Amazon OpenSearch Service now supports Fine Grained Access Control (FGAC) for OpenSearch UI when accessed through SAML via IAM federated. OpenSearch UI is the unified interface for observability and security analytics on Amazon OpenSearch Service. SAML via IAM federated is a popular choice to enable Identity Provider (IdP) initiated Single Sign-On experience for accessing OpenSearch UI. FGAC enables you to define precise data access control based on user attributes provided from your IdP during SAML authentication and authorization. This level of dynamic and granular access control is crucial for multi-tenant deployments and meeting data governance requirement in regulated industries.
With FGAC support, you can now configure attribute mappings from IdP user roles and attributes to OpenSearch backend roles. These roles can be scoped to specific OpenSearch domains and serverless collections, allowing you to define index-level permissions and document-level security for more granular data access controls. You can easily manage users and groups within your existing IdP, and OpenSearch data source permissions are automatically applied based on the user’s SAML assertion, reducing administrative friction. Furthermore, audit trails become clearer as user actions are tied not just to IAM roles but to SAML attributes, simplifying data governance.
FGAC is an optional feature for SAML via IAM federated. It is available in all regions that OpenSearch UI is available. Learn more at: OpenSearch UI dev guide.
Categories:
Source: Amazon Web Services
Latest Posts
- AWS DMS Schema Conversion now supports offline SQL Server conversion

- Amazon DocumentDB (with MongoDB compatibility) now supports R8g.24xlarge and R8g.48xlarge instances

- AWS DMS Schema Conversion now supports AI agent automation

- MC1309747: Planner Arrives in Outlook and Microsoft 365 Copilot for Streamlined Task Management






![(Updated) Microsoft Teams: Rule-based enablement of Microsoft 365 third-party apps in the Teams admin center [MC1085133] 7 (Updated) Microsoft Teams: Rule-based enablement of Microsoft 365 third-party apps in the Teams admin center [MC1085133]](https://mwpro.co.uk/wp-content/uploads/2025/06/pexels-olly-3779751-96x96.webp)