How to use an IAM Role to access opensearch
Hi,
I have created an OpenSearch domain in a VPC. Also, I have an ec2 instance running in the same VPC. The role attached to the instance profile of this ec2 has full permissions to OpenSearch.
but whenever I am trying to read/write to this domain from this EC2, I am getting 401 Unauthorized.
how can I fix this issue of accessing OpenSearch using IAM roles? I don't want to use any internal database users or admin users created upon domain creation. Cognito and SAML are also not desired.
- 新しい順
- 投票が多い順
- コメントが多い順
Hi, you have to assume the role EC2 execution role via 'aws sts assume-role' (if you use CLI) or equivalent API verb via your SDK of choice. Then, you will receive the credentials of the role and do what you need to.
To get all details, read https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html
and in particular. to obtain and assume credentials,: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html#instance-metadata-security-credentials
