while creating index or searching document in AWS opensearch serverless collection from node.js project, it throws error as "User don't have permission for requested resource"Error image
This is my iam permission
I attempt to index the document using the sample code in AWS OpenSearch Serverless Documentation. I was hoping to look for a indexing that certain document in a opensearch Serverless collection.
Related
Is there any easy way to identify the AWS resource that does not support creating the tag using cloud formation and only allows it from AWS CLI?
I created an Elastic Search cluster on AWS and I need to configure access control. I have an Amplify app that has a custom Lambda which will verify the incoming request based on user and cross check in Cognito if that user exists. Then only fetch documents from ES cluster that match a specific field name for this specific user. I saw there is configuration available when launching ES cluster in management console like Amazon Cognito authentication. Is that what I need, or do I need Custom access policy or JSON defined access policy? I dont want public access to ES.
I have been using AWS toolkit for intellij for a while now, it was working fine, I was able to create and update lambdas until now. No changes were done on IAM Roles or access keys, in fact it's able to display the lambda functions in AWS Explorer, but It's unable to load S3 buckets. Without loading S3 buckets I won't be able to publish or update lambdas.
I am using AWS Amplify in a React Native App. I set up my userpool with a domain via the console (https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-assign-domain-prefix.html), but have to manually remove and re-install it every time I make a chance to the backend\auth\poolname-cloudformation-template.yml.
Is there a CloudFormation setting that would allow me to set it up through there?
Thanks!
This has been added to CloudFormation:
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpooldomain.html
Unfortunately, there is no Cloud Formation setting that allows to create an Amazon Cognito Domain. One work around for this is to create a Custom Cloud Formation resource backed by a Lambda and then creating the domain in Lambda through Boto 3.
I am new to AWS infra and currently doing some POC/Feasibility for new work.
So I have created a S3 bucket in Ireland server, train and publish Sagemaker endpoint in Ireland server and its giving result in Jupyter notebook there. Now I want to use that endpoint in my browser javascript library to show some graphics. When I try to test my endpoint in Postman then its giving region specific error
{
"message": "Credential should be scoped to a valid region, not 'us-east-1'.
Credential should be scoped to correct service: 'sagemaker'. "
}
My AWS account is not yet enterprise managed so I am using as 'root user', Whenever I go to my profile>Security_Credential page and generate any security credential then it always create for 'us-east-1' region, As Sagemaker is region specific service, I am not able to find the way to create region specific security key for root user, can someone please help
You should create an IAM role first that defines what should be permitted (mainly calling the invoke-endpoint API call for SageMaker runtime). Then you should create an IAM user, add the above role to that user, and then generate credentials that you can use in your Postman to call the service. Here you can find some details about the IAM role for SageMaker that you can use in this process: https://docs.aws.amazon.com/sagemaker/latest/dg/using-identity-based-policies.html
A popular option to achieve external access to a SageMaker endpoint, is to create an API Gateway that calls a Lambda Function that is then calling the invoke-endpoint API. This chain is giving you various options such as different authentication options for the users and API keys as part of API-GW, processing the user input and inference output using API-GW and Lambda code, and giving the permission to call the SageMaker endpoint to the Lambda function. This chain removes the need for the credentials creation, update and distribution.