Control: OpenSearch domains cognito authentication should be enabled for kibana
Description
This control checks whether AWS OpenSearch domain has AWS Cognito authentication for Kibana enabled. AWS Cognito lets you easily add user sign-up and authentication to your mobile and web apps.
Usage
Run the control in your terminal:
powerpipe control run aws_compliance.control.opensearch_domain_cognito_authentication_enabled_for_kibanaSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_compliance.control.opensearch_domain_cognito_authentication_enabled_for_kibana --shareSQL
This control uses a named query:
select arn as resource, case when cognito_options ->> 'Enabled' = 'true' then 'ok' else 'alarm' end status, case when cognito_options ->> 'Enabled' = 'true' then title || ' cognito authentication enabled for kibana.' else title || ' cognito authentication disabled for kibana.' end reason , region, account_idfrom aws_opensearch_domain;