403: Request Signature Does Not Match Using Min.io

Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):

  • 2.5

Describe the issue:

I’m attempting to connect OpenSearch to Min.io so that I could save index snapshots to an object-based on-prem storage. When I attempt to create the S3 repository, I receive access denied errors because the Min.io response does not match the S3 signature.


I created the OpenSearch cluster using the OpenSearch helm chart with the following secret and values.yml

- name: Deploy OpenSearch Minio Secrets
    state: present
      apiVersion: v1
      kind: Secret
        name: opensearch-storage-secrets
        namespace: opensearch
        s3.client.default.access_key: "{{ 'opensearch' | b64encode }}"
        s3.client.default.secret_key: "{{ 'p@$$w0rd!' | b64encode }}"  
replicas: 1
minimumMasterNodes: 0
  opensearch.yml: |
      endpoint: "http://storage-minio.opensearch:9000"
      protocol: http
      path_style_access: true
- secretName: opensearch-storage-secrets

The Min.io user is configured with a service account opensearch:p@$$w0rd!.
When I check the min.io access, I could see that the S3 endpoint was hit and that a 403 was sent back to OpenSearch.

My service account has the following policy:

 "Version": "2012-10-17",
 "Statement": [
   "Effect": "Allow",
   "Action": [
   "Resource": [
   "Effect": "Allow",
   "Action": [
   "Resource": [

I’ve attached documentation and screenshots for context.

Relevant Documentation:

Relevant Logs or Screenshots:

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.