Posted On: Jun 23, 2024

Amazon OpenSearch Service now supports JSON Web Token (JWT) that enables you to authenticate and authorize users without having to provide any credentials or use internal user database. JWT support also, makes it easy for customers to integrate with identity provider of their choice and isolate tenants in a multi-tenant application.

Until now, Amazon OpenSearch Service allowed customers to implement client and user authentication using Amazon Cognito and basic authentication with the internal user database. With JWT support, customers can now use a single token which any operator or external identity provider can use to authenticate requests to their Amazon OpenSearch cluster. Customers can setup JWT authentication using the console or CLI, as well as the create and update domain APIs.

JWT authentication and authorization is now available in Amazon Web Services China (Beijing) Region, operated by Sinnet and Amazon Web Services China (Ningxia) Region, operated by NWCD.

For more information about the JWT authentication and authorization, please see the documentation. To learn more about Amazon OpenSearch Service, please visit the product page.