连接到Elasticsearch-Amazon Elasticsearch Service-IAM用户
[英]Connecting to Elasticsearch - Amazon Elasticsearch service - IAM user
问题描述
I have selected "Allow access to one or more AWS accounts or IAM users" 
我选择了“允许访问一个或多个AWS账户或IAM用户”
My access policy 我的访问政策
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::12345678910:user/elastic"
},
"Action": "es:*",
"Resource": "arn:aws:es:eu-west-1:123456789:domain/elastic-cluster/*"
}
]
}
I have created an IAM profile - 我创建了一个IAM配置文件-
user - elastic
password -hisdfdsfds
Access key Id - sdsfdssdfdsfdsfdsfsdfsd
Secret Access Key - sdsfdsfdsfsdfdsfds
when I try to connect 当我尝试连接时
$params = array();
$params['hosts'] = array (
'search-elastic-cluster-sdfsdfsdfs.eu-east.es.amazonaws.com:80',
);
$client = new Elasticsearch\Client($params);
It throws the following error: 它引发以下错误:
{"Message":"User: anonymous is not authorized to perform: es:ESHttpPost on resource: arn:aws:es:eu-west-1:dsfdsfsdfsdsd:domain/elastic-cluster/sdsfsfds/sdfdsfdssd/_search"}
I found it can be accessed by signed version 4 signature requests. 我发现可以通过已签名的版本4签名请求来访问它。 I tried doing it, but could not . 我尝试这样做,但是不能。 Maybe the way is wrong. 也许方法是错误的。
I would be happy if some one suggests ideas in creating signed version 4 request to elasticsearch domain. 如果有人在创建对Elasticsearch域的签名版本4请求中提出建议,我会很高兴。 An example using parameters I stated above would be very helpful. 使用我上面所述的参数的示例将非常有帮助。 Thanks in advance. 提前致谢。
1 个解决方案
解决方案1
0 2018-06-08 06:39:41
The application needs to sign the requests going to Elasticsearch. 应用程序需要签署去Elasticsearch的请求。 The AWS SDK for your language of choice should have a method which creates the credentials for the sign request. 适用于您选择的语言的AWS开发工具包应具有创建签名请求凭证的方法。
When you provide your requests with the credentials, it should be ok and good to go. 当您向您的请求提供凭据时,应该没问题,一切顺利。
This is a code snippet using the javascript sdk: 这是使用javascript sdk的代码段:
var AWS = require('aws-sdk'); var creds = new AWS.EnvironmentCredentials('AWS'); var esDomain = { region: 'us-east-1', endpoint: 'yoursearchdomain.region.amazonaws.com', index: 'myindex', doctype: 'mytype' }; var endpoint = new AWS.Endpoint(esDomain.endpoint); var req = new AWS.HttpRequest(endpoint); req.method = 'POST'; req.path = path.join('/', esDomain.index, esDomain.doctype); req.region = esDomain.region; req.headers['presigned-expires'] = false; req.headers['Host'] = endpoint.host; req.headers['Content-Type'] = 'application/json'; req.body = doc; var signer = new AWS.Signers.V4(req , 'es'); signer.addAuthorization(creds, new Date()); var send = new AWS.NodeHttpClient(); send.handleRequest(req, null, function(httpResp) { var respBody = ''; httpResp.on('data', function (chunk) { respBody += chunk; }); httpResp.on('end', function (chunk) { console.log('Response: ' + respBody); context.succeed('Lambda added document ' + doc); }); }, function(err) { console.log('Error: ' + err); context.fail('Lambda failed with error ' + err); });
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.