I am trying to connect to OpenSearchService via Java SDK deployed on EC2 instance. I have tried setting the credentials via aws configure but I am getting the following error message:
Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception [Request processing failed: org.opensearch.client.opensearch._types.OpenSearchException: Request failed: [security_exception] authentication/authorization failure] with root cause
org.opensearch.client.opensearch._types.OpenSearchException: Request failed: [security_exception] authentication/authorization failure
Here is the output of my aws configure list:
Name Value Type Location
---- ----- ---- --------
profile <not set> None None
access_key ****************2Y4Y shared-credentials-file
secret_key ****************NjjN shared-credentials-file
region ap-south-1 config-file ~/.aws/config
My client is set up as follows:
@Bean
public OpenSearchClient getClient() {
SdkHttpClient httpClient = ApacheHttpClient.builder().build();
return new OpenSearchClient(
new AwsSdk2Transport(
httpClient,
host,
region,
AwsSdk2TransportOptions.builder().build()));
}
I am able to connect to the opensearch service from my local machine but for some reason I am not able to connect to it via the EC2 instance.
Fine grain access control is also enabled on my domain and I am using the domain level access policy which looks something like this:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "es:*",
"Resource": "arn:aws:es:ap-south-1:************:domain/opensearch-domain/*"
}
]
}
