InvalidTypeException when attempting to set access policies through update_elasticsearch_domain_config
See original GitHub issueAnytime i try to update the access policies through update_elasticsearch_domain_config, i get the following error:
botocore.exceptions.ClientError: An error occurred (InvalidTypeException) when calling the UpdateElasticsearchDomainConfig operation: Error setting policy: [{"Sid":"fsasaafffff","Effect":"Allow","Principal":{"AWS":"*"},"Action":"es:*","Resource":"arn:aws:es:us-west-2:XXXXXXXXX:domain/int-XXXXXX-XXXXX/*"}]}}]
It isn’t the policy that seems to be the error, since i can set the exact same policy through awscli or the ui. Which leads me to believe i am passing it incorrectly somehow. I have tried every combination of storing it as a file, minified, unminifed, passing it in directly as a raw string, doing a json.dumps on it first, etc.
Issue Analytics
- State:
- Created 8 years ago
- Comments:20 (3 by maintainers)
For posterity I also had a similar issue and turned out I was referring to an IAM role that didn’t exist in the policy.
Not obvious at all from the “InvalidTypeException” exception message 😦
I can successfully execute
update_elasticsearch_domain_config
API from boto3 and CLI as follows.boto3
version : Boto3/1.2.5 Python/2.7.10 Darwin/15.3.0 Botocore/1.3.30
One thing to note is that you have to pass policy as strings not as JSON(dict).
AWS CLI