OpenSearch UI supports Fine Grained Access Control by SAML attributes
News
Amazon OpenSearch Service has introduced Fine Grained Access Control (FGAC) for OpenSearch UI when accessed through SAML via IAM federated authentication.
- Enables precise data access control based on user attributes from Identity Providers
- Allows configuration of attribute mappings from IdP user roles to OpenSearch backend roles
- Supports scoping roles to specific OpenSearch domains and serverless collections
- Enables index-level and document-level security permissions
- Simplifies user and group management through existing Identity Providers
- Automatically applies data source permissions based on SAML assertions
- Improves audit trails by tying user actions to SAML attributes
This feature is particularly valuable for multi-tenant deployments and regulated industries requiring granular data access controls.
The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.
Related articles
Aug 27
2025
2025
Implement fine-grained access control using Amazon OpenSearch Service and JSON Web Tokens
Apr 17
2025
2025
Amazon OpenSearch Service supports SAML single sign-on for OpenSearch UI
Aug 28
2025
2025
OpenSearch Serverless now supports Attribute Based Access Control (ABAC) for Data Plane APIs and Resource control policy
Mar 13
2026
2026
OpenSearch UI supports Cross Account Data Access to OpenSearch domains
The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.