Amazon OpenSearch Service securely unlocks real-time search, monitoring, and evaluation of enterprise and operational information to be used circumstances like utility monitoring, log analytics, observability, and web site search. On this submit, we speak about new configurable dashboards tenant properties.
OpenSearch Dashboards tenants in Amazon OpenSearch Service are areas for saving index patterns, visualizations, dashboards, and different Dashboards objects. Customers can swap between a number of tenants to entry and share index patterns and visualizations.
When customers use Dashboards, they choose their Dashboards tenant view. There are three varieties of tenant:
- International tenant – This tenant is shared amongst all of the OpenSearch Dashboard customers if they’ve entry to it. This tenant is created by default for all domains.
- Non-public tenant – This tenant is unique to every consumer and might’t be shared. It doesn’t permit you to entry routes or index patterns created by the worldwide tenant. Non-public tenants are normally used for exploratory work.
- Customized tenants – Directors can create customized tenants and assign them to particular roles. As soon as created, these tenants can then present areas for particular teams of customers.
One consumer can have entry to a number of tenants, and this property known as multi-tenancy. With the OpenSearch 2.7 launch, directors can dynamically configure the next tenancy properties:
- Allow or disable multi-tenancy.
- Allow or disable non-public tenant.
- Change the default tenant.
Why do you want these properties to be dynamic?
Earlier than OpenSearch 2.7, customers of open-source OpenSearch, with safety permissions, might allow and disable multi-tenancy and personal tenant by altering the YAML configuration file and restarting their Dashboards atmosphere. This had some drawbacks:
- Customers wanted to do a Dashboards atmosphere restart, which takes time.
- Altering the configuration on massive clusters (greater than 100 information nodes) was tough to automate and error-prone.
- When configuration adjustments didn’t embrace all nodes attributable to configuration replace failures or a failure to use adjustments, the consumer expertise would differ based mostly on which node the request hits.
With OpenSearch 2.7 in Amazon OpenSearch Service, customers can change tenancy configurations dynamically from each the REST API and from the Dashboards UI. This gives a quicker and extra dependable strategy to handle your Dashboards tenancy.
Introducing a brand new property: default tenant
Earlier than OpenSearch 2.7, by default, all new customers would sign up to their non-public tenant when accessing OpenSearch Dashboards. With 2.7, we’ve got added a brand new property, default tenant. Now directors can set a default tenant for when customers sign up to OpenSearch Dashboards, whether or not it’s their very own, non-public tenant, the worldwide tenant, or a customized tenant.
This characteristic will serve two fundamental features:
- Take away confusion amongst new customers who don’t have a lot expertise with OpenSearch Dashboards and tenancy. If their utilization of Dashboards is restricted to visualizations and small modifications of already present information in a selected tenant, they don’t have to fret about switching tenants and might entry the tenant with required information by default.
- Give extra management to directors. Directors can determine which tenant ought to be default for all visualization functions.
Customers will sign up to the default tenant solely when they’re signing in for the primary time or from a brand new browser. For subsequent sign-ins, the consumer will sign up to the tenant they beforehand signed in to, which comes from browser storage.
The consumer sign-in stream is as follows:
Since even a small change in these configurations can impression all of the customers accessing Dashboards, take care when configuring and altering these options to make sure clean use of Dashboards.
Default tenancy configurations
The next reveals the default tenancy configuration on area creation.
“multitenancy_enabled” : true
“private_tenant_eabled”: true
“default_tenant”: “”
Which means by default for every new area, multi-tenancy and personal tenant will probably be enabled and the default tenant would be the international tenant. You may change this configuration after area creation with admins or with customers with entry to the suitable FGAC or IAM roles.
Altering tenancy configurations utilizing APIs
You need to use the next API name in OpenSearch 2.7+ to configure tenancy properties. All three tenancy properties are non-compulsory:
PUT _plugins/_security/api/tenancy/config
{
"multitenancy_enabled":true,
"private_tenant_enabled":false,
"default_tenant":"mary_brown"
}
You need to use the next API to retrieve the present tenancy configuration:
GET _plugins/_security/api/tenancy/config
Altering tenancy configuration from OpenSearch Dashboards
You can even configure tenancy properties from OpenSearch Dashboards. Amazon OpenSearch Service has launched the choice to configure and handle tenancy from the Getting began tab of the Safety web page. From the Handle tab of the Multi-tenancy web page, admins can select a tenant to be the default tenant and see tenancy standing, which is able to inform whether or not a tenant is enabled or disabled. Admins can allow and disable multi-tenancy, non-public tenant, and select the default tenant from the configure tab.
Abstract
Because the launch of OpenSearch 2.7, you may set your tenancy configuration dynamically, utilizing each REST APIs and OpenSearch Dashboards. Dynamic, API-driven tenancy configuration will make use of tenancy options and Dashboards less complicated and extra environment friendly for each customers and directors. Directors may have extra management over which tenants are accessible to which customers.
We’d love to listen to from you, particularly about how this characteristic has helped your group simplify your Dashboards utilization. In case you have different questions, please go away a remark.
To study extra, please go to the Amazon OpenSearch Service web page.
In regards to the authors
Abhi Kalra
Prabhat Chaturvedi