Search code examples
amazon-web-servicesamazon-cognitoamazon-elasticsearch

Sorry! Something went wrong during authentication between Kibana and Amazon Cognito

I'm using AWS ElasticSearch with Cognito and getting the following error when trying to login

Sorry! Something went wrong during authentication between Kibana and Amazon Cognito. What happened? User: x:x:x::xx:x is not authorized to perform: es:ESHttpGet

My AWS ES cluster access policy looks like 

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::xxxxxxxxx:role/service-role/CognitoAccessForAmazonES"
      },
      "Action": "es:ESHttp*",
      "Resource": "arn:aws:es:xxxxxxx:xxxxxxx:domain/elastic-blah/*",
      "Condition": {
        "IpAddress": {
          "aws:SourceIp": "xx.xx.xx.xx/32"
        }
      }
    }
  ]
}
Solution

  • A possible issue as described in this link. Ensure the authenticated role has appropriate permissions to access your ES domain.

    The Amazon Cognito authenticated role needs es:ESHttp* permissions for the domain (/*) to access and use Kibana. Check that you added an access policy as specified in Allowing the Authenticated Role.