In the dynamic landscape of cloud computing, managing logs and ensuring secure access are paramount concerns for any organization. With the prevalence of Kubernetes-based applications on AWS EKS and the need for robust logging solutions, integrating EKS pod logs with OpenSearch provides a powerful mechanism for log aggregation and analysis. Additionally, implementing SAML authentication via Azure Active Directory (AD) enhances security by enabling single sign-on (SSO) for users accessing OpenSearch/Kibana dashboards. In this guide, we'll walk through the process of setting up EKS pod logs on OpenSearch and configuring SAML authentication for secure login.
-
Create ADFS in Azure Portal: Navigate to Azure Portal, open Azure AD service, and create a new application named "Kibana login with Azure AD".
-
Enable SAML Authentication in OpenSearch: In AWS console, go to OpenSearch service, select Actions > Modify authentication, and enable SAML authentication. Enter the Service provider entity ID & SP-initiated SSO URL obtained from Azure AD.
-
Configure Single Sign-On in Azure AD: In Azure AD, edit the Enterprise application's Single Sign-On settings, add the OpenSearch Service provider entity ID as the Identifier (Entity ID) and SP-initiated SSO URL as the Reply URL.
-
Assign Users/Groups: Specify users or groups who should have access to the Enterprise application in Azure AD. These users/groups will later be mapped to roles in Kibana.
-
Define User Attributes & Claims: Configure Azure AD to send group information to OpenSearch as attributes.
-
Download Federation Metadata XML: Download the metadata XML file from Azure AD.
-
Upload Metadata in OpenSearch: In AWS console, upload the XML file in OpenSearch SAML configuration.
-
Rerun Terraform to Apply SAML Integration: Update Terraform configuration to reflect SAML integration changes and apply them.
-
Login with Master User: Access Kibana dashboard using the master user credentials.
-
Map User Email to Roles: Map user email IDs to OpenSearch dashboards user roles to grant access.
Absolutely, incorporating a cost comparison section into the blog would provide readers with a clear understanding of the potential financial benefits of transitioning to OpenSearch from CloudWatch. Here's how you can integrate the cost comparison into the blog:
When evaluating a migration to OpenSearch for log management, it's essential to consider the potential cost savings compared to using CloudWatch. Let's break down the cost comparison to illustrate how OpenSearch can lead to significant savings over time.
- Log Data Volume: We'll assume an average daily log data volume of 100 GB generated by EKS pods.
- Retention Period: Log data needs to be retained for 30 days for analysis and compliance purposes.
- CloudWatch Pricing: CloudWatch charges $0.50 per GB ingested and stored per month, with additional charges for analysis features.
- OpenSearch Pricing: OpenSearch charges $0.10 per GB stored per month and $0.05 per GB transferred per month. Additionally, there's a monthly cost of $100 for Kibana usage.
CloudWatch Cost:
- Ingestion and storage cost: 100 GB/day * 30 days * $0.50/GB = $1,500/month
OpenSearch Cost:
- Data storage cost: 100 GB/day * 30 days * $0.10/GB = $300/month
- Data transfer cost: 100 GB/day * 30 days * $0.05/GB = $150/month
- Kibana usage cost: $100/month
- Total: $300 + $150 + $100 = $550/month
By migrating from CloudWatch to OpenSearch, the potential monthly savings would be:
CloudWatch Cost - OpenSearch Cost = $1,500 - $550 = $950
The cost comparison clearly demonstrates the significant cost savings that can be achieved by leveraging OpenSearch for log management. With a reduction in monthly expenses of $950, organizations can allocate resources more efficiently while benefiting from enhanced log analysis capabilities offered by Kibana.
Keep in mind that this is a simplified example, and actual savings may vary based on your specific usage patterns and pricing details. It's recommended to perform a detailed analysis based on your organization's requirements to accurately assess cost savings when migrating from CloudWatch to OpenSearch.