As we’re running Elasticsearch inside a VPC, everyone at the office could access directly to the Kibana endpoint and do nasty things. For now we just wanted to limit the access to certain people/groups we analyzed several options as
Make a SSH tunnel – Nasty solution, doesn’t scale at all, hard to configure, need user knowledge on how SSH tunnels works
Authentication using just Cognito – Limited to Cognito user pools, cannot be linked to IAM users, need to maintain 3 user groups (IAM, LDAP/Okta and Cognito), doesn’t scale at all.
Authentication using SAML and Okta: the preferred way. We have Okta for most of our applications, it works well with SAML so we gave a try