Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Message":"User: anonymous is not authorized to perform: iam:PassRole

Tags:

amazon-web-services

amazon-s3

elasticsearch

I am following below link for "Use Amazon S3 to Store a Single Amazon Elasticsearch Service Index"
https://aws.amazon.com/blogs/database/use-amazon-s3-to-store-a-single-amazon-elasticsearch-service-index/

When I am trying 

curl -XPUT 'http://localhost:9200/_snapshot/snapshot-repository' -d'{
    "type": "s3",
    "settings": {
        "bucket": "es-s3-repository",
        "region": "us-west-2",
        "role_arn": "arn:aws:iam::123456789012:role/es-s3-repository"
    }
}'

with update bucket, region and role_arn, but I am getting below error

{"Message":"User: anonymous is not authorized to perform: iam:PassRole on resource: arn:aws:iam...}

enter image description here

To resolve this issue, I followed this link https://aws.amazon.com/premiumsupport/knowledge-center/anonymous-not-authorized-elasticsearch/ also. but still It is not working.

like image 205
deepak singla Avatar asked Aug 15 '18 11:08

deepak singla

People also ask

Is not authorized to perform IAM PassRole on?

If you receive an error that you're not authorized to perform the iam:PassRole action, your policies must be updated to allow you to pass a role to Resource Groups. Some AWS services allow you to pass an existing role to that service instead of creating a new service role or service-linked role.

What is IAM PassRole permission?

An IAM permissions policy attached to the IAM user that allows the user to pass only those approved roles. You usually add iam:GetRole to iam:PassRole so the user can get the details of the role to be passed.

Is not authorized to perform IAM Createrole on?

Go to IAM dashboard. Select Users menu from the left hand side menu. Select the user you want to provide the permission. Select the permissions tab and click on Add Permissions button.

Is not authorized to perform AWS?

If the AWS Management Console tells you that you're not authorized to perform an action, then you must contact your administrator for assistance. Your administrator is the person that provided you with your user name and password.

1 Answers

You need to sign your requests to AWS Elasticsearch. The blog post that you linked describes using a proxy server to create the signature, did you do that?

As an alternative to using such a proxy server with curl, you can make the requests from a program. In the AWS Elasticsearch docs give you an example in Python, with a link to a Java client.

like image 61
guest Avatar answered Nov 17 '22 00:11

guest
Sign in to Comment

Related questions

Can't add s3 notification for lambda using boto3
Kubernetes: How to change the default timeout of 60 sec of the AWS Load Balancer when exposing a service?
AWS API Gateway authentication error IncompleteSignatureException using JWT with Auth0
How should i get aws region names using regions
AWS S3 GET request fallback to a different virtual folder
s3.getSignedUrl ResponseContentDisposition parameter not working
Connect ElastiCache to Elastic Beanstalk Instance
Ubuntu: Could not enable service cfn-hup
How do AWS Lambda instances scale?
Is it possible to combine AWS CodeBuild and CodePipeline to build described CI workflow?
AWS: Mount S3 Bucket to an EC2 instance. (Later FTP Tunneling)
How to change phone_number format upon creation of a AWS Cognito User Pool?
How to get size of all files in an S3 bucket with versioning?
How to create a SECRET_HASH for AWS Cognito using boto3?
Add a role to an AWS Cognito Identity Pool via Cloudformation
AWS SAM Local vs Localstack
Tell CloudFront to only cache 200 response codes
need help to install php 7.2 yum packages on aws ec2
VPN clients to resolve private DNS hostnames in AWS [closed]
Migrating Firebase users to AWS Cognito

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!