I’m trying to setup an s3 bucket snapshot repository, using IAM roles to allow access to the bucket. I am unable to get the repository setup to complete, it gives this error:
"reason" : "sdk_client_exception: Unable to load AWS credentials from any provider in the chain: [EnvironmentVariableCredentialsProvider: Unable to load AWS credentials from environment variables (AWS_ACCESS_KEY_ID (or AWS_ACCESS_KEY) and AWS_SECRET_KEY (or AWS_SECRET_ACCESS_KEY)), SystemPropertiesCredentialsProvider: Unable to load AWS credentials from Java system properties (aws.accessKeyId and aws.secretKey), WebIdentityTokenCredentialsProvider: You must specify a value for roleArn and roleSessionName, com.amazonaws.auth.profile.ProfileCredentialsProvider@6669063f: access denied (\"java.io.FilePermission\" \"/usr/share/opensearch/.aws/credentials\" \"read\"), com.amazonaws.auth.EC2ContainerCredentialsProviderWrapper@2ab72ee2: Failed to connect to service endpoint: ]"
I have added the Role ARN and Role Session Name in multiple ways, environment variables, in the opensearch keystore, defining the role in the request to create the repository, etc.
No matter how I define the role information, I keep getting the same error, and the repository setup will not complete.
Any ideas what I might be missing to get this to work? The opensearch cluster is running on AWS ECS.