An error occurs when using "terraform plan" on AWS Opensearch. "Error: HTTP 403 Forbidden: Permission denied."

Question

I'm trying to set up AWS Opensearch Service using the "opensearch-project/opensearch" provider. However, I am having trouble with the following error. Do you know the cause?

Error: HTTP 403 Forbidden: Permission denied. Please ensure that the correct credentials are being used to access the cluster.

terraform {
  required_version = "~> 1.7.0"
  required_providers {
    opensearch = {
      source  = "opensearch-project/opensearch"
      version = "~> 2.2.0"
    }
  }

  cloud {
    organization = "my_org"
    hostname     = "app.terraform.io"
    workspaces {
      name = "my_workspace"
    }
  }
}

provider "opensearch" {
  aws_region = "ap-notheast-1"
  url        = "https://my-opensearch.ap-northeast-1.es.amazon.com"
  healthcheck       = false
  sign_aws_requests = true

  aws_access_key = "AKIAXXXXXXXXXXXXXXXX"
  aws_secret_key = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
}

• I had the same result even if I changed from using Terraform Cloud to local.
• The IAM user has Administrator privileges.
• I tried changing aws_access_key and aws_secret_key to an environment variable, but the result was the same.

Answer 1

This problem is resolved. The cause is that "Enable fine-grained access control" is enabled but no ISM user is registered. An internal user database was configured. I will write the steps to solve the problem below.

1. Log in to the AWS console and go to the domain details screen.
2. Click the edit button on the Security tab.
3. Select "IAM ARN as master user" and set the ARN of the user you are trying to use with OpenSearch.
4. Save.