0

I have elastic-search domain placed inside a VPC. I am able to connect to the domain from VPC with no issues. But for more security, I want authentication to be username:password based. I am using using elasticsearch-dsl to make the connection. Any idea how to setup a username and password based connection to the domain?

I tried updating the domain config, in order to set MasterUser and MasterPassword(Not sure if the right process).

aws es update-elasticsearch-domain-config --domain-name test-domain --advanced-security-options Enabled=true,InternalUserDatabaseEnabled=true

I get this error:

An error occurred (BaseException) when calling the UpdateElasticsearchDomainConfig operation: You don't have permissions to enable Advanced Security options.

Is this the right thing to do? If not, How can we enable password based authentication?

Nate
  • 10,361
  • 3
  • 33
  • 40
Pramay Nikhade
  • 25
  • 1
  • 10

1 Answers1

0

An error occurred (BaseException) when calling the UpdateElasticsearchDomainConfig operation: You don't have permissions to enable Advanced Security options.

The above error you are getting indicates you don't have the permissions to update the advanced security configuration. You need to use the master user credentials when calling the update api.

Refer to the documentation here to get more info on master user: https://docs.aws.amazon.com/opensearch-service/latest/developerguide/fgac.html

Dhiresh Jain
  • 464
  • 5
  • 15
  • That was the thing, the existing domain had no master user. I wanted to create one. the option in UI is not available for version 6.7. Nonetheless, We went ahead with role-based policy. Normal curl don't work from the instance if you want to access the domain. We need to make AWS signed requests from the code using their SDK. – Pramay Nikhade Dec 02 '21 at 09:30