Shared / Cross-Acccount S3 repository for snapshots - Access Denied

Hi!

We want that our test elasticsearch cluster is able to restore snapshots from our live elasticsearch.
This worked fine in the past when we had one AWS account but now the clusters are in different AWS accounts for security reasons.
Both clusters run on version 5.4.2.

But once we want to list or restore the snapshots we get an "Access Denied" error.

{
    "error": {
        "root_cause": [
            {
                "type": "amazon_s3_exception",
                "reason": "Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; Request ID: CDF4B9B4438384B5)"
            }
        ],
        "type": "amazon_s3_exception",
        "reason": "Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; Request ID: CDF4B9B4438384B5)"
    },
    "status": 500
}

Adding the repository worked (it doesn't when we change the permissions).
Listing, adding, reading and deleting objects from this s3 bucket works using the aws s3 commands.

Thanks in advance for the help!

We fixed it by specifying AWS credentials when the snapshot repository on the test cluster is added.

We found the solution on the following page (look for "Elasticsearch setup backup Repository with AWS User credentials")

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.