## Enabling Secure Access to SFCC Kibana with AWS SSO
---
---
## Why? #1
- Currently whitelisted to a list of office IPs
- hard to keep track
---
## Why? #2
- currently have to connect to office VPN to access Kibana
---
## Why? #3
- we can assign authorized and relevant groups to access Kibana with AWS SSO
- `green.developers` for SFCC Kibana
- `purple.developers` for Safety Cache
---
## AWS Guide
https://aws.amazon.com/blogs/security/how-to-enable-secure-access-to-kibana-using-aws-single-sign-on/
---
## Our own guide
Workplace [post](https://servicerocket.workplace.com/notes/engineering-play/enabling-secure-access-to-kibana-with-aws-sso-for-sfcc/2338062943162808/)
---
## How #1 [Cognito]
create a user pool
---
## How #2 [Cognito]
create an identity pool
---
## How #3 [Elasticsearch]
enable Cognito authentication in Elasticsearch
---
## How #4 [SSO]
create application in AWS SSO (master account)
---
## How #5 [SSO]
- Provide the Kibana URL as `Application Start URL` in **Application Properties**
---
## How #6 [SSO]
- provide ACS URL and SAML audience
---
## How #7 [SSO]
- add attribute mappings
---
## How #8 [SSO]
- Grant access to groups in **Assign users** tab
- `green.developers`
---
## How #9 [SSO]
download metadata file
---
## How #10 [Cognito]
upload metadata file and give provider a name. e.g. SSO
---
## How 11 [Cognito]
In App integration > App client settings > uncheck Cognito User Pool and check SSO
---
## Try it out!
---
## Try it out!
---
## Thanks
Zed Yap - WPT Lead/IT
---
{"metaMigratedAt":"2023-06-15T09:38:54.914Z","metaMigratedFrom":"YAML","title":"Enabling Secure Access to SFCC Kibana with AWS SSO","breaks":true,"description":"View the slide with \"Slide Mode\".","contributors":"[{\"id\":\"1871c7e5-a757-46f4-a3d5-742faff24553\",\"add\":4366,\"del\":2062}]"}