2 個答案
- 最新
- 最多得票
- 最多評論
2
I have created a role (TheSnapshotRole) and then logged into the opensearch dashboard -> security -> internal users -> (my admin user) -> Backend roles and added the TheSnapshotRole for the.
TheSnapshotRole is not to be assigned to the opensearch admin user. There are some subtle differences between opensearch user and AWS IAM user and policy assignments which sometimes creates confusion :)
Using this document as reference:
- You have created TheSnapshotRole which is fine (IAM role row in Prereq section)
- Assign the policies mentioned in the Permissions row of the Prereq section of the document to an non-admin IAM user. Better to create an IAM user specific for this purpose on the basis of providing least privileges since it would be used in the next step. (The document states you can use a role ARN also but I have not tried that so I stick with recommending IAM user)
- Specify this IAM user's ARN (user created in previous step) in Opensearch dashboard -> security -> Roles -> manage_snapshots -> Mapped users -> Manage Mapping -> Users section.
- Make necessary substitutions to the python script and run the script with AWS creds of IAM user created in previous step to register the S3 repository
- You have an admin Opensearch user which you use to login to Opensearch dashboard and manage creation of snapshots (actuals backups) but this user to not user to create the S3 repository for snapshots
--Syd
已回答 2 年前
0
Thanks a lot, Im lucky to find this post !
The 3. point is important, paste the ARN "arn:aws:iam::90****:user/***" as user succeeded, failed by using internal username.
已回答 4 個月前
相關內容
- AWS 官方已更新 2 年前
- AWS 官方已更新 3 年前
- AWS 官方已更新 2 年前
- AWS 官方已更新 2 年前