Hi everyone,
I am trying out ElasticSearch on AWS and ran into the following error while trying to access the provided Kabana endpoint:
{"Message":"User: anonymous is not authorized to perform: es:ESHttpGet"}
This turned out to be pretty simply, I just needed to whitelist my IP. Go to your search domain in the aws console, click access and finally select “Modify access policy”:
Then all you need to do is add another statement that gives your current ip access:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": [
"es:ESHttp*"
],
"Condition": {
"IpAddress": {
"aws:SourceIp": [
"192.0.2.0/24"
]
}
},
"Resource": "arn:aws:es:us-west-1:987654321098:domain/test-domain/*"
}
]
}
Feel free to comment below if you hit any issues, but I also found the following links pretty helpful:
https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/es-ac.html#es-ac-types-ip
https://aws.amazon.com/premiumsupport/knowledge-center/anonymous-not-authorized-elasticsearch/
What I Broke - Programming and Web Development 
go to domain > security config > scroll down to Access policy > choose this option Only use fine-grained access control .
fine grain access is your username and password when you will log on to this opensearch domain.
OR you can choose Configure domain level access policy and then below you have to allow your source ip like above a json is written
LikeLike