Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Unable to access the New OpenSearch UI (Dashboards)

0

I have created the OpenSearch UI (Dashboards). While creating I haven't selected the Single sign-on authentication and Granted administrator's permission only for me. While Launching the Application it gives me this error. {"status":403,"request-id":"fb4c420d-980e-9be2-8d20-299c43adfdf9","error":{"reason":"403 Forbidden","type":"Forbidden"}}

Note: I do have all the required permission mentioned in this documentation. https://docs.aws.amazon.com/opensearch-service/latest/developerguide/application-getting-started.html

Topics
Analytics
Tags
Amazon OpenSearch Service
Language
English
asked a month ago92 views
3 Answers
0

Hello.

It may not be directly related, but please also check the resource-based policy for the OpenSearch service.
If this is set to Deny, you will get a 403 error even if the action is permitted on the IAM user side.
https://docs.aws.amazon.com/opensearch-service/latest/developerguide/ac.html

EXPERT
answered a month ago
EXPERT
reviewed a month ago
0

The 403 Forbidden error you're encountering when trying to access OpenSearch Dashboards typically occurs due to IAM permission issues or incorrectly signed requests.

Even though you mentioned having the required permissions, please verify that your IAM identity includes the aoss:DashboardsAccessAll and aoss:APIAccessAll actions in its permissions policy. These specific actions are required for accessing OpenSearch Dashboards and OpenSearch Serverless data plane APIs.

Additionally, if you enable verbose logging in your client or check the Network tab in your browser's developer tools, you might see additional error details that can help pinpoint the issue.

If your IAM permissions are correctly configured and you're still experiencing the 403 error, the issue could be related to:

  1. Network policy restrictions - Ensure that your network policy allows access to the OpenSearch Serverless APIs and dashboard. If you're accessing from the public internet, verify that public access is enabled in the network policy. For private access, you'll need to create a VPC endpoint.

  2. Incorrectly signed requests - Review how your client is interacting with the OpenSearch APIs. You can test endpoint access using AWS CLI or tools like curl or awscurl to verify the request signing is correct.

Make sure to double-check both your IAM permissions policy and network policy settings, as both are required for successful access to OpenSearch Dashboards.
Sources
Troubleshoot OpenSearch Serverless errors | AWS re:Post

answered a month ago
EXPERT
reviewed a month ago
0

Hello. To resolve the "403 Forbidden" issue, I suggest you to add the following IAM policy to your application admin role:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "OpenSearchApplicationAccess",
            "Effect": "Allow",
            "Action": [
                "opensearch:ApplicationAccessAll"
            ],
            "Resource": "*"
        }
    ]
}

You will proceed with implementing the policy and verify if this resolves the access issue.

AWS
SUPPORT ENGINEER
answered a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content