Posted On: Feb 11, 2020

Amazon Elasticsearch Service now offers fine-grained access control, which adds multiple capabilities to give you tighter control over your data. New features include the ability to use roles to define granular permissions for indices, documents, or fields and to extend Kibana with read-only views and secure multi-tenant support. 

Numerous teams can share a single Amazon Elasticsearch Service domain without being able to see or modify other teams’ indices, dashboards, or visualizations, enabling greater efficiency and centralizing management. You can limit each user to only the permissions needed to perform a task. 

Fine-grained access control offers two forms of authentication and authorization: a built-in user database, which makes it easy to configure usernames and passwords inside of Elasticsearch, and AWS Identity and Access Management (IAM) integration, which lets you map IAM principals to permissions. 

Fine-grained access control is powered by Open Distro for Elasticsearch, an Apache 2.0-licensed distribution of Elasticsearch. To learn more about Open Distro for Elasticsearch and its security plugin, visit the project website

Fine-grained access control is available on domains running Elasticsearch 6.7 and higher. To learn more, see the documentation

Fine-grained access control is now available for Amazon Elasticsearch Service domains in AWS China (Beijing) Region, Operated by Sinnet, and the AWS China (Ningxia) Region, Operated by NWCD.