- Newest
- Most votes
- Most comments
Hello,
Your understanding is correct. We receive following error while restoring snapshot even after having all the required permissions and mapping in backend roles when we try to restore internal index such as .kibana
,.opendistro_security
, etc.
Error:
{"error":{"root_cause":[{"type":"security_exception","reason":"no permissions for [] and User [name=arn:aws:iam::xxxxxx:user/xxxxx, backend_roles=[], requestedTenant=null]"}],"type":"security_exception","reason":"no permissions for [] and User [name=arn:aws:iam::xxxxxx:user/xxxxx, backend_roles=[], requestedTenant=null]"},"status":403}
In order to mitigate this issue, Please exclude the internal dashboard and fine-grained access control indices while restoring the data from snapshots.
curl -XPOST 'domain-endpoint/_snapshot/cs-automated/2020-snapshot/_restore' \
-d '{"indices": "-.kibana*,-.opendistro*"}' \
-H 'Content-Type: application/json'
[+] Creating index snapshots in Amazon OpenSearch Service - Restoring snapshots - https://docs.aws.amazon.com/opensearch-service/latest/developerguide/managedomains-snapshots.html#managedomains-snapshot-restore
Regarding your query to migrate users and permissions to another domain, I would like to inform you that currently we don’t have any workaround for this use case. You will have to create your users and permissions again in new OpenSearch domain.
Hi, i am facing the same problem as mentioned by @alam while restoring the snapshot. Below is my oython code taken from documentation :
payload = {"indices": "asset"} headers = {"Content-Type": "application/json"} r = requests.post(url, auth=awsauth, json=payload,headers=headers)
The solution you gave didn't work for me. I excluded the internal dashboard indices and fine-grained access control indices. But it still gives me the error as above. Can you please comment the python code for the above.?
Relevant content
- asked 4 months ago
- AWS OFFICIALUpdated 6 months ago
UPDATE: It is suspected that the error was caused by an .opendistro_security index refusing to be overwritten by the restoration process. It would be better if someone here can recommend a way how to backup Elasticsearch users and their permissions and restore to another Elasticsearch domain.