IAM-Role Authentication

[dor15]

Description:
I tried to use IAM-Role authentication, and I think you missed the part of
session = boto3.Session() credentials = session.get_credentials()

before the initialization of
aws_region = os.getenv("AWS_REGION", "") aws_access_key = os.getenv("AWS_ACCESS_KEY", "") aws_secret_access_key = os.getenv("AWS_SECRET_ACCESS_KEY", "") aws_session_token = os.getenv("AWS_SESSION_TOKEN", "")

It seems like the code "forces" you to put the variables as ENV variables rather than pulling them from the role itself.

This is how I implemented it to make it work with role-based auth:

session = boto3.Session() credentials = session.get_credentials() opensearch_url = "https://xxx.amazon.com" aws_region = "eu-west-1" aws_access_key = credentials.access_key aws_secret_access_key = credentials.secret_key aws_session_token = credentials.token

[rithin-pullela-aws]

Thanks for submitting the issue @dor15!

About the issue, it makes sense to try to pull credentials directly first. If the app is running on an EC2 instance with instance profile IAM role attached to it, the user does not need to provide the environment variables, the below code would handle it:

session = boto3.Session() 
credentials = session.get_credentials()

Will raise a PR resolving this issue.

[rithin-pullela-aws]

The issue will be tracked here: opensearch-project/opensearch-mcp-server-py#3

We are moving to the official repo of OpenSearch. This Repo will be archived.