Possible Bug Report: How do I figure out why attempting to edit my OpenSearch Access Policy results in a 409 error?

Question

Steps to reproduce:
-- Navigate to OpenSearch Service in the AWS Console

-- Select an existing Domain

-- Select the "Security Configuration" tab

-- Click "Edit"

-- On the next page, make literally any change at all to the policy and click "Save Changes"

I consistently get a 409 error with the message "Error setting policy: <>".  There are no additional helpful messages or indications what's going wrong.  I have full Administrator permissions to everything in AWS.

Any suggestions?  What's going on here?

Michael · Answer

This may not have been the answer for the OP but I would like to add what I found in case it is useful for anyone else that stumbles across this issue.
There is some sort of limit on the access policy. I am not sure if it is the number of principles or a simple character limit, but we had this issue when adding a new principle to an access list. Adding it and saving returned an error in the UI with no message, just the JSON. Analyzing the POST response we could see it was a 409 Conflict but had no other information.
Removing an existing principle and adding our new principle in succeeded.
The error message here could be seriously improved and I cannot find it documented anywhere that there is a limit on the access policy JSON, but it appears there is in reality.

Lovetesh_C · Answer

A `409 error` usually indicates a conflict, and it can arise due to various reasons. To troubleshoot further, we require details that are non-public information. Please open a support case with AWS using the following link:

https://console.aws.amazon.com/support/home#/case/create

Possible Bug Report: How do I figure out why attempting to edit my OpenSearch Access Policy results in a 409 error?

Add your answer

Relevant content