/aws-cfn-elasticsearch

CloudFormation template for Elasticsearch service with Cognito authentication on AWS

Primary LanguageShellApache License 2.0Apache-2.0

aws-cfn-elasticsearch

CloudFormation template for Elasticsearch service with Cognito authentication on AWS

Architecture

Architecture

Deploy

set up Cognito

  1. Deploy Cognito cloudfromation template with Management Console

Launch

or with CLI

aws cloudformation create-stack \
    --stack-name LogManager-Cognito \
    --template-url https://s3.amazonaws.com/midaisuk-public-templates/aws-cfn-elasticsearch/cognito.yaml \
    --capabilities CAPABILITY_IAM \
    --region ap-northeast-1
  1. add domain to cognito user pool
aws cognito-idp create-user-pool-domain \
    --user-pool-id {USER_POOL_ID} \
    --domain {IPD_USER_POOL_DOMAIN_NAME} \
    --region ap-northeast-1
  1. add user for cognito user pool

set up Elasticsearch

  1. Deploy Elasticsearch service cloudfromation template with Management Console

Launch

or with CLI

aws cloudformation create-stack \
    --stack-name LogManager-ES \
    --template-url https://s3.amazonaws.com/midaisuk-public-templates/aws-cfn-elasticsearch/es.yaml \
    --parameters \
        ParameterKey=LogBucketName,ParameterValue={BUCKET_NAME} \
        ParameterKey=ElasticsearchDomainName,ParameterValue={ES_DOMAIN_NAME} \
        ParameterKey=ElasticsearchIndexName,ParameterValue={ES_INDEX_NAME} \
        ParameterKey=FirehoseName,ParameterValue={FIREHOSE_NAME} \
    --capabilities CAPABILITY_NAMED_IAM \
    --region ap-northeast-1
  1. use Cognito user pools for Kibana
aws es update-elasticsearch-domain-config \
    --domain-name {ES_DOMAIN_NAME} \
    --cognito-options Enabled=true,UserPoolId="{USER_POOL_ID}",IdentityPoolId="{ID_POOL_ID}",RoleArn="{COGNITO_SERVICE_ROLE}" \
    --region ap-northeast-1

Screenshots

Cognito managed login interface

Cognito login

Kibana

Cognito login