Opensearch cognito set up

0

Hi team

we have set up Opensearch(Account A), trying to authenticate with Cognito Open ID(set up in account B) Role has been given proper permission to use USER POOL of different account.. Even with terraform module we get below error https://github.com/cloudposse/terraform-aws-elasticsearch

aws opensearch update-domain-config
--domain-name "name"
--cognito-options Enabled=true,UserPoolId="ID",IdentityPoolId="we have given CLIENT ID of user pool",RoleArn=role

getting below error An error occurred (ValidationException) when calling the UpdateDomainConfig operation: 1 validation error detected: Value 'hhhhijaaa' at 'cognitoOptions.identityPoolId' failed to satisfy constraint: Member must satisfy regular expression pattern: [\w-]+:[0-9a-f-]+

As we are aware client ID will be in format "ID" but its expecting "Region:ID"(Format of identity provider Is there any workaround or is it known issue? That open search doesn't support CLIENT ID of userpool As per documents : https://docs.aws.amazon.com/solutions/latest/centralized-logging-with-opensearch/launch-with-openid-connect-oidc.html.. But we are facing trouble yet

1 Answer
0

basically identity pool id in in fomrat region:xxxx-xxxxx client ID has xxxxxxx... As per this its mentioned we can use.. But when we try its failing https://docs.aws.amazon.com/solutions/latest/centralized-logging-with-opensearch/launch-with-openid-connect-oidc.html

answered 3 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions