Reputation: 7244
Access CloudSearch from API Gateway only
I would like to access CloudSearch only from API Gateway, because I don't like the idea of having public access to my CloudSearch endpoint. I tried adding an access policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::*********:user/admin"
},
"Action": [
"cloudsearch:search",
"cloudsearch:suggest"
]
}
]
}
When I try to access the CloudSearch endpoint from my browser I get User: anonymous is not authorized to perform: cloudsearch:search.
API Gateway gets "Request forbidden by administrative rules".
My API Gateway endpoint is HTTP GET and the URI is set to my cloudsearch endpoint. Am I doing things correctly? How do people set this up usually, it's my first time using both services. I'm using CloudSearch for an autocomplete input field on a website.
Upvotes: 0
Views: 342
Answers (1)
Reputation: 164
You also need to setup the Trust Relationship on your IAM role that API Gateway is using, otherwise it will not be able to assume the role. Check the docs here under 'Prerequisites'
{
"Version": "2012-10-17",
"Statement": [{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": "apigateway.amazonaws.com"
},
"Action": "sts:AssumeRole"
}]
}
Also make sure you enable CORS in your API or that can throw an error as well.
Upvotes: 0
Related Questions
- Accessing Kibana of AWS ElasticSearch by Gateway using AWS IAM
- AWS API Gateway with ECS
- Cannot query AWS API Gateway using API Key and CORs
- Access API Gateway from EC2
- AWS API Gateway with EC2
- Auth between AWS API Gateway and Elastic Cloud hosted Elasticsearch
- Connect to ElastiCache cluster using Api Gateway
- AWS API Gateway make single endpoint publicly available
- Cloudsearch via API Gateway not returning results, issue with URL encoding?
- AWS API-Gateway GET Method Parameter Mapping