Explore Courses Blog Tutorials Interview Questions
0 votes
in AWS by (19.1k points)

I am trying to create an AWS lambda using c# to access AWS ElasticSerch service. I have created a role that my lambda function is configured to use which has access to ElasticSeach. But the permission doesn't seem to be working.

Here is my setup:

  1. I have created an access policy with Reading and Write access to ES service.image
  2. Created a role and assigned above policy
  3. I have granted permissions to this role, to my ES cluster.


  "Version": "2012-10-17",

  "Statement": [


      "Effect": "Allow",

      "Principal": {

        "AWS": "arn:aws:iam::XXXXXXXXXXX:role/lambda-es-role"


      "Action": "es:*",

      "Resource": "arn:aws:es:us-west-2:XXXXXXXXXXXXXx:domain/es-test-es/*"




I have a simple code in a lambda to see if I can connect to it.

public async Task<string> FunctionHandler()


        HttpClient client = new HttpClient();

        var response = await client.GetStringAsync("");

        return response;


This gives me a 403 Forbidden error. I even tried setting a trust relationship with for the role. That also did not work.

If I make the ES cluster public, I can see the response.

Will this method work with Lambda? Am I missing some permissions?

1 Answer

0 votes
by (44.4k points)

You have to sign your request with signature 4 for this to work. Check this out:

Related questions

Want to get 50% Hike on your Salary?

Learn how we helped 50,000+ professionals like you !

Browse Categories