Unable to access OpenSearch Serverless Dashboard

Question

Hi all,
 I applied the aoss:DashboardsAccessAll policy to my ARN, but it doesn't seem like it's taking. The policy is written like this:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "aoss:APIAccessAll",
            "Resource": "arn:aws:aoss:us-east-2:{accountNumber}:collection/{collectionId}"
        },
        {
            "Effect": "Allow",
            "Action": "aoss:DashboardsAccessAll",
            "Resource": "arn:aws:aoss:us-east-2:{accountNumber}:collection/{collectionId}"
        }
    ]
}

I've attached the policy to my IAM user, but when I go to the OpenSearch dashboard, I get a 401. The network access policy on the collection is set to Public.

An interesting note is that, in IAM, the "Permissions assigned to this policy" don't show the DashboardAcessAll action. I've attached an image. ![Policy Screenshot](/media/postImages/original/IMUWeL3cCSR-mn_2cQ5QIPPA)

Thanks in advance

Answer

Hi,

Does the 401 happen when you hit the dashboard URL directly? According to https://docs.aws.amazon.com/opensearch-service/latest/developerguide/dashboards.html:

```
Dashboards does not natively support IAM users and roles, but OpenSearch Service offers several solutions for controlling access to Dashboards:

Enable SAML authentication for Dashboards.
Use fine-grained access control with HTTP basic authentication.
Configure Cognito authentication for Dashboards.
For public access domains, configure an IP-based access policy that either uses or does not use a proxy server.
For VPC access domains, use an open access policy that either uses or does not use a proxy server, and security groups to control access. To learn more, see About access policies on VPC domains.
```

Unable to access OpenSearch Serverless Dashboard

Relevant content