If by "integrate" you mean "use AWS Cognito to authenticate to the Elastic Stack" then you should start by reading about OpenID Connect and see our guide on how to configure OpenID Connect with the Elastic Stack in https://www.elastic.co/guide/en/elasticsearch/reference/7.4/oidc-guide-authentication.html
The first part happens in Cognito so I guess you need to define a default configuration so that all new users end up in the
User group in Cognito. For the second part there is no out of the box solution as far as I know, you would have to come up with something yourself.
This is something you can set up quite easily with templated role mappings. You would need
- one role per index which would give read permission to that index, see https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-put-role.html
- A templated role mapping that would give each user the necessary role based on their username ( which is also the index name as above ) , see https://www.elastic.co/guide/en/elasticsearch/reference/7.4/security-api-put-role-mapping.html for more details.
Create an extra role mapping that would map the
Admin group value to a
superuser role in Elasticsearch, see https://www.elastic.co/guide/en/elasticsearch/reference/7.4/oidc-role-mapping.html for more details.
I would also like to point out that the
1 index per user approach is not the only applicable one for authorization, you can and should look into Document Level Security and Field Level Security that might allow you more granular control without creating new indices for each of your users.
Hope this helps as a starting point