AWS Opensearch authentication failure #624
Comments
|
UPD: If I run exporter on ec2 with IAM role attached, it works as expected. |
|
@symmetriac Is your problem resolved? I'm not sure I understand the original problem, but your last comment makes it sound like the problem has been resolved. If not, please re-open with some more context if possible. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
We have AWS Opensearch cluster 1.3 and elasticsearch exporter running in EKS cluster with irsa role.
In Opensearch we have role with needed permissions and mapping for the irsa role.
Elasticsearch exporter running with
--aws-regionoption so it uses the AWS_WEB_IDENTITY_TOKEN_FILE for authentication.It's all works well and we see a metrics in grafana and no errors in exporter logs, but after 1 hour it starts to show 403 error code in logs.
In Opensearch audit logs for the exporter requests we can see that it doesn't use irsa role arn anymore:
After exporter pod restarting errors are gone and metrics available again, but the issue reoccurs after 1 hour.
The text was updated successfully, but these errors were encountered: