- Newest
- Most votes
- Most comments
Does this help? https://docs.aws.amazon.com/opensearch-service/latest/developerguide/managedomains-snapshots.html#managedomains-snapshot-client-python
Hi,
Not sure what happened there, half my question got removed!
I am basing my lambda function on that code, and run the lambda via a role that has the iam:Passrole / ESHttpPut attached to it, How do i update the example script for using a role instead of a user?
Ie: update the below 2 lines to work with a role instead of user
credentials = boto3.Session().get_credentials()
awsauth = AWS4Auth(credentials.access_key, credentials.secret_key, region, service, session_token=credentials.token)
im looking at the boto3 docs and not seeing an option, but might be in the wrong place?!
https://boto3.amazonaws.com/v1/documentation/api/latest/reference/core/session.html
Any help greatly appreciated
If i just create a new IAM user with the IAM:PassRole setup it errors below, which looks like it needs opensearch access (aka has to be a cognito user!) But i dont understand how i could can set up a cognito user to have the specific policy? or how i you would have to re-write that script to run via cognito user?
403
{"error":{"root_cause":[{"type":"security_exception","reason":"no permissions for [cluster:admin/repository/put] and User [name=arn:aws:iam::11111:user/manual-snapshot-reg, backend_roles=[], requestedTenant=null]"}],"type":"security_exception","reason":"no permissions for [cluster:admin/repository/put] and User [name=arn:aws:iam::11111:user/manual-snapshot-reg, backend_roles=[], requestedTenant=null]"},"status":403}
Relevant content
- asked 7 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated 3 months ago