I am trying to create an AWS lambda using c# to access AWS ElasticSerch service. I have created a role that my lambda function is configured to use which has access to ElasticSeach. But the permission doesn't seem to be working.
Here is my setup:
- I have created an access policy with Reading and Write access to ES service.
- Created a role and assigned above policy
- I have granted permissions to this role, to my ES cluster.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::XXXXXXXXXXX:role/lambda-es-role"
},
"Action": "es:*",
"Resource": "arn:aws:es:us-west-2:XXXXXXXXXXXXXx:domain/es-test-es/*"
}
]
}
I have a simple code in a lambda to see if I can connect to it.
public async Task<string> FunctionHandler()
{
HttpClient client = new HttpClient();
var response = await client.GetStringAsync("https://XXXXX.us-west-2.es.amazonaws.com/firstindex");
return response;
}
This gives me a 403 Forbidden error. I even tried setting a trust relationship with es.amazonaws.com for the role. That also did not work.
If I make the ES cluster public, I can see the response.
Will this method work with Lambda? Am I missing some permissions?