- Newest
- Most votes
- Most comments
So my problem ended being that I was not including the x-amz-content-sha256 header in my curl command. I mistakenly thought that CURL would add it when I used the --aws-sigv4 flag.
So the following ended up working:
$ PAYLOAD='{ "settings": { "index": { "max_result_window" : 1000000 }}}'
$ SHA256_PAYLOAD=$(echo -n "$PAYLOAD" | openssl dgst -sha256)
$ curl --user "$aws_access_key:$aws_secret_key" --aws-sigv4 "aws:amz:us-east-1:aoss" -H "Content-Type: application/json" -H "x-amz-content-sha256:
$SHA256_PAYLOAD" -X PUT "$OPENSEARCH_ENDPOINT/dn_scottdnrm_sf2" -d "$PAYLOAD"
Hello,
Based on information shared, you are getting AccessDenied errors when append the --json to curl command. Please check CloudTrail events for any errors with respect to "aoss" service and it will give you more details about the exact AccessDenied error and confirms whether it is actually hitting the API correctly.
[+] Cloudtrail: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/view-cloudtrail-events-console.html
[+] https://docs.aws.amazon.com/opensearch-service/latest/developerguide/logging-using-cloudtrail.html
[+] https://docs.aws.amazon.com/opensearch-service/latest/ServerlessAPIReference/API_Operations.html
I have also searched about the curl command option to use PUT method and it must use a whitespace between -X and PUT, like "-X PUT" but where as in your execution without whitespace. Please try execute below formatted commands and refer the curl manual page for more information.
[+] https://curl.se/docs/manpage.html
[+] https://reqbin.com/req/c-d4os3720/curl-put-example
curl --user "$aws_access_key:$aws_secret_key" --aws-sigv4 "aws:amz:us-east-1:aoss" -H "x-amz-security-token: $aws_session_token" -X PUT "$OPENSEARCH_ENDPOINT/dn_scottdnrm_sf2" --json '{ "settings": { "index.max_result_window" : "1000000" }}'
curl --user "$aws_access_key:$aws_secret_key" --aws-sigv4 "aws:amz:us-east-1:aoss" -H "x-amz-security-token: $aws_session_token" -X PUT "$OPENSEARCH_ENDPOINT/dn_scottdnrm_sf2/_settings" --json '{ "index": { "max_result_window" : "1000000" }}'
If above one is not working try explicitly mentioning the content type in curl command like below.
curl --user "$aws_access_key:$aws_secret_key" --aws-sigv4 "aws:amz:us-east-1:aoss" -H "x-amz-security-token: $aws_session_token" -X PUT "$OPENSEARCH_ENDPOINT/dn_scottdnrm_sf2" -H "Content-Type: application/json" -d '{ "settings": { "index.max_result_window" : "1000000" }}'
curl --user "$aws_access_key:$aws_secret_key" --aws-sigv4 "aws:amz:us-east-1:aoss" -H "x-amz-security-token: $aws_session_token" -X PUT "$OPENSEARCH_ENDPOINT/dn_scottdnrm_sf2/_settings" -H "Content-Type: application/json" -d '{ "index": { "max_result_window" : "1000000" }}'
In case, if you still encounter the issue, please share the verbose output by adding "-vvv" suffix to the above curl commands.
Thank you.
Relevant content
- asked 3 years ago
- Accepted Answerasked 19 days ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
Vijay, I looked in cloudtrail and found no relevant events.
In addition I tried the other CURL suggestions and the exact same response back.
And here is the curl with -vvv (will have to split up)
bash-5.2# curl -vvv --user "$aws_access_key:$aws_secret_key" --aws-sigv4 "aws:amz:us-east-1:aoss" -H "x-amz-security-token: $aws_session_token" -X PUT "$OPENSEARCH_ENDPOINT/dn_scottdnrm_sf2" --json '{ "settings": { "index.max_result_window" : "1000000" }}'
next part of curl -vvv Server auth using AWS_SIGV4 with user 'REPLACED'
< HTTP/1.1 403 Forbidden < x-request-id: 821f3626-7355-9f5a-989f-2e7aff86e858 < content-length: 121 < x-aoss-response-hint: X01:gw-helper-deny < content-type: application/json < date: Wed, 04 Oct 2023 19:51:11 GMT < server: aoss-amazon < {"status":403,"request-id":"821f3626-7355-9f5a-989f-2e7aff86e858","error":{"reason":"403 Forbidden","type":"Forbidden"}}