Can we configure opendistro kibana to AWS Elasticsearch?

I want to know if it’s possible to configure opendistro-Kibana instance to an AWS Elasticsearch instance ?
If yes, is there a procedure to do this ?


1 Like

Hi Tony,

With my AWS hat on - yes we do plan for this. But we need to enable the Alerting, SQL and Security features on the Amazon Elasticsearch Service first - which are planned to be made available in the coming weeks. Once these features are on the service, we want to enable customers run their own Kibana instances with those Open Distro plugins on them so if they choose to host their own Kibana, they can. This is common for customers that are making their own customizations to Kibana that are not supported on the version of Kibana we ship with the service. However as part of our roll-out on the service for these features, we will of course also provide the Kibana plug-ins on the Services as well so you do not have to self-host Kibana.


1 Like

Hello @carlmead,

I am also trying to configure an opendistro Kibana with an AWS ElasticSearch instance, but couldn’t able to make it due to opendistro-security plugin not yet available in AWS ES.
Is there an ETA for the above change to be available in AWS Elasticsearch and AWS Kibana?

Thanks in advance.

Hi Sanju,

As it relates to Amazon Elasticsearch Service, I can’t disclose roadmap dates publicly but I can tell you getting the security features enabled on the service is one of our top asks from customers and we are actively working on it. If you are a customer and have support agreement with AWS, please feel free to have your account manager or TAM reach out to me and we can have a more detailed conversation under NDA.



Does anyone have any updates related to this? I think the SQL search was just added. If we cannot tick our boxes with this we may end up paying Elastic for the same functionality with XPacks.

Is there an update here or a public roadmap?

It appears the current method to provide access control is a combination of Cognito and IAM. I would be able to set this up with our current identity provider, but I know the security plugin handles a lot of the necessary role mapping, role creation, and there is no need to update an IAM role for every permission change.

reference: Amazon OpenSearch Service FAQs – Amazon Web Services