Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Message":"User: anonymous is not authorized to perform: iam:PassRole

I am following below link for "Use Amazon S3 to Store a Single Amazon Elasticsearch Service Index"
https://aws.amazon.com/blogs/database/use-amazon-s3-to-store-a-single-amazon-elasticsearch-service-index/

When I am trying

curl -XPUT 'http://localhost:9200/_snapshot/snapshot-repository' -d'{
    "type": "s3",
    "settings": {
        "bucket": "es-s3-repository",
        "region": "us-west-2",
        "role_arn": "arn:aws:iam::123456789012:role/es-s3-repository"
    }
}'

with update bucket, region and role_arn, but I am getting below error

{"Message":"User: anonymous is not authorized to perform: iam:PassRole on resource: arn:aws:iam...}

enter image description here

To resolve this issue, I followed this link https://aws.amazon.com/premiumsupport/knowledge-center/anonymous-not-authorized-elasticsearch/ also. but still It is not working.

like image 205
deepak singla Avatar asked Aug 15 '18 11:08

deepak singla


People also ask

Is not authorized to perform IAM PassRole on?

If you receive an error that you're not authorized to perform the iam:PassRole action, your policies must be updated to allow you to pass a role to Resource Groups. Some AWS services allow you to pass an existing role to that service instead of creating a new service role or service-linked role.

What is IAM PassRole permission?

An IAM permissions policy attached to the IAM user that allows the user to pass only those approved roles. You usually add iam:GetRole to iam:PassRole so the user can get the details of the role to be passed.

Is not authorized to perform IAM Createrole on?

Go to IAM dashboard. Select Users menu from the left hand side menu. Select the user you want to provide the permission. Select the permissions tab and click on Add Permissions button.

Is not authorized to perform AWS?

If the AWS Management Console tells you that you're not authorized to perform an action, then you must contact your administrator for assistance. Your administrator is the person that provided you with your user name and password.


1 Answers

You need to sign your requests to AWS Elasticsearch. The blog post that you linked describes using a proxy server to create the signature, did you do that?

As an alternative to using such a proxy server with curl, you can make the requests from a program. In the AWS Elasticsearch docs give you an example in Python, with a link to a Java client.

like image 61
guest Avatar answered Nov 17 '22 00:11

guest