My issue may be more related to AWS than OpenSearch, I figured I would post here as a starting point in case anyone could help me but if there’s a better place to ask about my issue please let me know.
I’m using Amazon’s OpenSearch service in AWS and have set up Amazon SNS as a Destination for alerts. I have set up the SNS topic and permissions properly, and set up the role for the SNS destination in OpenSearch per this link: Configuring alerts in Amazon OpenSearch Service - Amazon OpenSearch Service which I called “test-OpenSearch-Role”, but when the trigger activates and tries to send an alert I get the following error in the alert:
“Error: Failed running action: User: arn:aws:sts::xxxxxxxxxxxx:assumed-role/cp-sts-grant-role/swift-us-west-2-prod-xxxxxxxxxxxx is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::xxxxxxxxxxxx:role/Test-OpenSearch-Role (Service: AWSSecurityTokenService; Status Code: 403; Error Code: AccessDenied; Request ID: 78e679a3-7373-4fe8-b1c1-a9b5d0d9dcda; Proxy: null)”
I’m not sure what this “User: arn:aws:sts::xxxxxxxxxxxx:assumed-role/cp-sts-grant-role/swift-us-west-2-prod-xxxxxxxxxxxx” is and I haven’t been able to get it to obtain the permissions in the “test-OpenSearch-Role” to publish to SNS. I’m not very experienced when it comes to AWS inline policies for roles but here is the JSON of the test-OpenSearch-Role:
{
“Version”: “2012-10-17”,
“Statement”: [
{
“Effect”: “Allow”,
“Action”: “sts:AssumeRole”,
“Resource”: “"
},
{
“Effect”: “Allow”,
“Action”: “sns:Publish”,
“Resource”: "”
}
]
}
Any help would be much appreciated.