- 최신
- 최다 투표
- 가장 많은 댓글
Hello,
Your understanding is correct. We receive following error while restoring snapshot even after having all the required permissions and mapping in backend roles when we try to restore internal index such as .kibana,.opendistro_security, etc.
Error:
{"error":{"root_cause":[{"type":"security_exception","reason":"no permissions for [] and User [name=arn:aws:iam::xxxxxx:user/xxxxx, backend_roles=[], requestedTenant=null]"}],"type":"security_exception","reason":"no permissions for [] and User [name=arn:aws:iam::xxxxxx:user/xxxxx, backend_roles=[], requestedTenant=null]"},"status":403}
In order to mitigate this issue, Please exclude the internal dashboard and fine-grained access control indices while restoring the data from snapshots.
curl -XPOST 'domain-endpoint/_snapshot/cs-automated/2020-snapshot/_restore' \
-d '{"indices": "-.kibana*,-.opendistro*"}' \
-H 'Content-Type: application/json'
[+] Creating index snapshots in Amazon OpenSearch Service - Restoring snapshots - https://docs.aws.amazon.com/opensearch-service/latest/developerguide/managedomains-snapshots.html#managedomains-snapshot-restore
Regarding your query to migrate users and permissions to another domain, I would like to inform you that currently we don’t have any workaround for this use case. You will have to create your users and permissions again in new OpenSearch domain.
UPDATE: It is suspected that the error was caused by an .opendistro_security index refusing to be overwritten by the restoration process. It would be better if someone here can recommend a way how to backup Elasticsearch users and their permissions and restore to another Elasticsearch domain.