Skip to main content

Enable OpenSearch Security management for Aiven for OpenSearch®

OpenSearch Security provides a range of security features, including fine-grained access controls, SAML authentication, and audit logging to monitor activity within your Aiven for OpenSearch® service.

By enabling this, you can manage user permissions, roles, and other security aspects through the OpenSearch Dashboard.

info

In addition to Role-Based Access Control (RBAC), the following external authentication methods are supported for Aiven for OpenSearch Security:

  • Security Assertion Markup Language (SAML)
  • OpenID Connect (OIDC)

Considerations before enabling OpenSearch Security management

Before enabling OpenSearch Security management on your Aiven for OpenSearch service, note the following:

  • OpenSearch Security management cannot be disabled once enabled. Therefore, ensure that you thoroughly understand the security features and implications before proceeding. If you need assistance disabling OpenSearch Security management, contact Aiven support.
  • Fine-grained user access control can be managed through the OpenSearch Dashboard after enabling OpenSearch Security management for the service.
  • Any existing user roles and permissions will be automatically transferred to the OpenSearch Dashboard.
  • To ensure the security of your OpenSearch service, managing the security features of OpenSearch is limited only to a dedicated administrator role.
  • Once you have enabled OpenSearch Security management, you can no longer use Aiven Console, Aiven API, Aiven CLI, Aiven Terraform Provider or Aiven Operator for Kubernetes® to manage access controls.

Enable OpenSearch Security

To activate OpenSearch Security management for your Aiven for OpenSearch service:

  1. Log in to the Aiven Console and access the Aiven for OpenSearch service for which to enable security.

  2. On the service page, click Users in the sidebar.

  3. On the Users page, click Enable OpenSearch Security.

  4. Review the information in the OpenSearch Security management window, confirm you understand and want to proceed by selecting the checkbox, and click Continue.

  5. Create your administrator user by entering a password for this user.

    note
    • OpenSearch Security administrator username set by default cannot be changed.
    • To reset the password later, contact Aiven Support.

  6. Click Enable OpenSearch Security to create the administrator user and activate OpenSearch Security management.

After activating OpenSearch Security management, you are redirected to the Users page, where you can verify that the security feature is enabled.

To manage user permissions and other security settings, access OpenSearch Security management by logging in to the OpenSearch Dashboard using your security admin credentials.