Error encountered in OpenSearch Pipeline
I am getting this error in a pipeline , per the CW logs I see
2024-04-18T14:34:25.809 [waf-access-log-pipeline-sink-worker-2-thread-1] WARN org.opensearch.dataprepper.plugins.sink.opensearch.OpenSearchSink - Failed to initialize OpenSearch sink with a retryable exception. org.opensearch.client.opensearch._types.OpenSearchException: Request failed: [security_exception] no permissions for [cluster:monitor/state] and User [name=arn:aws:iam::329243463654:role/osiPipelineRole, backend_roles=[arn:aws:iam::329243463654:role/osiPipelineRole], requestedTenant=null]
per the documentation I granted the specific role the trust relationship(below) and I also added the osis:* and es:* permissions as to my role in my account, what could I be missing?
Thanks in advance
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "osis-pipelines.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
- Newest
- Most votes
- Most comments
Hello,
It looks like your domain was enabled Fine-grained access control feature. [+] https://docs.aws.amazon.com/opensearch-service/latest/developerguide/fgac.html
In that case, you need to map users or backend role using following document. [+] Fine-grained access control in Amazon OpenSearch Service - Mapping roles to users - https://docs.aws.amazon.com/opensearch-service/latest/developerguide/fgac.html#fgac-mapping
In your case, you need to map arn:aws:iam::329243463654:role/osiPipelineRole to backend role.
I hope above information helps.
Relevant content
- asked a month ago
AWS OFFICIALUpdated a year ago- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 9 months ago
- AWS OFFICIALUpdated 2 months ago
