First I'm going to explain my current architecture. I have an EC2 instance running with a Logstash daemon, as input an http configuration and as output my AWS ElasticSearch instance.

As I said before, I have an AWS ElasticSearch instance with the Kibana provided by AWS.

So, for example, in the ES the Logstash data is stored in an index and the data has a JSON structure, for example:

  "country": 01,
  "field1": "foo",
  "field2": "bar

In my Kibana I have created a dashboard to show the information I have stored with graphs, etc.

At this time I have configured the AWS ES Security with IP Access policy. So my question is, I will have different users who will access to that Kibana and those users are from different countries, and each user only can see his own country data.

I'm reading about AWS Cognito to make a more detailed customization for Kibana using the IAM users, but I think that it's not enough to accomplish my goal.

I'm reading about the differences between AWS ElasticSearch service and the ElasticSearch provided by the elastic.co cloud. At this time I'm thinking that probably I will need to change my cloud provider...

Is there any chance to configure Kibana users in AWS ES as I needed?

And, if AWS IAM users and Cognito together is not a valid choice for me, maybe a less drastic solution as change AWS by Elastic.co cloud, could be use my own instance of Kibana (not use AWS ES Kibana) for example installed in an EC2?

  • 101
  • 4

1 Answers1


I have resolved it by myself. When I try the elastic.co trial and launch the Kibana, I can see much more funcionality than in AWS, and I can manage users, create and assign roles, limit an user to use a certain index pattern, and use spaces for different kind of users I will have consuming Kibana.

So, the AWS ElasticSearch service it's more like a shareware version... Amazon Cognito do not solve my needed, at this moment it's impossible using the AWS ES service.

So, use the elastic.co PaaS it's definitely my solution.

  • 101
  • 4