Querying from an OpenSearch cluster with Fine-grained access control (FGAC) enabled
If you have enabled fine-grained access control on your OpenSearch cluster, you need to enable IAM authentication in your Neptune database as well.
The IAM entity (User or Role) used for connecting to the Neptune database should have permissions both for Neptune and the OpenSearch cluster. This means that your user or role must have an OpenSearch Service policy like this attached:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::
account-id
:root" }, "Action": "es:*", "Resource": "arn:aws:es:region
:account-id
:es-resource-id
/*" } ] }
See Creating custom IAM policy statements to access data in Amazon Neptune for more information.