You are an admin to the OpenSearch domain/collection.
The OpenSearch instances are network accessible to the environment in which Teleskope is deployed.
Username / Password (Basic Auth)
AWS IAM
Create a user in OpenSearch (Settings → Security → Internal Users):
Username: teleskope_ro
teleskope_ro
Password: {secure_password}
{secure_password}
Assign the new user to a role
The existing role readall has the appropriate permissions.
readall
To scope down by index, create a custom role with index filters, and apply the cluster permissions cluster_composite_ops_ro .
cluster_composite_ops_ro
Go to mapped users, and add the new internal user.
See AWS, and add the Teleskope role to the target accounts if it does not exist.
Attach the AmazonOpenSearchServiceReadOnlyAccess IAM Policy to the role, or scope it down to select resources:
AmazonOpenSearchServiceReadOnlyAccess
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "es:Describe*", "es:List*", "es:Get*" ], "Resource": "*" } ] }
Assign the backend user a role in OpenSearch (Settings → Security → Roles):
Edit readall or your custom permission.
Go to mapped users, and add the backend role by ARN (e.g. arn:aws:iam::{origin_aws_account_id}:role/system/TeleskopeRole ).
arn:aws:iam::{origin_aws_account_id}:role/system/TeleskopeRole
Gather the following details for your OpenSearch instance:
Endpoint
Region
Provider
Select the authentication method
Supply the credentials:
Basic Auth: enter the username/password.
IAM Auth: select the AWS account where the OpenSearch instance & IAM role belongs.
Last updated 1 month ago
Was this helpful?
