Unable to view OpenSearch Serverless dashboard as root user

0

Under Amazon OpenSearch Service > Serverless: Collections

I'm trying to open the "OpenSearch Dashboards URL". However, I get this error

{"status":403,"request-id":"66491dcf-...-be4f59d44c0f","error":{"reason":"403 Forbidden","type":"Forbidden"}}

I'm access it as the root user so I don't see what permissions I could be missing.

Note the associated Access type is Public

asked a year ago2K views
1 Answer
0

I understood that you are using Opensearch Severless public collections and when you are trying to access the collection you are getting the 403 error.

When accessing the Opensearch severless Collection you need to add the IAM User or federated user with IAM Role, being used to access the AWS console to the Data Access policy of the Serverless Collection.

When you log in to the AWS console with an IAM role/user you need to have a identity-based policy. Which allows you to a) view b) administrate c) give access to data plane API's d) give access to open dashboards , from the console on the opensearch serverless resource https://docs.aws.amazon.com/opensearch-service/latest/developerguide/security-iam-serverless.html#security_iam_serverless_id-based-policy-examples

You are required to add these two IAM permissions for your OpenSearch Serverless "aoss:APIAccessAll" for Data Plane API access, and "aoss:DashboardsAccessAll" for Dashboards access

The above statement implies that you need to add to the console IAM user/role : "aoss:APIAccessAll" for Data Plane API to do give permission for operations like GET POST on the serverless resource from console "aoss:DashboardsAccessAll" for accessing the opensearch dashboards on the serverless resource from console

If you are still facing issue and for deeper analysis into the issue and gain more insights tailored to your Amazon OpenSearch collections, I request you to please reach out to AWS Premium Support team via a support case. The team is better equipped to handle such requests and should be able to guide you better, as per your collection configuration.

Hope the above information and documentation helps!

AWS
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions