By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

How to use an IAM Role to access opensearch

0

Hi,

I have created an OpenSearch domain in a VPC. Also, I have an ec2 instance running in the same VPC. The role attached to the instance profile of this ec2 has full permissions to OpenSearch.

but whenever I am trying to read/write to this domain from this EC2, I am getting 401 Unauthorized.

how can I fix this issue of accessing OpenSearch using IAM roles? I don't want to use any internal database users or admin users created upon domain creation. Cognito and SAML are also not desired.

Topics
Security, Identity, & ComplianceServerlessAnalytics
Tags
AWS Identity and Access ManagementAmazon OpenSearch Service
Language
English
profile picture
Akshay Jain
asked a year ago1363 views
1 Answer
0

Hi, you have to assume the role EC2 execution role via 'aws sts assume-role' (if you use CLI) or equivalent API verb via your SDK of choice. Then, you will receive the credentials of the role and do what you need to.

To get all details, read https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html

and in particular. to obtain and assume credentials,: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html#instance-metadata-security-credentials

profile pictureAWS
EXPERT
Didier_Durand
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content