable when using opensearch security plugin for your self hosted opensearch service and not AWS hosted solution.
I am not sure if this will be helpful to you but this blog does talk about using OpenId Connect along with AWS Cognito for opensearch auth: https://aws.amazon.com/blogs/apn/use-amazon-opensearch-service-with-kibana-for-identity-federation-auth0/
Related
I have been trying to implement Auto-Provisioing on Azure Ad with AWS Cognito. The auto provisioning on the Azure is asking for a tenant url and I am using this for it. https://.auth.us-east-1.amazoncognito.com/saml2/idpresponse. But Azure says it cannot establish a connection due to invalid creds. Please confirm if the url I am using is correct and also if Azure auto provisioning is possible with AWS cognito?
It is possible with AWS Single Sign-on as it provides support for the System for Cross-domain Identity Management (SCIM). However, this is an additional step after setting up your Identity Provider.
AWS Cognito does support external Identity Providers for authentication, but can't see any support for SCIM. The SCIM endpoint is what is needed for the tenant URL. So, not I don't think Cognito supports auto provisioning... be great if it did though.
I'm creating a search service on AWS Elasticsearch and it's only for internal users, so I have to authenticate the users through a Cognito User Pool.
I found the an article on AWS to Configuring Amazon Cognito authentication for Kibana in here: https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/es-cognito-auth.html. But it's only for Kibana, I still can't access the Search Endpoint to do searching.
Please help to advise on how to use the AWS Elastic Search API with the auth token from Cognito.
Thanks
I just started using Auth0 last week. Can anyone provide details on how you setup an Auth0 client, that connects to a custom RDS MySQL database? I"m trying to authenticate users form a Drupal Install via a login form and I consistently receive a "401" error.
I think you need to configure both auth0 and AWS (IAM) for this, kindly go through documentation provided.
Call AWS APIs and Resources Securely with Tokens
Edit 1: Do Refer to commet , will update accordingly.
I'm using AWS API gateway for an API I'm setting up, and I want to be able to use an existing AWS Directory Services Directory (Microsoft AD Enterprise) for authentication.
I'm not sure where to start.
Would I need to use a custom lambda function for authentication, and then write my own ldap authentication code?
I can't find any references to this scenario, of authenticating an API against AWS AD.
Any pointers would be greatly appreciated.
perhaps worth checking how configure AWS Directory Service as Federated Identity Provider in IAM, then how to retrieve access tokens from STS and ultimately configure API Gateway to use Authorization Method: AWS_IAM
for authentication - perhaps worth studying how configure federated identity in cognito
have a look at these slides https://www.slideshare.net/AmazonWebServices/aws-may-webinar-series-48671841
Trying to configure AWS API Gateway with AWS Cognito userpool authentication.
Tried some of the settings provided on aws documentation and trying to check this API from Postman client.
Not able check what setting need to be done at postman side and any specific configuration needs to be done at API and Cognito.
Thanks