Hi team
we have set up Opensearch(Account A), trying to authenticate with Cognito Open ID(set up in account B)
Role has been given proper permission to use USER POOL of different account.. Even with terraform module we get below error
https://github.com/cloudposse/terraform-aws-elasticsearch
aws opensearch update-domain-config
--domain-name "name"
--cognito-options Enabled=true,UserPoolId="ID",IdentityPoolId="we have given CLIENT ID of user pool",RoleArn=role
getting below error
An error occurred (ValidationException) when calling the UpdateDomainConfig operation: 1 validation error detected: Value 'hhhhijaaa' at 'cognitoOptions.identityPoolId' failed to satisfy constraint: Member must satisfy regular expression pattern: [\w-]+:[0-9a-f-]+
As we are aware client ID will be in format "ID" but its expecting "Region:ID"(Format of identity provider
Is there any workaround or is it known issue? That open search doesn't support CLIENT ID of userpool
As per documents :
https://docs.aws.amazon.com/solutions/latest/centralized-logging-with-opensearch/launch-with-openid-connect-oidc.html.. But we are facing trouble yet