1

I am trying to change the elastic search access policy through lambda function using node js currently access policy looks like bellow

{
  "Version": "2012-10-17",
  "Statement": [
  {
   "Effect": "Allow",
   "Principal": {
     "AWS": "*"
   },
   "Action": "es:*",
   "Resource": "arn:aws:es:us-east-1:XXXX:domain/YYY/*"
 }
]
}

the code which i have tried in lambda 

var params = {
     DomainName: 'YYYY'
};
const es = new AWS.ES();
es.upgradeElasticsearchDomain(params, function(err, data) {
    if (err) console.log(err, err.stack); // an error occurred
    else     console.log(data);           // successful response
});

this always throw error is not authorized to perform: es:UpdateElasticsearchDomainConfig on resource with error code "code": "AccessDeniedException",

in the param i will add AccessPolicies this is same as the policy added in my question but the Effect will be Deny

Shibon
  • 1,552
  • 2
  • 9
  • 20

1 Answers1

1

After discussing it further with the OP, it turned out it was the lack of permissions on the IAM role attached to the Lambda function.

For others facing the same issue, make sure to attach ESFullAccess to the Lambda function that is playing with ElasticSearch.

To do so, go to IAM -> Roles and select the role attached to your Lambda function.

Click on attach policies and attach ESFullAccess, like the image below:

enter image description here

Thales Minussi
  • 6,965
  • 1
  • 30
  • 48