Build SAML identity federation for Amazon OpenSearch Service domains within a VPC
Big Data Blog
The article explains how to build SAML identity federation for Amazon OpenSearch Service domains within a VPC. It provides a step-by-step guide to enable secure access to OpenSearch Dashboards using SAML authentication via a private NGINX reverse proxy and AWS IAM Identity Center as the identity provider.
Specifically, the article covers:
- Overview of the solution architecture
- Prerequisites (installing tools, setting up AWS resources, configuring OpenSearch Service domain)
- Creating a SAML 2.0 application in AWS IAM Identity Center
- Deploying an AWS CDK application for the solution
- Enabling SAML authentication for the OpenSearch Service cluster
- Testing the solution
- Troubleshooting tips
- Cleanup instructions
The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.
Related articles
Jan 26
2026
2026
Access a VPC-hosted Amazon OpenSearch Service domain with SAML authentication using AWS Client VPN
Jul 24
2024
2024
Configure SAML federation with Amazon OpenSearch Serverless and Keycloak
Oct 18
2024
2024
Single sign-on SSO for Amazon OpenSearch Service using SAML and Keycloak
Apr 17
2025
2025
Amazon OpenSearch Service supports SAML single sign-on for OpenSearch UI
The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.