Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

Opensearch access issue

0

Hi

I've created test opensearch domain according to guide https://docs.aws.amazon.com/opensearch-service/latest/developerguide/gsgcreate-domain.html

It has Public access, fine grained access control with mster-user/password But when I try to connect to opensearch with those command

curl -XPOST -u 'my-mster-user:my-mster-password' 'https://search-wb-elk-xqfw2gbhc4ie6ormpmsf3gb7ae.us-east-2.es.amazonaws.com/_bulk' --data-binary @movies.json -H 'Content-Type: application/json'

I get

"Message":"User: anonymous is not authorized to perform: es:ESHttpPost because no resource-based policy allows the es:ESHttpPost action"

Whereas I've setup everything by default like it is said in guide

What's the problem here?

here is my access policy { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": "*" }, "Action": "es:*", "Resource": "arn:aws:es:us-east-my-arn:domain/wb_elk/*" } ] }

Argomenti
ServerlessAnalisi
Tag
Servizio Amazon OpenSearch
Lingua
English
kirik
posta 2 anni fa8904 visualizzazioni
3 Risposte
1

Your access policy looks odd. I understand you redacted your own account ID, but can you please double check if it follows the pattern below:

"Resource": "arn:aws:es:xxxxxxxx:0123456789012:domain/xxxxxx/*"

In your original message you got "us-east-my-arn", which should be something like "us-east-1:account_id" (note the missing region identifier, and there should be an account_id and not an ARN).

AWS
Gustavo_F
con risposta 2 anni fa
  • kirik
    2 anni fa

    Hi

    here is my unredacted access policy

    { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": "" }, "Action": "es:", "Resource": "arn:aws:es:us-east-2:924827564867:domain/wb_elk/*" } ] }

1

Hi,

in case you have not yet tried, please check this knowledge base article: "I get a "User: anonymous is not authorized" error when I try to access my Amazon OpenSearch Service cluster" it mentions also other possible causes / resolutions.

hope this helps

AWS
ESPERTO
Fabrizio@AWS
con risposta 2 anni fa
0

Your access policy looks alright, except for the missing asterisks - but I think this is due to the markdown formatting here.

One thing you might check is the security setting within OpenSearch. You can go to OpenSearch Plugins > Security and check if that user has the proper permissions. You can get more info in the documentation, but the idea is that you need to create an user (you probably already have it) and then grant to this user the appropriate permissions.

Also, I suggest editing your answer and redacting your AWS account ID: although not sensitive information, you should not share this unless necessary (otherwise others can use it to invoke

AWS
Gustavo_F
con risposta 2 anni fa
  • kirik
    2 anni fa

    Hi As I've get I open OpenSearch plugins through Dashboards interface. But I can't access Dashboards two. When I go to Dashboards link in my browser it also says "Message":"User: anonymous is not authorized to perform: es:ESHttpPost because no resource-based policy allows the es:ESHttpPost action"

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente