Closed juanma-cvega closed 1 year ago
Hello please see https://github.com/phillbaker/terraform-provider-elasticsearch/issues/217, cognito is not a valid way to authenticate to the underlying Elasticsearch/Opensearch cluster, you need to use IAM credentials. That's a limitation of AWS, not this provide, so I'm going to close this issue.
Hi,
I'm currently just creating an OpenSearch cluster (v1.3) on AWS using the AWS provider. The cluster is configured to use Cognito as identity provider and I use the domain access policy to grant access to users to the dashboard and the API (through the dashboard). So far, I've configured it without any fine grain access control and it works without issues. Now, I'm trying to use your provider to create an index state management policy. I've liked to do it using a Cognito user credentials but I always get a 403 error. The steps I've taken so far:
I've tried creating both an IAM user and an internal database user and both work fine once the domain access policy is adapted. But I would like to avoid having to use an extra user just for Terraform. Am I missing something? Maybe this cannot be done through an identity provider user.
This is the configuration I use for the provider: