[BUG] Amazon SNS Learn more link not work

[Hailong-am]

What is the bug?
Learn more link does not point to right place

How can one reproduce the bug?
Steps to reproduce the behavior:

1. Go to 'Notifications'
2. Click on 'Create Channel'
3. Select Amazon SNS as channel type
4. Click Learn more

What is the expected behavior?

What is your host/environment?

• OS: MacOS
• Version 2.6
• Plugins

Do you have any screenshots?
If applicable, add screenshots to help explain your problem.

Do you have any additional context?
Add any other context about the problem.

[markdboyd]

The link is broken because there's no value being set in the variable used for its URL: https://github.com/opensearch-project/dashboards-notifications/blob/main/public/utils/constants.ts#L6

I would fix it, but I don't know what the correct URL is. In fact, I'm having a lot of difficulty finding documentation anywhere about how to configure Opensearch to use AWS credentials when not running on AWS

[Hailong-am]

The link is broken because there's no value being set in the variable used for its URL: https://github.com/opensearch-project/dashboards-notifications/blob/main/public/utils/constants.ts#L6

I would fix it, but I don't know what the correct URL is. In fact, I'm having a lot of difficulty finding documentation anywhere about how to configure Opensearch to use AWS credentials when not running on AWS

thanks for looking into this, have you looking at this doc for setup permission https://opensearch.org/docs/latest/observing-your-data/notifications/index/#amazon-sns-as-a-channel-type

[markdboyd]

@Hailong-am I have seen that document, but I don't quite understand it.

Whether you configure the SNS topic to allow anyone to do sns:Publish or whether you restrict it to a specific IAM role, in either case you need some way to provide IAM credentials (access key ID/secret key) to Opensearch, correct? For example, in order to do the assume role approach, you need to have credentials for an IAM principal that can assume the role in the first place.

And I couldn't find where one configures Opensearch with AWS credentials for requests to AWS resources.

So either I'm not understanding how this works or there is some documentation missing.

[Hailong-am]

@Hailong-am I have seen that document, but I don't quite understand it.

Whether you configure the SNS topic to allow anyone to do sns:Publish or whether you restrict it to a specific IAM role, in either case you need some way to provide IAM credentials (access key ID/secret key) to Opensearch, correct? For example, in order to do the assume role approach, you need to have credentials for an IAM principal that can assume the role in the first place.

And I couldn't find where one configures Opensearch with AWS credentials for requests to AWS resources.

So either I'm not understanding how this works or there is some documentation missing.

@markdboyd The default AWSCredentialProvider searching credentials from below locations

• Environment Variables - AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY (RECOMMENDED since they are recognized by all the AWS SDKs and CLI except for .NET), or AWS_ACCESS_KEY and AWS_SECRET_KEY (only recognized by Java SDK)
• Java System Properties - aws.accessKeyId and aws.secretKey
• Web Identity Token credentials from the environment or container
• Credential profiles file at the default location (~/.aws/credentials) shared by all AWS SDKs and the AWS CLI
• Credentials delivered through the Amazon EC2 container service if AWS_CONTAINER_CREDENTIALS_RELATIVE_URI" environment variable is set and security manager has permission to access the variable,
  Instance profile credentials delivered through the Amazon EC2 metadata service

[1]https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/auth/DefaultAWSCredentialsProviderChain.html

[Hailong-am]

Just for example of using docker-compose.yml, setup AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY in the environment, that will work

version: '3'
services:
  opensearch-node1:
    image: opensearchproject/opensearch:latest
    container_name: opensearch-node1
    environment:
      - cluster.name=opensearch-cluster
      - node.name=opensearch-node1
      - discovery.seed_hosts=opensearch-node1,opensearch-node2
      - cluster.initial_cluster_manager_nodes=opensearch-node1,opensearch-node2
      - AWS_ACCESS_KEY_ID=xxxx
      - AWS_SECRET_ACCESS_KEY=xxxxx
      - bootstrap.memory_lock=true # along with the memlock settings below, disables swapping
      - "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m" # minimum and maximum Java heap size, recommend setting both to 50% of system RAM

[InfiniteJas]

I want to work with this issues

[nishantb1]

I want to work on this issue