1

I created snaphots of indexes from AWS OpenSearch. It was done successfully. When I'm trying put these snapshots into S3, but getting error:

PUT /_snapshot/snapshots/4
{
  "type": "s3",
  "settings": {
    "bucket": "opensearch-snapshots",
    "region": "us-west-2",
    "role_arn": "arn:aws:iam::XXXXXXXXXXXXX:role/elastic-backups"
  }
}

error:

{
  "Message": "User: anonymous is not authorized to perform: iam:PassRole on resource: arn:aws:iam::XXXXXXXXXXXXX:role/elastic-backups because no resource-based policy allows the iam:PassRole action"
}

I have a role elastic-backups with trust relationship and attached policy:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "",
            "Effect": "Allow",
            "Principal": {
                "Service": "es.amazonaws.com"
            },
            "Action": "sts:AssumeRole"
        }
    ]
}

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "s3:ListBucket"
            ],
            "Effect": "Allow",
            "Resource": [
                "arn:aws:s3:::elastic-backups",
                "arn:aws:s3:::opensearch-snapshots"
            ]
        },
        {
            "Action": [
                "s3:GetObject",
                "s3:PutObject",
                "s3:DeleteObject",
                "iam:PassRole"
            ],
            "Effect": "Allow",
            "Resource": [
                "arn:aws:s3:::elastic-backups/*",
                "arn:aws:iam::XXXXXXXXXXXXX:role/elastic-backups",
                "arn:aws:s3:::opensearch-snapshots/*",
                "arn:aws:iam::XXXXXXXXXXXXX:role/opensearch-snapshots"
            ]
        }
    ]
}

How can I resolve this error? I read the documentation and done all steps, but without result.

Val
  • 207,596
  • 13
  • 358
  • 360
annn
  • 63
  • 5
  • Maybe dup of https://stackoverflow.com/questions/57949575/how-to-solve-the-error-messageuser-anonymous-is-not-authorized-to-perform – zangw May 24 '23 at 06:43

0 Answers0