I'm mainly using the AWS ES Service, where I can register a snapshot repository without problem.
However, one of our legacy applications are forced to use v1.7, so I have a EC2 instance with ES v1.7 running in a Docker container.
Works fine and I can register a S3 repo (and even create snapshots!). However, I had to use my private AWS keys to do this. AND, they (the keys) are showing up in the repo!!
For the AWS ES Service, I didn't have to do this..
curl -s -XPUT "http://localhost:9200/_snapshot/s3-backups" -d '{"type": "s3", "settings": { "bucket": "my_bucket", "base_path": "elasticsearch/my_directory", "region": "eu-west-1", "role_arn": "my_IAM_role_with_write_access_to_S3_bucket", "compress": "true", "server_side_encryption": "false", "access_key": "my_access_key", "secret_key": "my_secret_key"}}';echo
Without the access_key and secret_key options, I just get
{"error":"RepositoryVerificationException[[s3-backups] path [elasticsearch][my_directory] is not accessible on master node]; nested: IOException[Unable to upload object elasticsearch/my_directory/tests-1NgFmfZrRZuZcdf7ka77Jg-master due to AmazonS3Exception: Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; Request ID: 5049434C3433EDFA)]; ","status":500}
I've checked and double checked that the IAM role in question DO indeed have write access to the specific bucket and path.
I've also verified that the instance indeed have access to assume the role I've specified.
Am I missing something?