Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

How to use an IAM Role to access opensearch

0

Hi,

I have created an OpenSearch domain in a VPC. Also, I have an ec2 instance running in the same VPC. The role attached to the instance profile of this ec2 has full permissions to OpenSearch.

but whenever I am trying to read/write to this domain from this EC2, I am getting 401 Unauthorized.

how can I fix this issue of accessing OpenSearch using IAM roles? I don't want to use any internal database users or admin users created upon domain creation. Cognito and SAML are also not desired.

Temas
Seguridad, identidad y cumplimientoSin servidorAnálisis
Etiquetas
AWS Identity and Access ManagementAmazon OpenSearch Service
Idioma
English
profile picture
Akshay Jain
preguntada hace un año1401 visualizaciones
1 Respuesta
0

Hi, you have to assume the role EC2 execution role via 'aws sts assume-role' (if you use CLI) or equivalent API verb via your SDK of choice. Then, you will receive the credentials of the role and do what you need to.

To get all details, read https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html

and in particular. to obtain and assume credentials,: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html#instance-metadata-security-credentials

profile pictureAWS
EXPERTO
Didier_Durand
respondido hace un año

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante