Passer au contenu
En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post
À propos de re:Post

Unable to access the New OpenSearch UI (Dashboards)

0

I have created the OpenSearch UI (Dashboards). While creating I haven't selected the Single sign-on authentication and Granted administrator's permission only for me. While Launching the Application it gives me this error. {"status":403,"request-id":"fb4c420d-980e-9be2-8d20-299c43adfdf9","error":{"reason":"403 Forbidden","type":"Forbidden"}}

Note: I do have all the required permission mentioned in this documentation. https://docs.aws.amazon.com/opensearch-service/latest/developerguide/application-getting-started.html

Sujets
Analyse
Balises
Service Amazon OpenSearch
Langue
English
demandé il y a 2 mois116 vues
3 réponses
0

Hello.

It may not be directly related, but please also check the resource-based policy for the OpenSearch service.
If this is set to Deny, you will get a 403 error even if the action is permitted on the IAM user side.
https://docs.aws.amazon.com/opensearch-service/latest/developerguide/ac.html

EXPERT
répondu il y a 2 mois
EXPERT
vérifié il y a 2 mois
0

The 403 Forbidden error you're encountering when trying to access OpenSearch Dashboards typically occurs due to IAM permission issues or incorrectly signed requests.

Even though you mentioned having the required permissions, please verify that your IAM identity includes the aoss:DashboardsAccessAll and aoss:APIAccessAll actions in its permissions policy. These specific actions are required for accessing OpenSearch Dashboards and OpenSearch Serverless data plane APIs.

Additionally, if you enable verbose logging in your client or check the Network tab in your browser's developer tools, you might see additional error details that can help pinpoint the issue.

If your IAM permissions are correctly configured and you're still experiencing the 403 error, the issue could be related to:

  1. Network policy restrictions - Ensure that your network policy allows access to the OpenSearch Serverless APIs and dashboard. If you're accessing from the public internet, verify that public access is enabled in the network policy. For private access, you'll need to create a VPC endpoint.

  2. Incorrectly signed requests - Review how your client is interacting with the OpenSearch APIs. You can test endpoint access using AWS CLI or tools like curl or awscurl to verify the request signing is correct.

Make sure to double-check both your IAM permissions policy and network policy settings, as both are required for successful access to OpenSearch Dashboards.
Sources
Troubleshoot OpenSearch Serverless errors | AWS re:Post

répondu il y a 2 mois
EXPERT
vérifié il y a 2 mois
0

Hello. To resolve the "403 Forbidden" issue, I suggest you to add the following IAM policy to your application admin role:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "OpenSearchApplicationAccess",
            "Effect": "Allow",
            "Action": [
                "opensearch:ApplicationAccessAll"
            ],
            "Resource": "*"
        }
    ]
}

You will proceed with implementing the policy and verify if this resolves the access issue.

AWS
INGÉNIEUR EN ASSISTANCE TECHNIQUE
répondu il y a 2 mois

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Contenus pertinents