Describe the bug
In China region, Access denied for operation 'You don?t have permissions to integrate with Cognito.
Expected Behavior
create opensearch domain successful ,and without integrate with Cognito.
Current Behavior
10:18:57 AM | CREATE_FAILED | AWS::OpenSearchService::Domain | Domain66AC69E0
Resource handler returned message: "Access denied for operation 'You don?t have permissions to integrate with Cognito. Contact your admin if you need help. (Service: OpenSearch, Status Code: 409, Req
uest ID: b040b85a-e421-4a53-b1f0-ec4b89c1f675, Extended Request ID: null)'." (RequestToken: 50a94fb6-80ea-f789-d0af-773b41f90163, HandlerErrorCode: AccessDenied)
❌ XXXX-workshop failed: Error: The stack named XXXX-workshop failed creation, it may need to be manually deleted from the AWS console: ROLLBACK_COMPLETE: Resource handler returned message: "Access denied for operation 'You don?t have permissions to integrate with Cognito. Contact your admin if you need help. (Service: OpenSearch, Status Code: 409, Request ID: b040b85a-e421-4a53-b1f0-ec4b89c1f675, Extended Request ID: null)'." (RequestToken: 50a94fb6-80ea-f789-d0af-773b41f90163, HandlerErrorCode: AccessDenied)
at prepareAndExecuteChangeSet (/usr/local/lib/node_modules/aws-cdk/lib/api/deploy-stack.ts:386:13)
at runMicrotasks ()
at processTicksAndRejections (node:internal/process/task_queues:96:5)
at CdkToolkit.deploy (/usr/local/lib/node_modules/aws-cdk/lib/cdk-toolkit.ts:210:24)
at initCommandLine (/usr/local/lib/node_modules/aws-cdk/lib/cli.ts:346:12)
Reproduction Steps
// In China Region
const domain = new os.Domain(this, 'Domain', {
domainName: domainName,
version: os.EngineVersion.OPENSEARCH_1_2,
capacity: {
dataNodes: 1,
dataNodeInstanceType: "t3.small.search",
},
ebs: {
volumeSize: 10,
volumeType: ec2.EbsDeviceVolumeType.GENERAL_PURPOSE_SSD,
},
nodeToNodeEncryption: true,
encryptionAtRest: {
enabled: true,
},
accessPolicies: [new iam.PolicyStatement({
actions: ["es:*"],
principals:[new iam.AccountRootPrincipal()],
resources: [arn:${Aws.PARTITION}:es:${Aws.REGION}:${Aws.ACCOUNT_ID}:domain/${domainName}/*,],
})],
removalPolicy: RemovalPolicy.DESTROY,
});
Possible Solution
No response
Additional Information/Context
No response
CDK CLI Version
2.32.1
Framework Version
No response
Node.js Version
v16.15.1
OS
MacOS 12.3.1
Language
Typescript
Language Version
No response
Other information
No response
Describe the bug
In China region, Access denied for operation 'You don?t have permissions to integrate with Cognito.
Expected Behavior
create opensearch domain successful ,and without integrate with Cognito.
Current Behavior
10:18:57 AM | CREATE_FAILED | AWS::OpenSearchService::Domain | Domain66AC69E0
Resource handler returned message: "Access denied for operation 'You don?t have permissions to integrate with Cognito. Contact your admin if you need help. (Service: OpenSearch, Status Code: 409, Req
uest ID: b040b85a-e421-4a53-b1f0-ec4b89c1f675, Extended Request ID: null)'." (RequestToken: 50a94fb6-80ea-f789-d0af-773b41f90163, HandlerErrorCode: AccessDenied)
❌ XXXX-workshop failed: Error: The stack named XXXX-workshop failed creation, it may need to be manually deleted from the AWS console: ROLLBACK_COMPLETE: Resource handler returned message: "Access denied for operation 'You don?t have permissions to integrate with Cognito. Contact your admin if you need help. (Service: OpenSearch, Status Code: 409, Request ID: b040b85a-e421-4a53-b1f0-ec4b89c1f675, Extended Request ID: null)'." (RequestToken: 50a94fb6-80ea-f789-d0af-773b41f90163, HandlerErrorCode: AccessDenied)
at prepareAndExecuteChangeSet (/usr/local/lib/node_modules/aws-cdk/lib/api/deploy-stack.ts:386:13)
at runMicrotasks ()
at processTicksAndRejections (node:internal/process/task_queues:96:5)
at CdkToolkit.deploy (/usr/local/lib/node_modules/aws-cdk/lib/cdk-toolkit.ts:210:24)
at initCommandLine (/usr/local/lib/node_modules/aws-cdk/lib/cli.ts:346:12)
Reproduction Steps
// In China Region
const domain = new os.Domain(this, 'Domain', {
domainName: domainName,
version: os.EngineVersion.OPENSEARCH_1_2,
capacity: {
dataNodes: 1,
dataNodeInstanceType: "t3.small.search",
},
ebs: {
volumeSize: 10,
volumeType: ec2.EbsDeviceVolumeType.GENERAL_PURPOSE_SSD,
},
nodeToNodeEncryption: true,
encryptionAtRest: {
enabled: true,
},
accessPolicies: [new iam.PolicyStatement({
actions: ["es:*"],
principals:[new iam.AccountRootPrincipal()],
resources: [
arn:${Aws.PARTITION}:es:${Aws.REGION}:${Aws.ACCOUNT_ID}:domain/${domainName}/*,],})],
removalPolicy: RemovalPolicy.DESTROY,
});
Possible Solution
No response
Additional Information/Context
No response
CDK CLI Version
2.32.1
Framework Version
No response
Node.js Version
v16.15.1
OS
MacOS 12.3.1
Language
Typescript
Language Version
No response
Other information
No response