OpenSearch: [security_exception] authentication/authorization failure

Security
1

I have spring boot app deployed to AWS EKS, and an OpenSearch server on AWS, I’m getting this error when the java code below gets executed:

OpenSearch server:

Managed opensearch cluster,
version: 2.11,
VPC

Error:

  [security_exception] authentication/authorization failure
        at org.opensearch.client.transport.aws.AwsSdk2Transport.parseResponse(AwsSdk2Transport.java:54
1) ~[opensearch-java-2.22.0.jar!/:?]

Java code:

SdkHttpClient httpClient = ApacheHttpClient.builder().build();
    
    OpenSearchClient client = new OpenSearchClient(
        new AwsSdk2Transport(
            httpClient,
            "search-...us-west-2.es.amazonaws.com", // OpenSearch endpoint, without https://
            "es",
            Region.US_WEST_2, // signing service region
            AwsSdk2TransportOptions.builder().build()
        )
    );
    
    String indexName = "test-index";
    
    BooleanResponse booleanResponse = openSearchClient
                        .indices()
                        .exists(ExistsRequest.of(builder -> builder.index(List.of(indexName))));

Pom.xml:

    <dependency>
        <groupId>org.opensearch.client</groupId>
        <artifactId>opensearch-java</artifactId>
        <version>2.22.0</version>
    </dependency>
    <dependency>
        <groupId>org.opensearch.client</groupId>
        <artifactId>opensearch-rest-client</artifactId>
        <version>2.19.1</version>
    </dependency>

Access policy:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": "*",
      "Action": "es:*",
      "Resource": "arn:aws:es:us-west-2:987654321098:domain/my-domain/*"
    }
  ]
}
2

@MA1 Did you test authentication/authorization with awscurl?

 awscurl --service es --region us-west-2 --access_key <ACCESS_KEY> --secret_key <SECRET_ACCESS_KEY> <https://OpenSearch_Endpoint>

Does your IAM user has OpenSearch policy attached?

i.e.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "es:*",
            "Resource": "*"
        }
    ]
}