bedrock-claude-chat
bedrock-claude-chat copied to clipboard
Published
20 hours ago •
aws-samples
aws-samples
[BUG] OpenSearch dashboards is not accesible for console user
🚨 Please Note 🚨
To ensure efficient investigation of the issue, please fill out the fields below with as much detail as possible. Reports that do not follow this template may be closed without notification. We appreciate your cooperation.
Describe the bug
With Bedrock Knowledge Bases on custom bot, users can't access OpenSearch dashboard although user has AdministratorAccess.
There are no data access control granted to IAM Roles or Users used by human. It might be a good idea to be able to configurable the OpenSearch dashboard administrator role or user in cdk.json.
To Reproduce
Steps to reproduce the behavior:
- Create custom bot with knowledges
- Go to OpneSearch Serverless collection page on AWS Management Console
- Click on 'dashboard' link
- See error
Screenshots
Additional context
Add any other context about the problem here.
CDK Reference:
const ADMIN_ROLE_ARN = "arn:aws:iam::1234567890:role/Admin";
const dataAccessManagementConsolePolicy = new oss.CfnAccessPolicy(
this,
"DataAccessManagementConsolePolicy",
{
name: `${DATA_ACCESS_POLICY}-man`,
type: "data",
description: `Data access policy for ${COLLECTION_NAME} collection from management console..`,
policy: `
[
{
"Rules": [
{
"ResourceType": "collection",
"Resource": ["collection/${COLLECTION_NAME}"],
"Permission": [
"aoss:CreateCollectionItems",
"aoss:DescribeCollectionItems",
"aoss:DeleteCollectionItems",
"aoss:UpdateCollectionItems"
]
},
{
"ResourceType": "index",
"Resource": ["index/${COLLECTION_NAME}/*"],
"Permission": [
"aoss:CreateIndex",
"aoss:DeleteIndex",
"aoss:UpdateIndex",
"aoss:DescribeIndex",
"aoss:ReadDocument",
"aoss:WriteDocument"
]
}
],
"Principal": [
"${ADMIN_ROLE_ARN}"
]
}
]
`,
}
);
Need to consider that Admin role exists.
