Skip to content
/ OSD-SM-HTTP-basic-authentication Public

In this guide, you'll find step-by-step instructions, along with relevant code snippets and configuration files, to establish a secure connection between your self-managed Dashboards instance and the AWS managed OpenSearch domain with HTTP basic authentication.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

madhankb/OSD-SM-HTTP-basic-authentication

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

27 Commits
README.md
README.md
 
 
docker-compose.yml
docker-compose.yml
 
 
task.json
task.json
 
 

Repository files navigation

Guide to setup self-managed dashboards in ECS & in EC2 hosted container

Prerequisite

An AWS managed OpenSearch domain must incorporate Fine-Grained Access Control (FGAC) with HTTP basic authentication, ensuring that a master user is created in the internal user database. Reference here

Steps to spin up a self-managed dashboards in ECS

  1. Create a task within ECS Fargate using the dashboards docker image.

Important

It is crucial to select the same major version of dashboards as the OpenSearch cluster you intend to connect the dashboards to. Docker images repo link

  1. When creating a task, under "container definition" in "port mapping" make sure the container ports 5601 and 9200 are added.
  2. Under environment variables, add the mandatory keys and values mentioned in this doc to seamlessly connect with managed service domain.

Note

I have added task.json file from the ECS task defenition to help understand the environment variables that has to be set while creating tasks

  1. Create a service using the previously created task within the identical VPC and subnet where the managed service OpenSearch domain is operating.
  2. Access the self-managed dashboards by hitting the public endpoint of the running task in ECS Fargate. By doing so, you can conveniently view and interact with all the saved objects in accordance with the Fine-Grained Access Control settings.

Steps to spin up a self-managed dashboards in EC2 hosted container

  1. Deploy an EC2 instance in the same VPC and subnet as the managed OpenSearch service domain.
  2. Set up Docker/Kubernetes and its dependencies on the instance.
  3. Utilize the attached docker-compose.yml file to launch a self-managed dashboards container. After the container is running, you can easily access and interact with all the saved objects.
  4. To enable TLS, add the attributes mentioned in this link as environment variables.

Tip

One notable advantage of setting up a standalone OpenSearch Dashboards is that when it is deployed on AWS ECS Fargate, it generates a public IP. This allows the standalone dashboards to be accessed over the internet without the need for setting up a reverse proxy. As a result, the OpenSearch domains will be within the VPC and standalone dashboards will be available in public, enabling seamless connectivity and eliminating the complexity of configuring additional infrastructure components. This simplifies the setup process and provides convenient access to the dashboards from anywhere on the internet without compromising security or requiring additional network configurations.

About

In this guide, you'll find step-by-step instructions, along with relevant code snippets and configuration files, to establish a secure connection between your self-managed Dashboards instance and the AWS managed OpenSearch domain with HTTP basic authentication.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published