Dashboard access filtering via ABAC for users via AWS Cognito

Hi all,

My current setup is in AWS with Kibana 6.7.0 deployed. Inside AWS I'm using SSO for my company login, I have also a Cognito user pool in place which is Federated with the on prem ADFS and everything works like a charm, including the login to Kibana.
I have several Lambdas inside AWS that scan multiple AWS accounts for specific compliance checks, data gets into Elasticsearch and I built a Kibana dashboard for querying the data.

My issue is that I don't know how to create an access method for the dashboard to separate the shown data based on each SSO users permissions. The dashboard is querying ES based on a field called account name which is a string. After that field is selected, I am able to see specific information for that account. My concern is that I want users to only be able to query data based on the account they have access too. How can I make an SSO/Cognito user to not be able to query the data for all values in the specific field? Is there a way to create a dashboard with ABAC?

Thanks.

Hi,
DLS is what will cover you needs on limiting access to documents based on user roles. Then depending on your security configuration (OIDC, SAML, etc) you can map groups of users to specific roles for which you set up DLS already.
https://www.elastic.co/guide/en/elasticsearch/reference/7.4/field-and-document-access-control.html
But if you're using AWS Elasticsearch service, this won't be available for them.