By using AWS re:Post, you agree to the AWS re:Post Terms of Use

Unable to access OpenSearch Serverless Dashboard

0

Hi all, I applied the aoss:DashboardsAccessAll policy to my ARN, but it doesn't seem like it's taking. The policy is written like this:

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "aoss:APIAccessAll", "Resource": "arn:aws:aoss:us-east-2:{accountNumber}:collection/{collectionId}" }, { "Effect": "Allow", "Action": "aoss:DashboardsAccessAll", "Resource": "arn:aws:aoss:us-east-2:{accountNumber}:collection/{collectionId}" } ] }

I've attached the policy to my IAM user, but when I go to the OpenSearch dashboard, I get a 401. The network access policy on the collection is set to Public.

An interesting note is that, in IAM, the "Permissions assigned to this policy" don't show the DashboardAcessAll action. I've attached an image. Policy Screenshot

Thanks in advance

1 Answer
0

Hi,

Does the 401 happen when you hit the dashboard URL directly? According to https://docs.aws.amazon.com/opensearch-service/latest/developerguide/dashboards.html:

Dashboards does not natively support IAM users and roles, but OpenSearch Service offers several solutions for controlling access to Dashboards:

Enable SAML authentication for Dashboards.
Use fine-grained access control with HTTP basic authentication.
Configure Cognito authentication for Dashboards.
For public access domains, configure an IP-based access policy that either uses or does not use a proxy server.
For VPC access domains, use an open access policy that either uses or does not use a proxy server, and security groups to control access. To learn more, see About access policies on VPC domains.
profile pictureAWS
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions