- Newest
- Most votes
- Most comments
Hello,
Firstly, thank you for sharing your issue in detail.
As you also mentioned, the recommended way would be to set an "Allow" statement in the OpenSearch access policy which allow a IAM User/ Role in the condition that if you have for your existing lambda or other service.
There are other not recommended workarounds i.e., using a proxy server infront of Opensearch service or set resource based policy to Black which can be done using the following command :-
aws opensearch update-domain-config --domain-name fgac-env --access-policies ""
Note :- This way would come under Neither allowed nor denied in the resource-based policy. However, next time when you try to update any security configuration using UI it will throw an error and the way to update is using CLI/ CDK
I suggest you to reachout to AWS Support Engineering team and according to your usecase they will be able to help you with customer solution according to security enforced for your Opensearch cluster.
Relevant content
- asked 2 years ago
- asked a year ago
- Accepted Answerasked 4 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago