- Newest
- Most votes
- Most comments
I understood that you are using Opensearch Severless public collections and when you are trying to access the collection you are getting the 403 error.
When accessing the Opensearch severless Collection you need to add the IAM User or federated user with IAM Role, being used to access the AWS console to the Data Access policy of the Serverless Collection.
When you log in to the AWS console with an IAM role/user you need to have a identity-based policy. Which allows you to a) view b) administrate c) give access to data plane API's d) give access to open dashboards , from the console on the opensearch serverless resource https://docs.aws.amazon.com/opensearch-service/latest/developerguide/security-iam-serverless.html#security_iam_serverless_id-based-policy-examples
You are required to add these two IAM permissions for your OpenSearch Serverless "aoss:APIAccessAll" for Data Plane API access, and "aoss:DashboardsAccessAll" for Dashboards access
The above statement implies that you need to add to the console IAM user/role : "aoss:APIAccessAll" for Data Plane API to do give permission for operations like GET POST on the serverless resource from console "aoss:DashboardsAccessAll" for accessing the opensearch dashboards on the serverless resource from console
If you are still facing issue and for deeper analysis into the issue and gain more insights tailored to your Amazon OpenSearch collections, I request you to please reach out to AWS Premium Support team via a support case. The team is better equipped to handle such requests and should be able to guide you better, as per your collection configuration.
Hope the above information and documentation helps!
Relevant content
- asked a year ago
- AWS OFFICIALUpdated a month ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 10 months ago