How to use an IAM Role to access opensearch

0

Hi,

I have created an OpenSearch domain in a VPC. Also, I have an ec2 instance running in the same VPC. The role attached to the instance profile of this ec2 has full permissions to OpenSearch.

but whenever I am trying to read/write to this domain from this EC2, I am getting 401 Unauthorized.

how can I fix this issue of accessing OpenSearch using IAM roles? I don't want to use any internal database users or admin users created upon domain creation. Cognito and SAML are also not desired.

1 Answer
0

Hi, you have to assume the role EC2 execution role via 'aws sts assume-role' (if you use CLI) or equivalent API verb via your SDK of choice. Then, you will receive the credentials of the role and do what you need to.

To get all details, read https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html

and in particular. to obtain and assume credentials,: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html#instance-metadata-security-credentials

profile pictureAWS
EXPERT
answered 10 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions