OpenSearch

Prerequisites

  • You are an admin to the OpenSearch domain/collection.

  • The OpenSearch instances are network accessible to the environment in which Teleskope is deployed.

Supported Authentication Methods

  1. Username / Password (Basic Auth)

  2. AWS IAM

1

Create OpenSearch users

Option 1: Basic Auth

  1. Create a user in OpenSearch (Settings → Security → Internal Users):

    1. Username: teleskope_ro

    2. Password: {secure_password}

  2. Assign the new user to a role

    1. The existing role readall has the appropriate permissions.

    2. To scope down by index, create a custom role with index filters, and apply the cluster permissions cluster_composite_ops_ro .

    3. Go to mapped users, and add the new internal user.

Option 2: IAM Auth

  1. See AWS, and add the Teleskope role to the target accounts if it does not exist.

  2. Attach the AmazonOpenSearchServiceReadOnlyAccess IAM Policy to the role, or scope it down to select resources:

    {
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
          "es:Describe*",
          "es:List*",
          "es:Get*"
      ],
      "Resource": "*"
    }
  ]
}

  3. Assign the backend user a role in OpenSearch (Settings → Security → Roles):

    1. Edit readall or your custom permission.

    2. Go to mapped users, and add the backend role by ARN (e.g. arn:aws:iam::{origin_aws_account_id}:role/system/TeleskopeRole ).

2

Enroll OpenSearch in Teleskope

  1. Gather the following details for your OpenSearch instance:

    1. Endpoint

    2. Region

    3. Provider

  2. Select the authentication method

  3. Supply the credentials:

    1. Basic Auth: enter the username/password.

    2. IAM Auth: select the AWS account where the OpenSearch instance & IAM role belongs.

PreviousGoogle DriveNextSharepoint & OneDrive

Last updated

Was this helpful?