I’m trying to use this terraform provider to setup opensearch and dashboards, for things that AWS terraform will not manage (Index live cycle, users, groups, index templates)
phillbaker/terraform-provider-elasticsearch
I have a test aws opensearch cluster, with a kibana/dashboards where i enabled SAML (otka). I can login using the browser without any problem, after the okta external authentication is done. I also have a basic authentication admin user
Now i added in to the terraform this:
provider “elasticsearch” {
url = “https://vpc-logs-staging-xxxx-eu-central-1.es.amazonaws.com”
kibana_url = “(same as above)/_dashboards” (change the url to bypass 2 links limit)
username = “admin”
password = “XXXX”
healthcheck = false
sniff = false
}
The plan always work fine, and I can change the opensearch cluster config, but all kibana related changes (eg: terraform apply) i hit this error:
elasticsearch_opensearch_ism_policy.warm-cleanup: Creating…
╷
provider.terraform-provider-elasticsearch_v2.0.1: 2022/05/17 04:45:44 [INFO] Pinging url to determine version (same url as above) (change url to bypass 2 links limit)
│ Error: HTTP 403 Forbidden: Permission denied. Please ensure that the correct credentials are being used to access the cluster.
So looks like pinging kibana fails, where i assumed it would work, as i have the user+password for basic auth
So any hint how to solve this? any way for terraform to bypass SAML and use the basic authentication? maybe some policy?
Thanks for any help
Best regards
higuita