Cognito authentication for AWS Elasticsearch Kibana

[James Leskovar]

Hey there,

Currently hitting an issue, and not quite sure how to proceed. Basically, in aws provider 1.30.0, support was added for configuring cognito authentication for the Kibana endpoint provided by AWS Elasitcsearch service, via cognito_options. Unfortunately, AWS insists on configuring the user pool application client, and cognito authentication provider for the specified user pool and identity pool, which is problematic as I need to be able to customise the app client (to specify identity provider) and the identity pool (to setup rule-based role selection for the cognito auth provider).

Is my only option to configure the app client and identity pool settings outside of Terraform, through the aws-cli, or is there a way to manage this in Terraform?

Regards

James

[mishaua]

Did you ever get this figured out?  In terms of Kibana and Cognito there doesn't seem to be a way to change the enabled identity providers in the app client settings via Terraform.  Kibbana provisions the app client settings and doesn't include any options for the identity providers.  It just defaults to cognito user pool.