
Set superior settings with the Amazon OpenSearch Service Dashboards API
Amazon OpenSearch Service (successor to Amazon Elasticsearch Service) is a completely managed service that you need to use to deploy and function OpenSearch clusters cost-effectively at scale within the AWS Cloud. The service makes it straightforward so that you can carry out interactive log analytics, real-time software monitoring, web site search, and extra by providing the most recent variations of OpenSearch, assist for 19 variations of Elasticsearch (1.5 to 7.10 variations), and visualization capabilities powered by OpenSearch Dashboards and Kibana (1.5 to 7.10 variations).
A standard use case of OpenSearch in multi-tenant environments is to make use of tenants in OpenSearch Dashboards and supply segregated index patterns, dashboards, and visualizations to completely different groups within the group. Tenants in OpenSearch Dashboards aren’t the identical as indexes, the place OpenSearch organizes all knowledge. You should still have a number of indexes for multi-tenancy and tenants for controlling entry to OpenSearch Dashboards’ saved objects.
On this submit, we give attention to operationalizing superior settings for OpenSearch Dashboards tenants with programmatic methods, particularly with the Dashboards Superior Settings API. For a deeper perception into multi-tenancy in OpenSearch, discuss with OpenSearch Dashboards multi-tenancy.
One instance of superior settings configurations is deploying time zone settings in an setting the place every tenant is aligned to a distinct geographic space with particular time zone. We clarify the time zone configuration with the UI and show configuring it with the OpenSearch Dashboards Superior Settings API utilizing curl. This submit additionally gives steering for different superior settings chances are you’ll want to embrace in your deployment.
To observe alongside on this submit, be sure you have an Amazon OpenSearch Service area with entry to OpenSearch Dashboards by way of a job with administrator privileges for the area. For extra details about enabling entry management mechanisms on your domains, see Wonderful-grained entry management in Amazon OpenSearch Service.
The next examples use Amazon OpenSearch Service model 1.0, which was the most recent launch on the time of writing.
Configure superior settings within the OpenSearch Dashboards UI
To configure superior settings through the OpenSearch Dashboards UI, full the next steps:
- Log in to OpenSearch Dashboards.
- Select your consumer icon and select Change Tenants to decide on the tenant you need to change configuration for.
By default, all OpenSearch Dashboards customers have entry to 2 tenants: non-public and world. The worldwide tenant is shared between each OpenSearch Dashboards consumer. The non-public tenant is unique to every consumer and used largely for experimenting earlier than publishing configuration to different tenants. Be certain that to examine your configurations within the non-public tenant earlier than replicating in different tenants, together with world.
- Select Stack Administration within the navigation pane, then select Superior Settings.
- In your required tenant context, select a price for Timezone for date formatting.
On this instance, we modify the time zone from the default choice Browser to US/Japanese.
Configure superior settings with the OpenSearch Dashboards API
For environments the place you favor to carry out operations programmatically, Amazon OpenSearch Service gives the flexibility to configure superior settings with the OpenSearch Dashboards superior settings API.
Let’s stroll by way of configuring the time zone utilizing curl.
- First, that you must authenticate to the API endpoint together with your consumer identify and password, and retrieve the authorization cookies into the file
auth.txt
:
On this instance, we configure OpenSearch Dashboards to make use of the interior consumer database, and the consumer inherits administrative permissions below the worldwide tenant. In multi-tenant environments, the consumer is required to have related tenant permissions. You possibly can see an instance of this within the subsequent part, the place we illustrate a multi-tenant setting. Entry management in OpenSearch Dashboards is a broad and essential subject, and it might be unfair to attempt to squeeze all of it on this submit. Subsequently, we don’t cowl entry management in depth right here. For added info on entry management in multi-tenant OpenSearch Dashboards, discuss with OpenSearch Dashboards multi-tenancy.
The auth.txt
file holds authorization cookies that you just use to move configuration adjustments to the API endpoint. The auth.txt
file ought to look just like the next code:
- Assemble configuration adjustments inside the curl physique and submit them utilizing an authorization cookie. On this instance, we included a pattern to change the time zone to
US/Japanese
.
By default, the constructed API modifies the configuration within the non-public tenant, which is unique to every consumer, can’t be shared, and is right for testing. We offer directions to change configuration in multi-tenant environments later within the submit.
Your API name ought to obtain a response just like the next code, indicating the adjustments you submitted:
In the event you favor to make a number of adjustments, you may assemble the API name as follows:
To retrieve the most recent configuration adjustments, assemble a GET request as follows:
Configure superior settings with the OpenSearch Dashboards API in multi-tenant environments
Tenants in OpenSearch Dashboards are generally used to share customized index patterns, visualizations, dashboards, and different OpenSearch objects with completely different groups or organizations.
The OpenSearch Dashboards API gives the flexibility to change superior settings in several tenants. Within the earlier part, we coated making superior configuration adjustments for a non-public tenant. We now stroll by way of the same state of affairs for a number of tenants.
- First, that you must authenticate to the API endpoint and retrieve the authorization cookies into the file
auth.txt
. You possibly can assemble this request in the identical means you’ll in a single-tenant setting as described within the earlier part.
In multi-tenant environments, be sure you configure the consumer’s position with related tenant permissions. One sample is to affiliate the consumer to the kibana_user
and a customized group that has tenant permissions. In our instance, we related the tenant admin consumer tenant-a_admin_user
to the 2 roles as proven within the following code: the kibana_user
system position and a customized tenant-a_admin_role
that features tenant permissions.
After authenticating to the OpenSearch Dashboards API, the auth.txt
file holds authorization cookies that you just use to move configuration adjustments to the API endpoint. The content material of the auth.txt
file needs to be just like the one we illustrated within the earlier part.
- Assemble the configuration adjustments by including a
securitytenant
header. On this instance, we modify the time zone and day of week in tenant-a:
The OpenSearch Dashboards API endpoint returns a response just like the next:
You may additionally confirm the configuration adjustments within the OpenSearch Dashboards UI, as proven within the following screenshot.
Conclusion
On this submit, you used the Amazon OpenSearch Service Dashboards UI and API to configure superior settings for a single-tenant and multi-tenant setting. Implementing OpenSearch Dashboards at scale in multi-tenant environments requires extra environment friendly strategies than merely utilizing the UI. That is particularly essential in environments the place you serve centralized logging and monitoring domains for various groups. You should utilize the OpenSearch Dashboards APIs we illustrated on this submit and bake your superior setting configurations into your infrastructure code to speed up your deployments!
Tell us about your questions and different matters you’d like us to cowl within the remark part.
In regards to the Authors
Prashant Agrawal is a Specialist Options Architect at Amazon Internet Companies primarily based in Seattle, WA.. Prashant works carefully with Amazon OpenSearch group, serving to prospects migrate their workloads to the AWS Cloud. Earlier than becoming a member of AWS, Prashant helped varied prospects use Elasticsearch for his or her search and analytics use instances.
Evren Sen is a Options Architect at AWS, specializing in strategic monetary companies prospects. He helps his prospects create Cloud Heart of Excellence and design, and deploy options on the AWS Cloud. Outdoors of AWS, Evren enjoys spending time with household and mates, touring, and biking.