Why do I not have permissions to the indices tab of my Elastic Search domain?


I created a domain in Elastic Search which I appear to be able to administrate correctly. It seems to have data coming in, but in the dashboard I get a permissions error under the Indices tab:

/_stats: {"error":{"root_cause":[{"type":"security_exception","reason":"no permissions for [indices:monitor/stats] and User [name=arn:aws:iam::6730xxxxxxxxx8:role/Admin, backend_roles=[arn:aws:iam::6730xxxxxxxxxx8:role/Admin], requestedTenant=null]"}],"type":"security_exception","reason":"no permissions for [indices:monitor/stats] and User [name=arn:aws:iam::6730xxxxxxxxx8:role/Admin, backend_roles=[arn:aws:iam::6730xxxxxxxxx8:role/Admin], requestedTenant=null]"},"status":403}

I have access set to "Open access", so I don't see why this wouldn't work?

Any ideas?

  • Hi. Did you solve this? I have the same issue.

asked 2 years ago1664 views
1 Answer
Accepted Answer

Could be a fine grained access missing. ES has fine grained access control, please check the below

Index-Level Security

Index-level permissions include the ability to create new indices, search indices, read and write documents, delete documents, manage aliases, and more. Manage these permissions using the Index Permissions tab when creating a role. For a list of index-level action groups, see the Open Distro for Elasticsearch documentation

. https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/fgac.html

also, check the role mapping for the user “ arn:aws:iam::xxxxxx” a

To create a role mapping, login to Kibana, navigate to Security > Role Mappings, and click Create role mapping. Give your role mapping a unique name and choose which roles you wish to assign to your users.



answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions