ELK OIDC Proxy uses Google accounts to authenticate users to use AWS ElasticSearch and, by extension, its Kibana plugin. It uses the Open ID Connect (OIDC) protocol on Google's Identity Platform.
Before doing anything, you will need to install following command line tools.
Then, you must define an environment for deploying into your AWS account. There is an environment template in environment_template.
cp config/environment_template environment
vim environmentThen, load the environment.
source environmentThe OIDC proxy requires a load balancer to allow connections from the public internet. This infrastructure should already be created, but if it isn't you can run the following command.
# to see what changes will be made
./infrastructure.sh plan
# to apply changes
./infrastructure.sh applyNote the security group id and target group ARN resulting from this function and modify the makefile accordingly.
Having adjusted these variables, if the service has not already been created you must run the command below.
make serviceelk-oidc-proxy is deployed in Amazon ECS from a Docker container. To build this container run the command below.
$ make imageYou must first log into AWS Elastic Container Registry before publishing the container.
$ aws ecr get-login --no-include-email --region us-east-1Then publish the container to ECR.
$ make publishmake deploymake scale-downThe AWS STS AssumeRole functionality used by the proxy issues temporary security credentials that only last one hour. After an hour expires, you will have to refresh the page to continue using the service.