Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

Opensearch Serverless 'search_phase_execution_exception' Error when querying index

1

I'm trying to do a search query to my Opensearch Serverless index but i keep getting the following error:

 403 - Forbidden: {
  "code": 403,
  "message": "search_phase_execution_exception: [security_exception] Reason: Bad Authorization"
}

Here is my function to query the index:

const searchDocument = async ({ index, document }) => {
    const query = { query: { match: { description: document } } };
    console.log('query search document:', query);
    const checkingSearch = await client.search({ index, body: query });
    console.log('checkingSearch:', checkingSearch);
    return checkingSearch;
};

I thought it may have been an IAM permission issue, but I'm using the same permissions I have for a separate lambda function where it is updating the index and it works fine. Here is a snippet of my IAM permission:

iamRoleStatements:
            - Effect: Allow
              Action:
                  - aoss:APIAccessAll
                  - aoss:DeleteCollection
                  - aoss:UpdateCollection
              Resource:
                  - arn:aws:aoss:${aws:region}:${aws:accountId}:collection/open_search_collection_id
            - Effect: Allow
              Action:
                  - aoss:DashboardsAccessAll
              Resource:
                  - arn:aws:aoss:${aws:region}:${aws:accountId}:dashboards/default
            - Effect: Allow
              Action:
                  - aoss:*
              Resource:
                  - '*'
            - Effect: Allow
              Action:
                  - dynamodb:GetItem
                  - dynamodb:Query
                  - dynamodb:BatchGetItem
              Resource: 'arn:aws:dynamodb:${opt:region, self:provider.region}:*:table/${opt:stage, self:provider.stage}-DBNAME*'
Themen
ServerlosKalkulationSicherheit, Identität & KonformitätAnalysenDatenbank
Tags
ServerlosAWS LambdaAWS Identity and Access ManagementAmazon OpenSearch Serverless
Sprache
English
pabs
gefragt vor 9 Monaten531 Aufrufe
2 Antworten
0

Hello.
If there is a problem with the IAM policy, is it logged to CloudTrail, etc.?

profile picture
EXPERTE
Riku_Kobayashi
beantwortet vor 9 Monaten
  • pabs
    vor 9 Monaten

    Not that i can see. This is what is outputting in the logs:

    ResponseError: search_phase_execution_exception: [security_exception] Reason: Bad Authorization
    at onBody (/var/task/node_modules/@opensearch-project/opensearch/lib/Transport.js:425:23)
    at IncomingMessage.onEnd (/var/task/node_modules/@opensearch-project/opensearch/lib/Transport.js:340:11)
    at IncomingMessage.emit (node:events:525:35)
    at IncomingMessage.emit (node:domain:489:12)
    at endReadableNT (node:internal/streams/readable:1358:12)
    at processTicksAndRejections (node:internal/process/task_queues:83:21) {
  meta: {
    body: { error: [Object], status: 403 },
    statusCode: 403,
  • Riku_Kobayashi EXPERTE
    vor 9 Monaten

    What happens if I grant Administrator privileges to try it out? If execution fails even after granting Administrator, the problem is probably in something other than IAM.

0

Did you ever end up getting a resolution here?

Zack
beantwortet vor 20 Tagen

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt