Received 403 from AWSAuth, invalidating credentials for retrial... /_bulk?timeout=1m; ; 403; 0.210s

[jbizzle3000]

Could someone provide guidance... My AWS creds are good for the role tied to the instance. The domain is in the same VPC and allows this role access. I've not seen the last line in the below snippet in any of the other issues. Any help or direction is more than appreciated. Trying to populate the index from a Nutch instance.

./aws-es-proxy-1.3-linux-386 -listen 0.0.0.0:9200 -endpoint https://vpc-webmgmtelasticsearch-secure2-fjsfnpigonh5xnw2d72qq52yma.us-east-1.es.amazonaws.com -verbose
INFO[2021-30-11 19:51:04] Listening on 0.0.0.0:9200...
INFO[2021-30-11 19:51:49] Using default credentials
INFO[2021-30-11 19:51:49] Generated fresh AWS Credentials object
ERRO[2021-30-11 19:51:49] Received 403 from AWSAuth, invalidating credentials for retrial
2021/11/30 19:51:49 -> POST; 10.60.x.x:37502; /_bulk?timeout=1m; ; 403; 0.210s

[kirstenmay]

Any updates on this, I am encountering the same issue

[mcrivar]

Getting the same error, got the following access policy applied on opensearch:

{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::<>:role/aws-es-proxy"
},
"Action": "es:",
"Resource": "arn:aws:es:us-east-1:<>:domain/test-domain"
}
]
}

Tried this first with a role, which has completely open.
Getting same error with providing AWS keys.

[mcrivar]

Actually, I was able to fix this now.
What needs to be done in addition to AWS Role/User configuration in AWS for the aws-es-proxy, is to add this role/user that is used with it to OpenSearch Roles as internal user/backend role with the ARN.