IAM user has the AmazonOpenSearchServiceFullAccess policy attached but still cannot access OpenSearch Serverless indices, receiving authorization_exception error. How can I resolve this?

Question

I have attached the AmazonOpenSearchServiceFullAccess policy to an IAM user and tried to access indices in an AWS OpenSearch Serverless cluster. However, I am still receiving the following error message:

```
{
  "error": {
    "root_cause": [
      {
        "type": "authorization_exception",
        "reason": "User does not have permissions for the requested resource"
      }
    ],
    "type": "authorization_exception",
    "reason": "User does not have permissions for the requested resource"
  },
  "status": 403
}

```

I have confirmed that the IAM user has the correct permissions , but the issue persists. What else should I check or configure to resolve this in OpenSearch Serverless?

Narayan_S · Answer

Dear Customer, Greetings !

Thank you for reaching out to us with your concerns.

I see that you are trying to access the OpenSearch Serverless Collection with IAM User having AmazonOpenSearchServiceFullAccess policy attached to it, but it is throwing "authorization_exception".

Please note that the AmazonOpenSearchServiceFullAccess provides access to OpenSearch service Managed Cluster i.e. "es", however, the user required permissions to access OpenSearch Serverless collection i.e. "aoss" are mentioned here [1].

Kindly update your permissions and provide access to "aoss:*" actions.

Let us know, if it helps in resolving the issue.

Regards,

**References**
[1] https://docs.aws.amazon.com/opensearch-service/latest/developerguide/security-iam-serverless.html

IAM user has the AmazonOpenSearchServiceFullAccess policy attached but still cannot access OpenSearch Serverless indices, receiving authorization_exception error. How can I resolve this?

Add your answer

Relevant content