I am trying to update AWS elasticsearch access policy through serverless yaml configuration:
resources:
Resources:
ELInstanceName:
Type: "AWS::Elasticsearch::Domain"
Properties:
ElasticsearchVersion: "7.1"
DomainName: "domain-name"
ElasticsearchClusterConfig:
DedicatedMasterEnabled: false
InstanceCount: "3"
ZoneAwarenessEnabled: false
InstanceType: "m4.large.elasticsearch"
EBSOptions:
EBSEnabled: true
Iops: 0
VolumeSize: 10
VolumeType: "gp2"
AccessPolicies:
Version: "2012-10-17"
Statement:
-
Effect: "Allow"
Principal:
AWS:
- arn:aws:iam::XXXXXXXXX:user/user1
- arn:aws:iam::XXXXXXXXX:user/user2
- arn:aws:iam::XXXXXXXXX:role/Cognito_custom_Auth_Role
Action: "es:*"
Resource: "*"
On executing command serverless deploy
, either execution hung up or terminate with the following error
............
Serverless: Operation failed!
Serverless Error ---------------------------------------
An error occurred - domain-name elasticsearch instance already exists.
Also sometimes the command executed without error but there is no change in ES access policy when checked in AWS console.
Am I missing any configuration details for updating the resource? What can be done to update access policy for ES resource using serverless?