내용으로 건너뛰기
AWS re:Post을(를) 사용하면 다음에 동의하게 됩니다. AWS re:Post 이용 약관
AWS re:Postre:Post
re:Post 소개

Unable to access the New OpenSearch UI (Dashboards)

0

I have created the OpenSearch UI (Dashboards). While creating I haven't selected the Single sign-on authentication and Granted administrator's permission only for me. While Launching the Application it gives me this error. {"status":403,"request-id":"fb4c420d-980e-9be2-8d20-299c43adfdf9","error":{"reason":"403 Forbidden","type":"Forbidden"}}

Note: I do have all the required permission mentioned in this documentation. https://docs.aws.amazon.com/opensearch-service/latest/developerguide/application-getting-started.html

주제
분석
태그
아마존 OpenSearch 서비스
언어
English
질문됨 2달 전106회 조회
3개 답변
0

Hello.

It may not be directly related, but please also check the resource-based policy for the OpenSearch service.
If this is set to Deny, you will get a 403 error even if the action is permitted on the IAM user side.
https://docs.aws.amazon.com/opensearch-service/latest/developerguide/ac.html

전문가
답변함 2달 전
전문가
검토됨 2달 전
0

The 403 Forbidden error you're encountering when trying to access OpenSearch Dashboards typically occurs due to IAM permission issues or incorrectly signed requests.

Even though you mentioned having the required permissions, please verify that your IAM identity includes the aoss:DashboardsAccessAll and aoss:APIAccessAll actions in its permissions policy. These specific actions are required for accessing OpenSearch Dashboards and OpenSearch Serverless data plane APIs.

Additionally, if you enable verbose logging in your client or check the Network tab in your browser's developer tools, you might see additional error details that can help pinpoint the issue.

If your IAM permissions are correctly configured and you're still experiencing the 403 error, the issue could be related to:

  1. Network policy restrictions - Ensure that your network policy allows access to the OpenSearch Serverless APIs and dashboard. If you're accessing from the public internet, verify that public access is enabled in the network policy. For private access, you'll need to create a VPC endpoint.

  2. Incorrectly signed requests - Review how your client is interacting with the OpenSearch APIs. You can test endpoint access using AWS CLI or tools like curl or awscurl to verify the request signing is correct.

Make sure to double-check both your IAM permissions policy and network policy settings, as both are required for successful access to OpenSearch Dashboards.
Sources
Troubleshoot OpenSearch Serverless errors | AWS re:Post

답변함 2달 전
전문가
검토됨 2달 전
0

Hello. To resolve the "403 Forbidden" issue, I suggest you to add the following IAM policy to your application admin role:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "OpenSearchApplicationAccess",
            "Effect": "Allow",
            "Action": [
                "opensearch:ApplicationAccessAll"
            ],
            "Resource": "*"
        }
    ]
}

You will proceed with implementing the policy and verify if this resolves the access issue.

AWS
지원 엔지니어
답변함 2달 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

관련 콘텐츠