Grant access to OpenSearch index

Question

I created a domain in OpenSearch and I've set the Access policy like the following:
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "*"
      },
      "Action": "es:*",
      "Resource": "arn:aws:es:ca-central-1:xxxxxx:domain/xxxxx/*"
    }
  ]
}

From what I understand I give access to all users but I am the only one who can browse the tab Indices in the console, my collegues get this error message:

{"error":{"root_cause":[{"type":"security_exception","reason":"no permissions for [indices:monitor/stats] and User [name=arn:aws:iam::xxxx:user/users/xyuser, backend_roles=[], requestedTenant=null]"}],"type":"security_exception","reason":"no permissions for [indices:monitor/stats] and User [name=arn:aws:iam::xxx:user/users/xyuseri, backend_roles=[], requestedTenant=null]"},"status":403}

They also get the same error message trying to perform queries with the REST API

Please what am I missing?

Answer

Note that your Action is "es:" and not "es:*"
Add the "*" to the Action section of your Access Policy.

Here is an example:
The following resource-based policy grants test-user full access (es:*) to the subresources on test-domain:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": [
          "arn:aws:iam::123456789012:user/test-user"
        ]
      },
      "Action": [
        "es:*"
      ],
      "Resource": "arn:aws:es:us-west-1:987654321098:domain/test-domain/*"
    }
  ]
}

Grant access to OpenSearch index

Relevanter Inhalt