Amazon ElasticSearcch access issue

Question

I have a domain: domain1 and trying to allow user1 to access it. This is the policy:

 {   "Version": "2012-10-17",   "Statement": [
     {
       "Effect": "Allow",
       "Principal": {
         "AWS": "arn:aws:iam::340539148951:user/user1"
       },
       "Action": "es:*",
       "Resource": "arn:aws:es:us-east-1:340539148951:domain/domain1/*"
     }   ] }

When the user1 tries logs in the Console and tries to go to ElasticSearch content, he gets this error:

ListDomainNames: {"Message":"User: arn:aws:iam::340539148951:user/user1 is not authorized to perform: es:ListDomainNames on resource: arn:aws:es:us-east-1:340539148951:domain/*"}

So the question is where do I set this? At the user level? What would the policy be?

Dima.

IMHO IMHO · Accepted Answer · 2017-08-30T11:58:42

{
"Version": "2012-10-17",
"Statement": [
    {
        "Sid": "Stmt1504015454000",
        "Effect": "Allow",
        "Action": [
            "es:*"
        ],
        "Resource": [
            "arn:aws:es:us-east-1:340539148951:domain/*"
        ]
    }
]

}

Probably too much es:* - but it worked

Amazon ElasticSearcch access issue

1 Answers