Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
Using AWS Opensearch service (engine - Opensearch 2.5 )
Describe the issue:
Connected to AWS Opensearch dashboard url (present inside VPC) via tunneling and created internal user, role and mapped internal user to the role with permission at index level (index_all) and cluster level access (cluster_monitor) on the specified index pattern (indexname)
Getting 403 forbidden when trying to use an internal user (to create index / access alias) that is mapped to a role with a restrictive index pattern .
Please note this error goes away when index pattern is set to * (open ended)
Configuration:
Relevant Logs or Screenshots:
Application logs
- Component service:org.XXX.opensearch.OpenSearchComponent notification of application started failed: org.opensearch.client.ResponseException: method [HEAD], host [https://yyyyy.us-east-1.es.amazonaws.com:443], URI [/_alias/indexname], status line [HTTP/1.1 403 Forbidden]